Analysis Overview
SHA256
e7fc2a1ff4d393351b8bee27b7f7a342e4871422ca14f23ca6caf9730929470f
Threat Level: Known bad
The file 2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (60) files with added filename extension
Renames multiple (82) files with added filename extension
Reads user/profile data of web browsers
Executes dropped EXE
Deletes itself
Checks computer location settings
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-26 04:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 04:27
Reported
2024-10-26 04:29
Platform
win7-20240903-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (60) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation | C:\ProgramData\bCwYgIoA\rQcsAYkc.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\VCAQsAIc\kUkUgEUQ.exe | N/A |
| N/A | N/A | C:\ProgramData\bCwYgIoA\rQcsAYkc.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\kUkUgEUQ.exe = "C:\\Users\\Admin\\VCAQsAIc\\kUkUgEUQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rQcsAYkc.exe = "C:\\ProgramData\\bCwYgIoA\\rQcsAYkc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rQcsAYkc.exe = "C:\\ProgramData\\bCwYgIoA\\rQcsAYkc.exe" | C:\ProgramData\bCwYgIoA\rQcsAYkc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\kUkUgEUQ.exe = "C:\\Users\\Admin\\VCAQsAIc\\kUkUgEUQ.exe" | C:\Users\Admin\VCAQsAIc\kUkUgEUQ.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\ProgramData\bCwYgIoA\rQcsAYkc.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\bCwYgIoA\rQcsAYkc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe"
C:\Users\Admin\VCAQsAIc\kUkUgEUQ.exe
"C:\Users\Admin\VCAQsAIc\kUkUgEUQ.exe"
C:\ProgramData\bCwYgIoA\rQcsAYkc.exe
"C:\ProgramData\bCwYgIoA\rQcsAYkc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\towsMUYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NQcMoMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUwQkcEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uqEEQosk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IsQcIAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MAwsIwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qOsMoQsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EmMAsMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BagsQAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JEMAokwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkUUUQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MWgYAkYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WqUMcYAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uCgMYgUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MwMsUMAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lwIEsUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dGwcYMgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TIwYUEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xwcAsEcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwUswkIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qIEUgcIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmIMgAko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GYkMYYQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UksIQQcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYoQgksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOkAYssk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jUgwMMQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DSowcEkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgsoMkMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KwYUAkEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uaUAcMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\akIQUAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TCQcYMMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NgkEgQYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lyUQEgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HcIAgMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uqIcMMcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISAMsYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wOsYAQsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\asIsQQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jYEooYcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcAQgkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hOoYsMcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FcscQAIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUYsEYAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MqEMMwIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KuoooMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eEQcMwoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsAcgkgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FKsEMIMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FKokYIEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWkIEIUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGcssoAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sKAoYMsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkoQcoEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cIIAgIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VogkUEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LSAMwkkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dmggYIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zoMMAkYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WeIocsMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQQkkQYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kYcgkYQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMsQgYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lCosMEUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsMwEsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\togEcoEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAoIcIIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SSUQAoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UkUgQgEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uuEEcYUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\smAcEwEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PAgUEkos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lAgAocIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fQMEAQoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zygEwcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SOoEQkQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qYowQsos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aYsMEosk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\koUgAUgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LGkooowc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lksAkokA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HykMgEsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEMMAgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cykwscgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MEoAsYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUAoEgQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ggUgMYMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YGEwcgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BekUQQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\juUQAIAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGAAsQcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmQkYIko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mKAcssUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GMIYIwcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecMcgkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MkcoMoUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tCIgskoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bWoYggAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bgYQAEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pAUUoYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wWkYYcgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IWAIoMkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cikYMooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QaoQksks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZwAUsAsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vwwYIsIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DwYgQkMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DyYskkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VyQUsUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWgMAcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GsAkYkEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QWoAgQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wsAcYEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2112-0-0x0000000000400000-0x000000000043F000-memory.dmp
\Users\Admin\VCAQsAIc\kUkUgEUQ.exe
| MD5 | 941458b96cfadd90d38168928eb3db16 |
| SHA1 | d9b63aa58be97590aeecc64ac688b8a2186cf0cb |
| SHA256 | ef7efeee9a88e6be78ab88d7bf020e94d9d3a463fbb834ff3ac63beec5621805 |
| SHA512 | efc7316a1c5cb4d203a5c35bebc08f81422af1161e57568329dd20d6333d00f332b21dc340cfedebb7209a5af53ba6ca65882e7833457cc9075f6cd489a160c0 |
C:\Users\Admin\AppData\Local\Temp\NGocUccs.bat
| MD5 | 4dbc41d186593e5bb73fd590636ca6f1 |
| SHA1 | f21fcde9a8e31f6fa7e2ce90c94dfa73ba677eb9 |
| SHA256 | b1e3701dbc6fc3ccc4a81ec4b7f7046cefcee41d91bc76ebab9069041888c44e |
| SHA512 | 5630d13b44caa11b6ac38e60398b9042359c371ea0fb78ea6588d9b4f5e1aaf9388870bbfe707837ba84d6778bc62962234bf273dea6f152f7bea007d96809cf |
\ProgramData\bCwYgIoA\rQcsAYkc.exe
| MD5 | 23c79b865628f300c6d6e436faab206f |
| SHA1 | 49446e8d31d69bed76138b616f592966d636e994 |
| SHA256 | bddf868c44d2a10a19d068b5637842114c9c06a36894356a81aceb796e511f6d |
| SHA512 | b422260db55258f371f229e0a0886a030850a337b4fb50acd2559beb305c4e46382c0e235a1eb4a29851b11fd126a2a3c2e297e75c5db367c9b1324064562a48 |
memory/2068-30-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2808-29-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2112-12-0x0000000000460000-0x0000000000493000-memory.dmp
memory/2112-11-0x0000000000460000-0x0000000000493000-memory.dmp
memory/2112-39-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\towsMUYs.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2892-41-0x0000000000370000-0x00000000003AF000-memory.dmp
memory/3028-44-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2892-42-0x0000000000370000-0x00000000003AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
| MD5 | 5861d4e6983be2b92122bcfb7d239eb5 |
| SHA1 | 892a1af54e23a9960f63eae6369c526ef325b77c |
| SHA256 | b3de971f88cdd8219cd9bf4a1212107b4052f468caac1f196d756ddf095acb48 |
| SHA512 | af3ce9a9c4a7be34e1d75bd9e25b483cfadc18e50cdb3229c5bc70bf965f6c478a707711154066c446f84ae5b6216917dd34935ee69772c305a00bc6d5040178 |
C:\Users\Admin\AppData\Local\Temp\NSAoMwQI.bat
| MD5 | f14841f88f82a656667ab87bd06747d0 |
| SHA1 | 6c66a3d6eccc3f55bff3f21d65f3ea32efe94aa8 |
| SHA256 | 826c4a722f25430c4791ade4047d7e5f4af541276fd62164a7e11ec1e6d7259b |
| SHA512 | 691c894118af038b34dd63fa968389663844529e6b22eb143d46b1069dacc0705cb87ed841ca2cd13dde4b10494a70b10856ec63f4ee820eadf844bd4c8edfbf |
memory/3028-65-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rUsQwwUU.bat
| MD5 | 485bce8a1625bf2129dfef4ea2ebc6e9 |
| SHA1 | 3fa8f33f214b474d44138acebd75e79658658fe9 |
| SHA256 | 405861a4be8da1846b281a98beee645b8c8b3859b39ae17a37fb785e6e1e82b3 |
| SHA512 | 9815be44495726d67f12483c9dc4eb308b20f047b2eebef4994a386c36fdb52b6ed15827e8f845a5d09532e8da82031b6ecc3183d7ddba9439331e2b54aa4384 |
memory/328-78-0x0000000000400000-0x000000000043F000-memory.dmp
memory/320-80-0x0000000000400000-0x000000000043F000-memory.dmp
memory/328-79-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2796-89-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lIwMwEYA.bat
| MD5 | a5b2ffa945de721b9947db526421c679 |
| SHA1 | 0ef309cfb3afcec7369931e6dbd395913b9b3c6b |
| SHA256 | 2b13074d0fb1d198a972234d3894a8c4aedfa206a075e4d23d1fe77771a2d4da |
| SHA512 | 14c6eaf540e84f48c480e1c1b08fd54cccb221e08963dc6d23cb7486d9ee265e48fa38db6e8609440213eeafb9c947fe55028f608f32333c2222545e325749d9 |
memory/2628-102-0x0000000000120000-0x000000000015F000-memory.dmp
memory/320-111-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WMUYosAo.bat
| MD5 | 1ae814d56b7b5e6a6dd717e3df411cb2 |
| SHA1 | 429c881fdd12836dc42e940996a923a8d10ec1b9 |
| SHA256 | 21a510096b11b8271915da8e2adabddb0c868717a9d03df6c6b2639c110e728b |
| SHA512 | b649c90aec4ac40ae4e7533ab19250a2e82b5a2601c72dd3e22e4e5137560e9cbcee5076c9fc97823f96220483f81f112a039344e58602a18689acbcdece0594 |
memory/1672-126-0x0000000000400000-0x000000000043F000-memory.dmp
memory/580-125-0x0000000000400000-0x000000000043F000-memory.dmp
memory/580-124-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2404-135-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sGYEIMgg.bat
| MD5 | 9680544a7ca3a2dd6d6eb0ae2bc88ffa |
| SHA1 | 39f77a83b740672ff46ec99e016987835c8e7802 |
| SHA256 | 1756dd2aac65e45cd48734c06a2be9fc2336f13c712232860751a8c0f0b9370d |
| SHA512 | b80936ba8d0f8bdb0bebdfa18f804d321bd04a48389188eaa5613bf7779b543f88bfe00d9b457fcb111895b68d7f9bfc65bf8045afed5ca487a1d63100e4dcfb |
memory/2728-150-0x0000000000200000-0x000000000023F000-memory.dmp
memory/1672-159-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WaEEEwEE.bat
| MD5 | 13a4a4909b553e226747103ba9722ee6 |
| SHA1 | d3d9d148a5db1147c066795e6ac61070a041c8d2 |
| SHA256 | 83a0ec6ba0cc8a1501bdbad5cb7e717f9646a2215b9f952182885748e38d6bef |
| SHA512 | ffb979574e4d9c135211636ec0dc6279e9354cb7d1e949876b77e5a09a02e4140a0c0ea87e4bbb741b3c2a34a31f44debdb41960ce37629e2987563ed2dc727e |
memory/2832-180-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mSQQIIoc.bat
| MD5 | 55106fb5a0a8234f63314d26419fdc50 |
| SHA1 | ce30b0efad26006dff02ec99a6ff90af7e09897c |
| SHA256 | 2c99612c0a05dfd049b78a1484c69730418fb45829f0a037895dbe103d1ff7dc |
| SHA512 | 27e3d697ed8d746ed078946e8227f3d2361feedc31406170264f2d7a3c85687a61ec2be8797b1e122d5a28728b3c9c443617f1d22f09ee347acd72810595efda |
memory/1960-193-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2884-202-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lcMQooAo.bat
| MD5 | 6e414bde8145473d639af21891b2f930 |
| SHA1 | 12b3f3f4c0360000dd9a453b4719fc4b6f6c821c |
| SHA256 | 862a17fa3df06096b90d3574292d1dec2766f039c26642f54e87d666e8ccc209 |
| SHA512 | 49d366d4e0cc616ca9d0a8cfa7b1547c137a7f8aa16f5cd5e449f17bb39f3bdee40f35463a32e534aedc8b26ce4c37566fab4e419439ca3c99b5c7bf2c6a4fdd |
memory/2332-215-0x00000000001D0000-0x000000000020F000-memory.dmp
memory/1960-224-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LMgUQoQE.bat
| MD5 | 2d39ec67f691dea3e3c3729ee2ec00c4 |
| SHA1 | 84e4bdb0e7e815fce9ee39d9b1f64218fa2837f6 |
| SHA256 | 93bb9f2fe9c5d413cc2a103972b31d5a26076df007c4d75e55472070add4dec9 |
| SHA512 | d34095a1459eee7d8af0f9ce1a3b07cb3c10520d8e885e88d8e290ce2dc1ae3ec8e2f8c8e4f3fe637bbd1c24e30e971d7460c9be356ecb6296b654d9fe53f055 |
memory/2356-239-0x0000000000160000-0x000000000019F000-memory.dmp
memory/924-248-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZOogEwYE.bat
| MD5 | 7056a437d692b53c42e8a93ddc8abac3 |
| SHA1 | cc2c0ed504736a7bfaf915fee3f29bbacadad41f |
| SHA256 | 799c27e3b09cc160238fd690f207edd46fa5beffd43cbf8fd76f542d55df9968 |
| SHA512 | a89d209766a360dbde7d0f929466662ab21e8f1be37dfc999df21ac0015e4ae8692b4eab7aa7f783136083338ce467774413d47bec768f9cd9412617729d8175 |
memory/1740-262-0x0000000000180000-0x00000000001BF000-memory.dmp
memory/1632-263-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1740-261-0x0000000000180000-0x00000000001BF000-memory.dmp
memory/1640-272-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LkAgIUgo.bat
| MD5 | 4822410bfbf9bb61af768d5432adc746 |
| SHA1 | 9eca433f1fe0cf0b21e2809fe2f96bf355fb6dbb |
| SHA256 | fe731ab864c2a1f9983bad793e58503fabd05232f83c9da5b26ccb2db6c1b874 |
| SHA512 | 74057ee0f960ccb62e7b50d77c16bb1d1b0f1677614a047a31ec73f87aba11959f2137859e906574414b4258a3cc8515431d5dadde62907a64ea213bcc6c8c28 |
memory/2928-285-0x0000000000290000-0x00000000002CF000-memory.dmp
memory/1632-294-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uuUAMIYo.bat
| MD5 | 0462c1712fb3409b554679cb49aa86e0 |
| SHA1 | e558034872bd250a8990f1524c046eee526f5834 |
| SHA256 | b23e258b9bdf7aee0d56cf48d01cd3a3175d6667a0631700977dcf8149c68d5f |
| SHA512 | a79ec1d9e7ac81fa94afc2df9a30d90dac1e9f4e6ac0aa2900b349d8a78119146bd927e45a9c9c139575a448bdcbc750af5f1ee0685b62edbb799b59f55acd37 |
memory/1660-308-0x0000000000160000-0x000000000019F000-memory.dmp
memory/1660-307-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2584-317-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qYQAsgUo.bat
| MD5 | aa04b7b14284d2ee4c9ca4c2fcb0ebf0 |
| SHA1 | 2a4871c792184766b4508115fa20ca6e46ed68d9 |
| SHA256 | 5d682a8cc9fd3fc948b9028888ccc9a8506f111248b07837208b21e3fe15632b |
| SHA512 | ff98a8063d05e5bf8ff2c5f08575d9f139e0cdf624dee39dfb67aacef0f18fc972e15cbf1ac19b50972e45d84ffb4f89388e12145697f9feb2457a0312dbefa9 |
memory/1852-340-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GSYgscQM.bat
| MD5 | 699ccf41064452f696c5920da603cfc4 |
| SHA1 | fd0558fd56e6295a5b0a464330193c82a5d09840 |
| SHA256 | a32755f87c5fa707dfbfd1916b01db719d8cde2afec9d551dd5ea1ae5b8c868f |
| SHA512 | 11160fcd5610cd86854e86e415e180f06b32f2add0206f00b5ff661360b831fe17817f6c9ab1a00e09bd3cd796addfd6b36e88425577f601632bc9adafd08de7 |
memory/688-354-0x0000000000570000-0x00000000005AF000-memory.dmp
memory/688-353-0x0000000000570000-0x00000000005AF000-memory.dmp
memory/2396-363-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sUEQkwIA.bat
| MD5 | 0fb5ccd5647d959aa60a4d051b991a4d |
| SHA1 | 9128fa56e9b61d24b549c146aabfebe1454134ac |
| SHA256 | a7724e52c0230848f91731e7a7fca2212e2e2caa7bc0daa581d22ba7036ec566 |
| SHA512 | c08e9f92ad6b5fcf70ad1e297d825e652e7ff6280a1a9707967da2c999ec1cc0f9ba8771fd8efd45a0cdc372f0ad04b37c27c87df72a7b50366a6732fc0e1d6a |
memory/888-384-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Vegsosss.bat
| MD5 | 64df8c6e7227dd66bca49f9d3f10c48f |
| SHA1 | 48f7eb2d359e0b6062e01d1e2be49b55ca350b3c |
| SHA256 | 742e07890974a860f582103b261678c193f02e7febef1b081cbd2becca7862b6 |
| SHA512 | a021b69590a66c10398f23e06b11485ef1ef7344b2efe488a2392ca599141d36cac459caf1e7fcda303c2c659b5a54a9bdadf1741dfd94b76342d6b8e0775868 |
memory/2244-397-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2980-406-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dOYIEkcs.bat
| MD5 | 7322d73f4a915fd0c332bf1e288a6dc3 |
| SHA1 | 7caaa4b75e9b474fa1973ba102e81945fa0e7ee7 |
| SHA256 | f666466614a364da78ac38d30a94b6997e80b8aee37bdf8265d5b53a98e3fc02 |
| SHA512 | 6ce5207948d9af2593b9321fc03a0a9377b81c6ed0721b041c2a3c1ce3071d6023d4e7a55df5fbcd4f91ba66e4b8208ff5110a2141a30e0d83077b6ddd914a61 |
memory/2700-429-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RaAUYYwM.bat
| MD5 | 1c9e6b22d74d07462137d5ec017aa40a |
| SHA1 | ceeab96c7a3f8c015a6c2296f4395262a9d3371e |
| SHA256 | 2e32cf8cbc540028e835cb89a83abd9c759748737e4a24493324d1fcdd003c02 |
| SHA512 | 96df61fd20b372e2ec64592f6fe712ca55af42984a9e2846c7a1018450fc85dec3ed3a9f71805d56900e18a5ea2d1b525aed8bde86ea411f9a87c336b1f9aee5 |
memory/2784-450-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rWMAUIog.bat
| MD5 | db5031eb3eaa70a82a4dfb2ca953c6ca |
| SHA1 | d4f4a6229bcd577e1e2edcbd51d40732b566ac1d |
| SHA256 | 3d2595d9b11ef3813211c55e7957455724d227f8740b5fc2de25ec13443e21bc |
| SHA512 | 02e2fa45a7fee8358dc00689b21c7abb52f6ef6dde159858e6135f8237583e9cb16ead335f0a1d7a8b045cc3c761e03e72ff41922f09e6c935836e55534a0f2b |
memory/2212-463-0x0000000000170000-0x00000000001AF000-memory.dmp
memory/2224-472-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gYUokQMc.bat
| MD5 | 377c14c34f93e7def3b87a90edc4988a |
| SHA1 | e4db739cf847db264c0a1ffebfb614247471dfd4 |
| SHA256 | d79bf8b8d837c08a0361653089130550f4b5a4bc3c6b8385792c141929682930 |
| SHA512 | 3cf54139dbdf04644e9e7fc58c5ef5baddb48347ced1533db803dd82c3372059b357c9c9b04845f6cbd912c9809f0a5694ac0bc6b24799b93282ddce17583ed3 |
memory/1420-491-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SSkQgYAU.bat
| MD5 | 9956659c392be397e85509af6fa4ca5a |
| SHA1 | 242ec3725662f352fd93187f36dea907ce503ddf |
| SHA256 | 0806d56665ab4ccf1018158e95566fa3008de407b95f14d0910bc1bf47b3f1d3 |
| SHA512 | c034902fb5e7d9c9a79aaf532add04abdce8168ab718515ca996c0f7f92fe0202697a61e12908553f0c99878f6011c41e95c311497e306d11d0b84f0338c717c |
memory/2824-502-0x0000000000120000-0x000000000015F000-memory.dmp
memory/920-512-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YuAQgsEI.bat
| MD5 | 90e18e40f779f5957c62972d0a8d746d |
| SHA1 | bae62ed8a8b4ba2f9313bb43b7ff39854d78e1eb |
| SHA256 | 4bb2c8b510451c1a3cb0978d264353bade4bbe538be6b9c43852852e25311baa |
| SHA512 | 4f97c0085255a5142f9c50e61c21049fd0acee8284fd7eccfd02acb9a12f04c1a85b58542f48654fa2fccfe978e1c0baf41746c3ffa57d78202ddb4e900659f8 |
memory/2268-530-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\csgsAIkg.bat
| MD5 | 9b20e7d621ffa4efef5def9e49ec5fbc |
| SHA1 | 6d388ffe07ccc4d5fc4964e28d2b4eb7ec967ae6 |
| SHA256 | 33af3bea4fb4021f1488f418c3e91543d2b42a890a36eb5c8e131af318b1d1c6 |
| SHA512 | cfa54fc9d100414c530aaa6c9cbe3aa22c3050a8768e68b8bf8741ad2b06972930274bf546c999c86aae5a15a050d96e0daba94b7cccfefbcff6b779dbfcaa57 |
memory/2656-540-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2544-549-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lKAAUoEM.bat
| MD5 | 807a2255fd967f4caef2a3466e3526e7 |
| SHA1 | c459df8f00dc140f0a71ead3dfddb3217150616e |
| SHA256 | 968c1d33ba18e89ca48f49ca03b3674415c51da8527bd05e46f1bcd32f0e60d8 |
| SHA512 | 94492bf96ac1dceb8d0eaecdf9a8bf270757e19a17fe04542a3383d796ba556e51d988d769982fa6a3958ca04233e66e114f3b821f18532b9846bd022ba5fbd9 |
memory/2164-559-0x0000000000400000-0x000000000043F000-memory.dmp
memory/592-568-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zgcAMsMo.bat
| MD5 | 0cfb85a80ffdd45762bdc6f7b7fc3408 |
| SHA1 | 995a1ee2c3f5433b94fe33ff9df5997acc1e3461 |
| SHA256 | 64b8979d502ca67691f0f34117a959e7f634a914dc1eb255c6c21139580d2965 |
| SHA512 | 89999e7a414879b4519368ee6285017481cc10d68c2ed53960b7bd040583648f7ac9f89e23126b5fdd218880c832a29704e9b5365a8801a7d985783f87b0b780 |
memory/2164-588-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vkwAwAoU.bat
| MD5 | f1cfaa6bd74aefe9d655a966697503f1 |
| SHA1 | 95d2c242b409e9edeee751bedae9531292d51680 |
| SHA256 | 03d8bb1c80f2c09a50cd97a484ca770bed37d59f1431e5d64701da1c734aa0b6 |
| SHA512 | f9576725ac1dc470d1f72007641caac381b6e7722ca0dd04ae8a70274ad2e7dab711a96f121b45a147167a416062ba770ad9f41b638c3d27bdb4441ed919a942 |
memory/620-598-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1464-607-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FyYUIEUI.bat
| MD5 | 3512142e311706a0a3e6a3bcf3c98635 |
| SHA1 | f8a0d280e961cadbb4a95e7e605f9c238cc47aae |
| SHA256 | 0683dab85b03684ffbdfcdea372021bff894fb5a301017a643921fbaf9fecf3b |
| SHA512 | 8d580d1fbe83c8747eb4c74cc6978091c72418c0ef2c827b9056eea044482b77fcc731b79b64b2104fc56447d72b451c8a4ae4dae8e742996f2578fac1fe480a |
memory/2808-621-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2840-620-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1864-619-0x0000000000140000-0x000000000017F000-memory.dmp
memory/2068-618-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1864-617-0x0000000000140000-0x000000000017F000-memory.dmp
memory/620-630-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QkkYcMgA.bat
| MD5 | a8c8adee3faa8ae5e6d517caadb569e0 |
| SHA1 | a13e138456bb243ef0470bac0af94de199cd980a |
| SHA256 | 60ccbe071a54c9cf9b4feac90aa104e62db38b48c0b6f4120065f89cee840ad0 |
| SHA512 | c9dd00e15a42c281277176c3a80a0c49d70c3ca7e03c3cb8b2de0784404f8353fbb2c4fa15eea3e39c0ee96e44f11f19c6a7f2ab3cc6bd11f19d619176bfd124 |
memory/2840-648-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iQQC.exe
| MD5 | c2249b89d912de3177691414a24d1570 |
| SHA1 | 53c6a35df2e74c22407d182c1953a491f99f5968 |
| SHA256 | 2a4501c62282f60b5f64cabd9f9994e3bb55da5ce89d25bd78ffff8c348cafc5 |
| SHA512 | 51f09ef21ce7bb44cd4373a8354d63ae60bc509bda4144c3188de9b31d9b39effac7209802260130a564d8dc3b1a12a21619fc89a841459971da2dd412e3e696 |
C:\Users\Admin\AppData\Local\Temp\cGgsUsgg.bat
| MD5 | 708be9c690332ad11b25bcc02e7645cd |
| SHA1 | 1c99dd3debea91a5663e7ccaa16fd01fe4557b23 |
| SHA256 | a7c5b6f6e36f7f2e390776805026249beb7098e0427f752e9d8cf73c765c10ae |
| SHA512 | 0b7997a745b08969177785351ec8de2a301ec2ac59486ece338ec38d09482b4361d0483ad8f5f45e42fe8bb684dace57b677307088476d4885c0483f6e84aa49 |
memory/2792-674-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2124-683-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yoYkgEkA.bat
| MD5 | 3b193c7e1b79dea134b084534288158e |
| SHA1 | 00c9a429ac658ed13c78b483009821dbb4fbf545 |
| SHA256 | 2585352ad1e884ed1bc6eb4fae8b88bf7d519df0403905607c119a7eaa31fd4c |
| SHA512 | 61809be626c24a4b3c32ce5261a41f7f37a59b29eabade10536dc1d64b7878c6d7a764c81d0e041cd542d8151f289fab3b23286347bb800b1dc0c940934c7755 |
memory/988-693-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2792-702-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ieEQUUkg.bat
| MD5 | ba8256c93adcdcf60ea3fa5c9a7d42c3 |
| SHA1 | 4e9a9c931da2f345c048df6975d4827070a3a711 |
| SHA256 | bee5dfa580719ad0c1e38090691a3099fc6277b208c7422acb50569c9be562a7 |
| SHA512 | 2db9c5dcd649f6a6e8e5460a596dc1cb9c65540d804be229dd565d12ac93630dabbf958596a66941f83f310674288842b8e1727a31ada8da9f87b974adce817c |
memory/2628-712-0x0000000000400000-0x000000000043F000-memory.dmp
memory/988-721-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\boIYUoMU.bat
| MD5 | 975f9cf5da438f501888e4a5d5f48833 |
| SHA1 | 80ceb52d27eefcc1d831e2c768b214e01176367f |
| SHA256 | 0a9e14138dc75eae9f3edc73d6c6bbc83a15e723208f47e9e9e586d9bc504ae1 |
| SHA512 | b2a7035bd1f45eca33a8a38f1cde4e52e1f5743e72e06f2411b7b332588b0a296ae4838187dde7b46629b9be7bd64d261ff6130d3fe8e5630338daa853b69227 |
memory/2628-739-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XgMkcQIs.bat
| MD5 | 097f33d73dfa18555841c047e561e9ac |
| SHA1 | eb162a293f880718e0d8596eda776c765dd1ad0d |
| SHA256 | 4049727c512fe6001ce10494a64bfdb0281d1f1dfbd3deceb0b956f020390c8a |
| SHA512 | 80ea3240cf4fd58a58c65dc3aba4de4d855b5d7496e68e0aeabcc5b3b48338ceae0dd1ca541fba7f311e7692bcb5ce1e5dd36fecc05c59dbeb37ba6417faed45 |
memory/2580-751-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2432-760-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZiMEccAk.bat
| MD5 | 3482a6d6d37a55dad68538b665e1ea67 |
| SHA1 | 95de113e9af222f6937aca582b469ee3d14a1d9d |
| SHA256 | 85ab41f67a4ff41af60798dbe6c875066817523813dade81e2ed67618c228206 |
| SHA512 | d43511afae09814dd54477c09c100322be93c170d993d8fd5f0e937f13a7c7114bbae65fe6e8be4c3924c026422c39989f740d5a1c6d8b75ed3839be344c8aad |
memory/3040-770-0x0000000000260000-0x000000000029F000-memory.dmp
memory/2268-779-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lQYYUcgg.bat
| MD5 | fb517d8e5e92714634f17b502996de1d |
| SHA1 | 670e2b26591ca9812e3a13f0fceccb7613836097 |
| SHA256 | c879e5921bb1fac750f1a269f942b8a5030f985d6d44c1e9ace17666551fbac2 |
| SHA512 | 213b4844d7a160c03ccfecf355536650407c2f1d999294a8371a59bac56037d42655380957d8445fa1c91253576b0ab41437fdd65d7359a7e8d1652c4fae7fb8 |
memory/2128-789-0x0000000000280000-0x00000000002BF000-memory.dmp
memory/2696-798-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uSQkoMME.bat
| MD5 | 305e8bab827a5e6ce9f92b30e62350c3 |
| SHA1 | 86fce135fc9ad7231eb2bd0d98669c19c75e1771 |
| SHA256 | 6ad778af255e09bed2644a3d7b59feee8eb4d6ed332eb4f794d2ebca8ef8d57b |
| SHA512 | 86e1d0a5df12d15a91f58c0e7ff23ea65b1b53cc2f49b9bf7098b2f845402fe8ab21baf1343e9528b95f90ea757b055d71d80af79a4c4c0d30150e4b5ea037e7 |
memory/1656-808-0x0000000000260000-0x000000000029F000-memory.dmp
memory/2656-817-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kCwIQoQo.bat
| MD5 | ed9659b833bfd8b871ef3ea7ccca7a73 |
| SHA1 | 186ba69c01c61cc5743b8268e354c7c6bf3ee364 |
| SHA256 | 1f6aae4a70c98128f4fca6c8d1fd0267d82bb5cadcb4b3102e72897740f010ce |
| SHA512 | ad59d7112e2fd6eb124160123d3667881e3995f173d8e5a64b2363b2a749ae67c03d790599c342b1d834742a157114c8b18057e6e69895866d2c333ab7cc61fa |
memory/1420-829-0x00000000001E0000-0x000000000021F000-memory.dmp
memory/1980-838-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CgYoEsYE.bat
| MD5 | 5ed42c9baf7977b1d41f996f9dc43628 |
| SHA1 | fb14e599995928395e0cc54b40e1759fb14e342a |
| SHA256 | 2ab76213bb94bad20bc09e617a68156457fe9807ecaf9207f87b077a7bbbf95f |
| SHA512 | de11b4fe0107981d77e1f7f063f0ef8cd2fbe08596485aa7972e306b15fdf6367277100b67070410a7b59640ab4afbaa35404fcd72ab8e47cea00dfaec47f848 |
memory/580-849-0x0000000000170000-0x00000000001AF000-memory.dmp
memory/580-848-0x0000000000170000-0x00000000001AF000-memory.dmp
memory/1460-858-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yMUAQoUg.bat
| MD5 | bd2ebd12b0fafa14177386207bf38725 |
| SHA1 | 2220b0276d71bf824e4178d093899c602c29fed8 |
| SHA256 | be374f7739951067a32ed97e7842bed32682b645827c64f58c9cdd2f93e52032 |
| SHA512 | 8b669f4464e117a6ce487e1b86934ad05793611fed3ba32750b4ed12d0e308c7d1f17b18f181e924e5c531a9c7b8252965ff0c6db684abda11a201e3601d668e |
memory/2740-868-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2648-877-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zKwYMgMI.bat
| MD5 | afe9719cd02d66c7f83860fef70a9b20 |
| SHA1 | 29fe49a54395c4c938820f6fa5c6471d4c8af47b |
| SHA256 | 888cb20e7aadd8eab2ab7299fab3bef37c1a403d32996b5b44a1d5ebeab22e8d |
| SHA512 | 72b0cb8008173a827def80e3b5728aa28f50446fe7783f5dd837ba2dd3b797de1ee42fa3de8c73e2373303d302ff49e9e2f25d2fc1b85ad6ab8c43324fe1c10a |
memory/2692-887-0x0000000000260000-0x000000000029F000-memory.dmp
memory/2960-896-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BigEwksc.bat
| MD5 | 8d72ec5c38e3829747f48d99010088a1 |
| SHA1 | f41057baee436532d2d4bd007b5ebf8a93cbd901 |
| SHA256 | 9dcec633ebdd6b08f802575c377d7627ffa009384ea71eac89a14cb4082a6075 |
| SHA512 | dfe1d985bd75e8416a42228d4c74d0d7508d3c9f56823a6bc9b0ffa0bc9b4f2d69a512294e0c2b86c87f9e1b86ec9bb4a8b48ca2acadcf30590f713470f0646b |
memory/592-908-0x0000000000270000-0x00000000002AF000-memory.dmp
memory/2700-917-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zkoYUEAA.bat
| MD5 | 5557df1cf037ed79b53d54457c40a972 |
| SHA1 | bff78b0889d66c14231d8a3b2dcd7d1f63fdced1 |
| SHA256 | 069c945d954e88f4c40696de365df399b8221e9ccf475f035a9c391b9bce99c8 |
| SHA512 | ff8d9719d0c7812427579b2fea315e26f5e6fbbef545ede28b23f54ae6bb5dcee50feec6689caed4c748b89d8049e17de8bd93c2e9c0079456148ca7cb9334c6 |
memory/2488-927-0x0000000000200000-0x000000000023F000-memory.dmp
memory/272-936-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XmAsQckY.bat
| MD5 | 2a1d738791a832e0aefec199200d9339 |
| SHA1 | c4995ca7d7064e10a534eb544dc1f53714d17f92 |
| SHA256 | 93152d5045a1e1a1b50892c4d96c6f0768d64a68ccc52a089c5b44ea6a50f609 |
| SHA512 | 22584f38b45e06ef88b0bad7d642757c59b1a954cdf91051585ba919a20019224616530d1e17e80208b0d55697575593fcb5cb4a3205d849457da050dfe52ac4 |
memory/1928-946-0x00000000001C0000-0x00000000001FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMUMscow.bat
| MD5 | 7ede7391e0e1ce6d120e0c98a71666dc |
| SHA1 | d66f7813adf7d205c1b9b4215699a2a4a2a54ce7 |
| SHA256 | 37ff2f7c62e7a66b549e73d33bf970cfcffd4b16e7fa4561f63ba135ec08a87e |
| SHA512 | 01e1bb8787f512113b48d7a7738f1e56561d516ee90cd4ebee3ddcd95376bf71e1e08eb0e3ad3f7434d5be56ff0a6576c4e5a3ac220d14658207b181c15b6867 |
C:\Users\Admin\AppData\Local\Temp\iekAgAMU.bat
| MD5 | 6881ac500ffed62c95338a8cfbea6ccb |
| SHA1 | 4592800b7e5bc528b0bf25df688564a97f7ed25f |
| SHA256 | 6885008de33aaec9e9b8ab101168425cb6c6468d03441411835c46f376ebef89 |
| SHA512 | 174cf3e5cf9df9b2460bb0b8332084e3d81dd2d86044df2834f37ca33b21641749aa0c8e7549b5d8c040edb8cc3106a29b1ee3993b9b128b6b647a4236ec0b55 |
C:\Users\Admin\AppData\Local\Temp\yoME.exe
| MD5 | c01ec81dd403a9bc36ca4fd66f628cba |
| SHA1 | 77177119710c461c7bc739c835cad6cae8905bc4 |
| SHA256 | f41bd0b9af601dbcfbce4a9f225ecd35539ff6d980068325ce30c437d2202c19 |
| SHA512 | 2afa7897e0d8b6f32323ab49a2800ba926f46028c556dabe7ac67fdfb4a27f46933d74e08f40cab07850b5f171a052b62ef70527c9bccc3e1271633a754d6a06 |
C:\Users\Admin\AppData\Local\Temp\GIcM.exe
| MD5 | 61dffc80c27ade23a58d011cd60c0a29 |
| SHA1 | 8c113fc8d81c87149db3abf72e5e7f734f007d13 |
| SHA256 | dda3316cfe546e27c93249de41242621d84018e53e30a09bbb3d9afb2bf69a03 |
| SHA512 | f84258e0d2fd06c3247a8cd4dc03ded7a149218344e44df85a4d7532c89353fe0119e5aa75fc0deaaec48d0af6c8cba5355cee72e29083133235ce71b04eea7b |
C:\Users\Admin\AppData\Local\Temp\MAsm.exe
| MD5 | 0fb0211e56bd7a0dd5ab8eb6bf1bab77 |
| SHA1 | a443d7f1383cc90f0c530f3e21499e56ccd6c413 |
| SHA256 | 44cc63a4e3992203a155f983172bb27b86dbe0dbe07630a6ea90cb8bb02772dd |
| SHA512 | 968fa5ee869eeb942af17166acd97d49189a7b58c544d89aa4151fb246c4f3ff34cb2fe19b3185cf04420161e6451906a01780c2bb0c8cb58b4325558cfb7a10 |
C:\Users\Admin\AppData\Local\Temp\qskW.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\OsQoIgAs.bat
| MD5 | 397dfb940b8763834795b273d3ed9ed7 |
| SHA1 | 5902aacb653cf828bd43d7dc2f06508d23f99c13 |
| SHA256 | 74f00fa92fc69f1b6dee1dbec6f94cea6d930332fbca4e95a7ea16b2ce3f4091 |
| SHA512 | 5e39edbe71b369f37a0f566ad5a169d511432612023277d57a9d1eaa3569a4c632e485621c03faed6f898e17cd53e7de24e6633489c7e9a63c3e1b44be1fd8fe |
C:\Users\Admin\AppData\Local\Temp\sIgi.exe
| MD5 | 2a304fbb87a4b22ded959b81b5266b4c |
| SHA1 | e15b7bdcae2a667e8ebae68033335318ef2f13fb |
| SHA256 | 897f527c5aeb09cabe0cfb907c24b02229bb53e895a0a5ab02907048e45b3570 |
| SHA512 | 5feecc3d809b24e158d58ecadcd311cd2d6baf029b06b00351d6cb73a21dd7851e3508fdc89fbe6824517a485689ecc128ef4343e50ec9385b3761899eeee732 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | b0d4e371f6e731928cc0780998050c1a |
| SHA1 | 8e0a808b140a5e18a33285e05847d46b02bc3e7b |
| SHA256 | 6b2b60969691d10be4db0df4878b80d19ee49ebfadfb2a974f78b10da96c786d |
| SHA512 | 574aaccf7129c0dc8dff6fa4f350e67bc90f59c191ff0d3be6ebaaddc39f3830a8c227e4eebd88dbefb5f3f88b44a5aa68b549f1689338926a1450bb9e512d9c |
C:\Users\Admin\AppData\Local\Temp\ogIg.exe
| MD5 | 9980bb651e4011d5352a1cb5edbc8e1a |
| SHA1 | 4854d94f424d3f99f06fdb8b6a1cddba1940a68b |
| SHA256 | 60bed871aee70df694276eaedb17405f995a0c201a71d054f93b879ed5a47478 |
| SHA512 | e602277d336d35628865055bab8ab6ba632dcd96f323fc0e1789fbd3120f8eef2f05786371804e9663ef461198b0b9ae44b48c6b33dd82acc1272a080db1cccf |
C:\Users\Admin\AppData\Local\Temp\MIcA.exe
| MD5 | 6a2e8c1465d994d311e069ce77969ace |
| SHA1 | 71cbd221efc0743d259fc00f0d5ffb14f47bd953 |
| SHA256 | de1df078be4b02f1cc083c39c7ecb42981b42880e535ad13888d089bc1cb6b0f |
| SHA512 | b14d0530aac50e5c90c7178b7a973cad03af31767198e768caaed3c104316087f9d04df682c12511473320eb9b52e232a8e2fc5b3bdee67c78434da47f024a8b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | 29670677dc106c27e2878f699a951461 |
| SHA1 | 45ccdc49490071684af764faf5079e898149adee |
| SHA256 | 4d5e5e9f48eb2bf4c36c09247d4a6897cea61c7b88b44214e1fab2a2775dd40d |
| SHA512 | 67a30d627966285a280a0135cef188bc0c7f8d9d9e46df8e0e2cc28c0aa3e002bcad8f62fcdc03729048aab31dd60bc95d383b205969855b3b347ae5d5da95f9 |
C:\Users\Admin\AppData\Local\Temp\kaEIUkoc.bat
| MD5 | 6fb6fd8fe7b2e49199caadbf0d92995f |
| SHA1 | 823cb364ff579874f8fc1ba4eeb3a7f6aaca5050 |
| SHA256 | 5964b6b5a9dcf03ef4b1989f12f471b4c607a918d7f845d363aa3a823dd94dfe |
| SHA512 | 40d528e4cbd74352c37ca1b9c41a0b93cf44edfe3fb7fafb43683f045e581af971b4a7a93d9179b766cdaf4d57a19167e316ef279419736e780b6ec7bda51bfe |
C:\Users\Admin\AppData\Local\Temp\IgIm.exe
| MD5 | 1cdebc2dbeb417a37f51baaebec1a888 |
| SHA1 | 9a86f654f2cdcc592b901c384d97c430167a05c1 |
| SHA256 | 06618c302187fc20d9e904c7c9cd61953dd6c779825adc5eb2b5f59aa88f04ea |
| SHA512 | dc0758df46a880c1824798db590ff9b80f7dc810264b3140a6bb3f41655aaae9d6df2ef9368aac0b5b31149e94a0bfada4750578d0bcc57964a6a6110a385c1a |
C:\Users\Admin\AppData\Local\Temp\okIq.exe
| MD5 | 3fb49732eabb3c924d7987096c7c69c3 |
| SHA1 | 7806f2ebe9ca988e1d0cdd7cd8f0dc940716d3e3 |
| SHA256 | d116f07b4ba075fcb9908e351bb30e2f6a8ef422c272cf9a80151f2f07beed07 |
| SHA512 | fa61ebce71b280c28a44315d674fe6717429f038b01e567d5abab1878b5f3307458ec8b6ab96e0d34e35949032305a173931fd6bd194079d956d7c6c2bc98afc |
C:\Users\Admin\AppData\Local\Temp\QAQu.exe
| MD5 | 82c840a3d35a055e42fb476db63fed92 |
| SHA1 | 30692b74eba0375bf222a11e076b587c8f3942ca |
| SHA256 | 410f55a2d82cc3600392088fa0b18111bb207c4f01b195ff2c1fddb62fa79c24 |
| SHA512 | 09301b1a4f29cdb9ae55fa62a941f128832adb5abe730340d464db46b81970963c904d8347cac5ea277489311b13e51d452dcfa2fc8564842797c2a14ea08684 |
C:\Users\Admin\AppData\Local\Temp\YMkm.exe
| MD5 | 60a12eda0044cbe7e3f5a6151b6c6f40 |
| SHA1 | 02f60c90e96074f9cc1bc422ade85861ae15d066 |
| SHA256 | 9b176dd43764e76d862eebe5090d6b8ff528656dd39167cf70863517a95e61a0 |
| SHA512 | 15ceacc3446fd874e6fafd7ecf1f6a08a9fbc7e6cd317ebf4b9ae6232be693a6276cf5613e753b0468a83b1558df347d8154044192f4240930e5641e13f88050 |
C:\Users\Admin\AppData\Local\Temp\cMEE.exe
| MD5 | fcc1a3e1aa15acdf3d78fe29804d6cba |
| SHA1 | 0e4b5f256793515f19683cd2a5cf94a51d478e60 |
| SHA256 | f1de9b9774eaf4cdd0fe1bd444f85be8db0d98629b5e71aeaef42ceea3b5117a |
| SHA512 | 36909c9fcdf7ff0a73e6c67852f75f20e8bb56b8c59627b483018ec3398781d0069404d413fbd4776773897eb50757edc9877df17a167f4bcabbb1aa1525cfca |
C:\Users\Admin\AppData\Local\Temp\omYskUsU.bat
| MD5 | aff519241d939063b0e604ec19c924a3 |
| SHA1 | 2f209f6360f5e61eddf35a57902ed68abf103c3d |
| SHA256 | 699fbb47b22eb930e0113abe629ee2fecd3aa156ffbcd8592ed03d7e1602f35a |
| SHA512 | 53b2982c72bef08bed470f2ae4293cc5579df7aff9da5001b7b643b661c588dfe4e9df45fe02f2178e32b4acae44663d208c4729be25d3bf854479c6b764702a |
C:\Users\Admin\AppData\Local\Temp\KwAc.exe
| MD5 | 80a8df64e844cc6b3bcd303aa72d9e33 |
| SHA1 | 53a6fa83ba852d07163b7c7dfd77204f32e1cf0e |
| SHA256 | 382c0fe2f02438ca5286731454f188bb0b1daba255fb06cf863efa46b282faf5 |
| SHA512 | 29eec8993b995a93a8db3190f595d49d5dc3d88f15b1d3e816caa1ea9bd77206ec18fa1a45211761a5f010b594252a08c3d95aba12e3a586a927a4b4679f5155 |
C:\Users\Admin\AppData\Local\Temp\iEcw.exe
| MD5 | 13a8ccc07e895ef42a37129b4dc90222 |
| SHA1 | b5b3ef5c8928a800e3d62de0e16bbbeaabaa686d |
| SHA256 | e8ae85d05c354eaea609940f1dd219859025ce441bac743eb55a3e1d57385046 |
| SHA512 | 8b1ab57a32d8cee068d28e067b07d9be94e3a6e880b712ddb06996b762fbb76bf2e2ff9c7f2cf3fd22c3943633022bbae197a506f10746f9232aec728a19a429 |
C:\Users\Admin\AppData\Local\Temp\mkku.exe
| MD5 | af3000873912db65599f7d61abed4d3a |
| SHA1 | 38da0cfcba5fd39beb63b9366a505b06c60b8050 |
| SHA256 | 7e5c3483dee3918e9dc3b40fb706ae5ada354f59023ad3516b9f218763bafc74 |
| SHA512 | a8a203ae8bda1cdb323f7d5e43176a160127daf125ea1d2ac044f3aa09a164590d17bed4b8b62cfb82f01d348753301c7668ff613e422ac972498ad75d2c3a40 |
C:\Users\Admin\AppData\Local\Temp\CIcM.exe
| MD5 | 6c87232d071e7551be89b985f4156e40 |
| SHA1 | 94294cce4ff870701867b84170d9485273ce5e22 |
| SHA256 | eda82309271c855bd56e940294d5c53d058588c1d04770231d968d6e10ac9ed7 |
| SHA512 | 745539ce469dbd1d18e442521a50ceab8ddb830c370e5da6d168893d99e54bab7151a98ca1385c8c183178a8c8081951b93a808bef15d73ad34194bf7e09cbea |
C:\Users\Admin\AppData\Local\Temp\Uwoc.exe
| MD5 | 6c11c4145c472c7a0597980097a03c9e |
| SHA1 | edad2698ef1923168d47f2e4c1dc2ac4ceca1992 |
| SHA256 | ca3e1cc07d47a0e511d0a07ab4b62e0137217a85c79671084e838d49c07f00c6 |
| SHA512 | 271e9e1f524f8295a55b87f826bdbaf6582f02f2ea610a98d0c80ce1abaaa8f2fb2f91f75ff701a9cd98a7481ed95fe2f00659bfaf621454b9fef2af393565b3 |
C:\Users\Admin\AppData\Local\Temp\occK.exe
| MD5 | 3d9e81c16beac56edfdf41f82fcf4e25 |
| SHA1 | d473ff51fe66f83d0bf42a15d951e6799c0a8d60 |
| SHA256 | 0d54c3d94b8a0496453694ae983a35a6422f52b61ba669d57483f5137e8c30f1 |
| SHA512 | f76f478b2044b81a7f420fa5baf639ad4dd525417c1cc330f009e279f97cfe98cf55f99f8d9cc8a75a3291c951f1d600cc743570acea4243d6a28b080c223ab0 |
C:\Users\Admin\AppData\Local\Temp\OEoi.exe
| MD5 | 720ec5912db0b1f579b076be475a2115 |
| SHA1 | 0ee37b752abc97abf5520dfad285f48e196b5070 |
| SHA256 | dc7a23f0320649ebc3f82f5519d2242c2f0f3ee79b8ff2c01c74aebbb7f22fe7 |
| SHA512 | ef605a9bef9060a774ea553524c67c8823634e154239f7b545c00759ee4c8685fa0d7e4e48d3d68ef2e556b7a6a71bee19cc9d549ca7da809f33f3dc75c3d378 |
C:\Users\Admin\AppData\Local\Temp\ZEQYoccE.bat
| MD5 | bf48123435f71af6dc567287295081ea |
| SHA1 | 55809f40efb2eb5198709b8194e06133a1554b9c |
| SHA256 | 7e92381d52f0503981bc76583b2d37a84c3ceb24203e49da312441398cdcfb4a |
| SHA512 | 5ef7a152f1932ae1c7a4c0441e09dfa3f934e5b6229787e04950ba85b9cd1d9a76dc11e6e4a8921bcd5692b3be28c49220573712698f9d8094425652454fa479 |
C:\Users\Admin\AppData\Local\Temp\ecQI.exe
| MD5 | 4927f2e0f8f6685f963b8b02bf9c9803 |
| SHA1 | cda55ea98c559e72bffb636818eea436b30f3654 |
| SHA256 | 04c7bfe219d204bef6fdb8ce39ba7e551bbbce8954533985bedd789fd4ee1d49 |
| SHA512 | c4b266f0ecf66553f1e2223d784c621f5b4c2e0c96a7499e04bc162095f4ee6cea1518c3ca9696e6caf00677e232fdaec3534d9f9cb3a31d2b84cede1fc8ded5 |
C:\Users\Admin\AppData\Local\Temp\KYom.exe
| MD5 | 17e2d1c21a4ae0c5bc2fe445fbf85d1a |
| SHA1 | 9a50bc01ea98404a3ffb8404c269e9a550a2ce67 |
| SHA256 | d6d449fa058cb3d996ce214d5578761945335a422dafe1fd90e90feb70771c18 |
| SHA512 | 49b3d036b38ecd0f1f51cc2f535ec23540c36cb5ebacd7fc81000a673e6ee3cb30ded478bf88c34c976e8b267e1ece68000b36dd1b5011085c9eaf68aeacc6d4 |
C:\Users\Admin\AppData\Local\Temp\qEII.exe
| MD5 | 0d4b3793dd352857694a7165e259daa9 |
| SHA1 | e6adc868b717c816ca3523683601512edc133094 |
| SHA256 | 0de10de37af6dd99f468fb181497e41ff39dfb745babc93e1ae35da1bd04ba18 |
| SHA512 | ff47ca68b18ac85924c5c455a147cb7da8f77e6794955595ea35e45e97a7c033ed8dc1f4e3a6d92c1eb9f8079a0ce8c8687d0e51c18137ea42c380a766289d66 |
C:\Users\Admin\AppData\Local\Temp\qcUU.exe
| MD5 | 693b891a719367422eef0a6f27ca7ce9 |
| SHA1 | a07f508a89c10767fba5ac611846be9396df3e64 |
| SHA256 | f60acdd6b828a90ed3f48675ff2fe12274311d3020d92bff78fe79d739ef7c24 |
| SHA512 | bf80f0605a2d74f889318e6c2e4fe21f8b48742237ae808001017da75288a97fa33e96578831e9d145bfa23d98927a3665806261f42e43df979ea6b1b8b4388d |
C:\Users\Admin\AppData\Local\Temp\bQUUMUYE.bat
| MD5 | cd5454334368dcae6bfe20bfbc250883 |
| SHA1 | d2679d967058c9792928511e59e3db5ecaf2e113 |
| SHA256 | 747e4342c3b5105253e52911191e47c4e02b4dbda9547181bc5f45c3cffe6dd8 |
| SHA512 | 72cea16518dbe91adedf9793a3fd79f62e7c587e232c19be3c55a84cf0732ae722c4828b3c482053817a35f698c299b5236906b51d7981a6fd8cd9f700eecccd |
C:\Users\Admin\AppData\Local\Temp\yYgM.exe
| MD5 | fb59cbee2bafd79a263594415c82f61a |
| SHA1 | 0f5aff57b6a530cccbf7e0e8ba85e7cd540ef049 |
| SHA256 | 8934aebc2a1e543a57133a584ca9356cecef0e32ba030daef5dc4c4b7019d4f7 |
| SHA512 | 488b24214c43b2e98fbba19d77374a056212b19f52c6bca7bb5dd7b4addf539fe8e0a02d101043684dc2d9043b7e06cf2b0bcd66faaf67546945b70cff401d88 |
C:\Users\Admin\AppData\Local\Temp\YsQm.exe
| MD5 | 33dd9b8e9f0a1c2f8495db1b0a58847a |
| SHA1 | a526a14e9f28360b7155b1a03d725adfc8253231 |
| SHA256 | 73f3e9be4d8a512b9edd3f0b3746fe2e1cca784c5b7fdbf60c1b032764384484 |
| SHA512 | f47f413e93eeb0fb82fcf4b1e4b023748f12604520a605d3e140007fc7a3b49b7dd029a02151df2a606ee3db61caeb31c640adcc9b357dbccbeb0232c9f7c11c |
C:\Users\Admin\AppData\Local\Temp\CQAM.exe
| MD5 | 0ce76826fc73a0ff20bfd67cbc520010 |
| SHA1 | 201dec861528ef4f675b9053728acd19117efced |
| SHA256 | 65f79670ea937c8893d50662b2d82253069022def1c9c35819c995af31ff2eb9 |
| SHA512 | 2df88715f9f06259bf0c1888e165c3ddc787363ba54e4d22d0ef752e204518f8f8cbad379a11cca9b3d12835a9cf2c08d76ae4b35e58f2dac5f0b982cd6bf723 |
C:\Users\Admin\AppData\Local\Temp\yEsY.exe
| MD5 | f7b41f948fef8f13620c1189afed51ca |
| SHA1 | d81ee8c5e468608626b686b363bde23b71ee5f83 |
| SHA256 | 242b0d8f1c9f894ebfe1128422b4f179ac54576c10b9a14dec7328b8ced1551d |
| SHA512 | cfd60306c774c8ee9e646c653461c28f77be8999ecaf29f93487271db8d38801acab0d1cd2bd3b9c052602663a21070eb22cd66852acd07e1a43c2490891eb50 |
C:\Users\Admin\AppData\Local\Temp\WIYA.exe
| MD5 | 35afd99759fd108d6d2937b7d5d07272 |
| SHA1 | a84c88c89407a4e0d86ddeb83d55967aa63e09c8 |
| SHA256 | 81a5ae0db09328cf3a100c7a5f2c8c65932ffc5bb76bac10d7abe6ed2e81de3e |
| SHA512 | 69abb9a821e996b77f3fa283e1e459175c3e59305ada47cf661016d164c6577a8a7011661909cd179c2c27ee95b001710db82756c881b0660a3f6e6c91da853f |
C:\Users\Admin\AppData\Local\Temp\BucYcMkY.bat
| MD5 | 9637791b9a0b7cc4f019aacd8890ee46 |
| SHA1 | 4f0ae20ac3dc79b658d83a126552f73c7c217ad1 |
| SHA256 | 82d9c2d37afee636e0757a37b6c30efa17d6a7948cafd10d3b6b6eed0e8c80fe |
| SHA512 | 3d0148adaefa2d50495a1686679043320d9b3a65bc99976eabbb335b1e9044f3f27466a9b7a1e8125f99a22f21861a291b398e95b53d247b1107671c57102182 |
C:\Users\Admin\AppData\Local\Temp\GssY.exe
| MD5 | d04cc1d1465ccd838941a50d3c7c944c |
| SHA1 | 9d2dd56af8449ee6634869407341d8b46826496a |
| SHA256 | d6051fbed446b7c18b528e7f3686a082103fa26a1c8fce566a9db9b734af7bb6 |
| SHA512 | 8ee4bfbad88519ad283bc6d299b1ad4045ca207cadfa3a09f75f9c545e2a74929131ba1c045c8df515276ea766cbd7469d2e6fb189baf6eb4658dc40b38e144d |
C:\Users\Admin\AppData\Local\Temp\esgG.exe
| MD5 | 1de9888b28ada21da4b59f1578de603b |
| SHA1 | 316991c884aece9c319705e6c8e9b69fa1a6c2be |
| SHA256 | 4300e436c50089989582de8670d9084a34b192cd83cf9ec8a1ed753b35941cb8 |
| SHA512 | 2eb9fee806756012c1966d6d750ffe51d208517880a9002997cf0e85d414588eaa047c197aa3311e3d0fcea66349c48ddda9b0b9cf4978c5c71072117b75fa12 |
C:\Users\Admin\AppData\Local\Temp\mIMa.exe
| MD5 | 69b910c1b4c733731053fda1886bad61 |
| SHA1 | f1d031ccceea9e487d1f5917e0d5795e02859e41 |
| SHA256 | 4aa0ad817c5339d6c9e8441494f46cf0195597dfcae82f8bf7a4c96f90b74667 |
| SHA512 | 278afb21fdbe1c0546b531fa0f2f2d94c430ccb4f055f8b0dd8415b8d1c3a5f8e49d1d4af53d00b7a1614ac7af3fb66cdc7448e72fbec70c6700f16ab2faaaf1 |
C:\Users\Admin\AppData\Local\Temp\eIAS.exe
| MD5 | 42bd9280e9c5bb6f154c437486c88720 |
| SHA1 | 8f06a3aba5a2547cbbe72df9a97549ad9bf87c0e |
| SHA256 | 4c0a15e35115d162b9e3d68728ade3b0b09251045c60670ed7446ac88eaa9649 |
| SHA512 | 8506b2504fb6d87a4acdde0f373bc49e64fe3a0613fcad989bff55b18c23cf2f55d185e0cd3cd7379dcfb4dc41d824dfbcef1a957c354454f2cd9faf78f03ea1 |
C:\Users\Admin\AppData\Local\Temp\SQYO.exe
| MD5 | 86eea30664c9c9563bfaa4239bfb2c4c |
| SHA1 | 1a9d44d0d55523ccd8e9ca5bdd8526891f7338ae |
| SHA256 | 357754b3ab181aba533288eab928774cafd4b7ccc29e0993fa39b1318c8cf02c |
| SHA512 | 48a2a95173836e65e77cdedbcb73294981da2cd066d92cdc85e6a2bca861a46612b2d28d9e08655873dbe586f08752a3a88d682bb5c6039e315ce979a8be650d |
C:\Users\Admin\AppData\Local\Temp\GYAe.exe
| MD5 | f3dbeb2f8d678d5ee9257492294de252 |
| SHA1 | 18f7df1e63e8e85c0610031116a14112b2c375dc |
| SHA256 | b948d312e70f703512722d0c203e75c1770487b1beba72681e73ab80ecf2035d |
| SHA512 | 2acc2e3ccb16343c05dd2085d67ca236827095a69085296fbce64caeb10552bbfd87b2506c7f2fb757b68acf3ef490dccbac6b281a27253677abaced50e85181 |
C:\Users\Admin\AppData\Local\Temp\gokO.exe
| MD5 | 51cc358d7d3b9dada805f68f4bd3470d |
| SHA1 | 8c920bad8f8ec7a7e5f6e3662b0d1ed522c4241b |
| SHA256 | 4e09f2c90114bda8dae9866b98e4f55adb5c6158b1b3908ff536b0e778d2b1dc |
| SHA512 | 9bf27de502152d4f4a3b59f13a5953a53e5ae4a2f2c1dd1557ea3d7fb7d4a2984028f506fa877dd58cdd5278dd8f2423f185a61bbaa95e1036050378df5c6097 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 33d3802106855a56d3c7d5450448ebad |
| SHA1 | c0f9f5912a4d849dccdba94c2790f6080631c5d2 |
| SHA256 | a5d9e14803e41ded42717226ba10a0aba4fa10ba1d7bc2ba29f74f9b4a70035e |
| SHA512 | a0bb5455f359e3ad3c21ff8756df513675b2a6092ad181fda142a535f0d59d9d6d1c61adaca2f50d10285a7d04f27befc6c4c1e7e3fd2d68b543dab761b80b06 |
C:\Users\Admin\AppData\Local\Temp\wccMoQgI.bat
| MD5 | 4d934e85202c3a65c0b7212cea6faee1 |
| SHA1 | f4ba0186a4e4232840255a66e00b9db575629585 |
| SHA256 | ac781cdaf064fc99057af2f748e1339573adfd08f8d50a9f203b3764e984151e |
| SHA512 | 8520a3aefb2152550f4a2e5d8736a5e49dc031de1de38d626e6c20a8c9cd162e810eae30140f44c988127bdfb82f45bdbd5fb2876b95ea145a595cf3f29ce7ac |
C:\Users\Admin\AppData\Local\Temp\McUA.exe
| MD5 | bf4debb054197eaa26ee637822c98852 |
| SHA1 | 6ed7c189109b9d8aaedd2157476ff1e7374da920 |
| SHA256 | 74126eb76b2a0d631ebf4aa315e31cc5a5b814de26db28fb6bdb08c22754268f |
| SHA512 | fe00d1d610f586b9302b856ed4c04a62467241d6bb52c8e2a174b9fb4e4664e34d77fc2854d8c489e86278fce0c23b656e5b91543d8b8fb5b5732345030e89f0 |
C:\Users\Admin\AppData\Local\Temp\SsAk.exe
| MD5 | ec0eaadbce2a85097c93fd45869844a5 |
| SHA1 | a074b71dbddbb81b521732c9e23830a4d17e0029 |
| SHA256 | bc38b32039712c3d1badcad7e67827ec8029259ae7e9579391a3c9d6137ba9a1 |
| SHA512 | 6dfa1bf74dbd5d8c4d6b7a8fe8afd9ba07c57b9be80ad437f31698965b9af16c5f091b58c29f2bd2f684077eb2878d0a940253473094dda35c044dc8b7893c83 |
C:\Users\Admin\AppData\Local\Temp\EEgy.exe
| MD5 | 09e94d414ba9b7efc44aa31fa3ec6413 |
| SHA1 | 27320bc0d42a175ededeaaeffa8d7b24a6d8c93c |
| SHA256 | 618ae29da514744d86d4f91e4e33ca460eb552908859439a4f680e1dcfd0a513 |
| SHA512 | 312b01370860ce35d0cb23316bc2c45fafc3222bdbbf7dc82d3894dd0f8688199307a4450f2d92c1beb090e2638564c79efa3c997c40b8007f0aa30348007372 |
C:\Users\Admin\AppData\Local\Temp\WQYq.exe
| MD5 | 511f8af1826f9f81c890f330e05e8130 |
| SHA1 | 1d396b568fcd89faaffc7583f38195311c65e92a |
| SHA256 | e9b86ea4c4e32e4e9d1b95a9c41e7f47cfa901c3d2eb5d918e5b4f2b281730cc |
| SHA512 | 501296242d975e8453b61369fbd38eac2987b02d3756f23296a6f07446ed87a12a23fd0057357ac47082c1870bdd9711bee1fe52188d37ff5b91be11e7fa1075 |
C:\Users\Admin\AppData\Local\Temp\UgwQcAQw.bat
| MD5 | 004c2a85881f8639fe53d3fc5a40852f |
| SHA1 | 73e5734830e8b5c43c47ba9a31beb6a63a7eb80b |
| SHA256 | 27147d8312d6dd4e81efd7de08bc7aee52132f396ccb872e848bffb93dba0381 |
| SHA512 | 33af48f36e4b2eb4516e24822409c063d5f185aaf9ea0c08fe3b88f6cf7a0babb2007aa7a9289a2faf002992681a18383a1271874bcf160bcd580266db062da5 |
C:\Users\Admin\AppData\Local\Temp\Ekgs.exe
| MD5 | 9ea381fad5f2fb53fd8719ffa900e104 |
| SHA1 | aa2c63e1d03f540c411d5dc719e7efe9d9427adf |
| SHA256 | 82a8901384eb52f71472b8914fa8f70bbbfcdad11982bccf13644550ec665dd3 |
| SHA512 | 99261ef713fb7c88f4fdf3c6c6f6904f10b4160e32351d5dfc84a02f4bbbd08cb8a27dc2d35463a25ef90bf7539e721108ab05303afae0e7df507edbc1d5a278 |
C:\Users\Admin\AppData\Local\Temp\sAIO.exe
| MD5 | 8ba2122f6056c19af11cdd9c903d3fa2 |
| SHA1 | 886e313d392483dcbd4b1f6709aec3c3d5ffe58e |
| SHA256 | d19ea32d951f25136460933974b0f1799e172af73183573cc0e92cb56263e6cb |
| SHA512 | 5dad282bc795c17cd68e7164fabc7f2cbb67c930e38752f4c772c32c24913621dd3af1a9efb2b5aca0a213603d88c38ce960c6d4e8901da1c82cead3e82e64ea |
C:\Users\Admin\AppData\Local\Temp\WIgy.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\SMEe.exe
| MD5 | 7ac103a8ebc5c166ab2799bb1f38576e |
| SHA1 | d75e7007f8742ad9cabdd1a608d476e0d3cb4367 |
| SHA256 | 7f680ed6bf165a6f5608e339ae025391584b22ac657bfdefa4152e6ea41b27da |
| SHA512 | 9c5bcfbd4c476ccd62b3939bef43c2dd3260630eac8a22b21cfd4cc8cd2c7df166f3bb58e99f995c76bd58615275d4f5a9f12c77178f031d4fb3f6f60a28306a |
C:\Users\Admin\AppData\Local\Temp\aYgA.exe
| MD5 | 254cb4ae8214db2397130d3776375d75 |
| SHA1 | ae875b1f8b22fe0d4203f35a549c767b6d790d81 |
| SHA256 | a50674729b8b4f545e4bf108108af9df88f5be943ea3868d35ce4dbcdce7dbeb |
| SHA512 | 56ae3ac3416584bda0c105af81323f8745a0fef72a282dc21665ecd8a18bf60a9ef2c144c1dc09b44ea41b06a9b4ff33f00651c12f336d140913bb11880c10f7 |
C:\Users\Admin\AppData\Local\Temp\qgUAkMQU.bat
| MD5 | f8230ca155a16c0015d1755f5d81bee2 |
| SHA1 | a07c91d524e16ae8f743dd64e947137fa03dcfb2 |
| SHA256 | f41e9e509d617b0609c653e840f4e89d4755173bf3082fe89515355558f29e6f |
| SHA512 | 26a60c2a221b1ad6f7e0acb87611e86fbdf57c131497a0ec661ec1cb4f2ecbd0f4afc0a82c3695450d938478503e6d3106acc6d93ed7002afc439a8a3e372ec5 |
C:\Users\Admin\AppData\Local\Temp\YccckYsI.bat
| MD5 | b772dab17741c6dc0eda29303e1f6a03 |
| SHA1 | e17d4dd13c97bb2995bd052daef9c6806312ae0d |
| SHA256 | 82e3c489a3af3276279c3260e0f2a5f88a72f2a05c5fe2e432e91d97a029531b |
| SHA512 | 8d94fd2df9ec4b721b8afbc8d67b89b9e9a85edd41aeee83fbf38c697b991ef622ecafb08523e39d4777750108d4e67d839a0d3c0b996eaaddb8e6bf15d5bb90 |
C:\Users\Admin\AppData\Local\Temp\LIogcYcU.bat
| MD5 | c75fbb5d92da5e8cddd14e656dc21586 |
| SHA1 | 69c53e26157a4a7674e709aee5030b83a27f1403 |
| SHA256 | 0d1a42d83218a82da79f8b7695f96c6967e4ada3ea39ee8b8ce19b9dac90990b |
| SHA512 | eb0bb1a5ec0f4a857f3da28077961d57ab2c1f985e88d9cf8662d9fd07dc1757618e16b90fc40c1e953eb46c05d790e7eab20d6a4ac6e1ab28e4ab021d8e5e48 |
C:\Users\Admin\AppData\Local\Temp\BqogsEMs.bat
| MD5 | 9a95c442627829f8e31509f09320180a |
| SHA1 | bb6eb320e150a3ffe2d585c6bc3c4799ece557b6 |
| SHA256 | 8a542ec781cad5b0e4af8f37152c87cb89181768dc1329f84ebe865552305ee0 |
| SHA512 | a7e5b29c976759612e9c76f6c7854614eb696c64b3d1734d2e7a1b6d52420e62d3819e0f433d293a134c3ca09eb8f418f3f801a45ed5df2cec8cc502c42f1df1 |
C:\Users\Admin\AppData\Local\Temp\pKAgcYgM.bat
| MD5 | dd78ed9d9a213e633715c6937bce8cf4 |
| SHA1 | a066881323ddd3227ae17b5e4b45ea506f4478a9 |
| SHA256 | 19201c628df915027610db19eb217cb0c7b818252099e91d0a316a689bfc0ebd |
| SHA512 | fd50486c169e3c554c378cea89e418e36d3ea0116f6be37e1f90632fc46e460f102b49de28b24034ab5635a7dc11470903de8cdb24a1b3594dd2e8f838ad3762 |
C:\Users\Admin\AppData\Local\Temp\hMIIgIAk.bat
| MD5 | c591f34106f0be2e502b64b4778610b5 |
| SHA1 | a16bb2094eb60d07faa7029f3a7c3154e131e549 |
| SHA256 | 1353deefb6929d4265574cac19f73489b616e1fdd8dda683e1c37d513929aaf9 |
| SHA512 | 877d0f88e7eaeb958bcde4d61c430a6960683025b22e53921d69bfbdebd30dce00bab11ca15f01fef4becff44de9a53033d1d0908bb5b96b237ba3547a447969 |
C:\Users\Admin\AppData\Local\Temp\aiIkIUEk.bat
| MD5 | dcc6c08ba46f4bd136ee0a0bb5dd5db0 |
| SHA1 | cfb47c237fced0ccdb616256d3f3bd61f9df1f96 |
| SHA256 | 9439f775a3298f501d629ed9f2b794eebc76a24c4d4d343145c717e103188230 |
| SHA512 | 750c5077844601c08f2e4805fcd264e1d4b85f5ba6c5f61fbcbac693813d8b371983219be439027c036ec4753835315942e5fcb438c8e44a4e47d0888658ae11 |
C:\Users\Admin\AppData\Local\Temp\IqwgkgEo.bat
| MD5 | 82037709f594e7b79a05dc698be54012 |
| SHA1 | 20533113caca6682a282f53bdfaadad7137cb1a3 |
| SHA256 | 9109e537a9e823f3fa6337d56a5bbbd883b7b6dd75f82a9fb4f4415ba2a3f2fc |
| SHA512 | f71d393ce15c47530cf12ae74e16ec8f013f79fac74fb77177d04bdb0b561362a4b0db3da96c3254280f448d3af5c1fc873a38431d184b15ab7969f2c09c9dab |
C:\Users\Admin\AppData\Local\Temp\oaUEEcsQ.bat
| MD5 | 1cf468df97f7085fee1589beb637454f |
| SHA1 | 13975f24c9a7cecb59b74abc9d51dde0b91c633a |
| SHA256 | e7c326eed62a8143f185d0c595ec5bb2fc4b85330dd7f99a2a74cd571eb2cf09 |
| SHA512 | 9692c63379989074b160f4ca97ffc2b5d4fc30ecbdd48813bdfd4c944ab37ad5711662f6aefd941e18c23be64695a8e37dccc5cb76fb78a176ff807689a6e1c4 |
C:\Users\Admin\AppData\Local\Temp\eqIYcQck.bat
| MD5 | 2e15d1e0f85c75b3ca3c0d6d8d6e5012 |
| SHA1 | c7405070a5fbd374c1b4c772ebab1f0c892d28e6 |
| SHA256 | 298e38168b29d3e65439138d5a715d5c2f72047e0c235e8cd4873c2ca8f2b52a |
| SHA512 | 8b41afe4aae07ded4cd038db239f8b8c653e07ad2e76cbecd611be8c86447e652f805620f1835ef0aa8ecef6ed4018550ef00708bf3ffbcd749616072914badc |
C:\Users\Admin\AppData\Local\Temp\vsogcAsI.bat
| MD5 | 0be51d3636061de4485d9e219a80f578 |
| SHA1 | 3ed1ab6771492b73954901704b9bbbbffe469331 |
| SHA256 | a79de65814275941a3e6ea17ca8827e04402eb553e38b7987c4c95f5c3634e52 |
| SHA512 | a403575b0c124f0c568603fe4aafc8b86a4b27fbd2f657916035ed9cc386b07f8fbd132411fb7d7d1bc62bed451bb8d3586c69ea0bacbe9eb609712808c26a15 |
C:\Users\Admin\AppData\Local\Temp\tSUgkQIo.bat
| MD5 | b3473107134bcc340a96c82977994d91 |
| SHA1 | 8b86338898aa76524c63e74ee47a42da3bf36a05 |
| SHA256 | e8ce4f1ee4dc0a1de9f42db52495f9af280a774c96b8a0b70437472e6a6066ff |
| SHA512 | 21aabdbac44068d6f1a1bc9f7c90893db6a90002bfce4a631327f3156c13308e45b93f65854b4838282c5ac76b55c7e95910997338eb6225146734f966af5e59 |
C:\Users\Admin\AppData\Local\Temp\JgAYIAco.bat
| MD5 | c8c81865c510043e698af76253016be0 |
| SHA1 | 6ed53bcc4fc4d8dfa4d02b0d20f5eadab266ff2a |
| SHA256 | 76630e07a8799ff35e259e05a370fb9b3a13aa22270fc879342cf688e9c718fc |
| SHA512 | fe519e76b862495a06ca77c061a1019b6a9efcd98425f73e0371c9bb313a72295b2a435eea03ebd91f4ec84c8883aa1e6eb519c26f432972afa99d8a1fc98d25 |
C:\Users\Admin\AppData\Local\Temp\ocQU.exe
| MD5 | dff5618b4e8f29eac6c7265dcd9a42ab |
| SHA1 | 265b4d7725f17f2c2e667d844a85459eeb49af0e |
| SHA256 | a44e8d5e53195ab157c0d523627a0459623f9316d946a3b9865e1ebc0e5ee9ef |
| SHA512 | c544d65d142f49d480a7a2fe5f7f13ee1ac364f2e7e71765891ee5142e51dd4b8333f9883611cf8ffe0c10e2166d802787f431113fa227fe129c272d3e5ed505 |
C:\Users\Admin\AppData\Local\Temp\owwK.exe
| MD5 | b0e768e001ea4911c177c3bdb9cf4e52 |
| SHA1 | ac1eec53ef1bbddd719bcf25084e6b49a0a5f986 |
| SHA256 | 33d4e21d1d70df5bb95ba9d5864bea44b7d2c4cbc37be14225b703578e42e2d2 |
| SHA512 | 6d67502e3dcd863d0a6823e5405a522f3c00e85c0640a9328bd845d2c582ab87bf2839391bac828b10857b40191a6dcd29590496409fcffed412c25385649f54 |
C:\Users\Admin\AppData\Local\Temp\SgUS.exe
| MD5 | fee95b2eb1f6f6ff9eb094b12e89086f |
| SHA1 | 7ca7af311030f215ae671736a176a30a0ecd773c |
| SHA256 | 00e50174298d7b98f98ddcf2000eefa8ce6539584eddb44f8444ee11d8f6df00 |
| SHA512 | 05ff21f41fe3e03c1d4b25a7da9492ada10e4973660ff0e0e2f221a35908eb6f522e1cd798051d28ec4f8dafef05316ea32ff016c0f279139bc9b2695c6b1295 |
C:\Users\Admin\AppData\Local\Temp\fwQwYoUs.bat
| MD5 | be416a4de17a2422f6cda5fb6cc9077b |
| SHA1 | ee75fdb098593d3b95d25d4b68ccc0a854c2032c |
| SHA256 | aa9cc264efc670eb6ace53328db01277522140f7a2ab1940bc4f3634176244be |
| SHA512 | d639cd6d39e5e77687f7b29b837905543822c8141a0bb2ea9b530eeecd724accfe324951bcfeb22623fecbcaa1bc34f6133e34aee8b3a5024d4fc58c733c4a48 |
C:\Users\Admin\AppData\Local\Temp\assq.exe
| MD5 | fbd93c3d0206f69aeb5ec7b9ec62dbf3 |
| SHA1 | 8acbc4f8bbf1dda831cd831780e389102c8b377b |
| SHA256 | 357e7caea329ad41a290df01436e4073e5f478095029f6ad330a98dd0f922e43 |
| SHA512 | f77d97b54ed667e10b2cf0dbb766ca0d2370cad21999569d40f57a5ea142d72c17ecccb5528c4062191edeaa372923595879a23f411e4ee04d8721e43fa53d4a |
C:\Users\Admin\AppData\Local\Temp\cEca.exe
| MD5 | 78d5709cedd7aeed97444a4b3a8b8c1a |
| SHA1 | 6a714e4601e1628f4c9f0f0bb11eb517fc83c931 |
| SHA256 | 1cead494ffba6d5511b4e5d91b0576464de49ef48250e6de8841d4116264b714 |
| SHA512 | c6b8bfbde1533a1317c0e308365b8a631b3c9e625b2f963b70d3de0eee7b5c2906ad61393e6189763b4bfb6712342348de121ac76af1e5a07790bae5f29b7dd6 |
C:\Users\Admin\AppData\Local\Temp\aMUi.exe
| MD5 | f5d5d9a42e67a38e6807d92f29e22c4a |
| SHA1 | 5e14191172c3f0535736e83cb0d073889af70071 |
| SHA256 | bca64702742c3e6a6ddce75512b8d06109348a9627800400e033efb75e72728f |
| SHA512 | 288611d33008249dadd0c69d3a4acc1f3676cc238b46a6e438be99f0511af7126f70fca5374e19a80767a0aa26ac1bf10622db9da7e5902fd1bb83476a6c3829 |
C:\Users\Admin\AppData\Local\Temp\KgEC.exe
| MD5 | 09cce4c0a6df088d80d00ab39ed68c5f |
| SHA1 | 10bc820cc007be27b8da38dc6a88f0a5f19be3ea |
| SHA256 | dd2a998a82b843f12d1704ba6c3bd8c6f17af2bf910a5cb901074a427a87d21e |
| SHA512 | 17861adda380d2e8afd5ee4cfc75cbda6fb2ffad72b54cd904c2c53fd03861f6f93e0aa9e84dbc63adf86fe8f828510b7984475ace144a0a84f862ed669495d7 |
C:\Users\Admin\AppData\Local\Temp\kQgo.exe
| MD5 | bf3af0c899c35135f17a62dab51186f2 |
| SHA1 | e72524a7185858a893dbefdbb8756490737b7846 |
| SHA256 | 87675ec75c254eb9dae457d1edd5fad9aa28fd39c4fbf5d73ff1b7349270568b |
| SHA512 | 17bd6b6dd4af639ce1dc76066247f16d30405103f53b9f2f100c733851d48b0c88fb8ab78d5f277fefb61386ff5fbe042d71df92edf199f5323f4a812b4d7a33 |
C:\Users\Admin\AppData\Local\Temp\IgQi.exe
| MD5 | 2aa2459ad49cb26d6ca68f5d351c4738 |
| SHA1 | 14ee6c3600aceec4c73d50c8ade42881b64cc75b |
| SHA256 | 08564d2545e1aa21db947b4298632c3590cd88184eb79acbed5b5a0b4a236ddd |
| SHA512 | 0838d5155eb53531e636c1ee56d55bf0909d1434c1fb3a124e83f88f84dc6e7d04b0803ae667ef171ef3c00cda120c14a1b9d025ac827e0a317bd65c0f807e93 |
C:\Users\Admin\AppData\Local\Temp\OYsW.exe
| MD5 | c809fa09660d7b19f049d7d9ba443c51 |
| SHA1 | e4215958d3823f469bb672f46eb46b5dbb408fbf |
| SHA256 | 607290024a33f11cfb146f21e2a7b351b97f509d34243afd77fbf82481688e43 |
| SHA512 | 7a1ce71a6d2d3d172211978784a3f6d67e9f5b032c2c542228645e6e9e96b33742d566e31ec58366ea4ab7d0865bf323a42a67c8da190d65956110e97f7be66e |
C:\Users\Admin\AppData\Local\Temp\rSwUcUko.bat
| MD5 | 35f43b8ec25ad229e5a8d1a46e06c70a |
| SHA1 | 3462c35276a473e831f5b45368a5d87e7da2e3c4 |
| SHA256 | 4032acbe4538320e54b34751f162bb82259d3d4934cfac15bdd2e5c70fa9798b |
| SHA512 | cedacbc2f382d5b6842e3415ed12bbefd9b4e823c5b79dae9a48297d72643eaa8b05e2c6d9c39f3a8c10b333e3ec87b8286291bb9ea2542b3bdc4b04e1400b57 |
C:\Users\Admin\AppData\Local\Temp\SAkc.exe
| MD5 | f0cd0e48b94c01e8b1494a2e6a40ddb1 |
| SHA1 | 5a8547a901c040a8d065eabe544349aa9eea62b0 |
| SHA256 | f4f93b1a6313e672b24bde530b3f971e23da1dbe09195b05e9e5bf04dfa69bb9 |
| SHA512 | a901b99b4edbf92423ecd71f61fed1a7b5e6eae0e9d0a479813558c9f6160eab0cfec78d36f2e645702eb9a76a18d15abf5ce93c23fef863eb976697fd927aae |
C:\Users\Admin\AppData\Local\Temp\UgMg.exe
| MD5 | 94c3798bdd9eb0503e72f9d48ca0dab8 |
| SHA1 | 21871c118e43ad77d059b6bd57fd8d217875232e |
| SHA256 | 0a1b4b0abad9e45662787374703ce8988497f8c9527ac22f9bb3b14230663b50 |
| SHA512 | a1fb7287e80027740cbfc5e2d5df5056ea440b18b36fee012de3b4081ce8504a70f44ff6db6a1302afd8e14f0767d6834264cd7bbc06cbd7369324a6927294a8 |
C:\Users\Admin\AppData\Local\Temp\qEAe.exe
| MD5 | fe677c5a00925ff3ae200012ec484425 |
| SHA1 | 1a5834da5e82535179a6a1e201ee3ae28ce68d5a |
| SHA256 | 3c0ae6afffce3d05fba5147d45c8cbc52992c70a563c51a7c7fcc6a6ae25db49 |
| SHA512 | d476cdba97cc0233930cc5ea5b025c1ee3c0486099e6551a8774fafd5982bb50f15cea63931379ea87958503763c5301eace7ed9bfc7137dde6137e199220224 |
C:\Users\Admin\AppData\Local\Temp\eEsm.exe
| MD5 | 5ca322f9c5c959f8be822cd5b47b3fa2 |
| SHA1 | b4dc60729804d5d790c9f583e854c71f9f6ba8ad |
| SHA256 | aecb7ca843e3b11ed023b0070608c31302806344b04ec540eaf5a38d7093aad3 |
| SHA512 | 6a026f1ffb5c43fc69d5cc27f93b895f4617d366d1b280ef1bce1bb26436320ea342cc97cd72e03685bfc1c7b5c22cf191248ba9d40f3161ebba75a590c75662 |
C:\Users\Admin\AppData\Local\Temp\wuYMUsAc.bat
| MD5 | 31c2e91826eb0a975e61e917fd324626 |
| SHA1 | b53110f19f8a1f6563e676b99230eb2ad1e2e9e0 |
| SHA256 | 9489c7950650e4fc25fdd8ba3d272907c8d5ff517703efa272efb91c651d79e8 |
| SHA512 | 84838056f0f01453dc189221aa283558348638e0abf8f665bbe6e8d130610039f952bdac5ff3940b809a0c348a28d483793d20b21591cb16c1a82f1fffdc98b9 |
C:\Users\Admin\AppData\Local\Temp\IUkw.exe
| MD5 | 7f39af80705b5ec731d976b9eeb946d9 |
| SHA1 | 16feda95bd14cc912622e32a45405a5a572aa845 |
| SHA256 | c8d9cdfac4e8eac6cf1e4a49ded187704862c969912f4ea931e33d03a693a347 |
| SHA512 | 467c391f1901f47bea60fb22d49248d8601b5591fe53bd28910460ce028e51ce0af2266996d6ff5d458b2592ef2324f5250b69ae431f024bd2e57f46c6ddf512 |
C:\Users\Admin\AppData\Local\Temp\cooo.exe
| MD5 | f683472c711ea61e8eb4c5ef8430ee14 |
| SHA1 | f6f4f4140a3e82235405d612e9d28706e96516d1 |
| SHA256 | e81d88223c6b5851259301d0d6399f3f4ed7434c73ae3ffa1c8725e67636bcd0 |
| SHA512 | 1ba8c7747671e9c5d94563b6d222644814bf050b130fe986ff1be40003a419dac5fb7d9ffd44ae39e0a0d2ed622c79fba1b5661eb1840cffea011ce6ec0e95d3 |
C:\Users\Admin\AppData\Local\Temp\awkA.exe
| MD5 | cb5695ccfc144447eddadcd21c989346 |
| SHA1 | 77796d11dd3682666000b955fa3e9ca74158f481 |
| SHA256 | 4d2a8d4b0e8c3bc9757f9229d7ccb9bbba33d232e76fe0c2a4bcca636045cb43 |
| SHA512 | fc24b9a2d30ae0e5b2caf2c8cc533b8e473111d574fc03d3f14e7786cf72383b045ac02e7af8e51668dc6859495022691f7ee3838899a3b2e9d9155bd923474c |
C:\Users\Admin\AppData\Local\Temp\KUIc.exe
| MD5 | 391a63821688cc7d22fac1ebef068662 |
| SHA1 | 1ac47d820e0b42817018a748e8fc48dd52a2b9f4 |
| SHA256 | d0916ae432ae4ae036de16dca07d8b569b936b513f45c7befd5445bcc17ce83a |
| SHA512 | a318bca1a7a3da3b498761bc80984ce78401106f28fc07cf7281dc171f392b431f725d2041ec6cbd9ce172481d8d49162b992f7e6ecafe27a22384dc6d62069d |
C:\Users\Admin\AppData\Local\Temp\QMYC.exe
| MD5 | 8d573dd1a33bc051c860e44b9327b755 |
| SHA1 | 835a5ad4f193f5f0648c40a6dab569b64437b5f2 |
| SHA256 | 0800187efe32f6c5104bda1cbb824b00006e2fe5abb74e68be2bc77da8830d75 |
| SHA512 | 19714df4ce691a0763f481850efc20ed3d88ea17fed06413fa68c02a05516e47446e74a882d65f750abae206d95bc896b3a7ceb7bf01ffdeaac6763c81d7b910 |
C:\Users\Admin\AppData\Local\Temp\imYcYkgY.bat
| MD5 | 8adb01692abd88e23ee1f42b077552c0 |
| SHA1 | 4d31162d93f027a946d0edff9667d6763ed9ea98 |
| SHA256 | 3d23ae0001d6ef3f30d509f1499d7f2367b27ec92ee866a1f143df25853874e0 |
| SHA512 | 2de76bfa306df4ac7dc6dc45861830d05a33cafc15abc530105c121376856e868afb52d9b2800582d89584a971c8589c84ea2f6bc205ec2f2f358c664c85a15c |
C:\Users\Admin\AppData\Local\Temp\wMkm.exe
| MD5 | e19bec2f75748fd9d84f5f7aaa447727 |
| SHA1 | a5df1af29edda915250db8a5391ba5811485c72b |
| SHA256 | f23a7c43fee5ea15ba09fcf23f345e87f8a089f36a80c306247b2df833ade0cb |
| SHA512 | b45afb1b56e155ef2c663ce34ec1aed51844acc1981600a63ee1631d55794d8dfd70f07b9467bb0efdda1a2e8c05c33213eca07070058365c7ba9c211781efdf |
C:\Users\Admin\AppData\Local\Temp\wwIM.exe
| MD5 | 1335d0f8599e2b2162745c87f731bb17 |
| SHA1 | b04973ea69ea371e3f912b0b5454b44dc2c5047c |
| SHA256 | 2a0592d7e99d9530079175a84b0636cc97c2fb8b04d1e9f927d4686b7e83299f |
| SHA512 | bc0743a3c8488caed46dceb4ef9f632007c82f45dff4a48e1f2609250753baf47e28b7edd1b438dddb5bd2ca3040e4713a459fd7b0b04b7b69aaa6aa8ea5c32b |
C:\Users\Admin\AppData\Local\Temp\EUAK.exe
| MD5 | 985da6d0fefa98b9299107749ea9e893 |
| SHA1 | f829f8d75ef715a1679b3e86749d0e6c76115e1d |
| SHA256 | 7939d89570e1b396d11cc64f165e900bb6937ad46a204fa8045ba47b17b13e93 |
| SHA512 | bdbaac0cc5452a3440039303e24c6746b9fe59c0f322514905fb8792a518b0621082ea4e897dbe7197f95efac98002c2dc6bf0ba7384ecd0b542127c41b44a43 |
C:\Users\Admin\AppData\Local\Temp\yUIw.exe
| MD5 | 2725e67df6d281b024bccbc3abf6e6a4 |
| SHA1 | b658d7030b3913bfddbe219296906080f68266c0 |
| SHA256 | 74434f4ec65d70800788a48209c110a531ce91a5fce7e0ceea46665aaa3fb27f |
| SHA512 | ce94542b964ad32d618131124f8aea051773889f947827f1a67661df8590e56b836893934969a2fda2d657f2a6fb3248154df8f3ef43a631c2b4f75c64f76cb1 |
C:\Users\Admin\AppData\Local\Temp\SwoE.exe
| MD5 | d8f46a5348032f495537d855cc31d7f2 |
| SHA1 | 18c870ba1f72d66e694af0ae7937e3637c350f55 |
| SHA256 | 3f75949c4ac20561f9bf223e5c86c3e74d3fe7fc291c54488b151908ded30a92 |
| SHA512 | eb8bea6c5ad907f65e09383c6266a65be08490085c2192fe9b46cc121e29a6a01161ba275bda5f913d64243e4be8a028b7eace02cb2a2b5b2c91148ac6283e5c |
C:\Users\Admin\AppData\Local\Temp\kekAkAUg.bat
| MD5 | efe0df10db597d9a73fbf89e9947a6fa |
| SHA1 | 50562f79fae9f4a286a362495a8297f849b7b033 |
| SHA256 | edaac78f11896e492c26ba33c789a356f9dcbc7ffb699b7db11d7d535a5dc99f |
| SHA512 | 5d63a53c547ae7663cd070d5bae376110e365a1175e49b81f51ad17785d3a1654e3152ea625271869de70cf59144fe9d355d7d0ed445c3698c8af2db209f611d |
C:\Users\Admin\AppData\Local\Temp\YcgM.exe
| MD5 | aea8114898cceb7ad24796c4c4651453 |
| SHA1 | 3ba3742ba33f8cdeeaa063f2bdaa52b9e0be0f91 |
| SHA256 | 37318276585cf748761fe9b36004e6c00f9edba398eb4ddb46a41425bec2e292 |
| SHA512 | e51bdb354e7ea5126ab7e6c55bd82333a47b14d961797eaa657bc292f94dbe23cc20f338dd04e05e4698b63e06165bb37c8967885b40ca0440143b71a57adaff |
C:\Users\Admin\AppData\Local\Temp\qYsa.exe
| MD5 | 504c5a96d55be1cfc970d2a463681204 |
| SHA1 | 759d7b2a08fa60357cc7f6fd2a8001239590fc73 |
| SHA256 | e5c1d906da8e7aa5e7ef920392742ee6d02b9871fe9785ba58a33c422b861a33 |
| SHA512 | 7bff1de001ebc76565201e56810916d0683af0af4b2e515d1f3e80ffee0099bea900891eb6b61f3130515612e5345be54ec2392616f613e478643c5b03256fd0 |
C:\Users\Admin\AppData\Local\Temp\MQUQQYQk.bat
| MD5 | c18a03c2b92c58dd65251d7e0a37f481 |
| SHA1 | 3651b48531cc768e2542d05217b36286a082a5ff |
| SHA256 | 4c82b2347e85748997a2c25aaf6b64462498561ac75a83ad57d4641d0aac3119 |
| SHA512 | ce88687c83204de890cb8fbb57d079dc778b132c5264261d63b8f43e59eeea98b6d41bca661cb29e178ce1b29ec40bccbba164b98dfbbef200a85880fb12cd14 |
C:\Users\Admin\AppData\Local\Temp\KIoo.exe
| MD5 | f48968b399f79e9534fc9541ae040949 |
| SHA1 | a1ad6ecb41774e9e715432aab2abbc9d5fd76073 |
| SHA256 | 782f83fc5ea64a76bf5a090cfc8d054083b6ffe249c98c0c217561eea773b379 |
| SHA512 | a47547787650e63bcff2f024b6711d688e66e1db5912a9dbc501dcb3cf02959173b806ddfc520b547c6cb8eaaec33bd07addb074888c9cacae39426389542ce6 |
C:\Users\Admin\AppData\Local\Temp\iEEk.exe
| MD5 | c3f2c0cdf02fc2c419bf3d4a2bc69aa2 |
| SHA1 | a66d6fb40cc735a497fb003879a65dfadc9fbdd9 |
| SHA256 | d5360030a953f1e69eb766974510d5ba3511f6dbbc76a6165a167c366b61eba3 |
| SHA512 | 3320630526a13ce799e38535f72825350edc01329ddfef6a63680df20ca523d435e00b1623d17ab047fe013d0c80f05ac8650faf8b88da91d0fe431fc1d317ba |
C:\Users\Admin\AppData\Local\Temp\yoYu.exe
| MD5 | 39b43abf338af18da8686eab9ba41e52 |
| SHA1 | f87394cc6be50984459c7660b3dfc430a2eca8ed |
| SHA256 | c0e8d45fc41cd4586d7af2029a9cdeb77ee1dcc769fbee0452e006ded0f72433 |
| SHA512 | ea035dafd94b28b6f43a587ef54e7f9c948a1cec65d4a3ea699c8775c7f4aaab53e0482a19aea9f43cf3483b2b0efb9f22837caf7f40234fe1043a12d1819a1a |
C:\Users\Admin\AppData\Local\Temp\yQsg.exe
| MD5 | 3b59faf9bf45e6fadca9ce9f17dbe639 |
| SHA1 | 1a96c6dc65c31d5904fda73e90d7ed88cc036a9f |
| SHA256 | 7a76856ebb398860eaaf23ffec9d310241a8750d68babba970a0aaed08b8c8af |
| SHA512 | 18675bc92f70713836389743f78b871a53047afbcdd37b799f26fec974ab748708c0fc7766dff30b79d3c958f6be7b74d6386934d1519fdf7e1166ec85e3d0ea |
C:\Users\Admin\AppData\Local\Temp\dgwgkQQc.bat
| MD5 | 17f755d673b79f1adce02e049a78cf6e |
| SHA1 | 6b56a51d5690492bf787c200070b8b3e33c1a1b5 |
| SHA256 | 7f41d8df610880f34112c15fc30cd94ee5c92a926408c5a794d51f489ae2861b |
| SHA512 | 8a5ee6fee96a8128d738a6796492d5d10eeb6f2507c9c71fe8aea0ed205d200680567323c989b0d2254f8d7b6ccd02d1cdb40e19794797cbfa5a3fb14bb428b5 |
C:\Users\Admin\AppData\Local\Temp\oEMK.exe
| MD5 | fe645dad93828db64fd745e33e89559b |
| SHA1 | 0944b3817a0225665091278a10b27991b5f77af4 |
| SHA256 | 9eb6cfbdd3bdd989fe16ea6eb1b7fedae44c1807a95e356a07b4ae0b61a22762 |
| SHA512 | a4bf002848abb14b36672c41de2e84ca99ff69af1da0f0085b9dcb4ea7fd4f7b652219d5bc969e4e242231ed6801622481b01fcde7ebad12395cca5e4d835648 |
C:\Users\Admin\AppData\Local\Temp\kkgK.exe
| MD5 | 997b99988d4d08981b92570bd988352d |
| SHA1 | 28a1ee91b9b762d86e5f585a0d27988aa378b3dc |
| SHA256 | 026f13ea588ca39302fe71b83904e33b9d56a357b090775c57076386d287ff30 |
| SHA512 | ee53d78fcf4a89d8115bdab0499787be84f1e1a757808b45abd58ef3742573af49826e06198736bc0fd02fa63ff7b43675724e56f46b7f5df9a8dfe36756bd1c |
C:\Users\Admin\Documents\RenameUnpublish.ppt.exe
| MD5 | ffd7b2c48e013f57cc054b0b7e263afc |
| SHA1 | 3d44915ebaba0c80ff4ba5d7f6b0a3cc52816473 |
| SHA256 | e1efdfa537baf5b27587ff97c7b70f8b4a14985e73f6afc99ac0e23922f74571 |
| SHA512 | 0528e33228171450242bc3fc76b63a494be3a50c496ef02371174041a486ea1e3ff6605ee2b8a02b0c88a9eb9fd605110e782d38e1cc6b8036e0b81575f0be7a |
C:\Users\Admin\AppData\Local\Temp\uEQa.exe
| MD5 | f7ca35170d4ec3134aa5e996b798d175 |
| SHA1 | be778ed893f173b14e5497016ea930f5e3042cb6 |
| SHA256 | e3d0a2dc1b7f6ebb62097f8a11afa8f72587565b7bcbeea1cfe72f0bd79e1d3d |
| SHA512 | 106c3e4ca9ade0c081e4071609062dcc8379b5bb6129a0aecfad34aea5f477d373205be97afbbf849193c3241c5df280a4da410fa3f3d46c60170ec3bb9de6c1 |
C:\Users\Admin\AppData\Local\Temp\sUYG.exe
| MD5 | c83f6dfca3a673a60dd2b0820fe1ba79 |
| SHA1 | 6f0ee40e39dc8ca9bb098dcd7d499c881003e9da |
| SHA256 | 8169a64e4952053500237f0fcfccc8c58f60a5fd3edc35e87c1c00b56c80fe8e |
| SHA512 | 5ee3dbffc507de2b5a119544b84c6b5646fc82074b2f8670d7675aee641636e42dd18e7d0e0a2be8f20d19bda54f2df6ec366cd1baa164cc231553a9386cb9b6 |
C:\Users\Admin\AppData\Local\Temp\cwUc.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\oAwC.exe
| MD5 | cf06d795cfc1a351ec511113ad7ba5f6 |
| SHA1 | 3fac68198c05832e6063a54d3cd412f627d73966 |
| SHA256 | 52e3b396dd89df0f12077e7e278241fc26f4fa8fa2403c1628eed1616a07d37b |
| SHA512 | e16010da39637e5065cef6a050620b4767aa033336bfffdd2fc5069809ac23a6d25996d43309e286b482860c5c90702ac29fa064d5d864ac37b0d94686efea84 |
C:\Users\Admin\AppData\Local\Temp\kQUg.ico
| MD5 | 0e6408f4ba9fb33f0506d55e083428c7 |
| SHA1 | 48f17bb29dcd3b6855bf37e946ffad862ee39053 |
| SHA256 | fee2d2cfa0013626366a5377cb0741f28e6ec7ac15ef5d1fc7e286b755907a67 |
| SHA512 | e4da25f709807b037a8d5fb1ae7d1d57dfaf221379545b29d2074210052ef912733c6c3597a2843d47a6bf0b5c6eb5619d3b15bc221f04ec761a284cc2551914 |
C:\Users\Admin\AppData\Local\Temp\SgEY.exe
| MD5 | 5d0977bf876fe22dd7b15aa23fb9b104 |
| SHA1 | 3648b3b085422de6642a07ed5b071c4f12262842 |
| SHA256 | 49600789ad2038d6d143a1ca286fc61b18c4c0226391fe8ab9b809a631d6af9d |
| SHA512 | 7e7c8f17bd915ab6257dc49edb5db18bccb83eeeb920b002cccde026a53002b45fa34673251b1ebe1da4b080b3bae66ac8d5f5e2e1734eaa8d7e71d3169e8f60 |
C:\Users\Admin\AppData\Local\Temp\lMkIQMoc.bat
| MD5 | 8b24e23f07a8afec3202a2d7e371ce54 |
| SHA1 | aec28ae033c725fc551d193fa1f5e5fef4a0b364 |
| SHA256 | f151b34f094bf913d0d9162220f98a16398b5e731f6b3c3e1090339de2d20935 |
| SHA512 | 6dfe7b895656abc8e3d466f8df55a1adca5b864cb669db18a81eda9fc0f5d50ec0047fce77558d943235a13af01d466dbf674f9648792c153bcc5186e779c228 |
C:\Users\Admin\AppData\Local\Temp\GgEQ.exe
| MD5 | 7b374ec9126ac85bf31bf51b46004f64 |
| SHA1 | 3ba8bbefc8b645f6ced5ec978bc0656648fe87df |
| SHA256 | c609c77889e1589d5e3b031acf08743ff0ba6fd1e7f286beb822f3c31c10ba46 |
| SHA512 | 5d133038ff878fc3aa906319e861dfce3700e5d0d05a02458cd0f6f6a38f01b78a16a7a70e9de6cbb986263388908e258e3dc7fae8572ba6168bdcedae9b39d2 |
C:\Users\Admin\AppData\Local\Temp\UIoQ.exe
| MD5 | f39664782c4d031fafe61f70a384f3b9 |
| SHA1 | 5139276aa695eca20eb3526f0b7a5a4d5a6432a3 |
| SHA256 | ea73eabcf266dd3cff8d136002586ae270ae4ca94167250cdeaec7ffaa95aaf1 |
| SHA512 | 4a1376c57588390ab11fd56d09e0cd80500cf8b5fe31b55ccea23adb1a62a07523457c87224178145ae206bdfe60642529a3697be765683793a68b4924a46e93 |
C:\Users\Admin\AppData\Local\Temp\SowM.exe
| MD5 | a7d1c103e62484b85b3c5878145e962f |
| SHA1 | 99b82ebb2ab7f3e08723c4baca4bd2ba4d6ee07e |
| SHA256 | 2401d389f232d8dea4f2455503ecdef830276a037ec81dddd5ddc316857300b9 |
| SHA512 | 4b91404a21283e8d65a6ba279885598d04082daa054ef5c0a4b091dffa4eaa2ca029f3dad81b941c4d23c80395812eab14bfd69617c74f102483c3a41aab96ac |
C:\Users\Admin\AppData\Local\Temp\CQgq.exe
| MD5 | feef1bd170c7dd289014732216f33d35 |
| SHA1 | dcfab10c0db3802e8951827d7657b03f3b7e4353 |
| SHA256 | ebf00614c65dae93877759ec4ed9738fdddb40eb353c2518f46980a6efb9705e |
| SHA512 | 0ceef66bb4ca44fc622897d5589b3689add1620e5c37f2352ca0928a26a7a319828ce36fcfbf01e5c6b1b76d38b10c18d760a6f28e02a5e80812f1af6450a90f |
C:\Users\Admin\AppData\Local\Temp\QQES.exe
| MD5 | a9a17d3fbceba80e05d5cc838fe25fa6 |
| SHA1 | 6a470e98faba92bde19e83d3241097be8b67e608 |
| SHA256 | 0115b6e36502cce1149732df3c7c4155e04535d9bbfb3630a71f32391dde58e9 |
| SHA512 | 4f1ee85b847e53c0cebff48412b471a72097bef50d2a1d9edf3f57655bb21e7705819e771912eb06ebb0669515e592d687f6a45a132fab445a32486885cf3d1e |
C:\Users\Admin\AppData\Local\Temp\SYUI.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\boIQUcAI.bat
| MD5 | 7357f832e2397751ce42c27983b3c881 |
| SHA1 | a29d0f80fde3499b74d9a01ce0cd8870f1b88539 |
| SHA256 | 8420763867fb5a033714176a493fb31d931dcb2a5c2469a416cf561f9e02af95 |
| SHA512 | 31e56f6bdb4319c916adbaabba1e804baec33bfc976f617ca06016268f0f777225a7ede5ac292f1692d1150e3faf1ff47b1fc99cc9fe7a695e96a394ef901e0e |
C:\Users\Admin\AppData\Local\Temp\AgkG.exe
| MD5 | ad00b1c41147f3199141e12bb923df36 |
| SHA1 | 6a22420d86e4efa2a31018b97e28535c834f9414 |
| SHA256 | 6d46a9eeea44b62772cd712c8ff2c080d9e7ea1f2c0217ccaeb16ea7a24e2b12 |
| SHA512 | e0328237dbd9b1450e531c70b2e526cee2778774361df83ba2298dd153f9c00f897582bb8db34d455ecbbe5ce83ec9299b380c2df7c76dec574ecdc754c0bd5d |
C:\Users\Admin\AppData\Local\Temp\qAsM.exe
| MD5 | 4b12d5704ab7ccf3d46b39dab5255275 |
| SHA1 | b7b3b295d131cd6a7b912f093b696466359704d7 |
| SHA256 | 94700dd8ee6b97f42c17b4c35c5f7ed2ad6f73fb1ffabfdf596932f7bdec552d |
| SHA512 | be3b207e5f797e38d07cf692379faefae7859a6dcdb3381786cd6307398f57427f47cb004021c845c39b32e3943ce2f0f62ac1f19be607850d875a4e7f4dcf5c |
C:\Users\Admin\AppData\Local\Temp\eEcw.exe
| MD5 | 1444345f9f84eac01c18da23695838f2 |
| SHA1 | 5c29f36848be3d17da2d1203bde95aa8dc5f4c5f |
| SHA256 | 21e93fde01766c7694aaaf8737374efbe212ca14bec0ef2db259e2f6c7847655 |
| SHA512 | 0c2061598101397c242f581af6b3ed42859ed2e8605aa002eddff6a0d3d8262ba68f7676ce79163aa1896be49d61dde9965bf10dde66b624937fb26a8d72c774 |
C:\Users\Admin\AppData\Local\Temp\cIwc.exe
| MD5 | 17dc5d6bcfe6b061dea84f2f1128e12a |
| SHA1 | 30d8350c20ce63d16f870e7d8ea379ac2298d8f9 |
| SHA256 | cb766ee04dbee5eed88edbf897d0799943f9e69cea7440f579e4f7269c13399d |
| SHA512 | 0b1db58e6aaada90c9869b5ea1d091a0d7bafa153b4fda697569ac6d5b0743edf3cae99f638b2c5249f826775c01be161b7691b976ab00234b52679e72a35809 |
C:\Users\Admin\AppData\Local\Temp\OMUc.exe
| MD5 | 8cb4de99eefaeede28563929fe36ab01 |
| SHA1 | e8670215b78422ef93bb19187773674ae9ea9d37 |
| SHA256 | c3a47d1594464c1ed12ff4b06a43bb1471515b517ff841a33aaea3e952f9402f |
| SHA512 | 7e406017516168681caff0d6a4b3775e509c0019dbbc5dd21ade8a51b9eceb138ae5c3335db0058dbc0261bd58f223e9f1dfd8dcc221f9804f054feda71dfba0 |
C:\Users\Admin\AppData\Local\Temp\ZCQYUMYQ.bat
| MD5 | ad82e5819dbf7609fa8986c941d195f7 |
| SHA1 | 23be03c937c3c73617bea6adaa4d096e75fd3075 |
| SHA256 | ef9345d58c51d9c0935e2352af6864931b7970268b31091358a9ecae6f89eb60 |
| SHA512 | 13a90ff13cb4e61725a1522c368391d3526249555aa97fb1938403f6d6c8fb1574461c4c2208cee71249501d60a40a2c35687b7731ea521098595111511f848c |
C:\Users\Admin\AppData\Local\Temp\Kggu.exe
| MD5 | 1de8d56f199a7af1a21f405f7fc2dfa3 |
| SHA1 | 02cfd2d64704731f24145aee74cb7f319910850f |
| SHA256 | 8739caa4781fc3281a0e245a8a7775c362fb24412e9d62e8ffca8295611a0225 |
| SHA512 | 612062ad1905031f4700b3da4b2ab31930b78fb432e5d886498e97b427a0ec514ec0c66180867e6a51f950b5e0acd634f691e8d4371af1af2f3e189030cc5e4b |
C:\Users\Admin\AppData\Local\Temp\ccIs.exe
| MD5 | 12097bfab5288850dfd18e1b13dc713b |
| SHA1 | fed4a8eec1d102f2d016bc282a0741841fff7a49 |
| SHA256 | 34028a07458c2fa32079e6b37fe9783ad6b6930a2321e86e53873e893ccb65be |
| SHA512 | 6564b6431055b0129862df997b2c314bef3089cc61800d934359c60be7a809e49c108dcc03915ac2837e74f5b141692f8c00e930a0ee98bce47da409208bdbc0 |
C:\Users\Admin\AppData\Local\Temp\cUgE.exe
| MD5 | 431ce787395b1bcc2ab410f6ac26f13a |
| SHA1 | e832258e84bb9c1e2885c1646f8f2e6158752217 |
| SHA256 | c1b25b9ef6c528daaa046dfb52c16c094c4bf2cb7b00f715ef1810b4405baf4c |
| SHA512 | fe599233c0f968859afc2522bb37a6680516b72e4b9723739d1808ed111adfb0aa9c1c920df3025d198faaa2ffa5c1257977502f307ab2ecf47e3435d89d09fe |
C:\Users\Admin\AppData\Local\Temp\IEMC.exe
| MD5 | f61a1985fc6df80befe6c7a2647787a6 |
| SHA1 | 224bb83806dd88599cb306babfd736d45aeaf10c |
| SHA256 | 0a617a129815e07ef3500efe63393633b0bf721637883eb42929bd784c301dca |
| SHA512 | cdef4f4abbfaa34a3a8b4ff7858f0936434a5c24ef5b890dc9adf5e8f1a4637b081d77c7abe7877fb88920c86f89fd03835e7b1381efe368cf8a5b6ef88a1ca8 |
C:\Users\Admin\AppData\Local\Temp\mkcI.exe
| MD5 | abd0b54f88284e7b6688d1bd32acf7ae |
| SHA1 | ff94d3c36185e97e6e14f42bb59d8cd8acbf9358 |
| SHA256 | d594122e8b32bd557a2f828da108b850fc802a9b31b664c41fa413e73834e3ec |
| SHA512 | c8e6857ff437b6d03c5ac6b1a77a8c0ef175fae3932e480ba7a2f4abe9bfb8e2c2664e13d29f740aa85892455e19425ba038988fd0d789ab61e5cacac3165188 |
C:\Users\Admin\AppData\Local\Temp\yeQYgYYY.bat
| MD5 | a438568df95612e71a30616733d2b905 |
| SHA1 | 5fd29ee5692bceff8ae60724ded9685adf556b90 |
| SHA256 | 6b48a6db0b2e1eab2e50ada013310548bfa7997a4203cd295369a5312bf3f909 |
| SHA512 | f5dfaf227e62d0a276f13159d6a99d224ea68a64197ef9dc42d095314beb664aa632036f40a99cf8b551f8f790a8f5cf58b04791d4a12bfa451e241e219cb284 |
C:\Users\Admin\AppData\Local\Temp\coIe.exe
| MD5 | 9fe3c9b8b883ef84bcbac2414c37ab71 |
| SHA1 | 49b9a1b8ffecb8643db142ec8760c42ee89dfbff |
| SHA256 | 078d33b4657fac9a0703ebf00a0a0f93663cd1f047a62f196b1b51b96876c785 |
| SHA512 | 32ee0f8fac10bd23669cd8e838693941995b2fdc792bf0393211a2deb86a50a902004b3912233ce09bdca27836bb56a8ea391fbe091228e4e57427abc37c1037 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | 232cf85bb79468c2154aa3a7b2e36e8d |
| SHA1 | 367fc00f621bef2bfc9d39f2d9a76373c434cf01 |
| SHA256 | 933f6462afa10ffabd6c05b36420a184347da6393aa3f7519a90c8f83a917090 |
| SHA512 | 8d0bed05dbe4446b33262dc27eac95a50f3a0af508b15f002c232a9a78e37f7f84d22748342409d1e5e172aed9ea16c51d22c9e45a876e3f4b11ecc939a43e7c |
C:\Users\Admin\AppData\Local\Temp\EcoM.exe
| MD5 | 1780c1ab5ca9469610e931c0796a0798 |
| SHA1 | c3e4370429b48a6e911f82cc88caa483a1ef1d4b |
| SHA256 | 57024891205e60321558f390f359114f8041daf8bbaf104b6e473e867e96f0c0 |
| SHA512 | 69c875e1e8aff87d7bd5a1e7e4828ce9e2be92ac47d761061870dae19a0aa4c1090d06057c7558adc963369ae002859a4079db0f34a6cf52e1ec3d237ca9208b |
C:\Users\Admin\AppData\Local\Temp\CgQQQgEE.bat
| MD5 | 567d40048e92f99434bd2ae99fa38448 |
| SHA1 | a04bc4ec0c40cfd3715d49ac1da25ed6f90c1116 |
| SHA256 | 9da7d6679b9e5ce11e2514a8a71a2dc3f94bfd81b7ff66cf0f520fbdc3003820 |
| SHA512 | 7df8779c8dc7bede2ca576ad7a594bef58f9892b536bb328a7ada1feda1a3dc4ffad1ff9ed79b4acde927d07129106e7a3d2c20fe7e69ab463d62a5a4712a457 |
C:\Users\Admin\AppData\Local\Temp\oQMs.exe
| MD5 | 0bbb942ee77437e63deaea944840eb91 |
| SHA1 | 07ab0ddc955081f7c95a26c83a5f4f5dc4a31154 |
| SHA256 | 7a664a72e436c51708122dcadcba8057555b4edb870cbb0399f92f537b4482b4 |
| SHA512 | bfa2c721c1bc293f209611b3cc52ee797e228506ec8d22c85e7ebaa1872696287f0064ab65ece0e6cf7898ac5e7de3978792d68625387cb01072b4e3adba31a1 |
C:\Users\Admin\AppData\Local\Temp\kgsG.exe
| MD5 | ce28d6f24db7f02fe71ca08fa35777c0 |
| SHA1 | b0a4791869943486ed09859b62e260360e1e2375 |
| SHA256 | f44bddb0b178b1921d5c4ce541ed2f2a78cf838209dd3f6da30f0fb0aed3ffd9 |
| SHA512 | f7e64e1817d4bb08ec450c6e21f2469845332ef4f69317ffd78008df32b7a40f016e9f4f08dc54bd5eb1a326f666a8691b2ffd0688df73290877058b2adff08f |
C:\Users\Admin\AppData\Local\Temp\qAoA.exe
| MD5 | f3840dbc613cd8d84099f889d5075168 |
| SHA1 | d236ec78b9fa2ad9e22fd37ade5c46e63610b8e1 |
| SHA256 | 5d66ea5398dd26633a4c018b0a03bcd8c2439ecd2fcc7f071d716db9c930267c |
| SHA512 | 7b049301e131eb6fe94deb030affbf75c3dd40b6baa5c7ee700715096c1ce4c25f9431061d92c58592597d04e86757cfa56e6371f3f979abd7ba5ef7a675d9a2 |
C:\Users\Admin\AppData\Local\Temp\qEce.exe
| MD5 | 5dd4af1cde2956b15d070723873f3e98 |
| SHA1 | 05e2c0d182622b87afb6539d7dd4ee45bcf76fe4 |
| SHA256 | 1a554459eb3b603eeec64ff7881ae3fdf08b8d0d4f40232d37b5e67e1f3cf0a7 |
| SHA512 | 5744ae37ac75607232b72a7eadc1d0f887d729a2463d322b79d6194e79867ffbd3255d6924a3f3e4b90095267b8cbfce410ef5c68c534fb03f7c8166b1dd769c |
C:\Users\Admin\AppData\Local\Temp\kcQkcIIw.bat
| MD5 | 989ef0f71bbad32928e78f05a1b3e8f1 |
| SHA1 | 5ae4e8f9ca6401ac5cb76a54afa950a29c4259e5 |
| SHA256 | 7c154edbaee9514bb518f3b5e3237189906986c0785129ea5c7879e4f3e18d9e |
| SHA512 | 1a73135e39fe9db65a5159be376441c08489fb52f788961b554cb375300bf81c9bdb4b7d55abe8a1f2724911a546a9f4a4a1038d1a43a6bce09703dc33f3385d |
C:\Users\Admin\AppData\Local\Temp\MUgE.exe
| MD5 | 0b2954b01896d79edb0d859c9a74369f |
| SHA1 | 1fa115f9c9abc184efcec3b788887a86f9c2f7eb |
| SHA256 | fb6f7278138256743d687bf4029f4563a80882dc0a8decdb1453765684c1e020 |
| SHA512 | a06ec304bdce249ac86676e042506ef98104d30ce331750811e01eba21115ad9488d59de8b6f8676881c75d129f0738fa8309407bc52bd9da61fc939a2037d13 |
C:\Users\Admin\AppData\Local\Temp\GgsG.exe
| MD5 | 26721137667db1eabd8758a00f1dc6fe |
| SHA1 | b66ef7c001937cc445ef264410e3b1d9d5a5d6b4 |
| SHA256 | c35f14c1a16cacd07c38ed7a27989c17162043de4fcfc4565f42afded7962d55 |
| SHA512 | 5116bf492f9462ce7bd5801c1b726b5e0b64361c42fd8f6f4de70467163ac4778d7edb68b0816ebe62cc839278e969504c9f04b30bd20f664742f0c514a3be3b |
C:\Users\Admin\AppData\Local\Temp\CUUK.exe
| MD5 | b9087ae6477172aaf95bfd426b7c6cec |
| SHA1 | 550ba6238d565b77bd9190cb8c6c8bce560c165f |
| SHA256 | 7cd6ce93e7afa499221e491c6215b95bee28e8034079991454f186115d45dbfd |
| SHA512 | e02f9f2f0e3f6ccbcb94184613e20df676088d2a44f6383dd5ba4112a98b0e3e96ec58c7cf74164dba8d275b030dc2db7f7a38c7215f6e434d62a01089eff2d0 |
C:\Users\Admin\AppData\Local\Temp\Ggok.exe
| MD5 | 53dec319666447c5ca536f0debb0e71c |
| SHA1 | 9ca99f39be7b83efa7c89ed6fd88d3eaedad5894 |
| SHA256 | a4c9f0384c8f6f52454afb9770efc9258d7c220f4f4e3463165624202dbccee6 |
| SHA512 | a417710aee43593393f4b7193243ac9881e616283e2280e104c34e7cac50d181ed65f5d4cf66a7ffa822bcfc3f9eadee74df0fa04c1295f91b65072e568ae387 |
C:\Users\Admin\AppData\Local\Temp\FswwUEgo.bat
| MD5 | e620734d954c44b3121e6ae930d9a116 |
| SHA1 | de4239fd68a89907e1fd34d90fea16617ae4cf3c |
| SHA256 | 9a1237beab0d734109783f4b06da7d9998f58e5f5d9ca88a166a3a8f1ddba0ab |
| SHA512 | 219ae5aaab374e9bf427eb3105cb3b618c6ba68b801aa35202cc78aca132062496cbb1c4ad2e558d5577f175038f92e1c3f44f681b6f9860d98abf88de4123ab |
C:\Users\Admin\AppData\Local\Temp\awYy.exe
| MD5 | 455e7b65eece70aa82e40e2a8829590f |
| SHA1 | cf5b84866aa8a48a3a101b6e2ab720b788f61de6 |
| SHA256 | a24bd2a5dc8f0c7a589d8d4e01833e78d66034728c76e05a53625666bb36a830 |
| SHA512 | a78dd5f09d84fde7045392f71cdf666d2010a46576ff862e19b3d4145d7c1412e9f787b1c80a7904e2490f9b87ed958cdde023a4f3c867f0e5099b3571313409 |
C:\Users\Admin\AppData\Local\Temp\AkwK.exe
| MD5 | d2478f0cd2a5b9fd4986deec90043498 |
| SHA1 | 4f7b8ed9bbc634b6e8ac4effad73c26bfa0336ef |
| SHA256 | 32c85318140f9b952f55a83ad7c95bd43180ff9ad8ccf28d023a31987bb4192f |
| SHA512 | 173f9acc2bed1d08466c61a9ebc7c8763f3e1ccfb10af3a3fe7bed8e81ec508d7e66dd7301d86ae138ffccc77041eb61bd7739670ace95d905b9dd12c2887627 |
C:\Users\Admin\AppData\Local\Temp\EEMS.exe
| MD5 | 4d05143c8ca8926447c1084b5324aab3 |
| SHA1 | adbee163ea8d0398922392cd22921e702243a375 |
| SHA256 | b484d7fec494ad86aaa87ff2eaa0fc13e75a93afac3c148471b75cc696055774 |
| SHA512 | 382c748254d81bd296e9cf34105e9000732acc2192ce74e45ede594e1a864a4b1092818958d22c8bfc23e646deced8f59cf07f1a72e04931d1fe66ac5e3e0b52 |
C:\Users\Admin\AppData\Local\Temp\veIUowoE.bat
| MD5 | 0481c98d79e750425d8677164211f403 |
| SHA1 | 2117ade83d77f21346203dae0c30e44b5251df18 |
| SHA256 | e5c062ed119c046f9cacf90663e4f1d11f9ad638b039893ffcc173c6cd080799 |
| SHA512 | 246379397c49e5adf2a5c7254e5e9327b4f8223cefc1ba594dac288567d5753759155ee0c1b39b31293ce389dbbd3364385e7cc3330cc4e8b956d0279024b0e0 |
C:\Users\Admin\AppData\Local\Temp\mwgG.exe
| MD5 | 07f7e58fb5c51b7d84f0f6262c6b7483 |
| SHA1 | b711187cf546daf96d8210c6026802d1854c0f43 |
| SHA256 | e636cb37967384b002e8dd5c123cd45c8bddc894d2add4b02b9437be2e7c11ef |
| SHA512 | 7e77a5174f03c7c9cd9beaa5ffa689fba64111fb705b5783ccfe30ca05197dedaafe19a72b9016b86d7f8a8e17f1223c9a79d9a45e930a8db49d7fc63505dc18 |
C:\Users\Admin\AppData\Local\Temp\iYIo.exe
| MD5 | 48acc55ca11c2c2a06001c02388f5e8f |
| SHA1 | 36599e914c4414539c7ba985c26b5b6d2b24f1ba |
| SHA256 | e9d759fda3f9721efd62a45d08cebcce2440cd42cc948496d6132b85ec2a512d |
| SHA512 | b7e04224eb4ff9c653c2fa16d2a9316f7a037a1489ab6aeb501f71d04721bc643d58447ba13a7e7af0b5a9fdb1ee1c769d88515b9f7647a63edeb7a17c65992f |
C:\Users\Admin\AppData\Local\Temp\OIMU.exe
| MD5 | 065be6c8f20719927530f046d43d07c1 |
| SHA1 | ea51800515cbb06ee7e1c2c5bd122a344c0350f6 |
| SHA256 | d46251b564d390f2ddbdaf7fca12ce79d0dc248fa8573cb25bf5962cfc20f126 |
| SHA512 | 7923d600b14ba819892e1641e8371086ea9c4431835a7a8d69dbd92dee5921a551f3adedae97432cd0879bc41cb62e84bcb659a3497980f9b60446a244e1d6cb |
C:\Users\Admin\AppData\Local\Temp\ryUEAUEQ.bat
| MD5 | f9569a58467a26ce7edf3b431fc23673 |
| SHA1 | 5482b569940f2410b7f21c5e9b6089a583bee299 |
| SHA256 | 53f98b1ee317604492c754061898479e241d1ec0d86976fd7b0f286b7557097e |
| SHA512 | d7f794c7fbea7b63e59aacca214bdac6ce8035d27e015d2a748775100a224cdc80be095c714011b7d07712187fba4513c02872fbdd3af704012d7a9d375935cf |
C:\Users\Admin\AppData\Local\Temp\ggAS.exe
| MD5 | a8a9dab952ac05b42584874f7d3cdcc7 |
| SHA1 | 6fbeb0e85f7903a96757c75127620cb581e534f0 |
| SHA256 | 78563717ae07b74214129787acd330ff0b366801deeb4d352e5f5d8d7a878ebb |
| SHA512 | 46c4c45e432c422791f32b310dd0456b200b32d482865f409a54bd9f6730f7e24024385ba3885e834a357ab359a49559e9cf34cc00300c7f6b4b0397e8d80bd8 |
C:\Users\Admin\AppData\Local\Temp\aocM.exe
| MD5 | b36924da217f3278d3681b9b7b13050b |
| SHA1 | 15d7bb6b91784c1433748096f915ab31351f58bf |
| SHA256 | ca02e00c5220cfefa9eed5b4981b01b2013f60aad5ad8eb4c838669efd4435a1 |
| SHA512 | 56e134b024facb9ac12f460f7228029423bbb44b4d0e4f2dfe71b2cd8e5f1272e9538b2124d0aae5527e223834778b6b6cf9a707f5549e01296eab6d91192d13 |
C:\Users\Admin\AppData\Local\Temp\IcIw.exe
| MD5 | f437c3ce715eb2625a085d335e4089c2 |
| SHA1 | 0e522c8d51884b84f13cdd7abda9c4c9c3d4f9dd |
| SHA256 | 1c7bdb1926617b0e426bc068fdfdd7bedec7ccbfb6541a8aba860e2b09caa59c |
| SHA512 | 15e775a39d0ec32382157c9504f8add39836c8f7420c526776f3c8ff945653780fa303a540327bb51de5b6cf6c7934ab508903949bdc9c08c8948797530708af |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | 530f94f7431cdaa5350bf0e7e0939cbb |
| SHA1 | 88c201a4ef8249abb9c6adad0fa95a358b9ecdde |
| SHA256 | 136d40f16cdc0ad22054616ca929f2656ade0856a1a28a2ed805b6006e3e2600 |
| SHA512 | 26934163d17fc446c257e3dc5c3077954ae4c62e68be3e730fe9fe58b1fa6e72d766ce9ec181c960dc146515a35961c4d289904b7eb35cdf54e403baf91d6627 |
C:\Users\Admin\AppData\Local\Temp\XMkwIUco.bat
| MD5 | ec1faffe005e56230b33471c60d26ed4 |
| SHA1 | 2be2525894cd564342221d6175644e3a5667046f |
| SHA256 | de0c7e1af9bf831060607f1f768b5e85ba26ab83395580994a6ca580dd910ed9 |
| SHA512 | c205b41e99648f2ac78d0086e194d000750b6f7c145beeeed1e9a6b21ae661932b7e0918258081df5a10b56261dc76c0f93300d8dd40be50aa9bf3f26c691df9 |
C:\Users\Admin\AppData\Local\Temp\yEoi.exe
| MD5 | 312f81fcfa0b8aa748f2816d927f6f58 |
| SHA1 | 31313973a561e9fa70a4a83dbad334658337d966 |
| SHA256 | c16be53f532b33c8d6a0343741cc906b842b9a739d95b62505abae3a85fd12e3 |
| SHA512 | 874ce13f306a899d79c067df761169e06d7a34dde372bd1c5275c44ff8a3c2b58d33c09face936ad900955c0d2d976a6229ce3535a8fefa14596bf07ef40f980 |
C:\Users\Admin\AppData\Local\Temp\MAYi.exe
| MD5 | 9d549431a6114f1aab4d802d8810720a |
| SHA1 | 9516146f18cfe1a397ec73ff588bd33313cc39c0 |
| SHA256 | 9b0d240bbde75a347911a2fd991403f4208780b905f723579729072e7662be76 |
| SHA512 | b8781bdc792ada35cc35761372d785731ec6813bc2c7d0af7e2f566d1e084c53893f44141096e0a0b9a757a60937e5e9b6d7f7df4201d0b2c2f8aaeb3fbc33db |
C:\Users\Admin\AppData\Local\Temp\wsUY.exe
| MD5 | ad53df3c5356368d346c688ac7462398 |
| SHA1 | 51e8c75251f5de08fadb45480938c98536511ec0 |
| SHA256 | aa8dad71c46b5fd021e568834841137ffe1353f350a21466e17a3ac2e6d8b876 |
| SHA512 | c262008999b70e4d6a095d746c8b39a7e38afa2852dc10e432f8e2918062da9fcf49378c2e858a7237bb185929d24c38b3d4ed9b97474f656d2a7cb9a83f9369 |
C:\Users\Admin\AppData\Local\Temp\uCsoQUUI.bat
| MD5 | f6c0bc4d80d38a253a89cc7c77ce909e |
| SHA1 | 214c1034105dc26ad0e79e9de13ae1b36655a92c |
| SHA256 | 04f9857ee476b201224dbab1670e951100f6e7351d7b87f1dad1bdee33f868bc |
| SHA512 | 791af30fe01c2f6b046b503e2206d14bda8293a9809251ea0bcc158e0acb1861193e0ebe8e682c8262d7e6f7abce871771201d6f6fd38555ee4a76f7f7fc58a3 |
C:\Users\Admin\AppData\Local\Temp\KUkG.exe
| MD5 | e6ac3bdc81b51b874f58748f13ae8220 |
| SHA1 | eeb34244ff970755a26e3ec1a6b345b6be8f1037 |
| SHA256 | e1684a87e64eebf80a8466f52488582a8581b1b5a4f5888bc3a1f8797201f73a |
| SHA512 | 22e601371c1bdb65cb37a045dcab63dc01204b13272a97604906577db9cb9e2800d9f73a9a55b6be114be35b84c13b7203e156843e1232c51abb7faec0a3565b |
C:\Users\Admin\AppData\Local\Temp\WkQi.exe
| MD5 | f419ff7f487b1ecf4ac2d7c8883e57e1 |
| SHA1 | c08ae61d1b18a0990a3e9901ecad70d957a91c8d |
| SHA256 | f27328937547ab8dbc95e1ec9a21858c540ee8fa79c4dded9bad3ba2dd201e23 |
| SHA512 | 3a1e847a6ab586a5d3e41874d7cc9ef4484b0747515ae29f31ec119f530801bf313b595c41bc6b0d4587520f6ab2a8f20662a07d21bfdcc49788e76fbf1da9ad |
C:\Users\Admin\AppData\Local\Temp\YkES.exe
| MD5 | b46c796d137cadbc797af6ef58cf3e36 |
| SHA1 | 1458fc41ad13853657765c1e40cdda3b3bc1e896 |
| SHA256 | 9ab7ec1d73bb36dfd3d3195e0bcaf9a672c240ce1f1349804917bb61a462d012 |
| SHA512 | b45bacf78d7f6ede5b46b724554f790014ab834e2e604cd083f6660b81708d72c1386c55056b03452802dfe509abb64cb7d291793e78cac825472dcc848cb102 |
C:\Users\Admin\AppData\Local\Temp\wkYMUEUc.bat
| MD5 | 1519e6838c9f0a5e0329921956982e1c |
| SHA1 | 6b2d28e9bf37639f118a4b71c4432d8295c7a95a |
| SHA256 | dd27da276aa504857fa857b6dc467250e1440e8fd015bde181402474ac8aa20d |
| SHA512 | e31a2bad11e4ac3823e0ccfc995ca82d5b240f28f6bdc99bb26c60823ad8dfcd2abfee3ef6a5e47c36d87332955ed4f23bc7be268d27ebbfdebc44532c567822 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | a87225f045608e3746aee85778e3537d |
| SHA1 | 98f9f4f3379686b96728e0c36f0c077234ef9d5e |
| SHA256 | db9bdbdf447f462b8d687d3c784beb9335bf7d9fed76c689d18648bf50ed0bc3 |
| SHA512 | 6a402c9b32293c4781c1e9f0cff025c20397afb27092a6f22a5d96ba7470ab7c49cd1890802b7911a448ce17c723b6979eccf62bdea015f5af30c4b92dcdba42 |
C:\Users\Admin\AppData\Local\Temp\EAYU.exe
| MD5 | d616abf26cad9bdc95eb001e58a0410a |
| SHA1 | 175afce034b4fb16d44236d2037c8be354929608 |
| SHA256 | 8c1368796224e34e28921040b31c9b15c7bd85402d32d725dbfe55ce0bbec55a |
| SHA512 | 65178a849617f40ed2f734742bc3d287c3d02b119c40344758a3c2a2c94c4584a78bebe0b71e51bd38bc10dc5985b769934822e0445c406403309a609bec45e2 |
C:\Users\Admin\AppData\Local\Temp\oAEa.exe
| MD5 | a1cf17955a77f36c3409674dafb5bfcf |
| SHA1 | 7c051738b22019894f488dca2670a1141f843683 |
| SHA256 | 6c12172420e247422d3f856a41c31c2fc11bf41c8a8081ad430ef4e106f0bc3b |
| SHA512 | b69e9389166eb4e936af8ab124d13e6232127b9f1a7ef51dd655ee29315c5d0eefb1bd5d1ece47110011f260a9d7dfeeb9b21be55df952fb6a80c03758d86792 |
C:\Users\Admin\AppData\Local\Temp\IQsA.exe
| MD5 | c9dbb2efe7c55b9757b1b732a0392a3e |
| SHA1 | 8579be6d269fc745b166732082f123c994d8e4cf |
| SHA256 | ce5feca72a232b8ef23ffa5b14ee8a1a3f1e6564197bf073ad9454ca28e07f57 |
| SHA512 | dd285e92a5de075e0c19a84313dd9238e36860d941f10da7539e43b0a4ab8dc6118da123db597fdb69037cec557994aead09dcc7d48f97e0ac23d33c707bd10b |
C:\Users\Admin\AppData\Local\Temp\oYUEcQEE.bat
| MD5 | a0aa389e13119812a92bf460f53141e2 |
| SHA1 | 1f6e640307332d0886064e3dbb43c30c99544927 |
| SHA256 | 43fd11cbaef9699555512cf5ba7a56b166a18c62a5d61ffd5621e3d4f3542441 |
| SHA512 | 104bd44dbd105affe63dc08cf95e230550822b0b534fc88495c10a98335eba76b4dd4e63a616c5a2f6bbf0decb69520c5cbd43a63b10e37eaaa1864a70a1b369 |
C:\Users\Admin\AppData\Local\Temp\YUso.exe
| MD5 | aecfe1dd2e8cf93e5b994e2ff60a7eed |
| SHA1 | c4b0f1086367741dd9a695c7a41b23b38396531a |
| SHA256 | a5d13679d8926d0672fab54085243bd016e5f6345154218e385df55dc5187cd1 |
| SHA512 | 17e9b62fd8296b08339ea76eaf3dcd92521f8e65b4da3f8211c7c4112a7e610c0a70c75ecc0b02852cbb416a4056f065a24d6abfb4c64bf7893a32019d8228df |
C:\Users\Admin\AppData\Local\Temp\ooko.exe
| MD5 | 765ebad4ee88dcab441b60f99235a9f3 |
| SHA1 | 58c2390081cd0c0495b6828b80fe3f58832120e7 |
| SHA256 | 7c4fcf3b23d6d3d2146bfbefa3a241f27eb215f66f2376b2e4011591972f596e |
| SHA512 | c2376f3715e838bf2350789db949f784e4604a8405dad926ec871ae1edcaf4b0083cec5f798cdb83be3ecd0e37df41a9855b356bcff02d08ff6c429477040b11 |
C:\Users\Admin\AppData\Local\Temp\msUK.exe
| MD5 | 8640a5fb1d5f39f01672a3876b1ca973 |
| SHA1 | 05c17b0af77df3639f40f2f8fc4543d5a59fdf05 |
| SHA256 | 39a79b8ab19959ff1a98c15983800f3520b0d0e7a579e86f364387a110c75460 |
| SHA512 | e2fda9566f6434c11a34bf26c2fb81e0790a246f68addfed577f67461f03b80e95685728ff057e98fd99a22e00018bf495997dd3f48da83e468992cfc1bb315a |
C:\Users\Admin\AppData\Local\Temp\sEoY.exe
| MD5 | d9231945a7fabd4c1556fbde919a5ac6 |
| SHA1 | 766d3fd610a4c0758b3239848af443b96ee54ae3 |
| SHA256 | 9f586697eca60f414aaeb3b8970b3ad49a7b516013373e3b3bedbf26f3ce8f4a |
| SHA512 | 74086060b9586e34ca4dc9020c50598b42041decfae01b9abcdd1ad97706ff3ba2ddbc2ebdd043eac8d4c9c9e99ead81c14e3b0740ebf88c1e1ee36b6b65b01b |
C:\Users\Admin\AppData\Local\Temp\OYAwEkQI.bat
| MD5 | 50ef3ef68c75e396a2356039518d0b71 |
| SHA1 | 64554845e7a1fe3f8371679acca1b5c82066e0ad |
| SHA256 | c3a510d963b1b6f45d64a7ad681d22bddc1aa7ef759385914facf4ba79fb5707 |
| SHA512 | 4e131a92f17463b46d4178fe507f2b2299bf22d1c6a35e696794c652d7cf57673e89d1557cb8882ad6617b25c2903f609920aac89bec5613627cf11bdd94dd6f |
C:\Users\Admin\AppData\Local\Temp\YWgokMEk.bat
| MD5 | 2b4a42a5f60b13f0fda0fa1a68ce9eae |
| SHA1 | d78d0f96d4eb1d5b5017c6e8e8eaf0e74f740f4d |
| SHA256 | 251600e51805f36f7b5adc967dfaa6e34e6e1f58587d2f43861a4b04135d9df8 |
| SHA512 | 418381daec1e8224fcaac4caaa16543cb84458293ec1b55eeb3b92f6099fdacef60c78548a97f44057c774159ef55b064d587df89745ffddc88fcd6152aee450 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | e0ed6100bc8db7ae374180bdd2d4f6f2 |
| SHA1 | 4e663331848acb909a6ccc2173071726a7abcbbc |
| SHA256 | 44c0d41745043f64af81fffbd24f783ccc4e2ff7fcc9197cf0c247cfb094861c |
| SHA512 | e77459085cb5eed46065b058c8750feef047e7d7878523046a6db2aaf5f520096d6fde8dc67655c8e96815b5891d0eefd1a7cd156dc76b41e56c858cf2984bfe |
C:\Users\Admin\AppData\Local\Temp\BCMEkccc.bat
| MD5 | 640cdfeb28783f96c256e377d3ccedcd |
| SHA1 | a03691f7574f093dabb6e8ec0e5f34ca48eb8ecf |
| SHA256 | a7a11302aef09ebdfe458805203ddb1299b032dc3688e5a4554f3371695128e9 |
| SHA512 | 66f030c9d85a85e4848a425be987df9736effaf73df41b22497eb1ff60c8893324975cf83bb13ad490e4fef51da2299a9c4ab93cb1636ec01dc91be4e5dd6b6d |
C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
| MD5 | 125ab9309f64748726ac1c90ada09c4c |
| SHA1 | e2d2cb267b1e7b8c4da5e4feb0c7820ab3c42d7e |
| SHA256 | 6ae5764afe9476ec29933c0260fa5a8a9d7c80a83c9f14fa4cf98b5527d97e87 |
| SHA512 | d261bdc1b6fe5b7b969899f07dac6b80ffdfdf8492ba915d2b9b2bd93d92e49155406cf0d306ec9b39203b354aa98fed3e499a873b500cac4e27e18796eedb09 |
C:\Users\Admin\AppData\Local\Temp\CUUA.exe
| MD5 | 61bdedf81966333d42e46461c4ddcd01 |
| SHA1 | 818181363647407fc301e278eb7c3c8f2eb389df |
| SHA256 | 2cc0e8f165fc9cc763d8cf84f7f13b697cfb4b28b398e4c2a0f0d6cdc4129048 |
| SHA512 | 4922da50616138ca11742db6542a2102e7f0a2cfc16a94b2041350e9a752126a4606506ca01963a6a6681d2186e335109a8a21edf0da16412a74a258f6f594f6 |
C:\Users\Admin\AppData\Local\Temp\ucoQ.exe
| MD5 | 6722e08a1567864d7f9896a08235174f |
| SHA1 | ac7ef022365d54f974097db22004f65ec6b5c745 |
| SHA256 | 6b544da3f5f4e1b39017cb5995c9603112e7e9f8c571a357495d952281c81b58 |
| SHA512 | 06b1625b630692ddaedbb64734b2fc1ea7f6799a14331a30421a38f3772e132c6a2b5b16c910ec4396a2206260338360f985f4f13bc87209a8ccb08a3921be50 |
C:\Users\Admin\AppData\Local\Temp\isow.exe
| MD5 | 134ae01b39f37cfdc5abfb14ed22c362 |
| SHA1 | bc3290c75877d65f638f7f22d11a5bd5da2b4752 |
| SHA256 | e89cab9af2dd193bc97759388d0f8e7706a82b3e0b409c59a2386ae1deccbbaf |
| SHA512 | 5eb4a002d54765bcd70b82ac22386e857431c838e4dd482331ee4660da744e6e09822419eb930004c2716121252b39d91e6323e0c020700e6d0642505c2c0eca |
C:\Users\Admin\AppData\Local\Temp\BCAQAQQc.bat
| MD5 | 9a8628ddb3c4f56c46dd3198b496dda6 |
| SHA1 | 1dd7f505b565bb3135dd278af85dea1c5ebe7880 |
| SHA256 | 4842ccf3f4496fc3bc56065dc646dfcae270a84c560104f1d1dad0147ba18874 |
| SHA512 | 1d00ec5a20b94a5eb1c48dd4d91c65a0c02e8a1a0464b77ebb66a652f60c7aff4d7b490b1b477d2f9787d5a4e80b3d1db07b20a23b14fc1f39b4675635b24ed8 |
C:\Users\Admin\AppData\Local\Temp\hOEskYUs.bat
| MD5 | cfcfa5ff6114f176073bf3b87f53326c |
| SHA1 | a08692efad20a03dc9fe10fe0fcd830468ea5681 |
| SHA256 | 05b7758013c8b1d1418eae4dee46ab54c2e0574cacb3d065e9e59729453613e7 |
| SHA512 | 7488ed38534eec0e2e2c1ca23c948cf9c08997b2131df7aa9e6e247c9bd492cf08510906eda3d6c85d2c23d725913a53e5ffddda1853887336dc3d5cb5a7efe9 |
C:\Users\Admin\AppData\Local\Temp\gEAA.exe
| MD5 | 09148d6c7a90fe9d3333aa5edf5b71dd |
| SHA1 | d9e8dff92de8c63745154605f86883c02986b450 |
| SHA256 | 81f15376f53965e47f2d7cf2e1f44777dc5befd78d39de327b7c48deda5e33e5 |
| SHA512 | 0c8efee3bb7cacb27e701e9b546ee7f1c220053b53ce305ad1989f7a3280d5abb123c2e77c31d74130757444fa088f1ee649d2e19721365d582e802b252b740c |
C:\Users\Admin\AppData\Local\Temp\SAgy.exe
| MD5 | 5b7ac256947503accc1137b81e5a791c |
| SHA1 | 5b6821ab83a84665e66753a6070d6e86ccc2c5ad |
| SHA256 | c5c17ff233b3b63e9a964486d13a36a0f3fa4ebad3e4df41bb2f20cb630e2e5d |
| SHA512 | 5b2f7572aae830db14492781324638cc6ba1646e073fedaabac9ec64ff9f10b7d7ad87ee59f014507a4dc05b8097247cd6c2c9da2e169ccd74e7e35bfbd1f49e |
C:\Users\Admin\AppData\Local\Temp\AEAm.exe
| MD5 | 04b1125b9d6577ce190dc2af1aa7e868 |
| SHA1 | ee5a76b3c041cad5bbb0e632b5d5811162231395 |
| SHA256 | 0ef4f1519b800b685ca46fb21e0f844a394515aa85c12990a939d607b3de1f0f |
| SHA512 | daa06443a2268fc12ea3992931970a8e931a903c6416485aa82dba6e9c7cd70a9d32369985b21522df83218c1ceec3d99e119ae69359f001c5661ea99fa68d24 |
C:\Users\Admin\AppData\Local\Temp\cYIS.exe
| MD5 | 1e5df6b0112678395f3708ce2f67cc6b |
| SHA1 | a474330b36289a43984d1d9bc3d2bbd8d5b2ad07 |
| SHA256 | e3252897165f41c5e79f9b7ceb7833029e4d672e1a2a524daad16b13cb79280a |
| SHA512 | 7c232406a8066afb51f799c0365a73484efcc3299cec9fb062b0314a51cf780619e7f467276c543685b30b318aaa213b77e9f72a5cbc9ca6fd568b678ddbd8b6 |
C:\Users\Admin\AppData\Local\Temp\Gkws.exe
| MD5 | 8f666252dad94dfa5799d9e0f9990892 |
| SHA1 | 48807928796676b3158847d1363d226807bfd6e2 |
| SHA256 | 0f00b67c6d98f9510bf7d09225af91ffa3bfea9ec0a54b54b213f82c2b175f50 |
| SHA512 | ee42aae382a55d5e7c987b8248c6bcbaab989cd07cda1880749e5a0467d574b6dc0b3e7606a1b9674d328e91c6712b3135d8bebfddb8fa707b6042c5f1039adc |
C:\Users\Admin\AppData\Local\Temp\SMci.exe
| MD5 | da10b4bd57dd723b93128f3deb0dafaa |
| SHA1 | 614cce756a97e6f2656a31b822ceb6c9f260d991 |
| SHA256 | f4db3f33c0bdced0528553c7a0483227e69d99e5e2dc3e217fd74cd61aa3cd2b |
| SHA512 | e98c35528bc446ba922c87ed6787e68e86ee6ef91dee686e7312dafa2a9f180902edf01edf49a1dfc5cfe4cdbff402854ea601b3be4ba6808e8b8a4cba9af758 |
C:\Users\Admin\AppData\Local\Temp\nugoMYsQ.bat
| MD5 | 9da0131c22f8f971124053dac3d233bd |
| SHA1 | 74cb435ffa149c69c676ebf70dacf67c86088906 |
| SHA256 | 5a67eb7ed2e0fcc837a5c18f88ccd120ad86a909aa648fdb7e1d3b66966d1556 |
| SHA512 | 91c6a090b52b26214d6b96ece80579669eccc410267ea88dbe071c460648d2f7fac5070b5714269277b21fc85af0973857c53795bcfb96f7b1f00acedb114ded |
C:\Users\Admin\AppData\Local\Temp\EAUa.exe
| MD5 | d00430e41f55ee2fa027f835820a0696 |
| SHA1 | c801257c0c30ee69f736da4f15cfa1991741934b |
| SHA256 | 3aea2e627288e50b29a4965c36ce2b7b22a6803977827d34ddf8ff9649630579 |
| SHA512 | 9de4847a1f252aade79ee8a059954127a8827f5479fb8b368f136e8d3c1bec1657a9adbfdda1a343a1ef71781a43a560b9faf05b5643fbfcec76949478c7c794 |
C:\Users\Admin\AppData\Local\Temp\AqkIQQQU.bat
| MD5 | 512dad5e0156ecdf654c32480a710f40 |
| SHA1 | 18841576abf0150aba096506ba14fb00f1c00a7b |
| SHA256 | fdf174e454ceaba3e8de12d6152ed069fa72e02cae25fe149c7eb913af236a1f |
| SHA512 | b1f65d566629be6213f2be5e4ad4eaee73d329b4e4afad0a2f6d9156fba491bdca58aec1565e8a75954045f9e51537672f8489becd488f50713733e5dc8f849a |
C:\Users\Admin\AppData\Local\Temp\SGMwEUQc.bat
| MD5 | ca53ecd5f5b10a0e38d9bc1244a2958d |
| SHA1 | 8598c0f57df23cc63367b0b115ffc9d941ad3723 |
| SHA256 | 2153bb7ccefab074294e0a37155e25236e2352b269809c3c58130be87b5c7da9 |
| SHA512 | 015cc4dc15ba16c7f1f621af08d325cbc14ed0a49be7dde330a26ac18d17578a99f3eaf574131ab6e8973e403e934db6e57061e74bdbb64801724c2ab42d6db6 |
C:\Users\Admin\AppData\Local\Temp\IoQcIMso.bat
| MD5 | 9deaeec3ef176b17499d27b0732e512e |
| SHA1 | 713bb8500504db6f2b0bdca0f3a8272bde4fb7ab |
| SHA256 | d472056e935c8b603ca9c38d0ccf9873be4ec664831d7fc31d0f051d2df14784 |
| SHA512 | 8e0c9553ab33db8fe96d77db9b0eb0c27fd63bb57412b8fafcc8efafa912679f686347056dd10b5dfaf13708514f65aca07fac53cd625761824ac970c9388f5c |
C:\Users\Admin\AppData\Local\Temp\WucMAQQE.bat
| MD5 | 5e9ec14cc0fb23044fce779c6fee2e35 |
| SHA1 | 097be815a98ea8f532619ca8032cb5c85198a248 |
| SHA256 | a4a60e34cd47ca45db768b7b24f4274b994a1dd735d8a7e01a7449e92f3f1a1b |
| SHA512 | 60a7ae57fe62e27d32f4bc72c1c339aae86b01b8495910321d5bc59d95e2e23a7bf69078ecf970aebeda104bfe3f26e0f6e8bbb705fa4f12a41fa9cb0e75ecf8 |
C:\Users\Admin\AppData\Local\Temp\vCQoEkQY.bat
| MD5 | 2756f9f4ded120ab8d86b2070f1c8555 |
| SHA1 | 90176ca4be579beef7d64884ed27ce35f3300d70 |
| SHA256 | 333994e9b966b01c3bfa2d563908661339a9be5252c4612dd99539d9c859a7b0 |
| SHA512 | 5804c4d92d111fef6c219856518854729bf501f49a448e99ba3d6bdc0428af15659b6a7fccc8fa948d39e9e160999c25ef3182e6136572e799bc78b40e909e20 |
C:\Users\Admin\AppData\Local\Temp\lykwkkgg.bat
| MD5 | 7ee6f050d4af5e0ecab1c58210e0cc98 |
| SHA1 | 4b7bd2f055d147afc1a08cfdeab0554fa5a6695e |
| SHA256 | 4d6fe1b827be79b33a7dab72b47ac526e98e06974071b58756de417c17b8cd24 |
| SHA512 | 27b3dfd702ec2fa0359d8b4d4e746b9eadd14e6e8d4a7b87968450e6ed97d82697bea6e4fddba1b7c88b85e1ca124c5bbe71e7aa54790bc423fdb777fb2de9c8 |
C:\Users\Admin\AppData\Local\Temp\jkwosUgc.bat
| MD5 | 3d737859f1a2b59e21357ec1a7dd837f |
| SHA1 | d402dba9a03f1ae0de229c766f7481c8e350fce2 |
| SHA256 | 0af60587b3c6198ab109e86e327da0ca22aecdced1170e9082b33e95d99745a7 |
| SHA512 | 695cddb5415b990a20c267aa731d60fa9a02e8a00accbe8b9333268e591b15375645c0668335c5fa7e5d2aae1a90fe2fc5f4c22b5f77c0184dbf19e7cd8199c6 |
C:\Users\Admin\AppData\Local\Temp\JmEocMUI.bat
| MD5 | 65e8daeb14a1e5a9bdc7785cfb16e4f3 |
| SHA1 | ad43c3ff2d2f175c4e0d03db1ca70657cada3741 |
| SHA256 | 12aac0c92da6c49ed9f423bb408eb1164dca668b8d891d8aaf811305c73e3c90 |
| SHA512 | 7b1e5edb13714ad8dd2a5a0f20045750f4198399ee5f4c9417a04f37e78d6fab0f03bbf0c37f504ac81a351ca59d3107cc142d98e72d040559d35b2bca741ceb |
C:\Users\Admin\AppData\Local\Temp\GGIkEQok.bat
| MD5 | 0a5562697ae64a38fb9c0af3a8ce9839 |
| SHA1 | 3f07487ffd1d460ff518cdd61f602e314c32ad25 |
| SHA256 | 8fc6eb537262a191d7d0402c9f083d3fafb69266238422c9ca45818354672ee8 |
| SHA512 | b8e39803d3803934ba7e1fbd6b63dd98bb62580e9a20546da5d8daa7acd2872ebf8507b5baf63070c8d07e53a0674070de9981f442d83e1668c269c541080ce7 |
C:\Users\Admin\AppData\Local\Temp\IaggEIAs.bat
| MD5 | 0a95f036c50ef180b47f4c2b462c452f |
| SHA1 | 76dac59358a9524d8ccf68403dc7d696c7ed502c |
| SHA256 | eb122f725edc49b50efeb39bd3793fca00a4ba0c188d2967e242d2beebcdcd6c |
| SHA512 | 07de3c7346c0217115417f4f096b6ce7d4b33b9c0ef4b24f60ecadc4289943cb5f88462fab9202c8581f144817ec2a7953ed40c0d87f0f9af9ea2bfe9bcc7628 |
C:\Users\Admin\AppData\Local\Temp\ewwQAoIc.bat
| MD5 | 21206b7650ee2219922e7cd9e6b9fd72 |
| SHA1 | 50bab9aef110a594803b8dbb66ff54f59032c26a |
| SHA256 | 98961c9fceaa89e52de1e16f2820340f2db0113df322b126819f3ae95455f89e |
| SHA512 | 5e1ebce423119cd19c64916badb44ddb03db0f85665cf0ab494d3f907d01ddb53c138808480d0f5fe8f83e0810046d5cc016f2609b5cdb8a8b4abd743acd59b1 |
C:\Users\Admin\AppData\Local\Temp\eSMUMAIM.bat
| MD5 | 7deb966e8106d8202d4194b767ace454 |
| SHA1 | 8b811c3f38d2ad826102249d9ac08746595afca7 |
| SHA256 | 0409ca44f99008958eb31a887d505f2a4d1ad49b204248c3385a793634f12139 |
| SHA512 | 29f6f52d17247ec82aa6d89ab4d028903e934c7155f0c40c49c4f087ac5898a1eedaf1173e47f134c32fa271e38e3bb526d4170d00f1a72396046645dbf2419c |
C:\Users\Admin\AppData\Local\Temp\OeQwIUcU.bat
| MD5 | 8bab3732238bc3eb081a29046f91d559 |
| SHA1 | 2b87561ac3c320a7ea86ee4e405f922619778188 |
| SHA256 | ee304333780fa5a00b2b4d62ce82678d9ea1424b60b99902b791e3e60255527c |
| SHA512 | ccc21e17c78bd6a01d80d588442e25e738956724638cbfa0b25c1d427483121698652ae127c42c3a064cdc09caca7842e1754b7002a13934f89bc7281fd2a2de |
C:\Users\Admin\AppData\Local\Temp\pMsoAwco.bat
| MD5 | a02094d56bdf887936f5c74aa9f3cf7c |
| SHA1 | 262d2d5c4ee434263c9d9e7bc10ec2318240eb70 |
| SHA256 | c95a2586d784de98645f19062815722701fd2a8396b5222978f0a1d86363a749 |
| SHA512 | a78a450431773e1880c05f0d99d32185ca86c9f189f9de1e746662e3769b831a969660c89f662f7fbc1201ad7bab4fc9dc9e46f497575451df085be454a10098 |
C:\Users\Admin\AppData\Local\Temp\BCQYEEEs.bat
| MD5 | 749ef55ed83f4a091d261079cb300e72 |
| SHA1 | f48c410ee6d76b85b6fccc618da27a642ae35502 |
| SHA256 | 10388a3dcb9a6219bfe9d8f70a224d5798b836e1ac6fefeb969d74eb945f9f3a |
| SHA512 | d5fab05009be15b2d8b1cc5628d025165b0e31eb40c43193014bbea0ad863ec6028f2402493ea2a1af598363b23b043b0bd3dca11dfdd65b7b3ab01c3be38b07 |
C:\Users\Admin\AppData\Local\Temp\RwgIQksE.bat
| MD5 | 89291eb8675079829287d7f3e3fe6848 |
| SHA1 | 4a04d5e91eaa3109c94bf8a9aa3258d8df4a131b |
| SHA256 | ea0f9f8bc218f9f856c17a0a5457e2e34300faf06de1c265cab98fcfdde344c3 |
| SHA512 | cfbe321cf75e647d4598f7535b1db95c842ca43ade37de7d3777f25fd659682965f6e515cd407ce66d33e9bc688a9eb648e79ba7c6c0de9220a4c2ae31861c77 |
C:\Users\Admin\AppData\Local\Temp\bukQUkgU.bat
| MD5 | 9bacdabf5d47a51e526b748ddb89485a |
| SHA1 | cf4bd9631666cc2587f9f2b8511127bfef833e23 |
| SHA256 | 7f7ea54734976d444d48229753488df119ce3b3fb41669dfe1a7accf233be27b |
| SHA512 | 211989b4fefa8da4a0811ee4d6edffcc640bc6b8356d732239c02585ce104cad1e001353a8e02acc93857c935406415e6f2589ed90f861a025c965fc15c8f0f6 |
C:\Users\Admin\AppData\Local\Temp\aEooUQcI.bat
| MD5 | ab6a5a8f341395ccfe7127b31df5a267 |
| SHA1 | 5aed8feb7f6bcabc60049f03cff43377165cc8d5 |
| SHA256 | ef9a3803cf926631b93e9db6a9d2af05e980f3f33ccfe5357da7af301a147de6 |
| SHA512 | aca4f36d88ebb9163cbbe03a11525043e4c1758d244a424ca9833cedd58b639d3a0cf32cd4a921b6c1eec90ad2a0609b6d39dd89ee4f43cbebae205d700e5d33 |
C:\Users\Admin\AppData\Local\Temp\eUEccAkw.bat
| MD5 | e9d9d3cd8a9b83eb0521c007ac0e31cc |
| SHA1 | 25bfa8f6f6315e6703f1c1d55a861ea2a7dc5e7c |
| SHA256 | 4d40b2b8b23daa4fe0715d34531d12138b5a75a12cf4fca4c98fe811669c973d |
| SHA512 | 3c88713bcfdef0259d1db294eb39f7ef0d964e0aa1685dc51350476d64bc8cd768c95182219fe1ea613cf68871c438d54c71d1df0048b7bf24e93e0ff3e932b0 |
C:\Users\Admin\AppData\Local\Temp\oSwcsMUQ.bat
| MD5 | ed2063813850e3e2df96e2ca5623d91f |
| SHA1 | 8b44ec92c43139fcd1b8a643fa7fc07e54fcb438 |
| SHA256 | f775b9160092dfe4388a593d70d6a02f35057abd7dde946c97785e9af4a157ec |
| SHA512 | 90a8781ffc32c08083aa6e8f75cc57933c1e9d08aa3eb79797cddc130724c5e54870e943f733b2c229e643104dd6afa5a791e73edb9840823bd08b13cd3d8574 |
C:\Users\Admin\AppData\Local\Temp\YMQUkkYg.bat
| MD5 | bc27e17d33f5b1541063472b72a0dceb |
| SHA1 | 5fcd869be05403e83505f4d83ecf88c715aaef22 |
| SHA256 | 3a9426b754c6bf4629f4df26dbbb672ca549996f304ee2eff9b93eb02acee48e |
| SHA512 | 96d82e874e076e93c64075c9c57cf5d3579cbd2311dafc1d8c9b44d51c595f0d6514747ce83fc3fb852eeca2b75b86a71bdeb0e1e2a8e66fb10c5408849cab78 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 04:27
Reported
2024-10-26 04:29
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (82) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe | N/A |
| N/A | N/A | C:\ProgramData\DSYIUAMk\bcwQUEwI.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AKUwMUUs.exe = "C:\\Users\\Admin\\BgQMUgIg\\AKUwMUUs.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bcwQUEwI.exe = "C:\\ProgramData\\DSYIUAMk\\bcwQUEwI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AKUwMUUs.exe = "C:\\Users\\Admin\\BgQMUgIg\\AKUwMUUs.exe" | C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bcwQUEwI.exe = "C:\\ProgramData\\DSYIUAMk\\bcwQUEwI.exe" | C:\ProgramData\DSYIUAMk\bcwQUEwI.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe"
C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe
"C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe"
C:\ProgramData\DSYIUAMk\bcwQUEwI.exe
"C:\ProgramData\DSYIUAMk\bcwQUEwI.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dCYUIUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aiYYgMog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KSccYooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QyEcwIYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ricMwsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jcoIcgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZakUEsEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dKwgwksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MWggIMos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OUcMsgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIYQkoAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MqcgAccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xWwYgMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XWQgsQkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BiUAYgAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CskMcAMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\icsIEAEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgQowsUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UuAccMIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEAwUYAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEUgIgMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIwwAoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIEgAoUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LUAsIgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YowMMkIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WugowcMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UusEIUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XgwAEMUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSckAwwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGIEMUcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGYkIkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KaQckEIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyckMEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cikUcMQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYIYkgcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqIckAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\recwowIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bOsQssQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGQkwEog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eKMAgUsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waUwoAko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEkcgAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiowAQIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DusgwAYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWAQQoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CuEEUEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OsMEwYoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\emcAcwAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ySkcckEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tswQAoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmwEAwMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HsUIoEcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fGIAsYwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIQIsAEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OSsAkMUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIYwgwEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmkYIAUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEYAoUwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zsckUwcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tAcwsEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SiwkwoUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WYAwMAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EogswgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWYoMocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zgcQsUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RMAwkIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UekIIokA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UUYAgYEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QMskAQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HuAsAQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vUUYwEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWYMYoIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iakMgEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UGAYkkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kwQIAgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYIEYEoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xiYQAYwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FEMEkMEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pMgMIYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zykQQEwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
memory/624-0-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\BgQMUgIg\AKUwMUUs.exe
| MD5 | d62d0c423151cd3c39b1585eb1cb93dd |
| SHA1 | f9b1a6d282a4f48c0af2023ca7e4f4e80b8ce177 |
| SHA256 | fe871e199202097d0c5b9010420f885c2b017b51fe54e01691441e344cf3387c |
| SHA512 | be69b05bfbe71c07233192c4f56c57508f60e8db5545648e26b84ac729259fd51bdf43e631fb3590244df72507a55b2a10238143e00b7bf951dd215f328c618f |
memory/2736-7-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\DSYIUAMk\bcwQUEwI.exe
| MD5 | 2aa5b240b2497e4c6f893ecb252e20a7 |
| SHA1 | 56b584efffe28e20b32f042d28cba4e9f34777a5 |
| SHA256 | 18b160972bb5b69db179f40271ac4d5ca3592e17bad19bd6bcaaa32354cc3035 |
| SHA512 | 19a8686217c30422ce894427f90b4d049eb41ecf91d574b68307dec9a8aa8414a1ec85d79bd2e609b64ac37d79a35cd1fecee5a5111dc00d062a9a209678efd6 |
memory/4692-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/624-19-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dCYUIUoM.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-26_17d62c14f00cca5fbfdfac29cdbbcf5b_virlock
| MD5 | 5861d4e6983be2b92122bcfb7d239eb5 |
| SHA1 | 892a1af54e23a9960f63eae6369c526ef325b77c |
| SHA256 | b3de971f88cdd8219cd9bf4a1212107b4052f468caac1f196d756ddf095acb48 |
| SHA512 | af3ce9a9c4a7be34e1d75bd9e25b483cfadc18e50cdb3229c5bc70bf965f6c478a707711154066c446f84ae5b6216917dd34935ee69772c305a00bc6d5040178 |
memory/4700-32-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1416-43-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3256-44-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3256-55-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4720-68-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2568-79-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4924-90-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3096-101-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5116-114-0x0000000000400000-0x000000000043F000-memory.dmp
memory/32-125-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4188-136-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3448-147-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2412-160-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5116-171-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4340-182-0x0000000000400000-0x000000000043F000-memory.dmp
memory/796-193-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3120-206-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1184-217-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4992-228-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1872-239-0x0000000000400000-0x000000000043F000-memory.dmp
C:\ProgramData\DSYIUAMk\bcwQUEwI.inf
| MD5 | e46efba4024e1bca517c8e01be5aa586 |
| SHA1 | 2927bb925e045d41bbfb6f4bf52a87f735695924 |
| SHA256 | 7f474a04f99c85f0b63e67287cd600223f4ed37669b3d6e4c9cab05b219c1b9c |
| SHA512 | ef451de48ed65887351cf53fa5495ca620fbf4766309bfef4e4591070b6ee7d438de996bcaf69682152d7f56913be44a56e887ec74b2f3ad1371092c4fcdfac3 |
memory/1748-252-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4988-260-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1152-268-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4208-276-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4328-286-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4788-294-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3956-302-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2712-312-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2400-320-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3740-321-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3740-329-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2616-337-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4484-338-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4484-348-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1140-349-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1140-357-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4044-365-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2404-375-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1200-376-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1200-384-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3096-392-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1872-400-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4992-401-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4992-411-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4996-419-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1836-427-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5004-429-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5004-438-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2148-446-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4604-454-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3644-462-0x0000000000400000-0x000000000043F000-memory.dmp
memory/456-472-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3844-480-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3712-485-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2348-489-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3712-497-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2300-507-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4512-509-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4512-516-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1604-524-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3864-532-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1416-542-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5080-550-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2408-558-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4540-568-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1780-576-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5056-584-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1964-586-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1964-593-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2004-603-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3164-604-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3164-612-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4484-613-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4484-621-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4760-622-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4760-632-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4184-640-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2304-648-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2616-649-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2304-659-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3064-660-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3064-668-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4208-676-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3288-677-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3288-687-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4020-695-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4052-696-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4052-704-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3576-705-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3972-712-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3576-716-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mYMA.exe
| MD5 | 66f1968780fd09dc7835d0f37a2e5264 |
| SHA1 | 01f2b3771ee18e6a13abb967d21bdffe7d950881 |
| SHA256 | 58a37b9411381781b0a96ea5b01cb37a61c7afc6747dce906ed07ae5b3d330c4 |
| SHA512 | 9f8d97c199c1b7062a489808a7623400d218f62fff617c8b1382a28b6b81dd6677926c303128e1e05a469035eb10a763fa31c402fa36ef31820af4df15633520 |
memory/3972-739-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aEYo.exe
| MD5 | 59efc6f6c58898d046c29b125b43d90f |
| SHA1 | ffd9c9d5d02c622b55d21e2e194239afee81c315 |
| SHA256 | b2d74b0ca15424bf8e35491fb1efe0534e539622aace834fa24018d046c5237f |
| SHA512 | 366a1c4270304e122985e590a04d0321d3342362e1d971e96a2dd0a3fa24e52df889fffcc3a0377c70e2b29b37b05ff45764d9dea0f64631c45f08c3617b8860 |
C:\Users\Admin\AppData\Local\Temp\CMUE.exe
| MD5 | 06a0ba6ba4460c081644eef528778430 |
| SHA1 | 4b78b51e31e2ec7a138eec577cf1a52c6367e9bc |
| SHA256 | 5522a505c01dbf31d5b96fdc9505c2ad0ac9fb54a1930ecc7cbfa8b703fae79f |
| SHA512 | e701d63384324f891d567d1822c7606a7ea60eafae589eb71f56f897635993de46951f25cb259a3ed908c2104268adc75e98c14024b0b55a466d9bd63a83dada |
C:\Users\Admin\AppData\Local\Temp\kkAk.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\qIsG.exe
| MD5 | 8fd601f64f1d5eaaed5d0a5102feb259 |
| SHA1 | 4e1d5bdcd74f11939454452700bbc1b52a3a247a |
| SHA256 | 3d4813769a8ca3042597d35f4aeabd2e22d3646a91e789aa148ddff9fdfaf397 |
| SHA512 | fa2da9cff1f7cfd82cfd1d7ead340922e62c5e69f2ff059a8321f3eeda53cc93b32c14a3a0fc31a99ba341bc398b20c553a7a83f952a4f379fc7f5569622796b |
C:\Users\Admin\AppData\Local\Temp\gosI.exe
| MD5 | ada3b1faa14c50fa5cb32e5d9b0d0a5f |
| SHA1 | ba751934481d5793d069e942a8520801bd5ab3c5 |
| SHA256 | 446d8fc08d61e2aedf9b072247264ab96e7e8e9ddc080d4db3c16164e82b6780 |
| SHA512 | 352e40f141ab7b35cd4a7ba9a59090fcf7e2f36d83227bcb2ce4c6a4e1d50d3775f29ea3d419ae35fca5226090ab0054021cd065428328201605dcd371857fe0 |
C:\Users\Admin\AppData\Local\Temp\YsIk.exe
| MD5 | 0cc22da2825645cb0ff1ea511fa4cca8 |
| SHA1 | 7ab66b5ec52fb23cd465a7e10e1a3890174cb88e |
| SHA256 | 1cf6ddd13ae4d9aa178fcf9cec44acb81d82343a4fa4baeaef1c39e746e5d037 |
| SHA512 | 891ef64e42a8c5ca57dea2830b1d3244b148c59ba7b428914d1cc76637a91478b4a5a20d9f81a5a024740ad67e041e73f1e58f8114ada334533a94b48b847ac2 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | a037193768e27d42a1acb41e5db2c713 |
| SHA1 | a87ac080a816fc2a2b662fdebd0fcc9006ee6294 |
| SHA256 | 81a724cfba6b68d6750e93d80b1476021b83daa4bfc0c26b13ac99b58974474a |
| SHA512 | 16741b1eedae7a4a25800e2464f4e566eb80256a6809400e3354f0ebcd958be3494f6008f19a723cc5721f97c852c2ee1beca03d7d61577e66f5501e9367e306 |
C:\Users\Admin\AppData\Local\Temp\eogg.exe
| MD5 | aeffda32b6112286db773c9618a4564f |
| SHA1 | 4e42d3d9fbb18774bf2c52cf0d83cf16f0223148 |
| SHA256 | d0c6f1276c1aa892bf2c15dcf18c67eed0c5ae182a1f189508e20943425d15a8 |
| SHA512 | 168a3c697496408f24fe317c478fe2da2aec131c4f2fae2dea07bde8f5b18e92123dbc36b7a674cf8357d16181e16bff6f0f6d4b7c131da41d5c6120774aa434 |
C:\Users\Admin\AppData\Local\Temp\KwMc.exe
| MD5 | a383db6418f25c6622e9b5d5f1daefe5 |
| SHA1 | 1b5801d3859ae5158a66802fca039990155fbac4 |
| SHA256 | f3a33f5acfc1012e99b97a7adfc5e78316a9101e9b74112e9bb00ec6ca5022e0 |
| SHA512 | 672723f89da63fa83944fdb30510a7d91e31a87fd27178819c0a5799177de0c062a0b19d9eec836c27dd58d21926440b3847d233dec0fd3a2057bdd82b4f31f2 |
C:\Users\Admin\AppData\Local\Temp\esMq.exe
| MD5 | d29cc0c595f6cf44b04ff1e2f9126fcd |
| SHA1 | 278a33ebfefd2897078f1d787dc35c598d84247e |
| SHA256 | 93a999ca0ce84681507837f757eed6ea12a9d49ba07fd22af8b4977273c184e8 |
| SHA512 | 1eef8cc8c822c3d53bef21c52bef5685f6c645512026cd777342f9b8965d6057135a708217b99a4b6e8ff72dae55168cc89e4085bfcfc7c5c69348907d899481 |
C:\Users\Admin\AppData\Local\Temp\YoUo.exe
| MD5 | fdad38a714d012bf7843033c65a66bdc |
| SHA1 | cee5917e1f027787bc841334badb18a57e1330ee |
| SHA256 | d8bfdeef74d965a93dfd775dbb6bf9af57ec9f2b16317b5b819cae79c708fb18 |
| SHA512 | bfa25dda0fa1a4c29d44eacc856527994e78562769afeaddd6840e5ccdf4e982d872a34b70d1da153ab1fd1fb5194428b942f0dc9a16bc52139f42ffd49e7209 |
C:\Users\Admin\AppData\Local\Temp\ukMK.exe
| MD5 | 9d808a6ead1a80d8aa59ccd8e238bedb |
| SHA1 | 671520ea7b35f42deceead843092a31f18e5ef37 |
| SHA256 | 41d7419975605fc49e3c2632d30500785acd0bb632428cba5caebfb78a2557f7 |
| SHA512 | 7882a12c84781c69095af6f6d09087186662fdadce8ff2e4d04843e091619c980d3511ec3d797518fc4c8c5619ea9b427720753119a44e92f3c6123cf092e942 |
C:\Users\Admin\AppData\Local\Temp\GAkU.exe
| MD5 | 5844bf90c16225d401f79a852c653b47 |
| SHA1 | 8ecc071788ac9e52c16e9de6e8ec9479a3e6f1b8 |
| SHA256 | 1b5e8dfb82c85d3ea247c7fa8ea08ff91b0aabc372dd18f33e20041e482fff32 |
| SHA512 | 404d12d2660160316ee8818d3853cda2ab2c379bfec2b8e99392893136f659ad974ba1c8a769dfeea235a793f7f450f0a14dcc865f6e9d60812ac2a293202f5d |
C:\Users\Admin\AppData\Local\Temp\UYgI.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\YQEI.exe
| MD5 | ba43334ef1f29947fcc294d09f399812 |
| SHA1 | 37caf00586a729722c658835e73c1fe44db6cb29 |
| SHA256 | e62b7af64447917997c43b3842a82babbcdcafb1e17ad1470450ceea91f2b88f |
| SHA512 | f3c5493a6bf1c08d0397d2f637a804ad5c38c9a2209730e7c87b0eadcf8702ec8f3ecf79ef296efaefade1c3d43bf365482e8f3de1995777aae50a03ded1115b |
C:\Users\Admin\AppData\Local\Temp\EUUk.exe
| MD5 | 41445c60eb43872dcec5f0a39aa84d54 |
| SHA1 | b57f4b0308dcc1b9ddfb85f79ba994c97faa3a16 |
| SHA256 | 6c5a41bf691e763cdf77ca469a7ee91fce210cf19b80361c8267deebdb56b17f |
| SHA512 | 27da557922df4092307275e9f71673a769c376d84afe506ffd891e036da5f0b7d29c23c405841bd55b7fb69aff343e8ac48dc9e08e64d8f71684463fd264b432 |
C:\Users\Admin\AppData\Local\Temp\ickO.exe
| MD5 | ada01a48048688595de8f2e03f223e02 |
| SHA1 | 6b6c7a5a73a4a1e41f553813f1bb152e7b957a7c |
| SHA256 | 436dec969026d15eae875ae319d1539ab651935605753b7d7387db2dacdcd1ca |
| SHA512 | b5c490ae55a08dc06b4859d25f32101485def1cdda30fb53a6907e6d049ef0d54c57b3c6d1e74bd85b39e064f28b621acb1d27937df2983f03fa277be303e078 |
C:\Users\Admin\AppData\Local\Temp\uogW.exe
| MD5 | f014e70a79f982ab249ce3b35e9d6adb |
| SHA1 | b7c4aac2e4419e7ca8920a4dfa19556180b975ab |
| SHA256 | 0e23c56f8e80537e6cfd09304412814a5d7e6391deacacd8af8a5e84ea76796f |
| SHA512 | 3d7a69668e0b5db1bc6667b0dd9c226d57d2d2816a131a031bdf2b5474485becff8c1c50ec3d068ea3f36a28ea1e305664542bea84808a6744064e98d65ab3cb |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | b25d2dd76aac0957a8fc06fbf7cb4fce |
| SHA1 | 0e45758130cefd081be94e07ddc4f6e029f4e12e |
| SHA256 | 33af2a8a3a657563982c69057511c59598146c5db54e60ea5385574e5b508461 |
| SHA512 | ff8375aa407f8d5264735bb2785143871a4a5b3b04fc059fb183d80321f12a79f3793796c6ae888e7861befe54c188a9f2a7256f0305c095752c99e2489a4b59 |
C:\Users\Admin\AppData\Local\Temp\YUMg.exe
| MD5 | f1dfd90fc184d8202e12cfa07e12ac99 |
| SHA1 | 990b87a95aa11f707a70a9a4bd8d548d541b78a3 |
| SHA256 | 0e8a43dbc9a28a56a14d694576d05888aa0783be17b36274bdd36a9a726256a1 |
| SHA512 | 12791c3d501b100897bf46e23eaf780b83680e8b38b7922670071043b4edbdec4487db9b50fa374f978907d5145033b0922d10c73faf62122ffa18dbe02f718d |
C:\Users\Admin\AppData\Local\Temp\mMsw.exe
| MD5 | c89618ee879c24a62b2329f11b472a5b |
| SHA1 | 13b985def8cff972c5cfea48d9a8863dcf1c0ce6 |
| SHA256 | 366a9c3f2e2f85de742ab1a53c036857b48e430e795e77626490d83390111267 |
| SHA512 | 890b0d975d54be4cce05e1ed79bd8788b2c688fcc0e0722a44e04d86f858d95355820a5e8c63a9053ccac8ec4484bb9659b4961ba660911c0054f19c85d8d014 |
C:\Users\Admin\AppData\Local\Temp\CkcG.exe
| MD5 | cd6040b93e49659593380532172364f6 |
| SHA1 | 1778a524684b8d5fffcf119ebcdc3dc728f5398d |
| SHA256 | 516483c92912672f669c342ab70d3ff8c6102feeea8d0693a80e9531235058b3 |
| SHA512 | 93c93d3e1516e6f26a3bcbf237bbe37efd4e3c88c8989585bc6bad3d585ae33e3de8ff76ba135475553ed4d1ecdf2f09c4e85fd1373876e324b584904db8cf6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\128.png.exe
| MD5 | 49eae9eb0774464cdc3cf2756b649b5b |
| SHA1 | 506823a44213ac003588befa968c7e1280c35f6b |
| SHA256 | 0983c08d06002a5f1011fb340f39659a82122755e930657fa138b25cecc16082 |
| SHA512 | 2387ef2a3b569b75a3b95405555ec145905f95c83ea8a8b2b52b64b99117f5dffb40abc1f3f96184bb148b05413be5808d8209cc2b813c60d728fcec36e9bebe |
C:\Users\Admin\AppData\Local\Temp\mMYe.exe
| MD5 | 0b4c0e064f03921d633c18e52a637e8b |
| SHA1 | 69c3c87659e144e2984604ca7c75de85993d181b |
| SHA256 | 0c9a0b584e9fd2787bcca7e0037eb5891b8e1adbb2197783eea2f3b2995d09fd |
| SHA512 | 7ea3a094ce1d1e45e295c1c60b424322ac9454423d4b7042f28f1e3e39a0370e6dc44bd6c491af68fd331a1c5c18d7f6ded8686c2d735d1cad4393c497bc938c |
C:\Users\Admin\AppData\Local\Temp\kIUY.exe
| MD5 | d55d47eb7c51c67ce2fac71ffcb9b6c0 |
| SHA1 | c23274d052978696ceb8171ff604a8d2c611277e |
| SHA256 | ee8c072117af10acb9fde6f45301120681b76590c89a0d185b082a8907b9038a |
| SHA512 | 43007e730c412c7ca72f78fa42dac0a56c7a93ea9bf7b8537716b587c48b237cd09e3bf8168f5d6ce3de401b7aec3ba12681b66715cdc41674413b742d237a4e |
C:\Users\Admin\AppData\Local\Temp\EAYu.exe
| MD5 | fd4d82da14d3250a0c524c0498056045 |
| SHA1 | b8f35b311c3ffcde6794b95efdb443994dc3146e |
| SHA256 | 30d11134a3e15e323892eb4776ddcd1bed602e39890f3434664a1e78daf5c495 |
| SHA512 | dbe5fd4008bfe0a7c8f56d6a8428e02d56b0c60ab4b236256d3e3fb95ed7d4be2527ea9a1e440335755e9863c46d4e29f944ef03e06da91d90e561089323ce6c |
C:\Users\Admin\AppData\Local\Temp\akYm.exe
| MD5 | af3f1283ff1378f1ab1b22270b9b5fd0 |
| SHA1 | 42397eee1e61801ddf801aef3cf8dd59f444dacd |
| SHA256 | 6da57f80b77cfb1878381aa74c8b02dae5f88031b14752cc23b907ab46dd558b |
| SHA512 | 5ffa626707341e9b94d1c326eeb96da5a8d58f8499eb15b1f4db891a68ca8e8354dd7556c543ff4b490cbf8696c29db407ffd1ccf4496a5956103ccdb4a2f450 |
C:\Users\Admin\AppData\Local\Temp\iEYu.exe
| MD5 | d6966ce56b697bd90ec05c62a10006cb |
| SHA1 | c339e2d911ba401e5b33175837f5ede76a91134a |
| SHA256 | 137144f68f0c54058d81c903b680a3e8c595c3248ed7ec5b0f52f57db51ad4ad |
| SHA512 | 6aeda1aa9146795c73361287e54a117b523b913061d9f72943e683c4067640749d831dc333142a97d540fd045d0ac388ad5ba3e023861274f152c8e945eab435 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exe
| MD5 | 3e047d820335a16579b2302a1c0b4857 |
| SHA1 | 18ab0d7d687cea67988953888d05b2e308ec7016 |
| SHA256 | 520a51a247b92d013f84bb9a62b680e115cc6c6701cebb89621b7f1ef7bf4749 |
| SHA512 | 535854fa89c910a9784819469607d570b496d566679758ebbf9f99a195f14e7923df040249ab707270e841693653972c7c7378f87951e8d00dd0206f748fea98 |
C:\Users\Admin\AppData\Local\Temp\wosA.exe
| MD5 | 299dfcf3e580497eb5a5109aaea4517a |
| SHA1 | 90a36b86f38c158bb77b7ff62c22e11d9e584ba9 |
| SHA256 | 5e00e946c8dbd33cbac623ca7974ac233a1b08b9a8083a46547e6db15e87ceab |
| SHA512 | 24b7ee4126b08835552112bb431420970baa336890de9fd8a612aef066a30d4544c36b32af00817bf176f9aa7020b07f853f43f0e350e2f35459903656d5c6c4 |
C:\Users\Admin\AppData\Local\Temp\wUgm.exe
| MD5 | 2658a623fd1cb426869236047fbc98a9 |
| SHA1 | b99b73de6be290b9ac7cc528bddca1bb66e4d71c |
| SHA256 | b65f2d19e934f2860c39ee678ea0c43de5f171f36c8034d3d637fbda268adc02 |
| SHA512 | 53cfafde1c4ae6918e7114d4c4db5fe4755c5f3f8c625dbf416285c91b201aa452edc6041fa166c1879fe0a408a90e63645d1ae2721c743cd6776fb7e8e7f684 |
C:\Users\Admin\AppData\Local\Temp\yswM.exe
| MD5 | 893f1e033e2fe5b1bd511372b10742ef |
| SHA1 | 209c1e88517608a244d09f8a58c27a6a9bc426e7 |
| SHA256 | 4d68c684b12c3b314df59d56c818bea7e56a76f15268b3aaed1add232296b510 |
| SHA512 | 66077d81eecc1aa8dd55648912ca4b6d10c78a103b000f75f54a274dbeedc00fefdf7bd4bc76756c913e6d3e78fb62c49f075fd8fa839ffdbbceba33ca22e9b5 |
C:\Users\Admin\AppData\Local\Temp\wsAu.exe
| MD5 | ecf1f5635af35498c9a95ed01444b91e |
| SHA1 | 3f97fea64d1a8330c3653ec67963d23781f62ba1 |
| SHA256 | 772dc8c1b3b346fc4b739df11e7ebfb2419cf6e105cb272b58a85cd56fec22ad |
| SHA512 | 695ce5fe65700257f5690388601ce15c94f5861ff37abf222d164364e5b95d3cd39027c7851068a726efea7051fc6b8172f86eef18bd293434431262dd2948c9 |
C:\Users\Admin\AppData\Local\Temp\Sswy.exe
| MD5 | a2b169997a32d64ce929eca776cbd190 |
| SHA1 | 545ec3c112d3cfadc2d0e44a2e9b9b2ea3b84d59 |
| SHA256 | eecdd5eb4795d05ae60e62c57f78c7b8a0065b6c8ccbc41245d4f2367b3e9eb2 |
| SHA512 | 55ddde7c20c1463799a295ad0c0ce561bc77bd64f9a80b789bd99fa19a060bdb3b29c6bf950f0fe69ed291d1a09cf7d2d67f4ea7d6a2985aaf2b70eea3b17cb7 |
C:\Users\Admin\AppData\Local\Temp\OYIi.exe
| MD5 | 7132f1fa4e799d7d8d0077a49cee898a |
| SHA1 | be0dabba1a209546b88f5e34408c0cf7fccbf692 |
| SHA256 | 19401b408140ff05f7b80f160a3a78ab9e2426ca8c4d3534209ad7c7a6f07530 |
| SHA512 | 829123e50a3b0ab2335abfda07257a44ac902df3e4c45bbcece96056b86b10e49c699b4cdaf1b7fc9ba1f876813eac8ea8e65940db716aa2da62bb5960ad9cce |
C:\Users\Admin\AppData\Local\Temp\YQAc.exe
| MD5 | 452727c3972dbbc582f82894272f9460 |
| SHA1 | 275803deca8fe4be60b58ee22151c44629e99394 |
| SHA256 | 76f00f0dca68463f72a35cad12261b321e5b454f75478cc61b052bdf055df2d8 |
| SHA512 | 8716251180004751735653c5460b8ed021e6c69eb16620fe5d9e5085d2cb62caa2ac76824b1bfa0a68c508746d14e1ea78c190ad91229ff5c88083c1d5d11143 |
C:\Users\Admin\AppData\Local\Temp\gYky.exe
| MD5 | 5e01bff3e68ca9334d22157d1af66dce |
| SHA1 | 3b5554e355117c33cbe5fd16a23cf14fb655317a |
| SHA256 | dcc8e099c6d2f955173c8528aa6e8f3a8bf7f01ae182c3944a32988a905166f3 |
| SHA512 | 3f12d47f220bf79cf2ec78c4a4a4e6b022b4a0cf6cecf320b83e7edd71c82cd2aa1bd91a8af7b7b3044eada860317b2cf0aea8461de611a2100d15d83543d0a0 |
C:\Users\Admin\AppData\Local\Temp\iUoi.exe
| MD5 | c4653fabbe4e01655066b94a1b32d9c6 |
| SHA1 | 3cca2210a47b810013b376bccf6ac3aa76f2878b |
| SHA256 | 812685754f0898eae51104d1befc5d03e582650fe9a011df1ca5aac5f1cb5711 |
| SHA512 | ccd35cd3e9adf61f4ac08b311fe1dcf16825af418c3c6b94141a87864c9557bc4ac771d0a2e6d68c9852eaeeb6176125c1623689fef6efe8cb6ae7468bc2cc7f |
C:\Users\Admin\AppData\Local\Temp\AMcA.exe
| MD5 | 17760be5149b367cb7d10c5f96f63f7a |
| SHA1 | 888e2fc4ed948cca0bb7577b6ad00f7b6fefade7 |
| SHA256 | 612b3d3637fdf60fc69167aa641f2526b13a5eddc705e9cbe62febe55183cac5 |
| SHA512 | e4252a72fde6f8156c2471db9a09c9756b347418ead17242e5223e7a2a3547eb1d583958fb6cc822cb666ccfc3eb3845ea15bebbeeeafa79d448fdd6d9f2e6fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exe
| MD5 | 089c27a59879785fba72ff49206432b0 |
| SHA1 | ff5f2dd10cc535f47f4c369cfead43f4a5faf383 |
| SHA256 | 90f4c16240c34630dd280ca4c8d51963ef6c7d64ca2728540851ff4e41aed087 |
| SHA512 | 5d2dddd86455866baa4d3ccc9f0df4c109f1db7b11ef5d2e060d8fec338e2aa2bff9c09af9c151c1a74a21a2780302089a96f6e747628a872c2ad5afaab29bfd |
C:\Users\Admin\AppData\Local\Temp\MYIc.exe
| MD5 | de2cd153e6d90a8e84134a7250ec2356 |
| SHA1 | 28696cc9d78dad532cd65efe394477b10c0786a7 |
| SHA256 | d8fea869381304b4f536506e48cefe986604e82b779d8ea89a08768e82624df7 |
| SHA512 | 4e3137efff9381f2d0749791f8c3c3cf6f223cb0cf534c86fceee0c364481aa943394b160ac05d0a4cbbfe04228b0e872726a31f1f4daa7d1a09f8079dd050cc |
C:\Users\Admin\AppData\Local\Temp\GwsQ.exe
| MD5 | 00bff8fc4c87f37b1e218f2d2b7478f2 |
| SHA1 | 4c9edae5b38a5d4ec7bb2e79b4c87611a2b417b9 |
| SHA256 | 984cd41d967a4b12317df6bb3fac413678ea5db291d340d61a889471b0fc9c25 |
| SHA512 | cc174ff7e901b2d1e77d7cd402b5e7f54bd5885c05ce6edc4fd7a8d8182219a2cbd44e58b63895ab823e8c4c2f45ef4f1214d21c71eaafe4b524110826ac5214 |
C:\Users\Admin\AppData\Local\Temp\EMYW.exe
| MD5 | a458dcf169dbb8a06556640482cf895f |
| SHA1 | d327b46d5ebae867c9e2875fc559e753be2fc822 |
| SHA256 | a02311e9932bfb3ea8db32c2272254e848d4566a755113f34ca0cceec54e24c2 |
| SHA512 | f6102e161713e22b451e8ee651da147a24fe91cf394bb3839d5a5f2021b69a61eee6c4d63f6ec4e35c855dc41ecf7e21803bfbc7efb87bd2fb9be92296fac7ec |
C:\Users\Admin\AppData\Local\Temp\uQwc.exe
| MD5 | 75a48b64ba383e5194aa108518baf126 |
| SHA1 | 29c0cd4f7497e952b90f4c25b647686a1b9e3feb |
| SHA256 | 7bb90b98175d4a7a49503236488d023d8bdb18d33f8ebb0432059204506811ed |
| SHA512 | a00c165ea60ad53cf4c6f79136bda652399dd3cf751ed1200b80fecfb64b063418c405ea5aec1d010e50d10fe68dbb9f51c48cb9fb016789617ec4f7c309d6cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe
| MD5 | bc9c59faadd942801992a5337bba0ba2 |
| SHA1 | 10c38f7ff581268ba502fab47a9f0220dc5ff607 |
| SHA256 | e50dbaa0655a60ea81f4343fa8eb458260f64973805b3139f44f693072c9c8ac |
| SHA512 | 15321d0332dd3ca5c4b6150f73b49e1b36950c86a532f8966f3b2338ca87d3d0b2e8206471eeef2eb95767d9a9d7536458901e0c5e52faa11a2df9c3da00833d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe
| MD5 | e74bdba0506e185ceb92150c2d721812 |
| SHA1 | f24b32e53cef222f48141dbcc51122cc1b69bb2e |
| SHA256 | 432daa958a3e836b10228c6810d4bbfb02b2fb378a3c73eee762ad6bf60ebbc7 |
| SHA512 | 0af7a6bc3e45ca17c03c9a8b5050ad6b633371b0474828abd80214c49d22cbf66d78fc74804723f409ffda7f5689a79421f2727aa0e50376fe0e4ba824ad94c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png.exe
| MD5 | e3ebcea3ce77fd9353195da0e772cd4b |
| SHA1 | 94a56dd246fd151703c78bba25e778a61f92f308 |
| SHA256 | 73bfd023688bff8029a8a43440519b2eda7b6f71a59c313d2f7e664bb874614a |
| SHA512 | 20a141a2b6fdbff55ded551f3984238f756015538a88fb7dee8bcadbaf43bd878ee201d23f6f1c99f4f91ff9c96e63c646c4529128a186f7a92cf95261dc52ec |
C:\Users\Admin\AppData\Local\Temp\eQok.exe
| MD5 | d69fdb6ad0ae23d888fd479f746e2d7c |
| SHA1 | 8f892acf179bf0bc1aa2c1e07882f6afde7a845a |
| SHA256 | 96b0f29ae5276c568f90de7c9d7c04a23233d7b854b3938c76b50f509d737d8a |
| SHA512 | 1f8e2e8802b835b2fc9cf076e8d95c2769918b1824cb1ecfc831a5aabc6d0a68f390f580cba2ce97ea34d6ecf4edcaa2019c39ce311e411e1c8e4386feefc588 |
C:\Users\Admin\AppData\Local\Temp\oMQC.exe
| MD5 | b093345d4f030f9e3e2c5520f23f96d9 |
| SHA1 | 2e0e402fe52cdd7f26b21c647408f72864fb5db5 |
| SHA256 | 9e05be8e25abb60a7e3a29adbe75c9f026a8d44bf77578b57b2f64b4ff265de1 |
| SHA512 | f4899274dac545d80097d52ae94d45c14d8b0154a77de421083dab1f244a9d9cf55f67c83292115fb0c42b6ff6b5748b7832b7e58ec2ce3e11d30cba1b5cd748 |
C:\Users\Admin\AppData\Local\Temp\wcMu.exe
| MD5 | 36e932d8797172bd1d5bec786a813a3b |
| SHA1 | b6a3af3699846e2312699e836c6a1778b2dd2bf7 |
| SHA256 | b504ff661d4f683b4f098ae13d2588625eb7763b9a08cabfa959b072d75343f4 |
| SHA512 | 5cc498696230292c6cfa6b50d832d7837dd0c39ac20c7af85bd6ef107c2fb6fcec3d3625fbc4efd82c037bb5bedd37ea033bf66e938d29c065f4aaa5c7309bc2 |
C:\Users\Admin\AppData\Local\Temp\GYEc.exe
| MD5 | 29bd06e648573d8f3555e76ffde1aa3d |
| SHA1 | c8a28d6e7a91c631360055e61a9112b406118c58 |
| SHA256 | ab3525cd4fad5aac9ebc1c74ace60da1ce74c0bb2eaf6328523e627550ecd886 |
| SHA512 | 77ed58fd8cc5797535094e3dfc92ea621d063840481a9175ddfd5e8b163a3747e983facec3960fcac386eb89d0514287448c9cdac2c892dc2a736ea8148c792c |
C:\Users\Admin\AppData\Local\Temp\yQQE.exe
| MD5 | 58dc47fcc032ae81a214ba4a94c1fd56 |
| SHA1 | 06332fcba343549e147fe74795b2e41d515d898b |
| SHA256 | 7fe59623ee61585c361824a47503d77268c2ca8a9bd24152ba763724fe9f21ac |
| SHA512 | 6688e539df0be5a5ceb42d68bf5fdeae684244bd552a53976181b3ac7a0db67bd0586319f98ff7a565961e07f829d350c9846dd524b4e5c0055bf0c77305fa78 |
C:\Users\Admin\AppData\Local\Temp\Isok.exe
| MD5 | e0d1f4b1d41d1d7b6452a067daa9c902 |
| SHA1 | 3cfbf2abeef9168ed88d1f207a06b30eb7e26d2e |
| SHA256 | b5b0147bc40f2d69cd8de99e06fa07a56ba65c32d136289ed60a0f28a85e5949 |
| SHA512 | 76b675fa154b27f030ee76bad5fed43a2c2652dad972799f704e5dc60bfb1337fd506fc5a2ac3123e2e331dffbaead922db838049b9cb779b4f99d4ed7f2e0dc |
C:\Users\Admin\AppData\Local\Temp\EcEY.exe
| MD5 | 09c2562ca318024075b0f5560837f450 |
| SHA1 | 49bd213b3a75d26db6b2e54c228ccd847e8811f1 |
| SHA256 | 284d007cc10aa81a9060968eaa11b973fb74984186ac9cde9c526c61f1f5fbdb |
| SHA512 | 7b989a87471f2406eefead0bf7c507ab93c4dd96fe69d1e4f9d7ce7bdabe71b65d29893bb69b5d33884fdbe8a3f7aba1ed9b973c7a2458c9a53b912687b54b7d |
C:\Users\Admin\AppData\Local\Temp\oEIM.exe
| MD5 | 15e93f9f3a6dc579de4c065a88b40572 |
| SHA1 | 882e64857b3a4c9589100213ca06557daef812c5 |
| SHA256 | cfdfdc90c318b992c01941e32160d10efc421fb61538a6bdd7061fda1cfb9247 |
| SHA512 | af5c0c9e3c27e8c8266cae66c73148f372f805917ca2b6f47abc737115e8f8be65e60bd11dd2afcea7d629a50b65e089da573dd82894d9a299d0e5f5b8b760c7 |
C:\Users\Admin\AppData\Local\Temp\IIMu.exe
| MD5 | 212688bc4258e6359ff8e0495b136499 |
| SHA1 | 06bd2b3fe19b378f4971b985026ccb7abe4d8218 |
| SHA256 | b70d1854d1bf91972f35a64c0c5fabc33f0c14db6d902d2429db714b42518d94 |
| SHA512 | 325264e320802f598efc0d17b7feeb3c2a56e0196899d822575c2e47d10a7bd7a32c53b0939afb53c4021a2f906ddb47a21949d4297dbef426833bcb5f298bba |
C:\Users\Admin\AppData\Local\Temp\eEgw.exe
| MD5 | f7aac7fe219594fd586bb6810137d25c |
| SHA1 | c3bd281f5b9549332a577c3c483b785c19259e03 |
| SHA256 | 3c39624519e4f0f88fe0341483fef9bf2064797c2249a5b18e3fd04c26ac026d |
| SHA512 | 2372acf3acbc0fd452bcb7f2aafb332cdc4a4c32f061c0f054b9234bb7881b97652fe1e10d38911175f1fdcc41381f0ffec17ee94be50bbfa428fa66bc65ab0d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.png.exe
| MD5 | b45fc223ad772539764d68c3a7ba5437 |
| SHA1 | 431e3536c5d71c137557ec07b4e2983bf61e3e3d |
| SHA256 | d9b370b19f7cb9a394077f358c9b36e77e80facc83062846e2cbb5a2d63e0c06 |
| SHA512 | c6ffa394d01def3e6699f4fda209d77090c160188c9fd5f29f8a0e93e69dc521d83fa1ef761ad2ac5d8371a20627c5eccb22270d2a4508576ac2f0c9680db842 |
C:\Users\Admin\AppData\Local\Temp\iYMM.exe
| MD5 | 71f76264cc2af6de7b85e20551a1c0a9 |
| SHA1 | b75bbbad4788edc47ff7536de0542664842c7af1 |
| SHA256 | b2da0e6e80012f7cb475d6d0f45c6629d5cb5596e30cc3f5b51c8cf7dddbea7b |
| SHA512 | 55bdf24898e63098dd75edf273caa9fc0348ff08674652826499ba48cfd68351e54b12169bdb710899d0d9ab7b6f4b965db8883d03a823eeab5865cf5437f2d1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exe
| MD5 | a22b1bec8344f1a93929996a6e5e40b6 |
| SHA1 | f14a4c4c8fb683043ee7cfeac8bf760a866fbb72 |
| SHA256 | 8a4a3e005236810b84df7f4c4b6fc38e2e9e7d425c06b019f634c94a3bbb6c73 |
| SHA512 | 2cc67cc2530619d89c3301245cb8f20b056a8b0d4405b09b3b1f445d7188c704bd8d88e4bd83c9c71b9793ea644a4448953334d9d8b6cb54844adc99ff9d3e06 |
C:\Users\Admin\AppData\Local\Temp\iMUk.exe
| MD5 | d9d007a9c85e673a525f9b6597d0f9a1 |
| SHA1 | 47a0304fb8630a57c6fd784db24367c728575597 |
| SHA256 | e0cccd9ef2325da9180f25a130ec22b95ff7410d428f76fd0485263c110ea9a0 |
| SHA512 | da14ffcfdbfdcd75664159df0c7470a943809e984966e04adadaaea87114817acdb8f31a197be74eac129282280ce4826648b21a5c7d76e2b8ce99f34b4e122b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMHeroToast.png.exe
| MD5 | 022c32ca7932101f0407b6d01022dc45 |
| SHA1 | e642ca2402400f925aed110b28d68fef7798be50 |
| SHA256 | 90359b0a0d432d7a47fb531aa3e6573851243c9a3bea339f2c62668f4835c4bf |
| SHA512 | 6469224759ed5fc25ea919ca3ec4cf80defadc5706b6539288e3d7fa3b9e98c232fdd753ecc24cff843f8606a66e29a52d0993e4f38bf74cf3c7467c7cbdaed8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 2acd2d04969b02f3ebbe51f6e37bec4a |
| SHA1 | 7d795dfceed9fa81474acdc382382a9d2099d2d1 |
| SHA256 | 7e55dc81fcd3b00f279925562effd094b1ba7ba8c04f606e2869f97e60a4359d |
| SHA512 | 385d74f312bf8562fb7fb04e77a9cea472d5b9384884f7f463cacfc26cc9b6deead1008f7edffe7cf42d4aa9ffa51bc16686b1fa01a701ee5bc9b5a660e8cd29 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMScanExclusionToast.png.exe
| MD5 | a081bbf4f28a8a05bb02c10e4bb15a8f |
| SHA1 | bea126574e411337f28a04e29ae07d98852f94e9 |
| SHA256 | 47c7a059029178e92d7d9643d01a2627dea3b71da1e250e2eb212ae50c736b00 |
| SHA512 | 6e1858cc328987d9400032f45f19e7a9b85c5c45214e3ec84653f811a6334dfb9b628ad12875f584260b7be81ae8dc73fbe31876b02ce1fd3f1a1570659174b6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | b2ec385e16a37a51c94cb0a166cfbaa7 |
| SHA1 | aaf36a5547f059505c441fb46441451d97b83f6d |
| SHA256 | 5d0bba97368860741130a4b284b1cc5cca907caa7020460354bc5ea4fe002f18 |
| SHA512 | 3caec9ea8a4fb12ddd2b0ca284e60c00aad80308e2fb5af1ad3f153890cc823686c1856852afb7b5379bf8b0fb438b8a77d29dafa5c365ffb149c8984fea0049 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaCritical.png.exe
| MD5 | 3ab5684efab992c059cb6b1971ac7791 |
| SHA1 | 24c7266a18a3d8d7504e2b99a78bf25a5fa34961 |
| SHA256 | ac026a9b790da53b041d6216561e1b6b5766192e76bbb19c0f0276f59624ec66 |
| SHA512 | 2590a1829956b3e79a13e1c17e1f32260ededb556d026a4b10b327e7f7ac5aa30e82b4ec2f97134c8d14b647df0f6983cc850798fca9678cf4013a3e9896107b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe
| MD5 | 4597f3559dae64686f28b4ef0ddc9660 |
| SHA1 | 4af95358fcc2ce9222a77f341dc7dddd158d9488 |
| SHA256 | 8ae41fc83fd891f674df7bdadc2c45b3d46c30c40b303634234f8ca330cb85e3 |
| SHA512 | 1e1ea1e73852fef7e79dd83fc7d1a30b63cc947ea842ba80da4b3550e74b4499e6446e5ef08c5cc93d4c2bef2867b49e9822bb74dcd9a508cc3401cd0df27943 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaNearing.png.exe
| MD5 | 27d53f6c39843c13370d6cfc81080d64 |
| SHA1 | b365141ace62f1295ef80f3ab68945a1485cdb3e |
| SHA256 | 7098a819d8e731b26a4a1a8fc5d9585e276c775d0092448aa91b2fc01e3af525 |
| SHA512 | a0128e98bd905049c6a6b2819a4b5944940778a9f32e380644136f9343bbae0235a6a98b5c4e482b9fd212d6e277624492507515542800e8f96b843d57150316 |
C:\Users\Admin\AppData\Local\Temp\cYcA.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | ed9486c45fcb55d4c90003f359779217 |
| SHA1 | c2db7cf0808d8289b43fd6499423c66239a25fab |
| SHA256 | 214cdfb577d320ea2839c71fe3258df26d6f4be832a25a0ed3ff6a03d056773c |
| SHA512 | 21ace13713647acf3a9928d5fc748852a541305c7b2b7e05b6afe0691d9e366056c66bf65ef2abc44db7bc87ea8b51a7d7b4fe7ceab06c4331f411bef58a7560 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | 07aaa43f5e3dd72d2e34a0b15597a2ac |
| SHA1 | 790d1a4784fb32b2c2bfd460b5daaa5168667a45 |
| SHA256 | 524bf6a891270f612599ff126acb48f14c281c1547cd5f0d0cb60805a02564fe |
| SHA512 | 4810518820d9b8e6b217a93df60e2ec8610e0f2830cec760771852dde42cc2e3dde3904623799652ccf41cb0674339aaef47667c4eeea10403e0248c749035fa |
C:\Users\Admin\AppData\Local\Temp\wwQU.exe
| MD5 | 71e24729b7130417077bc0b348b93b2d |
| SHA1 | 3603df5014f0b7273ca0f2fd02d5663bd14b4770 |
| SHA256 | 160850de30adb952131aa1dabf54f9112b638cfa1f643d55beb4427014c11945 |
| SHA512 | 6987197a42236e4f2a36aca908e72f7831b333a96ca5eba663c374a00b79d3ed5706da560baee835e9a15f227deed29014e1ff609c1a47d7d1441c683ab7b489 |
C:\Users\Admin\AppData\Local\Temp\sMcE.exe
| MD5 | 81bef5aaf0ce3f5b3dcc9465bc239059 |
| SHA1 | 0fe6ba73181f277f38a61791a6b89c1ee69bd49d |
| SHA256 | 4e79b8b8ab1e63e710e318dfdcd9390d653ca834ab0a3212f407e2abd4835c3a |
| SHA512 | ed8cc659ddc5eed1adaee787d2746a24d8cd4003c4cb019519e97cd64bcd93bb7b49df17af3cb814924ec26c009e83214e27c319e23a52bc700120f0e33e5607 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.exe
| MD5 | 30beab235ddca95d4f13e562af49e335 |
| SHA1 | 13b196e4b6f5b0d9287a01b269f05bc47a3935c2 |
| SHA256 | ac64a5e0f48f7352ea1d632144daac4107aff8e7fd67d276f6f555bb08465b03 |
| SHA512 | 8b8eb189bbbf7cb45975394230f7b4d9e7d44ab1f42a7b90dde5a30442198b0a17ae3a22de48538ab417911102799d9ff553c66770baa36b482da3f0ffb7bcde |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe
| MD5 | dcb4acfe37d9749f50e8a155bef53210 |
| SHA1 | a36fa8141dc1a917346dbbbf36fea36822ed617e |
| SHA256 | 74d9f16e88d5b5a0175870535c1313d6ba02c811f770c902e63f238e15acb62e |
| SHA512 | ff124d5b2f04c9e95e802b28917f22cdbca441ec5339addf71ddde2d4f2ab2dbba76e9104accb183842013b3732f1654cbdd460d96329d6bee8a76bd9e337470 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe
| MD5 | abe84fda3f3c1e762d8f16978a935b08 |
| SHA1 | b1d139ab4dd04d89cd8117c5226dc3ccd75e418b |
| SHA256 | 894e4017f9b21ba7a3c02dcceb8a99ba34e41e65b441f9d8f720cf55d8680a52 |
| SHA512 | c39eb7850a3d00c206d9d644e32191ee83e0e4375202b4393d2b643b3f9ce36434baaffca0806b893c50bc4b834e2d5532b0f14554a3ccd71319f506495ebfd2 |
C:\Users\Admin\AppData\Local\Temp\CMAy.exe
| MD5 | a82c8d0d366de55d19512b31696f5a99 |
| SHA1 | faf0a79db5bc75a0e029ef442a4c26c6140d514d |
| SHA256 | f888019c321469f564b694dbc37b38e8069308775bf20f7d33311c13eabad533 |
| SHA512 | 96d1f9ffd105a37f5b4327da72371f84af2bc1766598f78c17096465e5737553e35c3c57de212795efc44136b6e29a1fa75269b9239ef9c85a4dd4a9fde47420 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | 27dccf5c481892fec4219101a9595036 |
| SHA1 | e89fc9a86da624f0baed3473836c503ab398189f |
| SHA256 | e4afc374252a8f08040da7e3718e20be458dc0596c838e85d64a0c03027e49ad |
| SHA512 | d44999178f441062fa44a6437287c3c6dbe79175bfbf79b40a28ca5b0efff800a09f8d866dab2892a3e9b4ec4ca1d8477ae32cab2c8d4071ce838d5fd3b2c995 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png.exe
| MD5 | 0323a889fed776f4853cdff9e4d537ae |
| SHA1 | 3aac8af0e411844329fcf69b128a099c37ba196b |
| SHA256 | 7c16f0510afdf72571b31d6da08f74119eae45b70d9d198727e8741f82345e49 |
| SHA512 | f4ba5996f49d897c0a1f6240037c26c0ddaf8732a4113bd65b8200d80140d14608e657419f4f46b9b58e8424f2dd0c800cfc28abd0ad55226c09796807ede9a7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 2a91c2cada6ebb156efcee598293fb71 |
| SHA1 | a1d434694e9a026e9d8a9b7eafd0451b5dfcc012 |
| SHA256 | 2885dc62332e2cca1df7edee771d6dba00b91f7d3333c90f02500a4b9415fa7e |
| SHA512 | e97ab2641f4bdd30644c6e34f4bcdc32180a25842038ed1d384c0a73488503cc4ee57ab0aaaa9f7f70f4460723ff1cb5f6e0db73644f5350c82e5dabb309f378 |
C:\Users\Admin\AppData\Local\Temp\GoUw.exe
| MD5 | bc6143769362f5fe027fc9a40154baef |
| SHA1 | 5fe844bb61093f744e9e074593b3a59fed3a536f |
| SHA256 | e58b1b36a743b637aae00d0a80c13c033c46942de19ea70f21d5331e9f2eb66f |
| SHA512 | 6588f997d7af9f98f99e74a9c548ba9150713dddafef0a7679ac988a6b6f0251cd7250c6c66f9c5313a5b3e7895681baa356d4d959ceb5fd0ec66d3b2d7c829e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png.exe
| MD5 | 81ee63a9ef52f6a9e212583f636a5d0a |
| SHA1 | ac3c83b007fe48673602d407766ec98fcfdec47b |
| SHA256 | 0add42aafdfbaaaedfae20a1b4bb7a008511fbc26b8d13f66975e08b34563fdb |
| SHA512 | aa5c565e07f5c32b6f10fc723001a51fe9167f64b73d6689082a66946d7d2ee22e9ac75d729ac9570a0458856109665e93c06da370828f1af585fe490742367b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | ad5739920fa10f0d97915d48952e5a6d |
| SHA1 | 5360a6a311c766c533dbbf5bdba42bbf32316e74 |
| SHA256 | 160ab17f16e09c400d97ed6d8cb25498c489ae8e18ea0c51896bde811cff1853 |
| SHA512 | 986d8d1c6afba3d0ff57453e45d412008e4b0d581ceba967aa171667b5dabb026a84a94b9812b02fccd84bb138fb888c8369d141a69763d3c7c8c11f766f1b51 |
C:\Users\Admin\AppData\Local\Temp\gIMY.exe
| MD5 | 64ff84c5bd2132eb9fda9ee0265dd678 |
| SHA1 | c6b9ec761c9b55f5d57bafd89c1515889d909eff |
| SHA256 | 34c576c0c9a1183a1d26730e60886fa76549df56f5b9873236e89535c052ae56 |
| SHA512 | 56b2d3fe73280ce07257e98417068daee3c5f681b68183de0f921bbfc2d254da6d661e1f71e1883207bb4095dcf8ab6fb6446fbc215c006b6332c3776b93326e |
C:\Users\Admin\AppData\Local\Temp\Osce.exe
| MD5 | 0cf16ce52f8172dccd9862cd5a483283 |
| SHA1 | 5924cd1359d710fcd1db79261dc429b31f947729 |
| SHA256 | b9c696c34be9ad3cb072e4201d22e9db3eaa1f7a23ef57de60fc4b9cd299a4e3 |
| SHA512 | 6dfe76bf6b6a2895d34f5c94c2ae74e2f7aca4789740460ffcaa57000a1716f0573f4a13a886ad1b4141782b149f4ccdc4b51d13a651cb1c3480b4e023a50499 |
C:\Users\Admin\AppData\Local\Temp\iMgI.exe
| MD5 | 003aedf7eea67a8c103402776c8f586a |
| SHA1 | e9c94d8a2b7034a22524d674e861ef61c4513256 |
| SHA256 | 791e4f8cc8bf2546a1e28795befb558753ab970a38ea82898528a5f606e25495 |
| SHA512 | 0999d8cc61d7b105ae9b5bbe9abd49f13667d1305f1d8f402c7b27c44c71713f836847a855ada226747119d5f6e25830fb70c87098676076d93cd09fe405f41d |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | 3538d3453cb67d0d73fd1a8e0335a649 |
| SHA1 | 74cdd05deb12c06b9292191063b67f2e936bc467 |
| SHA256 | c42a8f8d064c39f07895b753491e26008286ea6ea4bad078b02ee4bd2f985731 |
| SHA512 | 1bee2405d1c95490dc9a4911dc8929c3c728ef8ec41c56077eaa86b734039405e3630546d462f0b41be377873ac3478806e2578a6c149b632cbd51f0560be823 |
C:\Users\Admin\AppData\Local\Temp\wwca.exe
| MD5 | d5219ec43c06902e315c1d60d38a36f5 |
| SHA1 | 5371e347020b77d66fd68b051ed1b8712d37b913 |
| SHA256 | 1d14518e0f522fef9dd7e80dcffd4f02b647b9533ac560c6ff0ee1a132da95e8 |
| SHA512 | 28b10705d0b98c6db696165c579de6deef9b09562b69270737e76109802f88388ce6b7a723862eca3be61d7e6cbdc5eb8d029f7a4b750bec0b3d7e9ad935f8bf |
C:\Users\Admin\AppData\Local\Temp\UkkY.exe
| MD5 | 9cb2513c2f551bc39699f8436997d359 |
| SHA1 | b85ffac65f068c6dfcdedc4af27a2207ae9c66d1 |
| SHA256 | 824b8293d6cd5b3d456f5f19c7df527bfe90595afb1eb7a5560a656258822d6c |
| SHA512 | e52ecfd686d15dd9d5211c3ba6a974cd900baebde3604eba43c1f04f74f4c3dc29162e5435e54985097cc35fa446783410cd81fc10ce51f793b14a71c3f23a48 |
C:\Users\Admin\AppData\Local\Temp\wAgk.exe
| MD5 | 8cd1e766b6c22b45354050640aa1d694 |
| SHA1 | 68f10471d47ecd4b3b4a1117eb9680aaf35a6d5f |
| SHA256 | 838efbd1b6102c9920f06f345c6e5afd096df84aef20c5a086e122297098214e |
| SHA512 | 70231bbfd0d4392f76eec7598954b394b73ed39ac1fdc244a6ef50f7e593056997f8b69d37805bde3b8d0f12255efa52290b7c70ed0f5af4aab61908e0acca38 |
C:\Users\Admin\Downloads\LimitAssert.mp3.exe
| MD5 | 695b73c952a50df7b0a99375d8936ae1 |
| SHA1 | 541c5afda17b848c2ca50f47b54265d4701153ca |
| SHA256 | 1187dad28bddb8c18f47c633abe67866773e5413e293b981e220b61b60f97e0c |
| SHA512 | 4af3a16c981cd0b7e434c9c83cf46366997e88a4509b32580a098c633fc2a3e0e8fb692662d366fc89b444cad45206c71883b43fdc343d74ec551a4b14cc2055 |
C:\Users\Admin\AppData\Local\Temp\AsAA.exe
| MD5 | a2976b3535cf6bc63385499673a13710 |
| SHA1 | cd7ce99de0240d431845570114204389ed5d412b |
| SHA256 | 78041cf62047034b05248c474e02df3e0223353052d02f2be1c14968211579d7 |
| SHA512 | 1e52c4176c6d6ab3b070206aa72babde7f9ccacc0dbd74bc022d50dfaebf57d702fd0e4039cab7ab74b17907d0d03f9424756d1259799aa34bf8fb005e627a52 |
C:\Users\Admin\Downloads\TraceMeasure.bmp.exe
| MD5 | 52153e134860853ade08053c4af71e14 |
| SHA1 | fa17e1edb2c888561e73dae2d6956f65f420b9f2 |
| SHA256 | fda7b79f28010b3f6dbfcd726323274d272c25eb859fc8c102157874740e73ba |
| SHA512 | 2487757238195dd00f12e6ff4910b45e4f7c1d67213db8f2cf3cb96ffae17ce04681c97a78fc49206dc5f732b3c9816452c7b0bdfbb138b67f759eecbcbe5d7f |
C:\Users\Admin\AppData\Local\Temp\gMMs.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\Music\BackupEnter.mp3.exe
| MD5 | 1b961ccd5aaedc394d7c5fce0857f585 |
| SHA1 | d3076bdfd79d466b3859fd014337d89ea029626f |
| SHA256 | 6d8a4e84bb4b1c459e2ee50781e12fb466ba8469c07a4fb7e6cf03e2979cf7f5 |
| SHA512 | 1c3ba9277a03d374a0255783f8346959f550a2b24a1183139698d7b447ee96b29a2c97dc9588a41790edd9ad9223a1b7d617f49a8a518e6d3efa459d209f1c73 |
C:\Users\Admin\Music\UnblockEnter.xls.exe
| MD5 | f1fc974c70d5bea4336f71daf1888d5b |
| SHA1 | 484b696142655db4657bd4ff3f0012e12883c527 |
| SHA256 | 03db8d7b7dedc6484c407b6dd9c1b3c813f4315eeb134069bc93976d56f45580 |
| SHA512 | 97e5dfdd7dd29e82468d972c6121d72e2c0ba0480c762ba7a3e54d810a89fb341535d21f071b1703ec875c6a0af32898452895897833c3b931cf7074aa83c9e0 |
C:\Users\Admin\AppData\Local\Temp\UUYK.exe
| MD5 | 215b5fac510a11dc2236654164d5806d |
| SHA1 | 730a13793273ce93a5fe2ff4162ccf01ac322196 |
| SHA256 | ef7da2e4b51ccb5e536a01d346305b81f727ae1ac402d6e6456b4f5294a29608 |
| SHA512 | d9c21d5938023528ca4a32713bb78ac1d9809dc446443424bae28ce3c2bab914fad30005bb3d129c6e7d61d683eba9a0cfd5ea240e3d111a1f7022333afb3848 |
C:\Users\Admin\AppData\Local\Temp\swAu.exe
| MD5 | ee962e4a4befa41ecc8a2da70e17f4de |
| SHA1 | 46b9113a4390bd1f8149cf3beaa32f16f611da92 |
| SHA256 | de35a611fb8bc1127953ed4bf6f7d668be4e4c396f8df31bc8d56c33396677b5 |
| SHA512 | 67059630224fdc1a4b64a7244e852beed688dd3688b553f062e156ac29a7ce8714775ed414b09731c3b5fa6897609050a084a0e1c4eda03b1333ad903c8dc000 |
C:\Users\Admin\AppData\Local\Temp\ygok.exe
| MD5 | 2f5170478c69c4dc2cc7c4c9417b7ee1 |
| SHA1 | 0957ec87031ca438933be220a2a775cbabb111d9 |
| SHA256 | 9ede6503ab406b6c7b8b926c5476db4f558f616f6650e3cbb51c24543e4fb2b8 |
| SHA512 | a5bc230434598a2e2ccee9b5ba95b8bfb004799c5f0bf866562b50c2ebe60193894b18f5c9bb3be127b596b21c84b4efd854c92762f1fe2c87cb9872d60dcfd2 |
C:\Users\Admin\AppData\Local\Temp\CYkC.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\mQok.exe
| MD5 | 22850c131938da00fb8ac95a2d0a8e16 |
| SHA1 | fa050e95b26701ee80abb21fc73c0bc6dcdefa27 |
| SHA256 | cfc2227788d60467c9e7e8df7146eccad0b734c7c2c8c4c085f274a13cf66ef8 |
| SHA512 | 37d8f278d94f7cadc403e6edfb1e1354c7c05dd5633edd910c20c851a1a3db0b7bdf83144c408537efeeda784c3fe850893ec3d09f79d15638c221173d7418c8 |
C:\Users\Admin\AppData\Local\Temp\IMMQ.exe
| MD5 | 840089efec30cd5d828b456047e0f33e |
| SHA1 | e99d917c62dfdb93751a39f726ac1d86f9fe293e |
| SHA256 | 61e21105fa911a032c2a2b1837c2a2a9828edabdec7f5f8fddc9d69e0ce997e3 |
| SHA512 | da004ac0538757ee195e4b1975107737303794cbec0b0225cf851c4f970274f6a685ae74168de10cd0e80dffe29607a969e20b283b451c21f82f9c070dbe8193 |
C:\Users\Admin\AppData\Local\Temp\iogo.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\Pictures\SwitchStop.bmp.exe
| MD5 | 294a00974336ce8afeb72f970934ff14 |
| SHA1 | 21dd45a1907cc3b6613be476024486ec28f79770 |
| SHA256 | 999ba53e4aac774cdd8363bea3a9e1e43ce018b4ae031f782d82d2bd1387596c |
| SHA512 | f6d8466d28cebcb4d6b841908320dca6fbde5aa58df7658a19e36f50c515f4e7f9bc1e6bc0ae3a55964efe4272e8acbec41af0b3ec6f2d6d5fd40e0e493cd2be |
C:\Users\Admin\AppData\Local\Temp\EogI.exe
| MD5 | 1a1f783c7c282d387429c5194d863cb7 |
| SHA1 | 2afe05c9d828ef1bfed4c0e0d7564ff50c9d829c |
| SHA256 | 0cf6b78fcd9387b0f8e88e3949d644530b014f0e5267cd2247f1a4dc4b629c06 |
| SHA512 | c7d8bae4ab9b33431ac59152cd452634640f523a62c118856972efd937e60691851930de17027707047710beff2364f7f0756b57d7cacad3bf5db69516bfa467 |
C:\Users\Admin\Pictures\UsePop.bmp.exe
| MD5 | afba99e6dd22f89ed3dea1f45f325ea1 |
| SHA1 | d4267788eae7606c7e66168ce66bcf39a55d8405 |
| SHA256 | 63f5bf4c9540189d72eb67aa132149b4cab2e7efd29be4349148d041bbacc29a |
| SHA512 | 8c7f1f48f0ea7a407868e033469565938d47f40afd557dac7732099677a45c46c13025f4e71c141d80c73c3677a2dcc74cc1408de2652dd21eb3ad5356097db9 |
C:\Users\Admin\AppData\Local\Temp\wYAu.exe
| MD5 | 47447c1ed800c271c8abb73c80b85a72 |
| SHA1 | 80fb94100339dfd635c59dd196ea383ad1dcae99 |
| SHA256 | d52c7a83bd7bcfb77c7402d7da987ac9bdd68b03e99f8425a8897aac23cb6d92 |
| SHA512 | a3943036ba966b23b9315403ea9000ddf83a7ea0a95736b12c94277cb938186333a76ea95e617471fba48ac8cb464d33bb1921a982ff3a5f26ef6d07f3cee21c |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 30d92754b64de5c6c4d425b2bb157279 |
| SHA1 | 4bf5b2a8ae00f8e13f1992c0bc9d74211159d56f |
| SHA256 | ee23b180d205e33c5272c70a2064dcfb906e9c800681d21f8feacfa56f8e5ee4 |
| SHA512 | a45f0796dfa7e6c58a4dfdee1f131f03acaaf6f804c18cef9bf9ebdacff51a677f25e61f495a986d8704795278e78e7c1316c57184e13cb3bec6b31e65634324 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 78b4b6d5e3b01180ea0feb4149ad593a |
| SHA1 | f980e43a45f871c7288d20278bd3b27ea13e3c01 |
| SHA256 | cf9f38fc461f2a7b96dc878d6f0537ba37b0f8140df59c20b78c10ddf2654a80 |
| SHA512 | cbf051682f733cc5748cb2c60e338e6412d906626e6ff270b4dbdfe4fe96b7db97a46ead9cad29093cb789d69788e3d39533c63f02fd0de48b55b67c04352194 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 7bff1f4c6a0ac73ea3170e86ec6214d4 |
| SHA1 | 46dff89ff3bf0fd453ad36977e7f0f4b95e06ca7 |
| SHA256 | b318ca3ebada3572d5e855f7af92e27dcdcae2b0c4d7c453626bccd1ea072400 |
| SHA512 | cbbb23b1384b83c9730e1d146c487d3f28fe33234a31567d35e880cc68a1bf42cfd88a96c136a3848ccc0be4c9978f6520ff2766fd4b5bac0f7b7154e46e0c55 |
C:\Users\Admin\AppData\Local\Temp\AssE.exe
| MD5 | 0b0552107c4ad9eaf1a3d115b9326a75 |
| SHA1 | e95c34360dab2a4a5be9d63b7abba1570f65acb5 |
| SHA256 | 6305102ef822131d362ff1de424e3553f4229035c723ee22ace036b1c8cb01a4 |
| SHA512 | 21cc895b345a789aec535618eb592050d1af7872f9e1eb0f7f98708f5525ae4ac446393944e4422de50602b2484e1acab1c72ab3d25be55f89188a3cd1ade927 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 1a89dfcde42a18fd975a654f4d0dacb3 |
| SHA1 | 87dc5d8c041629c53a93d6a984fcedfaf1bc2fae |
| SHA256 | 6a83f4c77c528082e3bf399538bde8f8467dbe60a1f1a4041c410ddb4eacd01b |
| SHA512 | 55943a49bf82b78556b65616204ab09a8a870f628bdd24dc65993f96150c206a9ce0f1d76eac8f43b72ecec9a586be277c0a0cea9c2821662d5708e8da9b96c9 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 461a4a4d097ca378ea0cf23b8bf8f196 |
| SHA1 | f1fb7e60bb0d55cb206f50190b26439b168a03e2 |
| SHA256 | 518e77d62b9452b95046fcfc1fb0841994686f3ab8c728d9156ab773bac82b6e |
| SHA512 | ba96615d706a5ce6cc5f094dd630313c66d4899f62219fada4af20a3a08bbca0d0d218f869f598b52860f05319b95a291a3a605b54fc1e57dc18c8c6f7af7558 |