Analysis Overview
SHA256
ee88a2e13047ff2d4546c4f160be8784b5c8cf8d86c2e026b3adf102a8515f3a
Threat Level: Known bad
The file 2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (78) files with added filename extension
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-26 04:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 04:27
Reported
2024-10-26 04:30
Platform
win7-20240903-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\WOsEgwog\tSooIYUQ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\WOsEgwog\tSooIYUQ.exe | N/A |
| N/A | N/A | C:\ProgramData\kGYoYwAI\sckQMYAE.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\tSooIYUQ.exe = "C:\\Users\\Admin\\WOsEgwog\\tSooIYUQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sckQMYAE.exe = "C:\\ProgramData\\kGYoYwAI\\sckQMYAE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\tSooIYUQ.exe = "C:\\Users\\Admin\\WOsEgwog\\tSooIYUQ.exe" | C:\Users\Admin\WOsEgwog\tSooIYUQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sckQMYAE.exe = "C:\\ProgramData\\kGYoYwAI\\sckQMYAE.exe" | C:\ProgramData\kGYoYwAI\sckQMYAE.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\WOsEgwog\tSooIYUQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe"
C:\Users\Admin\WOsEgwog\tSooIYUQ.exe
"C:\Users\Admin\WOsEgwog\tSooIYUQ.exe"
C:\ProgramData\kGYoYwAI\sckQMYAE.exe
"C:\ProgramData\kGYoYwAI\sckQMYAE.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oIMsEIMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GmMkMIUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qOAcYkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VwMUkoAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bcgYAIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zAowIoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fsoIYcgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\syMoYQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCIgAEYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iCQYMogk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KsUQooIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuUoogUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ReEsMEQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ViskAwcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYMYwsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\biwsQowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCgYggEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gmQcQkYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uwIwsAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cMssgEUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pSwsoIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FSIUgsEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-912021698-101120731-400844059-10249895371938923566-1290468888-2009597066-1727165539"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PMQgUUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWsoQAYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "165747323883438965-1745742564-1114079120-1570434623-1759277375592595340-114785418"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEMAYcso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4946003111178081459-207598328913513933001056907751-84034297166480486-97257721"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KUUIYUEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iCAYoQQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-822587085-863808802284765191-288808023-138438869-201960145112374771431347069955"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kWUUYQIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SuwoooMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1961677141-17519066526861168251260654656-1788580898382013708-1965291907695083787"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tgkUAcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOUwcYsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pIUIMsos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAMYwcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wSUYwAMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9674024971669416855-1128906377-14945932-8596104231657525251-1845605465-1942741545"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-729827085662475462-2587865709955948356407804971148550316-709109949-31102628"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWQsoQoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20436378661785921005-1961284611-1281605380-1458371789-1657921797-5924678022036847196"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AcoYIQgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-259247267-2093432640-756040551841763047999429603361111350-18792854401724080326"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-721534022-490859214290859282-10233437352044613260-640024317-582221446-2029552150"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kYUgcQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xusgwYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-870491925-858569800425434015-137667458793528221-1781320714-1205938371-569627882"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tysAYgkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4501479191463150387-8798947761524456327919457481855437100713995731475891970"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TIgkgIQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FiwoQQII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-829389064-1815690160-110630351017890117671026546804-152784895220812780951219582823"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGgcIwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1553957588-2062515555-1933731909567033621097189052-172871231321082629241140455768"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-289850760154417474016540626299575643616828647122070678719499448892-591037976"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SKQMsMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1348227592403257455-1446956770-454518565715311231-17116943501510184930-874982806"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KEgAgUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-348537896-1958292513-1613798587-20567707811116854593-1653354617-8064518621583552060"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iKIYsEEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bcMsAosg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jsMcAkkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\locUsMkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2649382978519918752059394542-1629716330-25897188514194884211194144610-518954603"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14698786201665916278-13870064531718605839-1907329337-801920268-1335067459-475980754"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iWMEEQEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1769014925364985277-737714993-227218167-806184840-1405855995-803599510-1086151899"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wGMYYAAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ScoYgwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "732926932-1963697797708842202-155258687168679249120486479291317763351072065963"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7875947365940937820739541531977718849-5425358802072710788-36835251985032034"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dGEQEYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XUEsQgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XuAMkUAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9209054038995487201763290246161834967913474594083592852681646856587-78267869"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zsIYIkEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "250838665-722008718-1448514941139713308014215635721868376869-6739116251174020142"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1565189393810636836468998182-5276109171189548333856882505-246341386996955635"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uOgUokwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "108314413110563518321728240336-70557725819278382871284155198-863396110-967253788"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1753714764335041096867734652455485676-676244754-121388909012371912831721490407"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UUQkoYcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSsgMUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NMUwAgcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JSQscYcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1595777223143473358420300804-10334875831343467371589756149830288942-556760352"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9473811491278887892-912526124-14708049362134578308-1329340124-1626475675656611183"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1270760871552253522199118663-7280971701973437935-859280205-2144937194-87418928"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hsMcIYUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1057063943-2010403721-1192143112531656351911115725-1408163916-934672438-554935520"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GuIcUYUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SKgEIccA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAQwQEgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-133220465-15026774121250308326-1068676533-636865232-20793621607193044842037936746"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fewoQwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1320-0-0x0000000000400000-0x000000000041F000-memory.dmp
\Users\Admin\WOsEgwog\tSooIYUQ.exe
| MD5 | f93a4739a84ad1fc7f153f0e461982f9 |
| SHA1 | 0af86a3d201e640cc4469396c888323e2eae772d |
| SHA256 | ef7efd3dcdf756397becd6c9f333865f9b4246e45f9f0a5e833aac9f2f71d629 |
| SHA512 | 019892a6fdcfda6b9a0ec7f7f37f03655ad058c6e4de0515b2e9e0db115f8982ffc1a4fa51c4b19dfd2edbe047a1cfc67e0b2afe8d5ac7cf7198db9acfec1d25 |
memory/1320-5-0x0000000000390000-0x00000000003AD000-memory.dmp
\ProgramData\kGYoYwAI\sckQMYAE.exe
| MD5 | 705635c4b1ebe32583e587bf395f0d47 |
| SHA1 | 3b4536f54e9815276097bef441830532cc4c4ba3 |
| SHA256 | 5a01dd482d3dae2e5c310f7b0dd772572104d4cfbd364baa64fffb9ba92f4cf4 |
| SHA512 | 5c68db1a4ea971cf983ec21b1d9389b701c13c7b5c1fe9e61c0d503da0a28a231066ae16fca27db02b26d2667b1383b81d704c86eef66843bb2a6cf14edf43ac |
memory/1320-19-0x0000000000390000-0x00000000003AD000-memory.dmp
memory/1848-28-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EEAsYwoU.bat
| MD5 | 2a45035c25f49c7a2c2333e248ee8628 |
| SHA1 | a8e8d4558e43a2397f9246208733f524e467e061 |
| SHA256 | fdb0abff60e55187db83009b98f03b6e13c6556ee1246700d1d900dfd15bab72 |
| SHA512 | 1bfa4e90a6a627d8d6606a7d35b821e13fd4fe20a3f9b7b39d22edc92e7dbfd4a2e56e9b2bb504a86cce99dd99f468c3ee213f791d80beb00632aa4304c73209 |
memory/2132-31-0x0000000000270000-0x000000000028F000-memory.dmp
memory/812-33-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2132-32-0x0000000000270000-0x000000000028F000-memory.dmp
memory/1320-41-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oIMsEIMQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\kMQUQgMI.bat
| MD5 | ced29d13a4ab0bbcdad3c908e61abcb9 |
| SHA1 | 7522349e800cd36fc77bbd03541aaceabc1f078e |
| SHA256 | e839d5c9247fddaf871984054e965cdd09da35ca034bb8bf7aeda062e5721a80 |
| SHA512 | 123f714944af82230d1a266bc89b3ac9d1eb97537da10243efdfbe427f1c39033080a5eeb1d86c2b1683d4230f4af3b543379dd843f42cef382706031228f8b6 |
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
| MD5 | 913064adaaa4c4fa2a9d011b66b33183 |
| SHA1 | 99ea751ac2597a080706c690612aeeee43161fc1 |
| SHA256 | afb4ce8882ef7ae80976eba7d87f6e07fcddc8e9e84747e8d747d1e996dea8eb |
| SHA512 | 162bf69b1ad5122c6154c111816e4b87a8222e6994a72743ed5382d571d293e1467a2ed2fc6cc27789b644943cf617a56da530b6a6142680c5b2497579a632b5 |
memory/2716-56-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2612-55-0x0000000000120000-0x000000000013F000-memory.dmp
memory/2612-54-0x0000000000120000-0x000000000013F000-memory.dmp
memory/812-65-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SaQQwMcs.bat
| MD5 | 8cc8776ba35cb81aa76623b72357e7d3 |
| SHA1 | 4d9f44a354a2bcfde4e6e7efc23be6fda9354871 |
| SHA256 | 27aa52db48a9ddaf557f1816d8b14885e89bbc655cd19a98adb2e225d3a67ca0 |
| SHA512 | d6c3295a4c97e29af30f891d07e063eec922c177b99bc0a769e7e31be27ba373595ab1377f4b65e2ad78f327b71c2d0cb05b82c9209083c62126816e36881e9b |
memory/2908-79-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2784-78-0x0000000000170000-0x000000000018F000-memory.dmp
memory/2716-88-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jaIUgksA.bat
| MD5 | 19c7c07bf10a76c08b80bcf337a56b80 |
| SHA1 | 2559e2f3ba4e1b0b3c125912c1cc928d0ecd42e9 |
| SHA256 | 70d619e417c63c28e7eff89f7477f927567dfd11f0a6a64b8dd0320bff637927 |
| SHA512 | 1a3b005a495904543191c764d98d6a8f31ca81d0b8048a32bfc54765bff0b2fbe1188aea43716b7f1fdfce37b268cd6f80a3316a07210828ebd20f52ada51208 |
memory/1816-103-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1912-102-0x0000000000140000-0x000000000015F000-memory.dmp
memory/1912-101-0x0000000000140000-0x000000000015F000-memory.dmp
memory/2908-112-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zeIEEEoI.bat
| MD5 | dbe8f305cd05dbae5de53058c3f59781 |
| SHA1 | b4e3ddb6593a6ef54e6f95711824566d60d090af |
| SHA256 | 1f3480c3f831151870a4963e6636047f07bb740dc236059b105b42a33b2ed59e |
| SHA512 | 8991df1e600590e474d36b16e08d8340bd44fe2a33f57d37b60beac61843dbf1395f0f149be5f76f6e077ac56630b600f2571fcfe47f933a8a1354a7fb7df0cd |
memory/888-126-0x0000000000400000-0x000000000041F000-memory.dmp
memory/888-125-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1380-127-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1816-136-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HOYwUwIs.bat
| MD5 | 7c0d78be0860065c5b7b99fd36af6714 |
| SHA1 | f98be6df3ee8d8bad14cc0faa10a71d62292a6db |
| SHA256 | 0393a3fcf770a5dd1b58da44e3196ba22a55c200688db996c6c11bc594cdb30a |
| SHA512 | bd7b8435b88cf832999af6162f5177c8a355bbd712dc3e0168f7caf8443eebdd34081a68a52254ef25d87236de9016c8dc49823a4c2dd4647de523a5cbf8f6a1 |
memory/2324-149-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/544-150-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1380-159-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XWAIwokw.bat
| MD5 | d1a3c54b5bc4d0a96f9bdbb0d343577f |
| SHA1 | 1fa6f7fab56c4645b8287fa12791ce3a6ae624f1 |
| SHA256 | c4cb38685aabdf26f96eba144a61ffb7ff09abace4c4995780bc46b8f2e8621d |
| SHA512 | bbbefb1cfd9dd900c42db8c1801350e43167e9855db06c667ea57ae7d9d0254f9b364aaaf7831572927aa7af4c2c61e2952be030403a0f78b25a23108174d623 |
memory/2696-173-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/2696-172-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/2804-174-0x0000000000400000-0x000000000041F000-memory.dmp
memory/544-183-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GWIwQMwM.bat
| MD5 | eb7962467f7e5da30810be4a0021cc4d |
| SHA1 | 699bff77074f47aa8a5dd55941799bdcc4a43eb0 |
| SHA256 | 0b929865dc98903a6922b328fb5d0baf1946c20dc2e1ee47a8cc04dd102d064e |
| SHA512 | 15fda2deac01c87a2faeab5906b60a8548ce3b942c01f16e0d5eb4d54e7abb7da408761d942ec1bec9eb5d26c633eee619a2665e975ca822724d9b2d43805fb8 |
memory/2104-196-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2104-197-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1492-198-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2804-207-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aQsEkEQY.bat
| MD5 | b2aaba395255a7fee54cad3c1a5c02bf |
| SHA1 | db62eb59bf9da36d26f06d981e8f7eb094cc1960 |
| SHA256 | 366465dee9ab59295f131385c0d99d6820f762b318f432103fc5e244d3e4c12b |
| SHA512 | bd706be9c2e44f0a0ceb1ed3043e86cf53429b2cbf162329c94879bc02fcfe5e5a540edd75b12bfc52fb99301e065f671ee330574e68720054e0a56032f194f0 |
memory/1492-231-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2040-223-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2008-222-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2008-221-0x0000000000160000-0x000000000017F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iYswAkgg.bat
| MD5 | bb6807fe14ffb4c8831fa4f8b0e5f68d |
| SHA1 | 2f7016559be3e1737c71d0e761843b602f3f87bd |
| SHA256 | db6d6b38617167769c094896e2557e36b3aa4282a44c44184264e45998d33789 |
| SHA512 | 371ef685297c9efc96a29e6800f791132e973324e96ceaa82c367b3e7f3ddf22d7a0251c16ce4cf01eba92e3546e4008b95ba469d260868d758d10d64761986f |
memory/956-245-0x0000000000400000-0x000000000041F000-memory.dmp
memory/956-244-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2040-254-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMsUAAso.bat
| MD5 | 7af796bddc941230797871a066c1b3e7 |
| SHA1 | 2e8bbfff76b6dc3e76a0c22d442af786e9922f69 |
| SHA256 | f040622c797ed48920df73e191ee352dbcc94d8f3ee2f535e5cd499dd640430b |
| SHA512 | 6cdb618b4a82cddb55eb97c6f3e91b2b8809b110babf734bfed1b382081a14905037065cdac952210b15a064116b34c943aebe6b8dbb53193428bb44bb7b64eb |
memory/3040-269-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2308-268-0x0000000000280000-0x000000000029F000-memory.dmp
memory/2308-267-0x0000000000280000-0x000000000029F000-memory.dmp
memory/2948-278-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KqwogkIA.bat
| MD5 | 40bf8701c98048976f4574d9dc70c56c |
| SHA1 | acdf164a039cd73b1774e59013828022cc72e04e |
| SHA256 | 9a5f85d05b2cfa30cdc7fba88c807c09e51713c519af15a9be143bcad8575ceb |
| SHA512 | c10d9b8077d1c799b992061cbd910899ad1f9d32132a5db78b5e932f49e4fdccc1ef1d326d72acf56fbbd325bef12bd42bb9999a3e09014377978832b5e69ab5 |
memory/2832-291-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3040-300-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ngksgoEg.bat
| MD5 | 5844f26ac83094f25cf9114fe6592977 |
| SHA1 | 89b56a5801104f1fc6bc995bf4c5782c04596024 |
| SHA256 | 69d2df4e079c45b56a59770785e403cb88ba97b6b812b771fe9ec4ff7e5a89b9 |
| SHA512 | a816299884623cd7c20048c260238c42453582bf2a00fb315a0153207d59cd5bad6aa265ab3c4267d448f6229a34016ac61ec60c4bd68dd3fcd5782ede398070 |
memory/1764-313-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2432-314-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2832-323-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vwYgsYUo.bat
| MD5 | 7e279da0d17aac6f2c67e0940bc3f1c0 |
| SHA1 | 113bb00f410e557cc1b65967ff17f6da71766303 |
| SHA256 | 5ac038da928724cdcfdf318a140ee07b47b54cc510aac34f00bc13890692a79b |
| SHA512 | ab1bd8703c6f1b81a55129aa0de13ac41704e9b497e45d7b79ee8943581be9255f062cdd9f67a9826fce95bffbffd0cde4f3578d22519ace5ad8f98b02042b07 |
memory/2756-337-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2124-336-0x0000000000170000-0x000000000018F000-memory.dmp
memory/2432-346-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DqcUUkcE.bat
| MD5 | 1aef1e54dc869a470dd78dc92f156d3c |
| SHA1 | 667726e3d3621286c26c3b1dc178a8106687b488 |
| SHA256 | 4d0a2f2e3e55c05c3a5fe9bf7a2983f312ca12ed0a4bd7a804e93b7a8bbf0f73 |
| SHA512 | 59cb27f746aabb6a67fc756e3a77ce7f2592352b4c0e89c1f864500d9932aa53cb63ce2627e404be1de976632518fc33b5e986f7be83f030a7c44b22055dc546 |
memory/964-361-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1832-360-0x0000000000260000-0x000000000027F000-memory.dmp
memory/1832-359-0x0000000000260000-0x000000000027F000-memory.dmp
memory/2756-370-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zowIcskA.bat
| MD5 | 4c3211290b796fc8381a06d6ee08101a |
| SHA1 | e4954e9ca85ac074a284a1d7203830cc334f7b49 |
| SHA256 | f6dd160bd34186d81ba49be0e5ed29e0c26ad2d76d97c845cb7c20ce3ce956c6 |
| SHA512 | a85b10969bbe5bbb4b89e222c410b57ab8bf6f24d8ba890eee6ce5e66460c08a207099152da1e98c3d8726c932dad6757f413b87cc93a4a16ea4371683e4c36f |
memory/1968-384-0x0000000000400000-0x000000000041F000-memory.dmp
memory/808-383-0x00000000001A0000-0x00000000001BF000-memory.dmp
memory/964-393-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MsgscIcw.bat
| MD5 | a0390e0947e428a5a990167d5cc01fde |
| SHA1 | 1d83ce4eb5667f79b45748d5994662763ac0ff2e |
| SHA256 | f374dea5e1c92c60559f20d43a8f00e39d8cffe6eb8a87869e9928085bab47d7 |
| SHA512 | 1671a8ffca85c92f829173aaa5dffaab6a4bfb3271feec79a554a72cb5d6bab455230b43848f73d62da401ca9ef3e34b3c2bb7d49d147cf2cb09d307eef7dd7d |
memory/1812-407-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2140-406-0x0000000000160000-0x000000000017F000-memory.dmp
memory/1968-416-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oSssoAgM.bat
| MD5 | 0d910675edd809e040b69ba4275d9844 |
| SHA1 | cad08ea8abff249d5e39346bb5862da731c2c4c3 |
| SHA256 | 0bc7c31ca2dc9e63582f3dcc83bfc479263173c80deece4ea34dc868d6f8d327 |
| SHA512 | d59decb81a61b357639affa9ca749042202739ed142617404b7a3f4363c5ee9950c2723cf83a33917f16d019950472ec26dc2441282ffe309126aa0b4f07c974 |
memory/2836-431-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2384-430-0x0000000000130000-0x000000000014F000-memory.dmp
memory/2384-429-0x0000000000130000-0x000000000014F000-memory.dmp
memory/1812-440-0x0000000000400000-0x000000000041F000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
C:\Users\Admin\AppData\Local\Temp\WIUYsgcw.bat
| MD5 | 3bdefe68ff2a5db5d10d18e195887b8c |
| SHA1 | 5e223aa3e8a9287418cb635c91b7e1d943218860 |
| SHA256 | 063219ccdfaf7d8ecd51693a75cafc9d07b2be29fc552150ab1ab941eadc85ad |
| SHA512 | 8256a381995959a78b3bdfeb2a9d9e48b48d3446b5f3b6671fc7b1209fb703ce636adb2a0e7d5599f055c52f54a6e83614a6d43b8720b7607354cd31a60d4b3d |
memory/2708-456-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1064-455-0x0000000000170000-0x000000000018F000-memory.dmp
memory/1064-454-0x0000000000170000-0x000000000018F000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
memory/2836-480-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mAQw.exe
| MD5 | 6610eafd4c08167842a2416153fbdd9f |
| SHA1 | 9c0f31b52ff32deb300d1f83ed87c0b2f5164d16 |
| SHA256 | d830972cec6c01b040479b0a80e9d66516c613070f84089977b8bdd9e3e55916 |
| SHA512 | c4e56eb60e5bf159e1848bf9bf26002f95973956ab34736ba1946d1f4b25226040c5af47ff66d344104c2d734373f84cb3190180ab7f6ffd23b88b2acb5aab03 |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
C:\Users\Admin\AppData\Local\Temp\KUwwMAYs.bat
| MD5 | 2e59e4f799b0c9f59f26bf2dabe2060f |
| SHA1 | e20a1dbe0525b822c3b1ede62c5db3d630688caf |
| SHA256 | c5613e82abbd314b600134e58b7038dc0982a1285009c392516c404d5f399231 |
| SHA512 | 98da2b682d899c751544d14d331f80b386f8b87152bf3820a41c478262e234d1edd83cf057b8c6feed1b6ce1bcb62f8663c2dee7c32589cf215c920f10fd916e |
memory/1036-492-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2908-491-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/2708-501-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WggO.exe
| MD5 | a39a76d21e37a1079bf1933921b30ff5 |
| SHA1 | 8d76f761deb258ad8f44449cca3c00091ddc7f9f |
| SHA256 | a5c7e955d8038f1a87bc074f1d21e86e001e8ecebb4be1d2db76d06b57646a65 |
| SHA512 | 521b6c09481c95e147aad523e8f63234361ca21216d60da8438db17222ccfd311e0026fe66de9278cc120416e2f34bcc6c61b39068354da7fc34af3d3a5f575c |
C:\Users\Admin\AppData\Local\Temp\mUQi.exe
| MD5 | f781e70da8dac0af887acd66dcff2fac |
| SHA1 | fedb965bf6d182e8b0652fd75b5b708730646d49 |
| SHA256 | 0937c8fcff30eb11cdcff206c5fba8c7e3a4f51f241da95768c102eb1ae3b125 |
| SHA512 | 7d8e502ac3f1f90a04d55e7ccdb22ef77bf5f26f44a1ec4e865e0f04a13faf506691dcbd2e31bb2208fdabd543c076de68edf9cccbb5dbe89ff1a01762aa1235 |
C:\Users\Admin\AppData\Local\Temp\CWwYIEww.bat
| MD5 | c8b1f1df88cdbc9494c2bd8ed35e743e |
| SHA1 | c5010dcfa13831e97e15c54f32a05c0cfcfd9e2e |
| SHA256 | ded5ad1f1bcf4b0edd0d7409be7d97c1cfaff4df726905b036c2db0dc59b53bb |
| SHA512 | a732854218f0e41614fdbe7daa88d500b97e42d96a07bca17cd6f41b42cd0da5360839ae18583439e8a211a30814f79f8e7bacb33338327fc97d4e95ee75e547 |
C:\Users\Admin\AppData\Local\Temp\uEMi.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\CQoe.exe
| MD5 | 32994f2eb7a8f1a4ad522cc18e0aa2e3 |
| SHA1 | ff0273baf60424358e3ebbb7adac8bce51396b2d |
| SHA256 | 8131c0bc2a317f7561f87e64d952601bf0338d939e92fbceb9fb29112be1d002 |
| SHA512 | 0b15d8f8fa9c26fb31629ec1d9af8634627e3cb1ba14002355b8c21bc9466a3462ab6e009b818ebb54a851fdaf04782ac8d8f47ae7f235514f285af1dc7bf180 |
memory/2924-550-0x0000000000120000-0x000000000013F000-memory.dmp
memory/1672-551-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1036-560-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yIww.exe
| MD5 | 98b129587fcbbdf7c264255fb30b83d2 |
| SHA1 | ce3eab7a85ddb8983b0b18d04d46a5c370f5843a |
| SHA256 | 5d3f1626fd0a74df74191b20d2ee7e9c45c0c63d658df03778420ca6835dd1d6 |
| SHA512 | 94cad6cd63b6d6b85e6cf5841c4177eb8422eabab05e3dd637906fd61ca2e16b6aa426a5226338f3384e8735e7196fcc09f546d5adb1dff0c5fc5694df63f842 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 7f187881635ec9e75904bc58dce2bc43 |
| SHA1 | 6a56a841247f9208b315656b7f8b06bb62c0c765 |
| SHA256 | cbf80f0f114464420763e6b67c9b49127553d65315d9659daab7d4e3269af070 |
| SHA512 | 06a54eafe6f9cd1cd1b73281dfd20c32810bb63bc25e729cf4895565fbccc3cbd9aea9a72e35604230ce2b9ac7d7150ba11fb8a107f60cab3e82cf8ac43daa1d |
C:\Users\Admin\AppData\Local\Temp\JKswYIgU.bat
| MD5 | b0c8e3b807a19c65f758459b1e7b808a |
| SHA1 | 2756a31eb9068b81a2f1e2d9f4840ba19fe7c849 |
| SHA256 | bafd6d264163950f0dc6376706e1dbb9c98b65ddeddd69976ed89af5a304b6f0 |
| SHA512 | 8180b20a07036f7d764eac01b420da6d0efe6f6b9002aeff9f0aacf4cd6d0baf39a504d923d9684023f955bd9c8932ed663d33de78baf945008a5a400e557d6e |
C:\Users\Admin\AppData\Local\Temp\CUEy.exe
| MD5 | bcd116fe50b675f9bf350402d26a27a1 |
| SHA1 | e9eded3742f0243e8e254e82ea2c6c00f6e41263 |
| SHA256 | 8913b42617076a07095e1e60d486d387b629f85057d48ef2d31a378f1ff5d248 |
| SHA512 | 6fc7ae4bbbb46aa809dc50cfe3888620a15edbcc45ba4b9ca00292c1b75f49ca63d7f85b4aaf92bcfb4b7f3382cd6f85abc65a88c296a4905d94e1a6f7899f60 |
memory/2668-618-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ecce.exe
| MD5 | 831296ff2dbec3793b9608e83d8e266a |
| SHA1 | 1ba3fa102b7a09e78c417fe7dd285bf5a1eba555 |
| SHA256 | 177595428d03592663c089e2aacd406970991815be455794fba16a31d8c60c9f |
| SHA512 | 4d768fa2c219c0285a2f961852559d68cf9a0ddf6c340baf11d8ba8ee2a2f7b48da011684dd65598b2c5864c5aa1295f0cea76f2ab3012fa9c8df9f66c128a56 |
memory/1672-644-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GMAC.exe
| MD5 | 234dbd94e112cab93507d32267bb462c |
| SHA1 | e0afc67a4835712adc188c626e0677cdf91ebbb2 |
| SHA256 | ba9744c88a598f7fe24fb0816bca59ae376033263d40ca005f026264f20de50e |
| SHA512 | ca37a7d1be075f236d9aa4a53d26cd6ef7745f2adececf4b7a3728fe1a23bea95e0ed1bddef2dd87a367c85c927945de3b36954be1755e19da39599eb8080b5c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | cd8c2cde12c7ce273754d5fec7f27b02 |
| SHA1 | d3d1adc254798da081352b5293f232e1cbad767a |
| SHA256 | c75f07a641166aa1666832c5cce410c87693977cd7ce3e65099428f5104c24b4 |
| SHA512 | f388d70b65c0b34a2455d2d26e9497d6fa5fe39447981c5103e23d90e3a5cf2a33c1858d84fdafe3c0cecf9a9fb1d78ffc3cb5a990b8143917118778b6e3139b |
C:\Users\Admin\AppData\Local\Temp\IwAu.exe
| MD5 | 6f04491aa26995555d0b82222ed7ee6b |
| SHA1 | 0d8427d42784dfceebf14cd46ea913b50d2dd40e |
| SHA256 | 6e8c0f16989e31abceb87bcf01dedc894a59de86115a3602d552b2b9a1640225 |
| SHA512 | 7abcbb914553eaa1d96b458075bfb96de98c4d0dc1961febad7d7c2023134c547b94979f899c5514a23ff7dcbfe663f9f51d54db3e832d1999c30f94c0890c8c |
C:\Users\Admin\AppData\Local\Temp\zKkwUcQg.bat
| MD5 | f43d7ae073dbf0698bf65b439829e794 |
| SHA1 | 8479244a117091015de8b0c096bf8a27d1708f1e |
| SHA256 | eb3e117ba8aee1178c4ae77db6552d24b99299c1fcde6c196092476315f1c2d4 |
| SHA512 | eff81ea48822caa2698ce295e368a1ae1194602e41f2c6e945288c1c9b182e6e230a56b289100c44610cb16068a1f600074998562eafe6c1360a7c0af4f4c3fc |
memory/2888-695-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2532-694-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2532-693-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EIEQ.exe
| MD5 | 8c76990d74ee1125904dc9d226e759a5 |
| SHA1 | 0ab36cfe463f91b2b843316cd60005746558484e |
| SHA256 | 69f0ba6d7f68703ba3df8ac44f0fa832ea9484b9d571b6eefc6271c166a2ea1e |
| SHA512 | 5c11d756c137f1ab98ed0fc236ddf56b1203c8bd9d9c495bcb2008c8f03a441405009c066721011eda066c95f5ef761a737fab49f8973e14641daec565f61899 |
C:\Users\Admin\AppData\Local\Temp\MsUO.exe
| MD5 | a4d7b7c3c273ef7e25a4e5fd093b5615 |
| SHA1 | 24fce0f8245ff7d5a024b2a115f245973264e2b2 |
| SHA256 | efc0e0c899b37580ff5ee146019c85e6eef2deac2613f88e24adc10258b2f084 |
| SHA512 | cfbf4c0520915506eaa20e3c7771513cd7ea70e221f3fe261883b2b19cf8844a42feeb9055078116e49993dda59ab004cf97bb85554941a2f4a8ccd84d06c35c |
memory/2668-717-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KgEA.exe
| MD5 | 5880fc6cba0aa8176260ae54637babfb |
| SHA1 | 5a2397169756b8edcd6838f4f2e6a2531df4028e |
| SHA256 | f66371a562511c0228cbf977d6c0cff13f6e4eb200cd647ea4e027ed5af4ce5b |
| SHA512 | 331695aac926b94cea063c591ed69e96ad6f9357038ae7ceedbde5088743b232fb10e6cb810ab41404f450df1a58802bf8caf1c7c542021663b772d0e18a862b |
C:\Users\Admin\AppData\Local\Temp\SoMk.exe
| MD5 | 11dea9d18f53ec21e82dd893bb688f10 |
| SHA1 | 4d652b0cd03d77f46930f62b18ff8bfb94b8e796 |
| SHA256 | 0b701d160b35dcb5c4efda1c02d56d2944eae4e89549f0367279f169c78d3908 |
| SHA512 | 023b62dcb6787eea035a76bec99afe6dbe73605b2dec320bac433bd0a09b57b8af3cbae340e16495b34d8869e915d2efeb4fea7a4db1c552ea96ca46362d5caa |
C:\Users\Admin\AppData\Local\Temp\wwEU.exe
| MD5 | b28cb1d6546bb49d3699199562df6556 |
| SHA1 | 5c81a37e5581c892ca8dc4275794ea3df451cb10 |
| SHA256 | f6d1cfdd6e0799b58700a19e9dd9c546389da369c742424fd0da8359dd2a48d7 |
| SHA512 | 262e29c1ed5b2579fc24acb6c209c32169146046665d082512ce3a9d9a3ddf0fb51a07d8879fa887fdafb126a30fe7c02ebfdf204504eb437b2b0cd22c3b82ad |
C:\Users\Admin\AppData\Local\Temp\nwAIIcwg.bat
| MD5 | a0eabad81709189b6051be3baa90e321 |
| SHA1 | d47f655cc549503a404218258266a11c36154a31 |
| SHA256 | 6c64d0f5b5aca3e1f456fcc6f78bef470704313dde39a2cbf0894b366f5e701d |
| SHA512 | dc2c31a633a056dc34fc79c2c9f1c4bf864476f985a00e545d290571c766abd9d289ba695a61a4c6123a8b02767dfa6afca5de89497006e9232a6475fe64a180 |
C:\Users\Admin\AppData\Local\Temp\GAce.exe
| MD5 | 41856e47cf2880979451b627e5942830 |
| SHA1 | c0eb2a0e6faa0d21c1bf833a0cfef9aed2741c21 |
| SHA256 | 4efa0621ae9dd7f5290bfda87f587597631e78b11c04176bf8b3bb88b8a7c6b8 |
| SHA512 | 19fd14f316c3d3d5d1fe89f86a809d5239a3ce9300f6cd98059a731f10ab9cece6e9316b83dad03b8ee923a5b2df7b0b4f51e4642b48774d56bc9323899f430d |
memory/2168-792-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2168-791-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2888-814-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aMoQ.exe
| MD5 | a15440256de0b1d2561207d1fecb23b7 |
| SHA1 | ed350d87db2e6391f6e55a3761c898890ad08d7e |
| SHA256 | 286c70b0b3b27becc5f3b285deffc0224b59da5ce006c748c6ddde017612212e |
| SHA512 | 51052ddbca956917d9a860897c9234dae604da3487715515fd29ebcff5b4ab44da79034e1382ecab1e5dc6c69c859e77e0885b198d3ad07511d10fd2af818516 |
C:\Users\Admin\AppData\Local\Temp\AYgy.exe
| MD5 | ca3a8ce663fded2b08005962ec24623e |
| SHA1 | 15b710a7658d27715e396c2745ddcc9b0cc3d69b |
| SHA256 | c569ab0d918401dd7a4b5e7370066fcd7ceacfab2bcc73bb4b1f031adcc6dd14 |
| SHA512 | 49c2e9559abc8dfc9c7146d8e3b7b86aca9a31c1fff946669d1c76a104c807e810f64c5cf665e2ff27d8cccee95448ddece4ce17c9fe006b5aa7c60d3178e549 |
C:\Users\Admin\AppData\Local\Temp\UUYA.exe
| MD5 | 43761ba0094081f0681739681235be06 |
| SHA1 | bb6b9878af9c9397af782cbc4b48bfd08c649424 |
| SHA256 | 0ef7657eb6d6c7ece4136f840b7976e8f6626ef3d899d560fe3249e5dcfe0d0f |
| SHA512 | ae8ea4796ffd373561ad883df8d2a5c5ae5a80b3f38fb12f59a6575f7b25573b38c4c75cad0f9dccf2d1e8be37f20511f5d947da978eedacd0e5c683b8fb1d50 |
C:\Users\Admin\AppData\Local\Temp\pyYUEswE.bat
| MD5 | 13c121c5e13a0a4bdb423e2f6b7c01c4 |
| SHA1 | cee2c188f1f02a8b1c46c4ffba15e78c951dcf09 |
| SHA256 | 03c7d349f9a1372c9b2841c219f5c12f8e209f8de28731f508d96bb9db22960f |
| SHA512 | cc23d5f5d0a7dcf7c010f9e3a82abee2ee01f5461c45fb6cbe267598d652b9eabb0613856cb9249884fdcc36600acf615297b210891b8198e3f459d9360b9584 |
memory/812-850-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WwMS.exe
| MD5 | 47d54252772a676bce6f7fce3d1d5385 |
| SHA1 | 1c205b7b5c52eb0ad5e041be4460394ea5778a90 |
| SHA256 | 67795d3f78ba28210e4737b2077d9f371ef352793cb1449d206db3cdaa302420 |
| SHA512 | f8120adf33c4745f56c7f85fc81bcce5c498d3b0879f1b5ade2c1e8db4ad0ca33c8deedfb91305c80342b9000a130c36349692b35adcdcfe985a09f06a53d613 |
C:\Users\Admin\AppData\Local\Temp\agUM.exe
| MD5 | a71a817bb5f351a88d11ac390fe9e4a4 |
| SHA1 | 5f1e71a72b2a54e8c8140be543d9880ff5eaf90e |
| SHA256 | 81b554f78f7684f9ba2eaccf02d59dbb49714571aef68ef45db025be7bfa4efb |
| SHA512 | 6c5ec40f450cfa97ae754bab483e8b3ba9589c982d6b2753463091bb3868600aba5ddf8146ed0b5cccfdb0e787735f073fdc2b813808c1934c1af78c2849ad58 |
memory/1928-872-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wIEU.exe
| MD5 | bacbbb193de8bc394f670529e0d71a54 |
| SHA1 | e764d3900a83cf683dd35d1f4e032f240a9ed203 |
| SHA256 | 46b978674acb39ad050b45f74e167048c73dcb6ab9b0b20ea876412cf9686b51 |
| SHA512 | c40b97f9c50a9d02a74c33826660ae866537e1476395ce121c96957a7cd35e5be64a6ddcef8d1dbcd92480811874211e3af7387d34354e693f6c67cf192f2c56 |
C:\Users\Admin\AppData\Local\Temp\Aoca.exe
| MD5 | 07b3c223f8da0d462e8b7f353cf131e1 |
| SHA1 | f7028471508e0f4bee0d99cdd8497d0c5265ee36 |
| SHA256 | 9610dbcc656511392242f53085ff563be8f41f16b990b177e9f1020304494207 |
| SHA512 | 0ec5ec4a0d9cc601d2ad154a1664b635bb2ac174b0c5ff3402ba5163a951f047143b3bb4c2365b68e5ca3013908ab0d4c2064495ff70e093484ee373132f9e86 |
C:\Users\Admin\AppData\Local\Temp\iYoA.exe
| MD5 | a17226637afecbba7fe85f2614c17868 |
| SHA1 | 9fe3e8657bd5ea1d9cdccdbcf21470499dea0169 |
| SHA256 | a71351e34c78bbb5a743d3cad9e5d4c78c9245408375e97ca29d7dcfd9e7e6ab |
| SHA512 | 4bd9c87a3ab93cfef5a0c17a3d1273cb59acd4b61ab44ee0c1238b179d919121887d25b87c7ff5237be241dce85ec818148f0a73699a794e4b818de9aeddf57e |
C:\Users\Admin\AppData\Local\Temp\PcQgsQMQ.bat
| MD5 | 079116b56f0194a9f7731c305aad6dc9 |
| SHA1 | 9d5cfbc0c7819f078736b6dd518d2958e353d7bb |
| SHA256 | d2590331ef62e479b347e52e236a62095bec6c0e6217c6469b27f94a4ba20e39 |
| SHA512 | 86ea97bd5bf0d9653d5650bb15416ea05a575ecc6829830e151a6c2505cc66deec26361c39020364d6d20c9bdee1bb3e6367a5b31e0413337d0788d68b93b5ef |
C:\Users\Admin\AppData\Local\Temp\QUkc.exe
| MD5 | 4d36dcc10bab3b22dd4187aa0a331cd0 |
| SHA1 | c985c65c7151569b38dc8298db6d435cf2e727a5 |
| SHA256 | 377a2bee43e6224200d96b8873b88ed07481ba83a31e58e7764024588d09268a |
| SHA512 | 38b248c418680e2d9ee44b6c4b2d4d179be681fcfe9a1739bbf91be5a117a116d2ef134e32d54d2458f8306b7d4c0c3d9a615d79d80a0916d9fbf8d537e92a8c |
memory/2836-948-0x0000000000120000-0x000000000013F000-memory.dmp
memory/1632-949-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2836-947-0x0000000000120000-0x000000000013F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMQq.exe
| MD5 | edd5b4df14d999f10f0d3b5dd56cccdb |
| SHA1 | 0da771e692e372469feb32b74aa3ed44ec42cd2f |
| SHA256 | c59872a5726618ad8d9d76a78957067eac609eb5b6a8407ac5395425ea86c11a |
| SHA512 | e2e66aaf6b7c5c99b290e3aebf0cc026a2c071d9ef3a25d18818977d1cc955788838fddc6753f168ec30f650f7cf908b424f20e7caa042976fdb5d9c33d91576 |
memory/2764-971-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QEoi.exe
| MD5 | b664de64970ef1c2f24f090405f18906 |
| SHA1 | 085fef78b5cabeb1596dfa67b6947dceb785fc30 |
| SHA256 | 55c32dd8e5c88bddf3475508a73a6612313440d08075ceb8a023479c27a825bd |
| SHA512 | bfa2d43bddccfd6ab1efa831391ed532dfac248b61d8b40133d49643a991a6d17942b7ecbffe0f67769ef1183296fceae22e2d7e486867a98dda910ca9adbae7 |
C:\Users\Admin\AppData\Local\Temp\SEks.exe
| MD5 | 6577661d6d8704433c63bd22144697c1 |
| SHA1 | 00afdeea152eb42bf0e3c290fcd1ec722ae4d34e |
| SHA256 | 277b899b29bb27ae5ac6449ba6b9dc0f9e913e53fadeb906098d23b4a73d8a1c |
| SHA512 | 7e2bb29d9f6899a27a48a41266600aae541438a862fb53bfef4242963afa189d7598ca136c75bcb61237c68d50932fd8465ff3e0e27baa87ce4cc83bc57bee6d |
C:\Users\Admin\AppData\Local\Temp\GwkYkEkY.bat
| MD5 | a328a126126e5a9c1deaef73816f630e |
| SHA1 | ab4aa1a017dca65ad7f6f414c50051f75cc0a7e2 |
| SHA256 | cb203a427fe3f7fb682e97c3f47ec44145b783d7a1566ef044fa40580b1e10b8 |
| SHA512 | c25be2e0a4f91bbdb573b31178532c038f784490a9867482454dedc9243796b00b6ffef7af0ac3578a0b41a04066587ebe6ed5fe8f144c79b5264392f5bfe5d2 |
C:\Users\Admin\AppData\Local\Temp\YAEs.exe
| MD5 | 5d37621b6fae7cd18ca8e5ab1f016ccb |
| SHA1 | cd330d38573a57b87eaa39b924fd0cea760c3185 |
| SHA256 | a0bbf7c3022e69f1983becf043ffad2b3c2ef95cdb67d39e5d02bc666d0ba565 |
| SHA512 | d5d325ca16388b2202cdb72e8f4d23c3032bc8518192cf5d5d7ddef6b3e7a057904ba85646bf0a67663ce6021ec1290a1fb183e569e1c356346651c31233f7ca |
memory/2440-1034-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/1632-1043-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\moog.exe
| MD5 | c1b3287087780c3df621947183b555bc |
| SHA1 | bb599ddb2a6d1c6287299716f343fb3b74951cc9 |
| SHA256 | fe3d01e61fc09c510ae7271ca84c531905986c843e17287a8c92d7d765ceaa4c |
| SHA512 | 2ed7c05527f5e120db249238c2a06681c2f8282db419bc3b0ea449e3c3bb52b9f02afb0539f9eeec381fdd95fa3a32f37e77f09527b8a51c50a83ec6d1727d0a |
memory/348-1035-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2440-1033-0x00000000001B0000-0x00000000001CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Swsu.exe
| MD5 | fb22108f9decae55f52e8a4278a868a5 |
| SHA1 | ff0be6a85ac1f1f86996030c35f44ae04d09f0f9 |
| SHA256 | 15285517a2bf127470d3404391007a0a794941534521bf7fb670b584692372e9 |
| SHA512 | 21fc8756a603f94b1cfbde71f895d72ece36e728c23228cb2955c6f91d36f7cee60f1460acefe079537917569cf917b1b6e25ab73a4ccc0cb359ef9404bcc9d7 |
C:\Users\Admin\AppData\Local\Temp\YIsQ.exe
| MD5 | 2869bf5db334422568cccf863fada5ae |
| SHA1 | 32814b66003b5b2472c5300c4eafc3ddc81fa1bf |
| SHA256 | fe310e3724d2e6813c2d8c665ce4b178e05a2aa136f1a52c173531ab9b999574 |
| SHA512 | d6e476bf5d224d16c9cca2e4e7143c0f781b4db712a6fea522cc96adbb249b4b6ffa4545f2cec8f8591cbd9d070c857e6009332879ccfa9ffd643710c9c15115 |
C:\Users\Admin\AppData\Local\Temp\iMko.exe
| MD5 | 833a39709dfb3c0e3e4e62615c10e789 |
| SHA1 | 05d77ea8385e716dffab817a7e5ff5df3f36077b |
| SHA256 | e2cc6cecf042e962fe84275dc28d9209b2fef48c87f54e598ecd32a7346dcc7b |
| SHA512 | d482c2d96108ad0f44c8634d717123b87ac904d71c37f2938bb2f7af525e547c889dda66ea27823959dfe35b91c329a10f4e99f517bb7c56af8843987e9d4343 |
C:\Users\Admin\AppData\Local\Temp\AeccsskI.bat
| MD5 | b1db900adae95c627f2462f041dff7b8 |
| SHA1 | cfbe1f81ca04810731ea3eee79ba1b8c6e740797 |
| SHA256 | 8b56ccc8d8a5cd4fe366cd62e44d4ba5133bf6c134caf4f0a29152e2c03dc314 |
| SHA512 | f04d679e26d2d8a2feb9f34a852ca8c039d458aff6fb975bb5cfc971eb899786eadccd3adfdd98b466ea2b30bf97ebbfd05d5d31c05481aaf43fa05dc3cec6b0 |
C:\Users\Admin\AppData\Local\Temp\wUwM.exe
| MD5 | d1397bfd0b0dcb65fa40c622fe2476be |
| SHA1 | 58af00f31dae9c1a5b67f03f4286a75f820e9717 |
| SHA256 | cd783b74b34687dd650797c41483429e698920fcc25970192354460c6f43e873 |
| SHA512 | 24adf5671b4baa608946f1d52519de79f1b248b6ec05508425c027c441ea03a36d07e032444f9fafe003d74085dc81c6c95cef51d251d6be883d5bb9711d6e22 |
C:\Users\Admin\AppData\Local\Temp\kMMO.exe
| MD5 | ab765d97a0e6e594ee7f97c67ed90762 |
| SHA1 | 08514bcb593fc4994235abecfcea9f4c09fb5426 |
| SHA256 | 12ad56ce3a2fd4cde9498f175041bb3139cccded028697ab1fb5e1d922bbdf0a |
| SHA512 | db41dce6a5c9898bbee9833db6a770c81a9db54fe905d6a52173162474b4cbb729ca7bce87157926abf9cc885efa610e03f626680b89e6a61049a16146eeb259 |
C:\Users\Admin\AppData\Local\Temp\qIsu.exe
| MD5 | 5854bf945d4a41cc1f6675b529e8b43d |
| SHA1 | 0e38c41ca82970bf66bad03b92dfe7da9d8d4399 |
| SHA256 | ce84dbb3b2f976fd0d747f70c9553ef4b7927642b5774568a757c2f2cd196126 |
| SHA512 | a3c02ed0fc7f3921fa9e32e6db34ea4257a14a009797427b0d4da1410510c548bf56306ee128bd5d0943d8bff08b98aad93d9c2035b09dbb01cb2034b744c99d |
C:\Users\Admin\AppData\Local\Temp\GIMe.exe
| MD5 | 46b85ada663dbac36ad96b925aad8b8c |
| SHA1 | fa43e8e1640fe34ea8e3116eb856541120da0c33 |
| SHA256 | d8c0f0d4e5f75454c05715c315506e2e0e3dd5c76e0c39e1581ba987e3ef3ffe |
| SHA512 | 348d9b8412c028eacf86f1c6bd2618b2183d68de54812c5e0eeaf923b07e0a2deaab4febd07fe9a9fbc324735d204d8494575b3421006e35f1e92eef6f141e97 |
C:\Users\Admin\AppData\Local\Temp\wIcW.exe
| MD5 | 9fffe38054d7e7f31a2d9698e2c6b6d8 |
| SHA1 | 7e89362b4dabb988067f47a945d62395bee33d4a |
| SHA256 | f7c788c71271addb5464e9b8d4013ecf9145b9dbc3fe6511d13050fcd9a8ed2d |
| SHA512 | 0f6b532cfedc2247223ced33042770aea6d169313f82804b550e6fd6515c3afe796a0c0c6e94d04210b01902bb03c3f600647dbaf66b7992723a5f023928d838 |
C:\Users\Admin\AppData\Local\Temp\eYsIYsQY.bat
| MD5 | 0036c418e8f182f5c208c5f13818e8c7 |
| SHA1 | cca642d9f89a9a7fa9f2049ea5182e7a431752df |
| SHA256 | 1deb09e739a634c8243740c8e15964196035047e7c78a1dc796ae8fe7dfb9d6c |
| SHA512 | aacec95c4147551123aeea407c7f94daf4382cfca83be503c21fa43a0f6d49557a04a7c1f40156ba9991265af03cfd26e3deed91c6ea768b0b5b3c3ffc56c32e |
C:\Users\Admin\AppData\Local\Temp\wIEK.exe
| MD5 | d27cd9012750653933b5c8f142fd6c6c |
| SHA1 | 58be416e6d6e4205bdab80062197084fb7204d40 |
| SHA256 | 5f01540c9cd67c20c232c6e70dd96377492af871657f1374e32653f50ff5e531 |
| SHA512 | 773b4758eea2ddcd99caaa2f71cc127c283dedf2a52b5a059471c9aedc721251086c9b0e9598f457c79fa94473ee219e4e9c60ab524a8aad4b5b3b5f2f91eb9a |
C:\Users\Admin\AppData\Local\Temp\OsUq.exe
| MD5 | 829f9985abfed9891f1b9818f4a888bd |
| SHA1 | bf7e8a6e1fa102aaef53f29cfbae140797bb48f5 |
| SHA256 | 7ee52290981390cca0bf7d641c78434a678474189a57e311bf458efbf94c3e67 |
| SHA512 | 2ebecbe8df6060d6c25fddea516c607450c1a3d809eb2548efb41e885d8565392783169131e2042a13ac55d503c6e84c7b7fb472ad5dfa4fb654aeec53c2b7a1 |
C:\Users\Admin\AppData\Local\Temp\sEgM.exe
| MD5 | ba3c5c1764cd174170b53b5ad00d96c7 |
| SHA1 | 366c157db2863ea2a30574e3c4ef0d18840b05cf |
| SHA256 | 871874bdb92f6a0bd48546345d588495edf5dcc93e4aca54ef4d610c599628c3 |
| SHA512 | 8a7178a2bedd6911eaff6368d0725e46630608837d78a64043a658202ee25e7a367f5f482e8bb6c6dfb70f46d078de7a09d0643b9bec8d48ef807bb6984f244c |
C:\Users\Admin\AppData\Local\Temp\WgAG.exe
| MD5 | 7f2f6934a149ce54a9ceb9c8d7242698 |
| SHA1 | 27fb86795c6542fff00e2af74254e41c2503fa22 |
| SHA256 | c1323160d27d053b1a7ac22e17b933e3bdddc79b044f52713a4cfdcf09c3b59d |
| SHA512 | bae8bf8fdf908fb698f398cae565fd85c5123c38d07b485a925d40c3b2abcf9f029fe73bee852e838deebae1ba6a01670ba74b0599bb7f09300c181d65dde7d3 |
C:\Users\Admin\AppData\Local\Temp\sQgY.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\mUQY.exe
| MD5 | 9eca71498d7ba6b129840c269e431f61 |
| SHA1 | fa12cf07165a7b9a8f7b8e4cfb299f050e9fea38 |
| SHA256 | b624d1d40bedeef03397ff81a0afac4c55751bbe87151e97fa612c6441aae690 |
| SHA512 | af2cbfe0d46dc7ca48aa1d4bd9dc66ecd24a66126d677f282597687b45a78014b715e64161f1d38182b3f1a84003d3a199436c06727751d8549a044aa1f88e63 |
C:\Users\Admin\AppData\Local\Temp\GIEoYoMw.bat
| MD5 | 6abe7fe89ffa9f5ae7155dcdf6ab3926 |
| SHA1 | a58313f45a2ddbdc6761e179a3daf0170d119cee |
| SHA256 | 38d365c3ffeba072a225a403a8524d1f3bf810b98099e8e8bc5df44046d3c992 |
| SHA512 | 93195f96427f19e82f66ce72aa9bc70e03d1ff8ee3e59b8cb77a51fbca89a91d435fc900891fad08f1dc77a2614d727bfe522727d31c01c1e7c5d677fd89d0ea |
C:\Users\Admin\AppData\Local\Temp\uoEW.exe
| MD5 | 6661f739fc7d8c3bd59f96e0ea998adc |
| SHA1 | e1e68442dbcf1c5799f801e9518694bf29b6acf1 |
| SHA256 | 5d7ce5a10cd8c4c2b8f87aa89cd78fe7c30f2140b5f56f64409accd7d8ff06bb |
| SHA512 | afd4a272cc1cca3d8feaa03bfc01623c11da3b9fd9f0ca47e6457f359efed60daa85fe35477f325292efda7d21506ecd8afc1bcedd7db6762cc33adbb0fb3e17 |
C:\Users\Admin\AppData\Local\Temp\eEgw.exe
| MD5 | 48ce405a66dff56e1c5c58cb14351597 |
| SHA1 | 63027d4a2b0faca278473769c4997f8c0d5613ee |
| SHA256 | c7eb0bfc2b4a4b1a2d1a26cb576601f3ec65e8c6833bde03e133d2d780f6291d |
| SHA512 | 027b15f41257b08146b2a89d0e0478b197da3bad48df95b517b8ef7549cf59f5cafe2fc83d9723fcb6c87f5a153996eed99a1f72f12480bb850f0590ab6a15e4 |
C:\Users\Admin\AppData\Local\Temp\soQQ.exe
| MD5 | f993a4255ff800183ea854538bc42e89 |
| SHA1 | 09ebe38de706889655aff2d2ffded9854b21c1f2 |
| SHA256 | 9723545046a71c177dd444255839f35fb594d5b294176fe54a726834d61ce687 |
| SHA512 | 2c69f4e2bf864a2ab308fe5eb8474caa7840cc54324a524827ca7beb505d10e253fabcbc1e20f2e06e9cfea7e6a7c5f22c9d61b92eb172f3eb1701f067ec438e |
C:\Users\Admin\AppData\Local\Temp\qgAU.exe
| MD5 | 96793b64cdd748bada5dad11ca6eaaf7 |
| SHA1 | 33550d6f8c282986bdcbc5a1ac7862b6cd9f4719 |
| SHA256 | b0f885710803f464c7c7672b6f422b6fbb770edecfa8284ecce3ef5d46f4dff6 |
| SHA512 | 371db507718cf204111ba0638b167f39ad4d2aaa1ead80fe3b886cb475c48fd010dd006827e1582c68af432f7ba0b337b752b05c9cf4389a085c1e645a8c7cf5 |
C:\Users\Admin\AppData\Local\Temp\GMMS.exe
| MD5 | 426c7c2362b84050bf42396ab1ec5d4c |
| SHA1 | 2188d1051f92b48df1271ef18734cfa65aff73fb |
| SHA256 | d791976c48d1e521675a41299dd2ffcf93f66ee4351f636db273a27cdb0501d1 |
| SHA512 | 78cc0724adfa44ef4a7a95bc7a414c565df7e0be1918487f12eef4298eeaf5da99a1a9391788fcf5edc0fe1a309b723c165245063381e7fa080f9eca09b999c2 |
C:\Users\Admin\AppData\Local\Temp\iwoA.exe
| MD5 | f6423616b627a090b6e469b349fc8e83 |
| SHA1 | 205d1994b7dbaa074415372c25eebbbf1abec891 |
| SHA256 | 26c4efe67867b6e58cad5a32b510c659c55ed904cee743388a58ce499e225f36 |
| SHA512 | 7838f9d76853f89aa5a52470bb53e5ee26fe08d9b0ce9286bbb97b09c1a26f69bcd62960a73a2c549046a173bf6f034de3ec6e03bf898565903164ccacc58878 |
C:\Users\Admin\AppData\Local\Temp\kEso.exe
| MD5 | 827e7b95d3485fce43520a0d1d53eb8e |
| SHA1 | d15194cff061d56007f14011de0d4e1c785e4e6d |
| SHA256 | bdfedbefad49b2643737972ab8f14af4ca2d247ef2a22250e5eccfa5bc54fc5b |
| SHA512 | 36aab7f2c42a1775e205d45d07593717dfc4c0619abf9eddc0c31fa90a893c08df2dad15238e6f5c11fff444a54e368a9a83f75eedff0d415d4f2bcf44f2cd46 |
C:\Users\Admin\AppData\Local\Temp\rkYAIkwI.bat
| MD5 | b8a7cee1ca6e796557ec094e1d558e61 |
| SHA1 | 0997ed96380dacb5e9451e8d7630110e4186f8a5 |
| SHA256 | 13dc9296d981bf37c78b816dfecf8595503c2d0aedc1244bc9ea5bd433cd47eb |
| SHA512 | 0002b1a9657f7aa75c10be0e9ddc92b13289f0502fd77b7b9f3f5ab471280cfc53ca54d32f170a35f2cb66bbfb575cc22442817ebb94da45215f401be927c7bf |
C:\Users\Admin\AppData\Local\Temp\qgMO.exe
| MD5 | 871e93813773b66f7bf02b54195dd641 |
| SHA1 | 00abacd5bce48da7b564aad695ca7b20f68462ff |
| SHA256 | 6b20a217b01a5dca2b3f91e6374680871615862aab2faed3c4735426ca27c27c |
| SHA512 | 20c0db6d03e2a06ca1f4244e5f4f99a90383dc8e441f772b54353a253a3857ea5cc28b2eb49ee0d66a1d3b0275c09ed3a41dfd4dccb8d3ca1ae354dbbc89c838 |
C:\Users\Admin\AppData\Local\Temp\GYMO.exe
| MD5 | 7de981011b46d3424f5d8eef9c01087b |
| SHA1 | bb19d5c3f3f0a513bbebe265246a6fd89c6ca9b5 |
| SHA256 | 306c273bbc4a3834f83dab46f084840d18051f15fa5cac99fb4d4185d4ceec61 |
| SHA512 | 420c8fdbe6547cff641c297cae352adc2c80f5af6094dd90b47c37795d53ab5a9a45af392c61d42f8dc943bdcd54c90069e731ad600a1e2aac3739540d886d4c |
C:\Users\Admin\AppData\Local\Temp\KkkS.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\Desktop\DenyTest.mp3.exe
| MD5 | 4d5316add2385fbe20c7339f6c5969d3 |
| SHA1 | d52b79b4cc2b987fb572b2966b70e506bee12287 |
| SHA256 | 0a24194aeeb8d6cd4dcb19b18ffe4000701e2ffbb121e28106b9945faea51c15 |
| SHA512 | 4f88265abf2542d42d5fa2f278d2931558520841c89329f3ce29041564ab190ca362ea994d1c6576fa90103ee2d06c10fb518c008f759d103ef7e7f47420badd |
C:\Users\Admin\AppData\Local\Temp\Ggwe.exe
| MD5 | 871807d400d8a2578d3fb4e6a3d41dbe |
| SHA1 | 83dea357449a08ba7e7276ee2be5bba7da018562 |
| SHA256 | 3ef39140409a3f01ea8eeef20392a7597d95e4d47698a1b401cf07f36baf0361 |
| SHA512 | 13681f7b0332d91cbeffa7a041f38e9326b4a15bf59b39db613e76f7f0ca90ff8fc6ac50ba4ad9af7aa127a3962e44237183ce30b2c5ad2d3463077d8e9c4f85 |
C:\Users\Admin\AppData\Local\Temp\DkowswYQ.bat
| MD5 | b5f01a94b17b387f6c76ad6412dbd6da |
| SHA1 | 58de058444e39e5232562b940aa2ef2161acff2c |
| SHA256 | b6601ea91d0f33be9ae5f87a24e9d1d925dbf751bd607a13d8011badf48a7b14 |
| SHA512 | f46d4e8bedc25ace141c2f47e58a7fda3010f7158287ec6a095262af74a3fb8d82c12dd38e29557e5d5955cfb201c6f95618856344a32892fc6f3915edc79d58 |
C:\Users\Admin\AppData\Local\Temp\ycwk.exe
| MD5 | 2cbee181f8a0e796fe8b4ec48b216171 |
| SHA1 | b2dbf1a1c0b6aeed730713995b79a721afe02248 |
| SHA256 | fb5c6a58a6bf6e8506acfa52a6fc0b8c8c91b90cdea41c2e49f1368ba0e62eb6 |
| SHA512 | a4b12e0e259cd5f8ecd0dbfb7dd7abce8204c47948c0bc87979d8438b5041416b8bed156d3be63acb955d90fa1bf3245a8b25171d2af4deeddf9358699be5ffb |
C:\Users\Admin\AppData\Local\Temp\Goww.exe
| MD5 | a29169b20f4b5fa645986c3a05ff63e0 |
| SHA1 | 8b00c986e68e46232aec0a07466952e060f7eb59 |
| SHA256 | abfe2bc4ecb6b22b988b6a0755dafbf2972f938108792330bf19477dce01e0d9 |
| SHA512 | c562fd029764b3372f9c8d2ff7bcbfb06b8f241c2ca2a9fd3991a4d2866e2cb36ddf8e9a5582ea0827732a6f91546b8fb7247457ef718d980159cbaecfc54336 |
C:\Users\Admin\AppData\Local\Temp\YMAC.ico
| MD5 | e1ef4ce9101a2d621605c1804fa500f0 |
| SHA1 | 0cef22e54d5a2a576dd684c456ede63193dcb1dc |
| SHA256 | 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0 |
| SHA512 | f7d40862fd6bf9ee96564cf71e952e03ef1a22f47576d62791a56bdbfbff21a21914bfa2d2cae3ca02e96cd67bf05cade3a9c67139d8ceed5788253b40a10b32 |
C:\Users\Admin\AppData\Local\Temp\eYUs.exe
| MD5 | 1b29f02c2bd9ab7d6f337fe23daa708a |
| SHA1 | 90a4b12c6d284b81eaff5b5367932f44502086fe |
| SHA256 | 6cb5bc53ef270d502884e0b6fbf7fe7be10352b05301df111a76996ca061d6d2 |
| SHA512 | 4649ebeb7ec58aadd40ee588223452bc3cf547cef8f7853d391d846a8f909f8ddb2e258e9f2f64fc482fe65249a53bbc35de33db684c1094a6dee662d4295c1c |
C:\Users\Admin\AppData\Local\Temp\kIEq.exe
| MD5 | e9900860d35cf3846b517b61e2b45144 |
| SHA1 | 8057ef1d4a45808e34df99f1d2af3d9be2563395 |
| SHA256 | 1562b7a54224c87aea3d488cf000aa600e36e81ba2009ff785b225cf55806210 |
| SHA512 | 4fad83e08cb0e82223911bd90bc9760f2900f5603a732c250d39d6b9f94d1cfc3ae1fa7af5bc40bc7a42b268de1b5f61439ea2c413760048fdce95375475597a |
C:\Users\Admin\AppData\Local\Temp\iYMU.exe
| MD5 | f8155a99a03714e863ff73258a99a22a |
| SHA1 | 7e0b3ce47e86580fe815b16ac8ffd884c5242f28 |
| SHA256 | 708eb6bbf2c8fafd65156a6e5aed3694887e9b3a512f9d53e1862ffd34de41ec |
| SHA512 | c1f244e49fb0de49e0ec83b5f7b36a9757479ac0c1a6b3e44a2c2c31d92c8ae887e74bc2a38155b1de4316cf6ab7c97c7dfeb31f7c21686ad9cc8702587c2ca4 |
C:\Users\Admin\AppData\Local\Temp\YggQ.exe
| MD5 | 136ca974b8f509269da99232921ecdcf |
| SHA1 | 55fd5459a9e63f3bfb2f8077b1c01d408a3e1a77 |
| SHA256 | 68f6f61340e90e0a7be1618241476927dc03af26cac776f8dcf5b9dda41c7cc0 |
| SHA512 | 4b68bde5a4bf81e9a2b1f259268115695b5005b2283f481aeb0df6c126fcfd6714a2529e60d77f8588b94e0dbc95490af43246c5eed07cd024ae601089ebbaa8 |
C:\Users\Admin\AppData\Local\Temp\ckYM.exe
| MD5 | 681a156087d32d85d025b7e113f50580 |
| SHA1 | 4a3cd8583af0a86dea3c4594a5f85db79f0d2c74 |
| SHA256 | 7c72462c9802b75326f7a0d7d3dbf424884d21ac868d898fc693c05b51a37a36 |
| SHA512 | 0a056523838f12903150d86a6dc9f7da942b86b2b4cb7a1e409e3033b15d0a3d891abf05f8a9aa9df46a5800b4b36afc51b7b72ee02745a0e48d6b1172be5522 |
C:\Users\Admin\AppData\Local\Temp\mIUU.exe
| MD5 | 3ef0e0dcc165576d79f35221b0baa83e |
| SHA1 | ab90eb791a2a2ce87c9ca506ce8545eb90f2353d |
| SHA256 | fd3ff110cc950115bb4992a770c780c34b26a07282afe3e9956b6d3c07afa2dc |
| SHA512 | 48186ecedd1026d5ff22fc4695ff081af38138b5bb9f5b462127b00004a31318f4172b1297c379d125505396a3993393ba0634d30be93f2a668b88449b42b3d1 |
C:\Users\Admin\AppData\Local\Temp\ZykUMUoM.bat
| MD5 | c9fe28d50aa15ad0bb1bdd4d7f4bc5c6 |
| SHA1 | 86997f4763794fdc0bdf62914b2e4ae461c61b9d |
| SHA256 | 8767b53892cb63640675055472d9921c2ba0a55a7ac34355f94ac23a625778cf |
| SHA512 | c2ab2ae93664dd929cafe7941e3c3eeeb154ad83bbf812ecc70a2ff971f94b12886e97ef24bda5d7a1fbd8cd35a52d86279da10437e8a49b6003213a3ec09095 |
C:\Users\Admin\AppData\Local\Temp\KQEU.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\cwQu.exe
| MD5 | 68dce0394b7e3125a42ec5304acb44fc |
| SHA1 | 7810130aee18ac49a38875062ae4924f31d0c85d |
| SHA256 | cc87b828d9935d809ae79ca4e20d9eca36ae962f30551550cdc95e99573467a9 |
| SHA512 | ce65a23e23c679b44c975d80b6efccf3e2dfde111ff510fa85d528e1baf242ca32f0c58f4780044996a22c5625c0cd6c2d6bd6eaaf1b4163b225a160634d69a3 |
C:\Users\Admin\AppData\Local\Temp\cUsg.exe
| MD5 | 4574bd87a943ae84dbe0e3fd7c418eb1 |
| SHA1 | 836b51f5c079e76cf3cd7943c67048d380883354 |
| SHA256 | 042564ba4921219a895e20d7854c6030a82a1ca1e320b27768a739e64bb1156e |
| SHA512 | b117449756179bd5b44ef91d7cf4df1d7caba3a62ef75c9313cf223cc20ca15d364c396a915683d53866044b85c47d58e855fc805c5e83d45242ec33ebe6e66b |
C:\Users\Admin\AppData\Local\Temp\kEkS.exe
| MD5 | 1ecc442199d77ddbcac7d7956859ea81 |
| SHA1 | 0a2d0fe36a368f228ad2cd9c8c0b771d2d8e1f07 |
| SHA256 | 34353d5166b76e7a12bf3c6436cc0e78e14c3a0035b565238d454f8b887ec386 |
| SHA512 | 0b54c09e7e2cf86ca2c46f0d392310d2ed90236e6d3b1771b1f8b7b6a8f11cf66968b737cbc00e1dfced96d14a205f5255756b0fe578559185ebc55a0059fa40 |
C:\Users\Admin\AppData\Local\Temp\mkIW.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\eskc.exe
| MD5 | 76bf6ec79f22d116a1eecef17b9c0072 |
| SHA1 | 5be06969c1d88ad81bebce287e71c3bac5891dcb |
| SHA256 | 430f03fa916fd4b3e2fc89dd6c4ef2f9b94c23457269f9cb43069f5f91848cf7 |
| SHA512 | 09abed0b02a92bca70d12647107263a0767d62c3c5e1cf6d8e7e64419c94b90e50d71201e2163298d38d9d4231c8472e288be2bab260d5df338019e530ac0782 |
C:\Users\Admin\AppData\Local\Temp\yUwI.exe
| MD5 | 5ec2e18c4778375e634212fedfb5e137 |
| SHA1 | 709107abd589bca5d17df69fef71f8b4a505c59f |
| SHA256 | 155b8f8f5012acc2826a8d2fce9d3951748ed79e344ec6e87fc8ead1180f99f9 |
| SHA512 | b40885c873d5f973c076de25018e7efd498b053df1d3bc3a80fda7ab2f97b7b6a89c7a85e1d787d0d3823301fae4ad5d20c28f6b3ccf36b298cd2e6806a4b5cf |
C:\Users\Admin\AppData\Local\Temp\kYgG.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\cMYa.exe
| MD5 | 8872d74be003a5d25e92c17da68ff506 |
| SHA1 | 8dc77bfc3756e28c9a2e0c02c9df5a2d15968b81 |
| SHA256 | 437969cab31da9137d97707e366ee5eb9526c6ef35abfc2fbfa29d133a106c8e |
| SHA512 | 148572733bb21eed70745deb6ac74900981d4e81dfc74eef5704e0fbb814c0041050447ea6df738c888e623f432f7fc405b6a0d04490ab608d86d1cd07c6f34d |
C:\Users\Admin\AppData\Local\Temp\EaYMggEg.bat
| MD5 | d4781644727e86fa78202629202ce14b |
| SHA1 | e4d15a34bfc433b1f1e24fb90926007eeec22d47 |
| SHA256 | de6dccce841bf4d2f8057c5987863c6775cdf5905623d13d2b76b1618ebb0f34 |
| SHA512 | 989c0ba3938f62b047c5b6c32ade16b46c7f176f1dce36cacb2f14f9beea8d92bb6c154d8efbf4e37c1ba25fed7649489d5f174f35e6e82b54eafea2596ebf49 |
C:\Users\Admin\AppData\Local\Temp\mIoM.exe
| MD5 | b2e29b7a2870050cca14ee36bb65756c |
| SHA1 | 40144cf5d180bbceca324038f653a492eefc0c88 |
| SHA256 | ae2f6112083fab29a07f0e77fb5f478655962166c386cbd2fc0905b347345e1c |
| SHA512 | 3fcea853eb52f3b05e00415c461d6f2c16a9a8a5fce22901999b796384a429d9721cb9bb723476851dcdd931a1bca6fc75a44438a17f587ff88bae3c70139d3b |
C:\Users\Admin\AppData\Local\Temp\Qssc.exe
| MD5 | 9141b123018a0444d284b793972a3a09 |
| SHA1 | e7c19b4c6727e5699dafe985b426ec0c62cce6d7 |
| SHA256 | d45e3f1e43ed3d9c57e81ff2ca7a612eb816babd436cbad14b3df76d23d77f49 |
| SHA512 | aca951d7e479ccb424eb7f008335f27f394d638ad3592b23e5464ad3ce5e2c9ddd0bd671e088d811b48a203509da624b2c60961aa968e78eb3b9514a57831d95 |
C:\Users\Admin\AppData\Local\Temp\GAAo.exe
| MD5 | 138e45819e3fe8532a76a6ab7ea895ee |
| SHA1 | 65cfd9a029bf63108fc5417e7ba92e97aae9ccae |
| SHA256 | 7ab6d7d4bccc4a6b775ac4a2cca7b4b02ee4a52daedc6da47596b31bfca0263e |
| SHA512 | 775119f24c24a1a3277d025fcd7deebddc4cd41fe049c3d83124d6ba94669501fff909de6ce2d11a0a1c6dc2967e0f13e967ddf4b85204f02a92fa6badb8975f |
C:\Users\Admin\AppData\Local\Temp\SMYW.exe
| MD5 | f778f395e1950e943aeefef44e63ad5c |
| SHA1 | d6b6383752e1123e56f5c99653c00ef00c6e9db2 |
| SHA256 | 7191cd51eaa314fddb75e0c22d610242e45e9c438b8a78e89d8885a6d72831c5 |
| SHA512 | debeffd271137a14647330923f194364e71998a9761193b9a15cf6139317916fbf28ebff3622cecec6132d77958275dfc081f6dd254a52f90cdf751e2dfe51d2 |
C:\Users\Admin\AppData\Local\Temp\ciUMQQwo.bat
| MD5 | f032eb48760caf8c3df1c18f47083065 |
| SHA1 | 406cc6aa4a6513553384abbbe3d5aa21d7e8e71f |
| SHA256 | 5ce471eb519b64a6a8f0f5ab826411331fa09c019dcb341262c30886562def11 |
| SHA512 | 3e7efe89c58ae0223bd27b198ae549b2963ecd7db98ab3dda10249a1b0caf9ff2e58cb1528830d2cddb2237426f17bfde69203ad8485572128616ed71d7945d6 |
C:\Users\Admin\AppData\Local\Temp\wQci.exe
| MD5 | 3b52b456fc955061b0d0aa691fe64884 |
| SHA1 | 32549ecb0ae28b88a7cb2dae59651455130f3714 |
| SHA256 | 2c4353a412383c6a5b1f663cfeef4aee9453e84e20699afefd4a1237eb691f30 |
| SHA512 | 2be13943065d4c5f73355684fe321b1034558f9f98296b71a85cadf56a10de4af228f64d28a6e44643fb5df5c29f3a6889c6f89c0a4607141351264256bd8f98 |
C:\Users\Admin\AppData\Local\Temp\ikww.exe
| MD5 | facdea00635f4cd9dca2902b7b4c6615 |
| SHA1 | b7c717e65a9f80b20264494a273aa32961fd55c7 |
| SHA256 | 284e4933b65d2c7e4a55488a7aac7127e1e8b398552235c8597200df7fb43b98 |
| SHA512 | dc52eccaac00d8388ff437c2d8e1ed18dbed913fad8dddb5ac05b9718397a897cfc168cb72af063c0c1eec6822aa7ceeffe3c074d26dac1e6e5dbaaeb93551a0 |
C:\Users\Admin\AppData\Local\Temp\WokO.exe
| MD5 | a2b661b07dc6c9bc7176f68753b0e368 |
| SHA1 | cfbc8b0fa0caa12e076907d9bf7daf2dab36bec0 |
| SHA256 | 325f0295b7817e47a3f9a27a7cf2e9b40997704565867e996e5a0f0727a10bc6 |
| SHA512 | fba5bad15b7e65e928a1ab1712c41e10c4c605723ca6d3be9511ab9dd659a9932e28208a7a8f1ba73f04738af0f032f04a1fa06af280f93ddcc083671f531261 |
C:\Users\Admin\AppData\Local\Temp\oQAEAEYs.bat
| MD5 | 08c6a79bcd07af751f9ddcedc1789f69 |
| SHA1 | 7375803409dda54a026ac696d83b65b1781a7432 |
| SHA256 | 08c1584b0267382a28bffb6f61666957947c576bcb4741d85d6dfcfb1bf7e6a6 |
| SHA512 | d8af4e840542be67aa08071dc690706883459868f6aa4d98fe7a0a8f1f016857fe75c9fbdbc8eb4c9dc8c06701fce7ce8d9a680a643dbebb9124a610c8816bf5 |
C:\Users\Admin\AppData\Local\Temp\ywMA.exe
| MD5 | 6a140a96c578557fb510000506e1e918 |
| SHA1 | bffb2431e4852cf0e925bcf7495ecc5744910f81 |
| SHA256 | 3209029f478e4e5494e231d77b08adb62b471b890629271e479b52a283e944a5 |
| SHA512 | 1b998e22bf6e3e5fb80b07490392819a3fa51a4a58e33707424d3e51ec249fcaad262d3f19bf8d5c418344c2e03b3cda8ba8a118d880187b72931a709b122e61 |
C:\Users\Admin\AppData\Local\Temp\QogU.exe
| MD5 | 5d5603afe0efb7e811401b6f8ccabe7b |
| SHA1 | c3539efecb00582ea6c7e49bdbcfe4961649da3e |
| SHA256 | 32b84002fbefcc6e5b635a9c9af3c8de3e9dbf8218123b75cffcee5d834c0937 |
| SHA512 | 2e93cfe6b8c7e47a42c9e18580ad3dc3988c68be3c4d3b0165a2765a68dca044eb19389d785b0e64a73053a1cf1df6e0ed39e168b8bc1ff562c6d3ecc2c6b550 |
C:\Users\Admin\AppData\Local\Temp\IgwS.exe
| MD5 | 1dc8fa25a134efcce4d26a7c61b3587e |
| SHA1 | fb67775be2a2aec51f6cb5a85d7697cc4dedf0f8 |
| SHA256 | 04e29b8ec91b1f62030e599d97a55e50a2bb309e971c6fd8111d6951074f04c3 |
| SHA512 | af96f0485d6eb12ab0ddd1f6a3067c9236f57861d506b896279e49e8419cd77e51db994ee24889c95eca5d1dc90dc1c67f4ae4d0d658a95162bc8ed7e5c05ed6 |
C:\Users\Admin\AppData\Local\Temp\sgwQsYUM.bat
| MD5 | 4a3facd1ff03184b6f64cfed95445deb |
| SHA1 | 888f143c8c4903aaadc96550727ca3f6b461636a |
| SHA256 | 24e9a9230328e9da231bbf1c4cd30b394f16887979289562e05849b34f8fd6b1 |
| SHA512 | 4c4f818b6b70eeeac4b45e34346de0ac32aeaba5d2e806630ea22b4267a0b6c9045f36ea8ba3d1f9fe04f21c995744940dbb05310a2a8790a39c7ed1860141f0 |
C:\Users\Admin\AppData\Local\Temp\QcQG.exe
| MD5 | 0d4918d529212a5ecb0d3efcaf88c46e |
| SHA1 | 8411c9963659d02a3e08d71ee8ae5b76caec40c9 |
| SHA256 | a84c18e394b4961b622d58a21591c6cddf24a6e321cae892114684849011fb96 |
| SHA512 | 4fe701d4d6b29b1c8efa0a6f0f0d252ad069ffe8323f70c6955b970c42d26b61e1b93d6555fc63f4cff60f98a1665542bbabde7a9ff39563fb973ede0c5cf8f3 |
C:\Users\Admin\AppData\Local\Temp\GUAU.exe
| MD5 | de663fa250d6a54a2c1deb968751a2dc |
| SHA1 | 732d8cc890c5ef836225fa7b3b0e5f2741d65a26 |
| SHA256 | 9b33ecab228b34dedc517bce0a344386571067355a328d7e536070a893827262 |
| SHA512 | 110b9c396b7cef67bc05139d305cf91e8cc87fb9aa754e4ec706aa34133273c0aee2a3c6a5075d0a40eaafb2a50692934dbdca0d949f38e9fe5f6c6ad3c432eb |
C:\Users\Admin\AppData\Local\Temp\cUka.exe
| MD5 | 5a11ce2876a29fc4819f76473df946e2 |
| SHA1 | 1f5c72aa90a00ac298e651e06f7d0256e39c5461 |
| SHA256 | d507109dcce895c334d9aee0fbd666b03e208dcb8d7944c22d4a64b7d61e78de |
| SHA512 | 89ccc0fc7dfd484ee861c604102f2a7cbf707382b9140909f64670fa6833a797f11d5f8ca8f5fd6c85762e344e2716f58450440591adb1967677e32f5051ee8a |
C:\Users\Admin\AppData\Local\Temp\dakkcIIM.bat
| MD5 | 8a624af5326559fb908d7028d8f80a1c |
| SHA1 | 010f560ec6fb97d9e2337967f285ab9b42098d45 |
| SHA256 | 00f795f33da4dfd3cae8ee5b022c7d666af08b6be3d3bc5d7dcd1333b584ca6a |
| SHA512 | c5834be06ba36e354a03d91f24483376d3ec3bef207ad7a4470f4c6967f9c551defb19a08e3098ef438e94c2410f6bb98683f1f5e414b70fc8e29a2560b90dbc |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
| MD5 | a1c34452590ed7b8b82ab0c60072470c |
| SHA1 | 716c694c97943048bdc3d0575fc0e19dd88f8eda |
| SHA256 | 8f5522f70a6beae1e1f2503ac6f9ef9efe7d583b0c8b6ed8005d7eca45c0a0e9 |
| SHA512 | 7c994c1c6cccaa792fb09fbf530fbb71d380bd5fd731126fd9a1e04c5c4b8a3dd6b8f5706b7e042ed919569544e8a45fa678c0cfc0e57a161bcf7b6f33b71b0b |
C:\Users\Admin\AppData\Local\Temp\sokI.exe
| MD5 | c6c0fc241fd71edd2789f10113474b85 |
| SHA1 | 850270a989af3339ffa680e07a77eaf5de0899de |
| SHA256 | b0c2c7371c30aa476efb4c9257f6e55cb83ec41842b17d966d925b184870ea45 |
| SHA512 | 8e10313d6f13dcaeedcfd0f7ca2f9c4eb77c23ecacf09443a33a009bb89e63cadf84a039dc66cabccea6a742a6043885e8e9c327fcd707fc5ca4bc9e759886f6 |
C:\Users\Admin\AppData\Local\Temp\wQAa.exe
| MD5 | 37a01931c669c19121225b9dee359a4a |
| SHA1 | d0e9520dea4810fb608b179a1c1dddbb6103b878 |
| SHA256 | 6bc32417ca817eae4c94070ca1d6d26cd4bc120716100b67cb195b044ce762ff |
| SHA512 | d06e3febf737ba8859bd6226fdf32945695656ab82584c1dc0f8bbe017d7f7cf40f9532804f90e97c4ece52e5c48010a5c9ad6e4bf85373fcc2c1b255d423d29 |
C:\Users\Admin\AppData\Local\Temp\BcEUwgEI.bat
| MD5 | cc8746b8d445bbfc254a94bc2cb39fd1 |
| SHA1 | a74c83dd9e5bbfb11335b3b834f3d88d96f92f9c |
| SHA256 | fae43602d27e10b079e40043c035734d12bd0c57208a501063edb0a253a89e0c |
| SHA512 | 9c7970b05fd52a5251580de09ea8cd24b6b9066f37d1cc9f725a5d7879183f8c076a5b7e83f307a28a5c22504871ca35ee4de526737fbf3fb457c2e1393db2e7 |
C:\Users\Admin\AppData\Local\Temp\qwgM.exe
| MD5 | 2784c6d5f4b25342ad3e760d7f4470b9 |
| SHA1 | c92293475458830fa256ffcaa9ed4f719bcedb94 |
| SHA256 | 1a3678723b67fa81bbcab41d73c9fa0d59c43a99addc0d500daac62999b3d53d |
| SHA512 | e177d010a50548a680e3a82e6f55098c562a6699d1c733a8122e48b3727e28ac4d9231896a6ed97b66cb53a7819e8930a21ddcf463345a7a708bbe903bf70f3b |
C:\Users\Admin\AppData\Local\Temp\wYUI.exe
| MD5 | d09c1810e2a91e3d2e5b4b4497981356 |
| SHA1 | 3a6372cacff94c8f288070cc40056cee5c22846c |
| SHA256 | c84859d2afdb8e68f6efcc001273c240cb9a2b2b7bf53edf195969223611b9ab |
| SHA512 | b34b000a0cff909e903ddb9a2029648be83a5b759885a0ec5ae1253acd63d74b13c20f0b4c1868b073759643d6de9816b4893c736f8c1773a9c50ba11fc730b5 |
C:\Users\Admin\AppData\Local\Temp\YsII.exe
| MD5 | 09a8d8509946c3838928dbc71caaa0c7 |
| SHA1 | 908e748c9bdb95886be71b88c738930e7cc1bb6f |
| SHA256 | d5873ae8713524127adbbab0b0d851075e2684bc8fb799e89b6c7cef0745e6ba |
| SHA512 | dd7987a4ed9a5d3a77726fb30e4e161a44c22761cecc1436d93a8e162484a7b773a5e70daea0cebf38cae218223b774625b1e57b3dfa786cc04f5cf3f9e4159a |
C:\Users\Admin\AppData\Local\Temp\MkkG.exe
| MD5 | b969624ba8164ad514344f9468649162 |
| SHA1 | 56fee8ef2902e3a07b6aa523fb0346edc520e82c |
| SHA256 | 4dad2adff71afad6e82714120ef50fa046dffaf2387da7801b4976ae0b18185b |
| SHA512 | 2c82418e968f2156cabe26bf98e058cd6eeabc7288ca2d9f58b095cda458b64e4131164a9c779b5cecb319fbcc65e8c858fee120f1644e6e82a1fb2f966cabaa |
C:\Users\Admin\AppData\Local\Temp\rAoUYMwY.bat
| MD5 | 2c12dd63b6b36bcbd152ee205b3c698a |
| SHA1 | e843a618ea7b703b55b04f1202582d06423381a7 |
| SHA256 | 15a1cf893ca032da1e9f43a329558764f959e74ba2b08ed8c6d3381a9fa23fe3 |
| SHA512 | 0a948b8e1c9dc993b9ce8f6b8838bc476a1fa4fc3e2430c1758d7c213fa1bb046068e4b70ab2c074750655fa1d6dc762262e1845c3965d0f79e57b857442bdf9 |
C:\Users\Admin\AppData\Local\Temp\eoAs.exe
| MD5 | 9a5b1f693713f4dc87a02c1321b7dc12 |
| SHA1 | 56065a99ff84d992409814c8457bdbddd3451539 |
| SHA256 | 7db270ae7565fb7182ccc82b7304d88ec466428a1ccb384b8a6e58be9b25b540 |
| SHA512 | 2eb1587773f9ccc83fcfdb12e481073c6dd66800200720757924f6717aecd852ae9d2490ed04416ec201e1fd1fdad294fab026d7fdd14cc6c98a00a17494326b |
C:\Users\Admin\AppData\Local\Temp\IkAA.exe
| MD5 | e39ca2e460fde8f50132ae518f3e12cf |
| SHA1 | 37b4bc9452c134977df6849a02e13c4900e46eef |
| SHA256 | 1066db3eda18a946f5af9d8dc735c4262605c570b60e1e69f93e0d7bdd6bb4da |
| SHA512 | 3b76270ce032b172965a37dfbb430ae11c3df7ada64cc566355a21e91810cc6a494163aa91965eefe95424f877730f967d42fa34ed4341b30198d226dbb2c848 |
C:\Users\Admin\AppData\Local\Temp\Iwsi.exe
| MD5 | 5f114309ebd6e90c9f2966966515a9ad |
| SHA1 | bd2b34ae5d7d8cf9c2665e701128d6ecd89560f9 |
| SHA256 | f2dd09d7ef0053b6ebc4fe4883baa1e37bf11e1336aed2ca507e89135e00ffe8 |
| SHA512 | 3f68f6e1d489bbd695bab8f49368f4ae596f5246c21c71e63403e07feb5d3fcdfc20a81ec2beb291490063872bb24e57d9f1c5142168617dc8be12ee3da7b767 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | bb4ba9915777fe8fa7f60158ea73794f |
| SHA1 | 7488a9e23849be2454f3620b0cec01082ee33e1a |
| SHA256 | e60a22ccaa84d03c85eeaf65dd60a681c3a43c58912a8de600a82093d70dd6d2 |
| SHA512 | 640e88149f94dd8bad22c0d207c4852aa6bf1979bb63c8f8dad4c038d0f0b5fed95d5e27fbc09ccf714499e4e06f99f6b66818eff75d8b3e16af7c8653a06fe8 |
C:\Users\Admin\AppData\Local\Temp\JMsoIAAo.bat
| MD5 | 5c1c452630b9d4b82aae6256f882f361 |
| SHA1 | 72b432fec6728a75e6fd855d2ec62ed28e305317 |
| SHA256 | 8d0fcee451c7a1cce042b83bb9d82cd8ed6daaff1c3abe39ce77ef94c60d2eb5 |
| SHA512 | 658fd1e7de709f76a2aa39c394a56861ade529d6d272c955c6d913d0133c5f85fc8a1279b898495b33e61d7690fef8eb4844361ae83008d75f89484d2692e446 |
C:\Users\Admin\AppData\Local\Temp\acsw.exe
| MD5 | 6048fe4d77953f3783c18076ed1f3c8f |
| SHA1 | 769ae564c766439db109bf95bb794906201da7be |
| SHA256 | 149c2bac81c6adef9a7c07dd33c1fd8454e124de60f8e4e302ce2e769fa0f985 |
| SHA512 | a8b48be1336775825b0692fb17d9820d03a54dfe87964de616893ebd665c884c7c8ff229b9c3b834fc84396fe01454a1e6b8a3045a87081edd699c20af30794b |
C:\Users\Admin\AppData\Local\Temp\cMQa.exe
| MD5 | 7a693fdddb82c8afac24e1b03da934de |
| SHA1 | e4cb2f2af2f97df3cb19ea4f153ce86d1ad4eda0 |
| SHA256 | 190517ace35d6a323fc39f0abe5063c95285af90ba3c88243bafe37211578a7e |
| SHA512 | c11955e3b0e217d9a5158d4e2c57904ea2286aaf831584cf7723f8b896730da0c11d99d93a43ee1351c3745be0b94f094736bf08ec669aa17652e426bbdb30d4 |
C:\Users\Admin\AppData\Local\Temp\kCEwAkUM.bat
| MD5 | 3d819af6faac4341104c6eef0b0f22b3 |
| SHA1 | daa39c8f1d8988f8f30a7a860e65e38f0b5694fa |
| SHA256 | be03d34230b8b2c5557cbd42f60c9e21b4b45cc32fef74f954c9e7749af2948b |
| SHA512 | 5327407d3f6ceb7e1b4b4f7dee4283ca9d3b37503c0566540a699105205534f428a5218faadf7d9954550fe3f22347f554996c1022e50ca584d45b8c4d26ed09 |
C:\Users\Admin\AppData\Local\Temp\EgcQ.exe
| MD5 | dce5606565b8e44abbfa30a714f7bcef |
| SHA1 | d204a3ec8c71ac53d051b685772eb9dcd50d6867 |
| SHA256 | 1c4cd539f56cdd80b7c0b69ba83d10b75283b816264314b34a99a84737a96ab9 |
| SHA512 | caa5e80cb771d33f9614eaebb4fb83433c234671a703d9440799f97008c4904524001cc45f36694c42e633fdc19c2a65830f19bd20a8a94196c19d237b8d34f2 |
C:\Users\Admin\AppData\Local\Temp\eEEW.exe
| MD5 | 4d9a20eead23f105ab384f565748c86b |
| SHA1 | d0ff991c8cf53b117600d88b6985f7acbcc0f3a2 |
| SHA256 | 8f87319bb13e19115a8818a4ac0e02f945c4e65e57f65aabbec5060148bffbac |
| SHA512 | a8dd77f7f884eb6e437c43e8d4dcecdfe3fc13e9c75a69d3b14bdba201b79e42f88d7495360aa6b827fc499bcbd85e46397f65404fc71b800efd912a73c78c62 |
C:\Users\Admin\AppData\Local\Temp\WqEcsAQc.bat
| MD5 | 3c3d270df0aea1a8c20bbe159290c901 |
| SHA1 | 1dbe86403d6d0239602522a1c07eebbfe3db18ce |
| SHA256 | 2b46acad31fd77ca0e5f8e1b71231b7ec0ee9073cc76856c62956aa3d807fb9f |
| SHA512 | 97ea93a7df7939b9101eb028ce90b4d11e7412ba0b8f43507a88a62f460a9e5a20ad0dc7b4ce9b69732b328d843fcb356d467d413c62833174e5426d4ec9eeb1 |
C:\Users\Admin\AppData\Local\Temp\QIoC.exe
| MD5 | 9afd764ef748a28a1fd8d35219b4def8 |
| SHA1 | 2136dddf8371c0f17174b361d6bffa5c08597dde |
| SHA256 | ba6db4c78b9a67215d2d940439f9814871a944e95e6c2ff6072fab7924211846 |
| SHA512 | 9b0a3d33302de91aa9dc984e9b43319deb5e21797df9c533022a8086f4b69f8062751f0bcd6e94f75086d2060687abfc4aa42efabccd4c1329913c9ec076d1ea |
C:\Users\Admin\AppData\Local\Temp\aEUi.exe
| MD5 | 83c86efd1094a169f5aa1c380d2caaf2 |
| SHA1 | e08eb238186d8057ad2d5fc880f72ff12e5d80ff |
| SHA256 | 82daaa6259fb6e7c521897ee3b8c265041f9895120601c1bfe9c5021abcc9858 |
| SHA512 | b68da7872a89fdb5fa9a2ec5ed3d830140f342bf69eea3c9a54b344490b626cdef1586340833d044832734f3004ded88ea0fc948a2dfe13d4a88ab74c850ff23 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | ab52561fbf314caf9a66141c4efe63df |
| SHA1 | ee143867a90239f28a983523563ffe4d275e7491 |
| SHA256 | 574946e24c69c2f81afdc3216fee08aa61aabd0073d097463670765700d420bd |
| SHA512 | 641799e0a101b5ee23715393f5c53cf782c15b2f07006a6222499638394ca335a266e793bffcdfb054cf5b241d25032b63b11ce04a4bcdb5d1cb0aa2cd383891 |
C:\Users\Admin\AppData\Local\Temp\ESAkIwIE.bat
| MD5 | cc474850113621e053279bd7f91c212d |
| SHA1 | 6606a9c2b5bc7a1aeb7ee748ccd73dc9225fcdda |
| SHA256 | 533da67d9f32ceef95e51c50b7539d90f7f4d28e17f6f33aba918bea1156b4dd |
| SHA512 | 52d4250082fa1c619697425b87f9e38b3d839c4726a752b1bb4f4efbd34a8758371d26b74488c82e7d5eb72217f40c9446c678cf9887657f6920291706dc7081 |
C:\Users\Admin\AppData\Local\Temp\wggq.exe
| MD5 | cfdf5e6c3b8de3b9057ba09bb61d1350 |
| SHA1 | 3f25b820926577c441ff79b89d631fdc8c2278a8 |
| SHA256 | 1b234e2151ed1f4ffaad8c2ee6a40d22b2d58d168ce4b9d32b8e5f7d16fc1659 |
| SHA512 | 0b19d3c44c6e0883465f8885f110dcc1e14366b4c0eec7e39ed58da77e194d824deea70a78a3f3d1794f1a7e6647a6f3dfd458454f42387c88b95a58b6cdc804 |
C:\Users\Admin\AppData\Local\Temp\MYAG.exe
| MD5 | ad77dc1d30e9671fe3875e581a809244 |
| SHA1 | df0ffa3f3c226cdb622aa912c11cb165c1716b03 |
| SHA256 | b6b638375e75a3a78757b150dda4e4bb14102c35bc64a36997e9e11eaadf872f |
| SHA512 | 874bb16f147c0d5f72500b779341d848fd953a400b5e6c54f2ba07edb1a04f07589426adf2268e459feb3cb7f928933601cf689f3572c462a06f19d610614838 |
C:\Users\Admin\AppData\Local\Temp\uQgE.exe
| MD5 | 7f271a14e13a4c170e70a498c8e0deb8 |
| SHA1 | 2f7cb47722821c8ad8fe8fd5b12504d6b4c26a3a |
| SHA256 | a1cdb71cff70dfe76014d2f58db121557c1c6ca139f673999ab4bc192a22aac3 |
| SHA512 | c748fb594e70cd28931caf3968a759a211bed94084aa672b4e03e505d46f0fae0e09ea36b9c68874f8556d8c13e37d080389ad34b2cc6dbae0dbffeac336a1e4 |
C:\Users\Admin\AppData\Local\Temp\KIAa.exe
| MD5 | 6b83db81585f51ea45328b0c7f5ba48e |
| SHA1 | 5fd8cd9c05934de13796dd1fe510ecd76be4f671 |
| SHA256 | 46e0325bf8b381291c99a610d8f6c25a07055a0b1ee0ea5b1360a27cf60116a4 |
| SHA512 | bdcaa7f6e49362f3cfcf1ff46e3ed11a36c7690435c3a03ad495732d16a9d8569cc8c234c0f704dbbf7ce2a4405b0438d0fc174e1cee240b9d3ce5fbb71baf11 |
C:\Users\Admin\AppData\Local\Temp\wGQEgwgc.bat
| MD5 | ab51c3a3afc2fe6f0797e85689f303ab |
| SHA1 | 0040b05c42b12c0f605a8d410451b60c8d0b1bad |
| SHA256 | 7f67cac3266d5f5af6cccfb42f85835c7419aa35fbf6a6ed748f5af4c23d76b6 |
| SHA512 | 63ec99b0a1c898ac6813001de00bde81c0d37d0d167a5ba78c4ab0e09f2a0fc64b30203093c8ed697b29307170349889bb865d3a93f8d34afd2e6603c26a2f39 |
C:\Users\Admin\AppData\Local\Temp\cwQs.exe
| MD5 | 3f20862f0c2c867d70ed9caae45064c1 |
| SHA1 | 5917ae6657d0877726dd63c81b2607c0614ec9ab |
| SHA256 | c7fb7e192792a1307303329441e66b83c507e4693b1ff5bb4c731a7911705b67 |
| SHA512 | e76fb5d91311fbbe90674ac3f842f10bc755e63f4a3d8cf55582da4684c2ce54988a722535e5b806a0fe16ffb5d7a59745e1e1cda5dac27ab7a8fb58c8eb7097 |
C:\Users\Admin\AppData\Local\Temp\oYwu.exe
| MD5 | 69086bd03b75081e58476ae8b4cec995 |
| SHA1 | 532fde7e79a49aa5d88a4e8a0848eec1e1ae60d6 |
| SHA256 | c5735685eb370b1ecd3e1f4833f3cc1ff7b01de7c2db3e0a7cb27edf7909da50 |
| SHA512 | 10e3fc5daf62424c2366967cd2fbdf8a7052b7133caa8ff7174707c7ea5b9b916250b111829a7735385055710f5fe2aebc988e5219e7143e65d8170eea07095a |
C:\Users\Admin\AppData\Local\Temp\Qska.exe
| MD5 | 6773f8c0641b3f5b78eccfe157cff814 |
| SHA1 | 1e72a74ba981d47441d4e9140c0c9e5d1439066b |
| SHA256 | cfe7a19f5312256bafc6114f34bc5eb67876da9495e98b6396424633f6dc2098 |
| SHA512 | ab26e471ba8039c4513bed54eef93b6f5b7b2cebad786f02e2beb6a226353a0380969c1252a6969a2a3394112ae3e68f593b01a7b80f86f046335c3cf5de5727 |
C:\Users\Admin\AppData\Local\Temp\SQYK.exe
| MD5 | c108cd55b3965d72cc79b6af57e12e07 |
| SHA1 | 67df3f300ad974c4cab271c5f7d90b6d7d774902 |
| SHA256 | 849e2e8f68a9f113d56de845ffdb3d81b6ff1e42e1f12d06e0de3f2f5ad7091b |
| SHA512 | d1a5c07cb1b929a8f2926b11dbb66b3155d0c5492c0c4a22ac869d7383385ffc3dc1e7939826c8a26fe99eb40d48e12dc268220efcdd16993413c55668af3a73 |
C:\Users\Admin\AppData\Local\Temp\IggC.exe
| MD5 | 923d749afd7af9200d7412433bc0bb01 |
| SHA1 | 09aca53809b39aa8b60ee2c1e3afe59f725b4fea |
| SHA256 | 9cd723818ead9058eceff1f91c11ffb9de788d9ea961f3ebc01594cb605fae47 |
| SHA512 | 7fe7a7606cbf2073133c4793117acf8a4c117e3d99c373c1b9db6355dc45706e82480fb7bca8c5e623a1b94680be1281968c84668cb15a7efb42fa2faff63de7 |
C:\Users\Admin\AppData\Local\Temp\hckQkUkg.bat
| MD5 | 85ce137315a4c471fae4e0ae7dbdeb05 |
| SHA1 | ad8961e4a3e96cfb643d3934e3eb1b027728104d |
| SHA256 | 85f58496df70736fa003cbc5e5374784204bb468c9f755d237277df24d32437e |
| SHA512 | 419eddbeb3e903d3445cb2332b725c4c337e0d50ce53c98cc4773cd936e8c744654377adceb7999f7a731295b08b2d6f116159807ff2eb2eed34ae41a5b28aba |
C:\Users\Admin\AppData\Local\Temp\MgsE.exe
| MD5 | 6c126359e6b785fb1f3461176aeb8305 |
| SHA1 | 4417b41b13679574473e7c1b148fb486cfd86dfb |
| SHA256 | b1102f905bb7a5254716d423c4c8f8db498e8248cd7cb6c49b5f41a4bef71384 |
| SHA512 | b8424487ba3b983f0d3ff0101a3702aee58e4f0d0c06f1ddf3991dbe977c05cda60d3ce27d5dc904b0d3c1427c04ebee5ada93e998402e7690d785be0d832b37 |
C:\Users\Admin\AppData\Local\Temp\gMYe.exe
| MD5 | 688860e23638b9fe81efc8001d8a91e3 |
| SHA1 | 9b7a6b34f1e714b865f0831751a48e08c4f4bd1e |
| SHA256 | ce8eeec653f1a17d559d50b8b783af3a682efe4de2d2ce8f5f6882927e879fef |
| SHA512 | 801b31346ac64037a54e8be6392e25dd9e0b98c1b74d14dba39971565282856382bd1d111d86aa20896e6f35d0eb27d1157c6186820ccb236026c142494de085 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | d737b34dae685053d4b55d7cc9b70515 |
| SHA1 | b4fb35b30794df7f963111d200308dbb3a5a870f |
| SHA256 | efb9c40931fce06920c460a13a4ecd12c273bd398365e6619bda3dacc960e981 |
| SHA512 | 29d261ca9c726339221c1076669960b175e5178b1eed81f946001b6b79b648c0cd09d446114a3cc5ab508a71d2078435e8a2f74b3a16b76daf29a97f4bd40a80 |
C:\Users\Admin\AppData\Local\Temp\hogIkQEg.bat
| MD5 | e3b555d3f04eb141211b2ec23105c1d3 |
| SHA1 | 367f9e2fe3baf3d38e2029046f084a33896a1f74 |
| SHA256 | 9018cd9d27e8a826a2812359fd400d179199e648c51030a1cd5acfd523bcf38c |
| SHA512 | 6677320c171e72a7aabc85994a0301d7e5334ed895fd08d871f584b485f8b9310d0545c4ec427847f854357c4160d3eece34208cae3896d4f9a5b3306f93eb1e |
C:\Users\Admin\AppData\Local\Temp\ecQw.exe
| MD5 | 7e511763d379447a319784b742b319a7 |
| SHA1 | 32005d4ac91912c08d1d79ee1458d965e4b4c9f6 |
| SHA256 | 406dd099fe1a8df2317454ed4f050ac583b2430d9f738ad17ce26c98cecf8262 |
| SHA512 | b912e6215fafb4ba52fed9688fd741f98c0932dbf973266490a3fe9c7168f4093fe8155b8ab65347b9e54700a74c4b9b156a1d4e2a0c7296e417378189bf7d3e |
C:\Users\Admin\AppData\Local\Temp\HEsAEMcc.bat
| MD5 | 0fd7123ad8440d5f0237dd878c177dd2 |
| SHA1 | 21f51dd7d940e9eed4d8259d54c0d4228ddc7fcb |
| SHA256 | 9fd8f83b62bc35e672b382bc7dd86671727cde7d61d788aa6c257bd0d020260e |
| SHA512 | ee110a2ae119b751e310144bf3a9dc56dc516cb095ba7ccc26284414a3db1e663ddf1db75190849fa6a112d06bcb2e3f4c5f74c42bfc0b96b14ff8dc6c0a5776 |
C:\Users\Admin\AppData\Local\Temp\oYEc.exe
| MD5 | 90888ba3a30014b590cb4569ebdfd566 |
| SHA1 | 0385cb564a40fa413d8a55e82ed85762337f8c65 |
| SHA256 | fd42188e555e46487abd22657424110537e1cf73bb88f339a4401cea348a81f6 |
| SHA512 | 68c6fbbe7ce5468042ffb79691eb5329bd60edb41831edee9aaaaf4c17043f9fce47ce829b0ab1608258872140296fa87486c923d38aee4dfedbde90b6e1faa7 |
C:\Users\Admin\AppData\Local\Temp\scYI.exe
| MD5 | e0ca01d22dd29935f205acd68c1ed7cd |
| SHA1 | 9819dadb061f4b2297d52e1224688c95e236a303 |
| SHA256 | 2f7a32c55aa9c318e4e24e9f4a87073a9767cfecee8b142a7b87a79a9350b95a |
| SHA512 | da9f503b49bd256fecb4f9f9e0b2177598689629758e64fe55e273a12068352f559f8ac99ca7b2729f168439cd7498700a5889b37d2d8eb483f55b62b992783b |
C:\Users\Admin\AppData\Local\Temp\OEwk.exe
| MD5 | ded5a9bf3a1d54c0c463791392f286c1 |
| SHA1 | cecc2f9cf9966b1a6589b06aa2250206b6074797 |
| SHA256 | a6d26ede9e63183e289a26d62777af4fa3282e7cde39ca7455de6ce6da91a786 |
| SHA512 | b2ce1fe1cb7edaebc41cbedc5dc2dbb65ee7ee7b2af46fb7ab89764c5a3e211e25441bd82e88734bfc81c67b9b03475b4e138090c84c57f3a21640018131ff9a |
C:\Users\Admin\AppData\Local\Temp\sIEo.exe
| MD5 | 7216c8ecc025724dbfb373b256908ece |
| SHA1 | 0aecd2a0f3770cf1db44dd24953f77a2b277c508 |
| SHA256 | f3a733a808e5c53568fe938fd4112a9eec7da86eeeb9aeef6ca0f1870bbb0572 |
| SHA512 | 9805dac20aa67d1345bbc71df7d30328f7c9decd0fc051ef0c7401e40a87ca173542653a6fe893c9b6b5d3fb79f8092698ab556c64c7730d45ee8aacec46207a |
C:\Users\Admin\AppData\Local\Temp\mYgc.exe
| MD5 | 3b2f30745392470108ac466346521da4 |
| SHA1 | 1e5379b5567b556dd68d7ad4fd756bcc303a49ed |
| SHA256 | f99822e7cca3aa4348288a20be7c9ccd7cb3522e687e1227dbd07f2b4c8b3db9 |
| SHA512 | 1ab27587ec03a952023aa0fff3fd7bdf2f7d51e8280b39b0d550f076a2a72b07769bd84cc381232632d0848dfb4b11907ff479d75a6589e9df4bd7597aeb3cb9 |
C:\Users\Admin\AppData\Local\Temp\usMc.exe
| MD5 | 060579231616cadf163b130ac776e662 |
| SHA1 | 678fe4bc2a67c83caf0fa5267191ab88482695cc |
| SHA256 | ef34d605fd6d218850c689191badbec0155d173039d9597c7aab2ddf2505bbb6 |
| SHA512 | 1bbba9bf83ca6bd627dfed0057f50ff678bae08136039e1cb9d28cc7c3cdc2d807c34cfabcdd371164da0173910a9377cb5805548e68a457712649d124b58f61 |
C:\Users\Admin\AppData\Local\Temp\CgIe.exe
| MD5 | 48e11dea618010f0f0d5e2179bac06d9 |
| SHA1 | b43bad2b921d3922b6bef1210a12c6030c3dd63d |
| SHA256 | 899a6b206a5efc80bd02588d82852c400f869cdb26f7c670e7c8f1c29f71ba0e |
| SHA512 | 4c57e121ce009c34a8854ca1430f46658031e2cc71bbdd2785abd4394a63c82fde6f0582b55284408ed65be4b3b2681945a1988e315fb3fc758008dcbc64987c |
C:\Users\Admin\AppData\Local\Temp\sMoC.exe
| MD5 | b2888d3d73d2949a50ebf151479c3566 |
| SHA1 | 2d68e2ef07077dd8bc9ea12adf4aa718d3f52bae |
| SHA256 | 824ce9e15bf5bacb46a10045f10af7b9d8645222804a06a7e4723955ed2774b0 |
| SHA512 | ec32435c8e46f9f4e372785c02472a19c1b515016f79aeed7b345a1cf060755473217954dfd788d26f407f6741703191d4230b603533f99f1c9d10c9702002e2 |
C:\Users\Admin\AppData\Local\Temp\SAkW.exe
| MD5 | 973998932599da098c3c46974d1f75e4 |
| SHA1 | d26cacea56e89a7f7f766f18815b7358dca99ad4 |
| SHA256 | 653c3a3fd591711f3209abeac3f55f79f3c0bef77c69684bf8f530c9a372ff3c |
| SHA512 | 5b0d810563fdba94981934ddad262bb7501306ca1a3ce9bf30935931963e2a623c23a9dfad70f452beda872652d48091dfa3907e957e604f03012668cbe2a01e |
C:\Users\Admin\AppData\Local\Temp\GAQa.exe
| MD5 | fe00d569ac18f40b6ed473e5f1a271b0 |
| SHA1 | 4ba121802dfdb093a1fe1bf0287a113c4abae3f0 |
| SHA256 | 1f0bb8a63b354b07b839bf2196f260ed333584e91bbbab7c38576fa18bd09ddf |
| SHA512 | d6bacb3c7653c3b196ff373f27b6f6b28f665e4fa135a2891f4827ed2f937446010298b9af1ccfc12b7e8072e59e85241474d05968c15a49bd5c76500533ad34 |
C:\Users\Admin\AppData\Local\Temp\cysgQosM.bat
| MD5 | ee31129e85f2d710e5cb69e0e365d7fd |
| SHA1 | 2c78ae5467ecaee7f8d417d95cfa42fa2e4a15be |
| SHA256 | 58444d4fc5b9fabdb5176ddf1ed47bf73e258920ab5fa9622e4b81bcbfdb4a83 |
| SHA512 | d0289f7c452e589b18e19afb86ab5683d9497e4b4fee5cd8fecd0144a990c4bc9d38027c5906cb8b8e36bb41979691b28cba970ab1de7258c35e3a3f38c4621a |
C:\Users\Admin\AppData\Local\Temp\QEoQgIQU.bat
| MD5 | 1e91ed4edd3ad8269d5319a2b0c20141 |
| SHA1 | 30afffa717c0926be2fab7321ec0c7d3ba890ce1 |
| SHA256 | b7585ebed4bbf1ac3d709925878f5cfb0ef0a94fde3c7882816aef7acbd3b0d9 |
| SHA512 | bd8d2db786e3b5c895e4c810ffd33bfebe4b6d70f1b049dad13114257d0609f4eaf3ca467925ed4fc4a71a931fd2b9343227a8095798f64fcf0a9ac594feb34f |
C:\Users\Admin\AppData\Local\Temp\iOgEkskI.bat
| MD5 | 11cc05cb9b158d8cdb352fa1fda37b0c |
| SHA1 | 2cce15b7517e5edc9afce3f2a8acacd29cd37c1e |
| SHA256 | 62889674f7463227058a4f73401391d031345305ab091b3f8639c58876a3a720 |
| SHA512 | e27c25488262eeeb4e75676924b0c82e99ad133c07e2e5e913ab3eafb58054383ab6073e3d3de2eaafae8b848d32c1d8798c5656f745a58c1275bb0ae8fea2db |
C:\Users\Admin\AppData\Local\Temp\pqIYsoEU.bat
| MD5 | 794ab904a24b20b90001df8b61036def |
| SHA1 | 7f0c6699146f1376a05f5d34097b4725b515dc33 |
| SHA256 | 2836e245eaa8851d339e5d40ebfa77211967e57b9af6af568d3ac71140b3f6fb |
| SHA512 | efa37b7ef5e5a1f2d1f19a08d5912473451e997d602b05dc62e35daa830302491ff1e3e1a98bdb63328bd5bf7fce804ef3f130b56f100bb7369aff8855e119fb |
C:\Users\Admin\AppData\Local\Temp\RiIowUkw.bat
| MD5 | 4e0b008b5729b98fe048a6a0c6c436d5 |
| SHA1 | f0497c40c44cdc392dd208d5351be739fbf438c8 |
| SHA256 | b1ac9f2b3be1ad86865dce57395eb3bb1710cdaf59a4f26409884793b799bf4a |
| SHA512 | 8643d464d59bef28c5f7dc2d93a4c0db97fc2db226f346c889e84b2d380b6b74fde88e10f1e21fe91dd363ae9d6ff967cf004ae669cbe2ff745ffdefa8e735b8 |
C:\Users\Admin\AppData\Local\Temp\HKQsMEos.bat
| MD5 | 1180329f37262355a5d8446de0ef83d4 |
| SHA1 | c2b8cd8da8bf99c86cf0087f2df2f2a8e05c74aa |
| SHA256 | dade237ca4910033c5b9e0d81429d8ab53fc496bfb07c116d756799d305dc696 |
| SHA512 | 945d6128de254cbe2fbfd5c77cdcd323db3c7318d99b68eb18834fee207d61538e2c455607867d8c0cf8e9392e7055fb0b104ec6c8cda2938cc24b772490195d |
C:\Users\Admin\AppData\Local\Temp\FQksEYso.bat
| MD5 | c4ea2403bb22eaa2ed7e4a3204bec119 |
| SHA1 | 637e239549e40b0bde1e29c04bc0f35860fd9cbe |
| SHA256 | b9f9985301ee90799eca4a6fae478738314e970de1a752e515ffa4248e670ab9 |
| SHA512 | 03548cbd44d186247f9d8c57da881703b52b95da287e214bc816ac1b22eb7ca286d941477803dc09b19bbb0001ce145a0c063d111a705c435419ede8fa3e0372 |
C:\Users\Admin\AppData\Local\Temp\UYcoMwMc.bat
| MD5 | 95043ba988fb694bc454495e32df4226 |
| SHA1 | 747a0636c66318357a409f297d47a282cbe7af86 |
| SHA256 | d85d2100ce908e6d2bfba8fb533bf9843fb0f380b75be9e80b56cf275a8176d6 |
| SHA512 | 9ea976374a0f60d60687f56cf8e33722762d0f0e7371d2156ebb525bc661076feb5b4334c4a6dbf8e786ec5662fc897f471bd4a0877168ee64b961c6efce296d |
C:\Users\Admin\AppData\Local\Temp\EiQcYcgQ.bat
| MD5 | feeae87f5e9b361d74c4a8b79da30b07 |
| SHA1 | ecc4f7c36eb3822f2d91a6fc27c23b9d102289bb |
| SHA256 | c5ab7ed389beb40b510017902459a20140a1bbd75e9cc187c5b87a75b9cc8760 |
| SHA512 | 3675a20ee080c23769c2165f658be4f8f284cf6ecdb9f5ea3ca0c5e58ed650cee26368e4114a9c28a3136cb06770d650f410846aceab0e06b474f6af41ce9481 |
C:\Users\Admin\AppData\Local\Temp\eqYIMwEY.bat
| MD5 | 313f62030d52d89cb7893010766d9bbd |
| SHA1 | 9e12821b7c24c3ab7cd99ba1d4de9254a41f39aa |
| SHA256 | e3d4a4055c92b91ed6a3ee6f135cfd3428fbed05a9e42230de68215326f8e4b0 |
| SHA512 | 67595b0efbcc84920dee6b348e8fd6fc8078a83dc777097d01dae562873a380f75cd81c9024d456ba29c27f48e935a15d47d944439006c66e4bac40f05b6a19d |
C:\Users\Admin\AppData\Local\Temp\ZwwsQswk.bat
| MD5 | 65c6345d75a1d344da536b2aafd0becf |
| SHA1 | df1b2723548b064e3c5e6d9804ac3d09bc5ce85c |
| SHA256 | f36aadf37b146ce2887a6b6a9b3dab7477877f682c603f0e9d9de907d91d5430 |
| SHA512 | e1dfcaee175797c52e2b4f6a78aa45b7cec029e3d49040d3814efe02be6c3342a568e43ad24e41714e761b17c4162d07ce0ac07f71f329891ad8187ae50b1fd3 |
C:\Users\Admin\AppData\Local\Temp\JukAYkIk.bat
| MD5 | 31ed3194628341a0d5b57e8a8bdc9895 |
| SHA1 | 093e55a15f25d9b6d73e0be3cc6624b72dafda0a |
| SHA256 | a04cdefbfeeefc0104998c2a139642319e7dd9d00862d000cf3affd305448a1a |
| SHA512 | c234fb649be5d39e050375aae28e71a2f34b30e7bc1b6f26b91a1f2de9b4eba302ebaccc595657da2b8e0f35087384995a7afebaf9c957d1692f082453e1a9c2 |
C:\Users\Admin\AppData\Local\Temp\JqUQwwYo.bat
| MD5 | 6de90522828a1d63338f98b918a0ec76 |
| SHA1 | c5177627dec4559cf61c2a53908d3fad9fd49e69 |
| SHA256 | f87c705a022416367fdf339f8ed7d8f3ede9d5135a2ff971cff926ac5c0dbab8 |
| SHA512 | 1cf683a3755682a8618e79064c96439efbc4ed18ad4367e85b4979e67a03ed975c158e94a05611adbd0332c6252744da2f1651d39703f69a8ab0f15ef298142e |
C:\Users\Admin\AppData\Local\Temp\iqkYkcQk.bat
| MD5 | eb643fd31444319cca11413eebc6b619 |
| SHA1 | 2da554e1b3edc58732ebf9824a0b9ab8f73b6c04 |
| SHA256 | 3e6f78bfc7a41484a492c0c594a4928fb25dbffc1e06a9ef2a043ae527b75857 |
| SHA512 | 624deede381c95be4db2c766f3ed33a8465335fc513e7ae2897b8dff17a370bf9c36db5d33a5b51ca1fd122079738c10e2017f89ded42b246c88256e12a40e37 |
C:\Users\Admin\AppData\Local\Temp\yegIAQUQ.bat
| MD5 | 20ca7ee3a5e6f724c8dcd187ce108ffe |
| SHA1 | 293057a5b11ef3adca3283e85a312966bb49e00c |
| SHA256 | 567c4cd3c71054dadaff5ac103e70cd9cacb7c5ca6c93cd666601255f7bcf52a |
| SHA512 | f5259dea4ea07511ffd2d91ba0ffd045f6ed71bf6df9d0c7df50dd6e9e0d3a94e5059008f94d0f57492fc6aa8aba1a53adcd3355bbe0ba4dd71f820aba5a0b59 |
C:\Users\Admin\AppData\Local\Temp\CokwYIEA.bat
| MD5 | 44827ce4b3a6c3c5a6024a5b19a4adf5 |
| SHA1 | f35a38e55bc1d69550035a6f7603a908b6d802e3 |
| SHA256 | 31e8de6da3e622f0cadb3eaf25fa6a70ec14a6942ae660bebe6c5ad976af521b |
| SHA512 | 278fee37a05d6440186ff67ebe24330cc0c9c4ecd632841ea435380776469e4c8ca5b0d4b48f409da4939cdef7ca89786e2f0813a9828dffee3cbee7a68acc61 |
C:\Users\Admin\AppData\Local\Temp\qQcwooEY.bat
| MD5 | 28877053624d9a404fadcfe1cc4dc801 |
| SHA1 | 45891203ee4dc5ffca3efcd0541fe8e5c220636e |
| SHA256 | 8e5b6ae1c07fb5fccdea337d6757a7d58ffd598c5c0ff342ea8bb184ae5c298c |
| SHA512 | 25ef4dd9240df50336063d2490795aebd425cc3f1fc8e07c20ee90f90e231488ef87f00fed0b9bbfad3e1f40c796eca5949bd58d5be991e8ec2806959773336f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 04:27
Reported
2024-10-26 04:30
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (78) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe | N/A |
| N/A | N/A | C:\ProgramData\raEAooQk\vGoMEoYU.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vGoMEoYU.exe = "C:\\ProgramData\\raEAooQk\\vGoMEoYU.exe" | C:\ProgramData\raEAooQk\vGoMEoYU.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yeMQUQEU.exe = "C:\\Users\\Admin\\xWEAUYcM\\yeMQUQEU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vGoMEoYU.exe = "C:\\ProgramData\\raEAooQk\\vGoMEoYU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yeMQUQEU.exe = "C:\\Users\\Admin\\xWEAUYcM\\yeMQUQEU.exe" | C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe"
C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe
"C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe"
C:\ProgramData\raEAooQk\vGoMEoYU.exe
"C:\ProgramData\raEAooQk\vGoMEoYU.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQUUYkcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcQwEAEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IogIgEwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWcEoksI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JiQAYMEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWAMwQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYMMcUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bwUgYwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zyYwYssI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GckksUgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aosEgQwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oIkYwwkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rqMocYow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwAwowMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\biYsMskU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYsokEwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AUYIUwUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CcwwEwUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUYkMEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYQUIMME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fYIgcIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lKMEskYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FOksckoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OyYkckYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oWccYowo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIUEUwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fIkoAIQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEcEEMYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xEAkoQUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XkkwsgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UOcwwAQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EowsIAAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zgAskUsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BCkUAoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pmMAwAYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEgoEYUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RKIkIYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAUsAsgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGMYUYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mGEIkksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CokwQogo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSEkEkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XaQQYgsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FygUscEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MyAcsYQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEYIIEkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ikogscwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWAcwQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NmEoEcYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JYEcIEIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqMUgMgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocIUUQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCEQUYsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp |
Files
memory/2412-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\xWEAUYcM\yeMQUQEU.exe
| MD5 | 6efde196948ab0ca7ba52923049d8f9c |
| SHA1 | c9ea17b24f18c6155c7e58a5c6fe13eab635fbc4 |
| SHA256 | 2b13ec8e364872a4d2600eff8dc7e26a5b42f250ba1b528933388c5372bf856f |
| SHA512 | 1490f4296d9060a460be72e2a04d1b89df486589f877ea6666542baadb061bfed3558026e58d6a7ecdd9c3095bab938850848d06f9d3773855ae3840757d1764 |
memory/1488-7-0x0000000000400000-0x000000000041D000-memory.dmp
C:\ProgramData\raEAooQk\vGoMEoYU.exe
| MD5 | 3e35d849f65667a971af5ca3d7cfdea3 |
| SHA1 | 5046d5863bbb2821918c499c29837c762767c4ca |
| SHA256 | a24417a31b911e2f00e0b033ecc4f64e330aff7dab19028778ba3efba13ab3c9 |
| SHA512 | 48a49fef1b5665ee5b063cc5b1a972f2a06a63ec6c90aa3f98d2c8190213623c17f26f96358d543f9957e344b5b5c25d6f56f8e01cd974f9ccae24cf09902a5b |
memory/1696-14-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2584-19-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2412-20-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YQUUYkcM.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-26_1ece96646e9b993df4996b2e0dc01d9d_virlock
| MD5 | 913064adaaa4c4fa2a9d011b66b33183 |
| SHA1 | 99ea751ac2597a080706c690612aeeee43161fc1 |
| SHA256 | afb4ce8882ef7ae80976eba7d87f6e07fcddc8e9e84747e8d747d1e996dea8eb |
| SHA512 | 162bf69b1ad5122c6154c111816e4b87a8222e6994a72743ed5382d571d293e1467a2ed2fc6cc27789b644943cf617a56da530b6a6142680c5b2497579a632b5 |
memory/2584-31-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3936-42-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2036-50-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1564-54-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4368-62-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2036-66-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4368-77-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3740-88-0x0000000000400000-0x000000000041F000-memory.dmp
memory/948-99-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3648-110-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4980-121-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1936-132-0x0000000000400000-0x000000000041F000-memory.dmp
memory/432-143-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3448-154-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4912-165-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4368-166-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4368-177-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2868-188-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4576-199-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4668-210-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4540-221-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3460-232-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3740-243-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1776-251-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4320-256-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1976-260-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4320-268-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1604-276-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2924-277-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2924-285-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2520-287-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2520-294-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2584-302-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3988-310-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1700-318-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2352-326-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5116-327-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5116-335-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1896-336-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1896-344-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3936-345-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3936-353-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3564-361-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3616-362-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1604-367-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3616-371-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1604-379-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3956-384-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3192-388-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4884-393-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3956-397-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4884-405-0x0000000000400000-0x000000000041F000-memory.dmp
memory/960-413-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1208-421-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1980-429-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4268-437-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5076-438-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5076-446-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2024-454-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4468-462-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1616-470-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2588-478-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1208-486-0x0000000000400000-0x000000000041F000-memory.dmp
memory/208-494-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1448-499-0x0000000000400000-0x000000000041F000-memory.dmp
memory/216-508-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Qoos.exe
| MD5 | 8a6c74d3cc41405364b460eebdaeebd9 |
| SHA1 | 13e03e6f2fd4b1d9510c946e8ac65e643e755b26 |
| SHA256 | 80dcd4e1140581baf6685b9f1d353807da8b3cc40bbb782f9aa32f4146505b6a |
| SHA512 | fae1bcda120740f79f21a8bbc8c1eedd3f28e8727ce6b6f00c11e2f4eb7e0bf222e82442d5381bccd7316ad9a69c971583d9aee229ee42ade73875cbdb324ff7 |
C:\Users\Admin\AppData\Local\Temp\AAgg.exe
| MD5 | 40f7bd49542f992436af46b96b9a82fd |
| SHA1 | 26a618a2d21e0a0bd2ec7dd55ab950f68b4820be |
| SHA256 | 16eff7b7daca16f6e065d31b00ef1db0577e046c222b02bd3e6c9edef55500da |
| SHA512 | 7d8f47fa4b5ce938d6e8a32762b584908f0c8fd021e8756d8f860d15f67348e98665f9c02704f0e81fe24fcde775cd730948722c177397312c8ce1bff30900bf |
memory/1448-540-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ekga.exe
| MD5 | d42dea3b35cf5133a2628a767b0d2cf9 |
| SHA1 | 3dc50a404b5a76507fa4f0c72d9fbba77f8089cd |
| SHA256 | 2dab09a54e9a75f7be13f13e393ff32c14e4452784111053a8e1937014731f09 |
| SHA512 | da6c15ebe52f18ca18456ea36ca97fe627b1301c6fc365da37c4c9f66d7cc4dcac90e33fbd12b13a8ffd847d8face128404ee5d4c6f2cd7b0fc942ca4e333acc |
C:\Users\Admin\AppData\Local\Temp\AYoG.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 845426f1445fbd24a59e8497221171b0 |
| SHA1 | e3d0c1abad00cef0a32e06f3c2f31f8ff0257c82 |
| SHA256 | 71e7b251630f70c9ddd79826277cbea89f3f487e6103a14c14e287dbc6236d83 |
| SHA512 | b703c46fc3ad2c04528896e626a720a1358988d46e55fd11ea730bd322e9ad8d230375e948ff15df67963360230a76f44de39d5cd2ef2136426696640448071e |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 21628006fe43dccc7672152620b3a611 |
| SHA1 | 59bfea3efa681b5f61b20c59063682657c5fa589 |
| SHA256 | 9e45802ae7cdd216f5b34e14e48490e62f6d09a4c5c516bba5930989371221ff |
| SHA512 | e1c4099fb5619cfcb0269d1eed460afa7238923405f15701ec2a557b2af78cd62916cba7bb469b45c8fa41b3f01853e087af4198c0c92a892f770a4898e7f3dd |
C:\Users\Admin\AppData\Local\Temp\sokA.exe
| MD5 | 3647aa173b90783987281e5ff6d34514 |
| SHA1 | 5bcea2f810316e51c90133e1b03944ab55eda509 |
| SHA256 | 43846581fd1534b7da425884c918fb1ba56679a24c4c6c0537e7c841c850f27a |
| SHA512 | 4198a56602550ab0a9e2f6f9b4a739900295a48cdc1a430b8021e40d13fc26e470d9190f92c07203e13fe3aa21e0f9e728d79fab75b4f23cfdfb796c368c3754 |
C:\Users\Admin\AppData\Local\Temp\EMIu.exe
| MD5 | 0cb2ad0e0d4634da4fc0d0939cded9ae |
| SHA1 | 7a32b6d8db2703b7ccde00421a231f90f78ebc0e |
| SHA256 | 18d634ca4b30f467a939b4dca1b685381819ee70e6789ea7937f9ca589e2d7e5 |
| SHA512 | 3c628bdd4191bbaf1e59a7a67725790d0a0223ae8eab8c953a99937a6caf2466a4b016cdcb8a3dd6e57d3ad269933b0e26a464cd46d24cc77d5d75ee05a84e29 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | 57474f79243fddfe8967c19ff973f72b |
| SHA1 | 0824d54e6cdd3cb2762b251420fa8600f860b59f |
| SHA256 | 12819be787e24b68c7fc8e3ef99c3ae9d7c38ac0be183fec87f0eaf5fe7f51a4 |
| SHA512 | 6cfe727348029bf79d1a7ff7ceaa7db2e33884c12122ad04f4797629602b80e9dd6ff96f211068c72f094b503330fc0380e5b331cb990fd2e0d2a6f7a9c88996 |
C:\Users\Admin\AppData\Local\Temp\cwIq.exe
| MD5 | a7471a838ffb3e4013fea6aa90bd4858 |
| SHA1 | 0c0a6df17a0853f9626666c18c410fe8f90aecaf |
| SHA256 | 821fd1ac29bcc27d4e904f644ac45fc7b1d393e40e8e05a29256f9825b6f5cb3 |
| SHA512 | 2af3d2bafa93324431f5cccc93ef1c787f3c66c4bc49916a4109fdcfed245bd30528d6156903aa479c3c3efc9033e91b0cc52834e660e66d108fde1772a5160e |
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe
| MD5 | 96731bd2dde016b24f5dcd46c5845a8a |
| SHA1 | dc190224625faf59daa12c41898ca928fd39b378 |
| SHA256 | 9de58e0d2632a3e03ffad27b82de93a4eb4169bfe6cbea60f67bb0eed5e7ca6c |
| SHA512 | 89fe5c65cd307055a9ce42fb9d3930db941b176d3044703534d585aa5a966bc6acb68c2946f4fc91e088900f1d9930d83d232f96dae48a5097d8d8b7f962ba7c |
C:\Users\Admin\AppData\Local\Temp\sIge.exe
| MD5 | 5d4382d4ef34f6ff67ec9f8358dd9b3a |
| SHA1 | 31c1836afc15755bf0e10ad82ebab77fd9e58831 |
| SHA256 | bb08c017252cb48b8fc183de69295ec8a61a77945409a497ee64fc7216678768 |
| SHA512 | dd8436188cc01ec914284a251d24891278215e61de0ac31174b32050828b744f22b6f27b6db6cdde0e7e22f9c7b677f872862927a5a848fc54b150405e1563fc |
C:\Users\Admin\AppData\Local\Temp\kook.exe
| MD5 | 55d5ebbebe1ac82a69073a9fb0947aca |
| SHA1 | b4436bf71db410187c7b2e5679bcc235870cfc7b |
| SHA256 | 23ad8cb966dff29348d3e60523f30e35093ce6521ff0ed11fd106c43f02fd4ee |
| SHA512 | c4b63adc93c7bcbd17c790105c2f6763eceb25bcf263871a5cf73f2076666b73b4ce9028dd4f5044ed5e987f293a1c2a5f9f85433b8dea096cf07475a92d4fe3 |
C:\Users\Admin\AppData\Local\Temp\YoQm.exe
| MD5 | 2aac206d33da56f728b9ea0f0a383798 |
| SHA1 | b97920962e7ee576f19c308151a2436424355788 |
| SHA256 | b3414e782910d03c5a87de4a2e525bffb47216995b57f148c1bf0cf2c4651cc4 |
| SHA512 | 18a62946d8eae807788fb547084fe9a5ca226d0922b76b8abfcf9a9a44fb441af09461891c4934428a64fa5deeea8a95ebf1e5760236ba141cdf6ab9e39abfce |
C:\Users\Admin\AppData\Local\Temp\uYAu.exe
| MD5 | 589f21bea3d1f9e2cc46f87d0dd4918a |
| SHA1 | f40e17811701e4a40e937c43b086a53e168343ee |
| SHA256 | 40cdb24a2318adb280793fa8f6c58b46b73ddfa081a8e40c280cbf3c3311450d |
| SHA512 | c97ea744517d5da6f738b5b836a7246b80d2cb26d4e1db0bea1972ce170bbfb06ec051db6aaa622e1c43fa50f6a1f76c57947000bf734034d303872b788989bb |
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | fb51f9bf7a1e168d4ab385005759dc8a |
| SHA1 | dce08dbf306ee970cb911e986ba8c374a8f90c29 |
| SHA256 | d852fc965f9a8364e717cfcbe0dd1f785a918d8fbab2f1b46f49d0cc81af222e |
| SHA512 | 0a0999e3d79d4e6066d41da40f069adba498344623a9af109bedbc9778b00eacede1e098dfedd50d982d298828eb075170b4e5b6c64cfe212cedafe8b2f50e47 |
C:\Users\Admin\AppData\Local\Temp\SIky.exe
| MD5 | 35a6241224c6827bc3fe55b126aed2ba |
| SHA1 | c7d0a8abfaf086f1f954a11c74abba7493411577 |
| SHA256 | bf83d644f7e4c6a347e98c20d5f6bcbb08e6d948e03b639be27da2153866a832 |
| SHA512 | 255afb713cd5c1ab57a4dfcd7790ed1b7b18b0fb348b66da7bb6a0382753eefedcbab98b975aa96396495177dfa39322ffd3f3d2bc94c6de39aba4d9c6338314 |
C:\Users\Admin\AppData\Local\Temp\acUw.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | f589af2030ba3639dee60ae2ead8bf0b |
| SHA1 | 886a7481ec429658553ea6c3a413dec29397fd34 |
| SHA256 | 6f57c83c24cdcb1fbccc8a6a20695ade9bf734092ee42459eb5495ab0c6d8bfd |
| SHA512 | b6715206277667446a5d57def23d6a6bbb0c4a39f2bb1a4455b5bf7b5bb7f9f01fb6b7b094176a95fc2f2510b9b29260220e92a8ea8bfdcf682d8195221bbd90 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | eb4d011d2e77467023b0daab4c3c4002 |
| SHA1 | ab0612ca515439b5fe4b10d8b69d8ee474b8e13d |
| SHA256 | 29d2b621d2b9438c61df5a004b543628d57379e9d101fa15bbe5a422aac05009 |
| SHA512 | 7a61d82eaa88490d42dba68fe62ebf8bee0145564d240c3c23b055a08ae347d9956329e402690171a51c4fccec36c680b988ef7c63e8a449edba7bef70b9df97 |
C:\Users\Admin\AppData\Local\Temp\IUgm.exe
| MD5 | b04f78c248a51086c10f69ea969b250e |
| SHA1 | e683b5778a13afd665921081a896ce1e6763dbe4 |
| SHA256 | 0166a5869ad4fd10e696fcd5936a75d2d1c78ea50f85e0953f3e0479312c09ea |
| SHA512 | 9863deade00e2263c4e4b356b37d17a744693291c0837c6de9f720418b6552b66dc05268e3993b7c3e8a1f1593afbd31c249ca850cd4d73779c7c4982942ded8 |
C:\Users\Admin\AppData\Local\Temp\ckkS.exe
| MD5 | c60cf5c0d65adab32b96a4e391cee308 |
| SHA1 | bb7b9e6a0bf77ea1105594ad888d56f449d817b8 |
| SHA256 | 0f91b65ce6461ddef15bbed3bbafe887fc626003e7eb8796ab8e94d7112dda5d |
| SHA512 | 08149deff83223d00bdcd892a938766c63cc6c26fbe85272e4abbf74359993ca4aa00aa0fd8bd8d721071bb7da6e3a24394aea3ec623de7731b83b661f7fb939 |
C:\Users\Admin\AppData\Local\Temp\GIYe.exe
| MD5 | b4e810a549781d3e1dea18c18b5da7c5 |
| SHA1 | fad6a648340a0b842a4d69489ffbd29056c124e0 |
| SHA256 | 7fca94760382bc3108d0f4eee2b1929b0cc63a50a9d299cbe5d95242f1e51fe3 |
| SHA512 | 5f9a607f919fa0ad84610dff920aa0dcc7ce94b0d5fb4c3befdac3a6c92834928e71f6a7de8d6ccae22e55d2dcb856eb0a3e08fe966fc124ddda74a8ab24c811 |
C:\Users\Admin\AppData\Local\Temp\uUAE.exe
| MD5 | 08e96292de073892cc1bb7c50567b585 |
| SHA1 | 2715fe0c693af6b9023cf4df6f30e28d6f10a878 |
| SHA256 | 91724e06069d0154370079c883e215110b2b2ec286b582b2191632dc3c03cd6b |
| SHA512 | 896a43f94e8096ed4f60d5a9ad4bffdfbff5ec53e55f38882d84663687207d03416f09db278ee231ce9406ba3aeafdcf8f12721e22ac0ecf0c12377ffbf2857d |
C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | 3959ddce5da2b812032a69f56a2fca3a |
| SHA1 | 024cb54b3df795aa0a6fc9b8a1b414495544b739 |
| SHA256 | 8ab5934c6324675b232dac064eaa32d4903698654439cbf11118612499f8423c |
| SHA512 | 0f625856b95295d0c08c562580fb6c23526e2539833cf8ff3df286ed456b827f1dc52ec6f6cd4ac46d29b6319050f8eb682c06c8ad5f676ea4e30fa42bd92a4c |
C:\Users\Admin\AppData\Local\Temp\usQU.exe
| MD5 | abf46cd4045213f9674e5ac58f8f8a75 |
| SHA1 | 0fc75f0fb808e2fbe58d973871e5080348e9b3d1 |
| SHA256 | 61a45f591fa7fa4cd70090144b745c044572f4501e7229947faea37e8c8ba20c |
| SHA512 | a7f8e6bb7c5cfab4310c940383012064ab191b8d67d8d92c0b4c9189d94ba040b6c81db5307da1c92f769823a9ca77ca54f048071272c0ce2a40f84caa1513af |
C:\Users\Admin\AppData\Local\Temp\UQga.exe
| MD5 | 1daa33d1635ec47261df87ef721d92fd |
| SHA1 | e9e22da39c14033f6d0598842f7dcd66cc3e3565 |
| SHA256 | 6ca2672a78ff3716a088d8c1425b540339189a54a3d67d28c9da266761ca4848 |
| SHA512 | 97f60de6ba0229863a1f50028e8426b79449ea0e0044afb860a55834f96182a7f88507b0f474c864249c529ec745641a5fac840abd6bece7e92302a544f2b20a |
C:\Users\Admin\AppData\Local\Temp\iswg.exe
| MD5 | a5a4761e537a792f644b0d3b8a9d67c7 |
| SHA1 | 8b60bedab95e6ba7b199d42828ae7d9a1c1b7eb8 |
| SHA256 | 90d4cfa23fbc31e630a9da3b6e7227686c190ff1e04508d91ffaa0e747b2bf6c |
| SHA512 | 9dcd1227a435fb8dd723cddc927322c7281ba183b1c71be9971a74adf4d8b6c98913412a5c1dc0b6a950141974f66c89c7ae3caf4b6a49e940caf9853888e3ad |
C:\Users\Admin\AppData\Local\Temp\mEga.exe
| MD5 | 3f27733ce114af441d5df0a0f77ee346 |
| SHA1 | 29f135f52db9b2023b2b8533b14a17e07f1c21d0 |
| SHA256 | 35e5f7b11c696a3d4697c07fb3088f425f1f25c2a2049fc09eb0995659390ed1 |
| SHA512 | fd481db0e43669298606e9caad4c0e87460fc80a6a312c6958f1319e49736ce493f64cecf6441ec87844335b58820e52926438d0feb3ab33746076bbc202117a |
C:\Users\Admin\AppData\Local\Temp\kUwe.exe
| MD5 | 60e9d7026f0d2618a6362d3593a9a4bf |
| SHA1 | ae9ebd56f87cea213ed99e8d908ac2b821f6267c |
| SHA256 | 7f72a67c6e496a8cadc6247bc09bad2b49a7f2b20b3ff8c493da52a07143c739 |
| SHA512 | f860b5b974ff8f0ed16f0b0e8f1ddb4b59baa1c465d924e4358f4b36d86e6ad548a7febe73300f7f12d4598afa2bcfa71ce945e7f9c70d376f0dcb58d02195e5 |
C:\Users\Admin\AppData\Local\Temp\uwIg.exe
| MD5 | 80631a14e08ff91c21e507f4a426a56d |
| SHA1 | 2e052900e768fd7f67e58ad6d532658d82ba337c |
| SHA256 | b3a4cfaff956028f97f79221c89be7671c0dbfc75ba33de06be01a10ffdd3b7a |
| SHA512 | 6bb2457d298dbbe59f1422945b570830dbfb33966c3af7dff97a2f04abf90027eb6d2418b3ddf300fbb95cec552bb752c0cd1a0854cdc0fd38d5d548bd84d9bc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppWhite.png.exe
| MD5 | 141a3281ab4f3cf1eb32826233bcdc48 |
| SHA1 | 651ac139f7d503bc42c06c65c23b19dd3b284b16 |
| SHA256 | 76671724845da4aed3e72eaf35fad0ec955eeb84e06edd7326eee73411aa8ae7 |
| SHA512 | fe0ef1c2f1a03dd04ca9fcf6cd4d52ebcbccde47629b8d430a32541293f0228186bdc05c379a4702d1b2eb122b984abb66d5753ec492fbbf8722d18cc21c2e7b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exe
| MD5 | 19279e016bf67db021fc60fd900559ba |
| SHA1 | 84ecbcc69ebaefccb6393e8880e14ca0dbcdb979 |
| SHA256 | 9f01f3b2b1b9badc26da152c35f2fc1e81fabaed767847996e5dffdc8a18e45d |
| SHA512 | 25274eb6e6798663cb4ffa9dddce2f3b52144331f9d8301abb795a37fe348ae24f6cf672f888a4c716a64ab1ca192e62be40fc0fe29ce1b9ee1c67f231e992e7 |
C:\Users\Admin\AppData\Local\Temp\CYAk.exe
| MD5 | 906280976f790ddeab30b0debdd1f9d1 |
| SHA1 | bc04edc48b1bb193abe42aa7f1dc09b15826a3c6 |
| SHA256 | 0b3e491b87a2dc7d5aabc18f37b034113fad1fc1b1614225f6bbc550e70c9f33 |
| SHA512 | e24474b418acb347eaf639662392cee2ef7a3fad98ce6068848516f3c0f19b5852a9624541fcd6b766de99c2733be57fecacd8d40064f482009fc0f2ce4ec7e1 |
C:\Users\Admin\AppData\Local\Temp\MIgS.exe
| MD5 | d1e9ecbb73d3ca4ea892881b72f5fd3f |
| SHA1 | 98edbc79a3517a31724b18560f13538d295b25f0 |
| SHA256 | 182cbe7b341d75c8ac42ba19208674452717ea7ee9a40c91be30e38023428199 |
| SHA512 | b3df336f8341c93507264a427be99589d4e7a2fde3dd9c7201b3abae11cbd4bf884ff6061a59b9d6705809ea31a66005ed06db373c5c02900ad3ed8726803464 |
C:\Users\Admin\AppData\Local\Temp\YYgG.exe
| MD5 | 5117fd6b4a2314384cb73b702bf0231b |
| SHA1 | 7f4889768a7ee258bc7ffabbdce3cf2e6dae3534 |
| SHA256 | 860b24507b943eff97a458e560731f293e67a65881c48c49567e8654f17e4aeb |
| SHA512 | c7017edc727aca466c46fcd8e566aedf62cc8e1cab4a1107b9d471ff32d1d2f4aebf2bfa1203fe1cfb6bdbc58f74f8e3ce436883ab3e7167789f6fa30434761e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | 341022085d3ef26c568a06af6b9c606f |
| SHA1 | 7a9be91513f925b761100fb3886cd9cd2c5970c9 |
| SHA256 | 9166b800263854fe16b4195600677df17cf2758b8332778f01bfaa52aaf62ab3 |
| SHA512 | e31ee4439699582dfa4e8d977a90a638205c1b9181c0d920cd794ef77527645a3f36f5051fa5fa6bce471332a25a1e0dbf8c02343ce546a6bdb0b90a700f8f59 |
C:\Users\Admin\AppData\Local\Temp\kQEm.exe
| MD5 | 77cc80798f75705b6c8888df9891a9f6 |
| SHA1 | ee1000f42c8004e2a56126f650a0e1fa32b571e7 |
| SHA256 | a1715d1b6db13e051dee3d75c0c89fdb3049957d5ca1676deb77fd880ff01d0b |
| SHA512 | 8f2913c09c196036a40f42a0cf21fa26eb2ec753c118638f63be62d10a6a03b3b4d4d634bb24c42ae35bbfc52da106c934d8416a8322769790c7edfb3e8f9906 |
C:\Users\Admin\AppData\Local\Temp\yosm.exe
| MD5 | 9a868115bd79058b1076291f776c56cd |
| SHA1 | 61d509f4836ff406c7e9a8a1a22181d740c82638 |
| SHA256 | 7cded918f7aaae4648d3e88035cce47d24181073f47460edfff20f88e0b77499 |
| SHA512 | dee6e370bf3be4626b45232d80e877b5f33d618784b70af3d4af3c5263ecdb85fc8551703258961a8c5816cfd3f6829445061808180fa3bd66f78d8f5144aae3 |
C:\Users\Admin\AppData\Local\Temp\swwC.exe
| MD5 | 7048bc8c4e4ec5a8ecca933cd7bee4f5 |
| SHA1 | c0881648c98b26a6b583964f57fe749e5eb1fa28 |
| SHA256 | 508f80299e6f381dd7cdca2c9d064903af025274821ac898f2b5a32b0f23ff6d |
| SHA512 | a145d163f0c3a574b40549258c7ff9edaa27473eedbf4737ff2835ed9e54a9717b1671da2b1ce5f41c63b859e9643894ffa0e94793fafd3f180895b4d93c5585 |
C:\Users\Admin\AppData\Local\Temp\yYYc.exe
| MD5 | 77d5aa334465ca542c36b0b2cd383fd6 |
| SHA1 | 79d458a9e3ace1bc0be7909d7ef0cbe135b41682 |
| SHA256 | 12aff3906902cbcb80c7343c61741f22f69259508d13606821283f6fd55e10b6 |
| SHA512 | 44b4aa8e5514a011a8b308cc0574ca620a75cdb4d589ccb68625fc8e29cea1808aaeeacde3fb132eb468fcd9780de2273c7f008d4f20ea853372de9cfd204bc3 |
C:\Users\Admin\AppData\Local\Temp\ycsE.exe
| MD5 | 9ced54c6a339261b1d1ef0443e7e0c14 |
| SHA1 | 92a325bf9e2b636fbb75faa8e009b036df75d837 |
| SHA256 | 756705faa7dd36171dca5f6756a03b9a566c51576df15744885753851aed3647 |
| SHA512 | 0038f4d448bc504bfb6341c7be39bd84da093a1705a7d306196e14afaf726aab22b9243c850b322deb39554edb0348e9b218cbfe46cb7137b66b5a4a649e0f39 |
C:\Users\Admin\AppData\Local\Temp\EMoq.exe
| MD5 | d4cc1f33b94d849acc0beec2177ab946 |
| SHA1 | 7b5925261f0c1689abce40309201f425af8d67c0 |
| SHA256 | 6130d5fbba24eb3ccd3f8394299032b73fe80b986005ec466e12ae983e6b172e |
| SHA512 | 06c926aad99adfe8bb648f96bf32bc898ef864cc0c267fbe7581ea971e05c41134c63c560121d48a84bf08be36344607bd514a70f3bd45f315dfce4996a02c73 |
C:\Users\Admin\AppData\Local\Temp\qUcw.exe
| MD5 | 729e7479f3f6fbee7a41bd65eb1f3093 |
| SHA1 | ec84c5a9231bf33742077c22820856ac8c5c67c4 |
| SHA256 | 351aaadc5bcb0ca28511d2792d62a146de44b71974225130fc7a17b3b97d5f9a |
| SHA512 | 268196951eee9e2af12b5cd91ac1a66990a902f1697e5240bd5e3fe2b6cc47737567b6590a4ef0b8a5dac30ed323754480f0bcff8f2baa8d6d59fd726fcd780f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaNearing.png.exe
| MD5 | d006163000660fb5fb80fbd57e335420 |
| SHA1 | 9eee44ec7b125c99347cf8540f9b3609e8826f07 |
| SHA256 | 31fdc66de34eea6b31ba15ab06aa33b578b70f9396a0ae93607d262948020159 |
| SHA512 | f638e998559b67b0c5fbac4c7ff5b0585075f5b5bc0a5d299060e14dc06077ce1731b06e3b580e2945dc00437b22b95633d6e7f1db95eddc596f2cdd15e756fb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | 2c617cd9b9282043ac17a13668532174 |
| SHA1 | a3808a2fc19d0f755ae80d60d02558d0091e1ad2 |
| SHA256 | 466761d1581624dc1ac32f1f009ff713980cfa5c6f34010156f53f474686192b |
| SHA512 | 5de4a2d9ace268a0ca0ce486af5aba05af6b9041d9478a8ac3f8dd0e91b2cdd60e3600cff9e900d5173dc538c4ed380092827cb17fef58a23215959b969c71d2 |
C:\Users\Admin\AppData\Local\Temp\sowK.exe
| MD5 | c4ba3d661000572cf36474269186673f |
| SHA1 | 4ece01d98bfe84bc6300eb6cdf505b383d8d68a5 |
| SHA256 | 3bcb8db99a75e601a7c676b7fbe25327ad1b84dfb18534806e7f5b7c82ba9b54 |
| SHA512 | 0660c549df5d1a5e54d6fd854d82c2dcb4e5d55d5989fbe90ed4e890bd22f3da98f1f20b59f0db09969dec6d4ddb4421ec697df951701aa0bed17d3ff3423589 |
C:\Users\Admin\AppData\Local\Temp\OYUA.exe
| MD5 | e5fd9991139e70d0cf7fadd2cc3d04e5 |
| SHA1 | aabc931a6f98b33617ac017f80dcd2ed03660d90 |
| SHA256 | 074a88342f820b93ebc77493b9b56fdce6c9d865eb56a0eeecfc1035d84892cc |
| SHA512 | 87052f2c947f839e1c93ef5814a08a602aba660dadb8d99522f6050d8b3edd69ef47c795ed8a624e7f208c0f55cf9df90f95ae0d31d184bce22fc4c8f52f1fbe |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png.exe
| MD5 | 93b6149ceb81bf57ca58a2460ea9267d |
| SHA1 | ec320c73b00e067b9a9d8609265c7686edca2d19 |
| SHA256 | b7917f7b2bda8e63e73bfa1fc38c6f9dfe48c070628e162af622065c6961737c |
| SHA512 | fee063f4c6ea9eabb61b9bda422e1c79edb7f88dc2860905bb726f59198d83c94902f8eb111f9700bf4c45625b4e784f2728eba80f6ac08dc5d2582d8364a258 |
C:\Users\Admin\AppData\Local\Temp\sgce.exe
| MD5 | f524c1919f181df479382434c44e23aa |
| SHA1 | ec7c42fbb0d7e627a6a211dc84fa1f2e1649c755 |
| SHA256 | f1d8065dcb3f6d615b9cbdf27c1cd7f9748cdffe2e2c68513772d1de113b647e |
| SHA512 | 8a7212c7c56169c7f4f04c63a26d17e92383824c001e07fa30ecf1c2001c56e1dd1d4d4399616f28badf3db1f3d2f30de3858fbd99a4ecb81d29176952aefbaa |
C:\Users\Admin\AppData\Local\Temp\sAgK.exe
| MD5 | fdfe72d895c0badc026e89eadca710ab |
| SHA1 | e6e50a86db5b3332f469a5f55dedb05be0c07bb2 |
| SHA256 | 76e228229d62276bde806268e99d1a8e73817385dba5c8d48bdc8c28cb366123 |
| SHA512 | 55ceda124771d9d7a5fac11b9eddd2ef8937e41874e8eaf56bfd835ee045de42677e661174d4756c709ab478900183321acdafb4f64e70fab51fda5d54e6a165 |
C:\Users\Admin\AppData\Local\Temp\QYYO.exe
| MD5 | 97a21a3b1754c56453c090988f92d582 |
| SHA1 | 1775a48c1cc7d8060c1b1b12cd23702f41700658 |
| SHA256 | 7bd586c4791ef4f294adcc550b256074eddf006339bae1a6f74a60b87d8ac333 |
| SHA512 | ed518242a11ad74231b8383bcbaee9ca492242252608f0805ccba0633ce0b853cc7ccbbc6153e1557bac330ad8e98ffb47db01c46f37b930c2ebc2be05feb970 |
C:\Users\Admin\AppData\Local\Temp\ygQq.exe
| MD5 | a50ea000543fd095fb973ed2136645bd |
| SHA1 | 65783a90288611cd1af9a1462744daea434f6e12 |
| SHA256 | 43dfcf83ba0be9566e5040986fc900e91d650dc7b473b098b0b6043d3a3b52c9 |
| SHA512 | b566fa32d9b70398d38ee093ca05a914e4f77a11c2c7e1dc15cb460a21e9426884d40ad5704e5d6f11d741fde77111a2bbb26fb9ef7a9bf795a41eeb1a23cb73 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.exe
| MD5 | 9e39bb02dc627b0b61deb8ef4b3360b1 |
| SHA1 | d5e9e5a8d33b2a38d1490bf97ab99360e7fa11e6 |
| SHA256 | f728838372f9ed7377861f5f844d25d7eaa7d3762bc984b7e8f03465764c4d9e |
| SHA512 | 39dba2d6e67c45cd472a9a6fc8b9fc799bd68235d0a7b93c6a83281a3b47aabf95f9cf110b7542ce515b1bd97dbad38eb70c2be2a2e0f0c2cac54a974231ad5f |
C:\Users\Admin\AppData\Local\Temp\wEcU.exe
| MD5 | 0ad6d5fcfc6460914b4e3e1e4c2be92b |
| SHA1 | 8b212cf386882cfaf16f4cdca265b950e8231194 |
| SHA256 | f9fef028a8004ef6a8ee268d5f4c9c4b9d2dc294c86730a5e88f54d27523c864 |
| SHA512 | d45008cfb563423417bf6f3d0082456387de323788cce40aeb82e561b95d9e6a47768ed29e089792ab3d587cf4a2e3b718311b1b325d30619a24f88030bd39a5 |
C:\Users\Admin\AppData\Local\Temp\uoIQ.exe
| MD5 | b5aaad60dff54dfebff53b2e6fcf3622 |
| SHA1 | f563b0a3674bfa4ac8aa74255ac2038758f282f9 |
| SHA256 | 9341d312f71e282b01217da8a9cd882e34cdfc3e0c8a8295dd70bcce616792cf |
| SHA512 | 311f69f26be984950e6efeb671e0f1dee169086172a79fcc3a2182d1c8c27e016c6280522d0822332cc86e0f2a13148aa1dae93846a70c193b4176776a48e98a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | 0429a0275f222126fb96fca28c48536d |
| SHA1 | 19c22e5d47cbac0f3dbdf00e34251ece5ea746f4 |
| SHA256 | ad6734a2f54cf9bab5606a5f6d4922d20c7fdc68f9e92673a77bf43ca4468c64 |
| SHA512 | e98242998c5666ee6f7de8a2c0c48e959e4214c7314de671600630ec6326724517da5e0d0814cce6a9a4ed5ee81517ee164b6e33ea6a39e050ab0a0841dbde91 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png.exe
| MD5 | 7aa943ad68bd822a8070bcc4ec002a8d |
| SHA1 | 09ff49be658b4ddaeacde3227378488a0b168724 |
| SHA256 | 60ed48eca8b6536809142c18424510ca6dcdfb1fdbd4f5cf5acd86b91aaa60a7 |
| SHA512 | 848fd06e5f12b6ca76631187e14fa7354a217926832561c995193f5daa3ab6381912e664ae6a50725852090d193e7205ed628674bef33e3fa46b4c2362bba343 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png.exe
| MD5 | 5edd2042c7722c1ba1f48d9a6b1eefdf |
| SHA1 | c609bec26e8b55145e955bbb9591ba38afaea7eb |
| SHA256 | 782e4930ebe7fdaa552d9331c1690d252bdfef1aca8955672013b900bd35a56e |
| SHA512 | 9ceb3f3a35a30ee3510e21aa81a7edfcc2d12df1d6e39dbd10098ac289573e1e9bb2d6dda2bc114cd4fc27308e383234a5d12367e7d436b88dd230d45969e42e |
C:\Users\Admin\AppData\Local\Temp\YsAA.exe
| MD5 | 0eb1116a1c0730756a8e8f512f71f6de |
| SHA1 | 8df99d5025d8c49f980fef0535e02887d6262dc7 |
| SHA256 | f759290ad3f61dd9a7a22c12be290ed23fbe94a18d9c32bdc0129019fee79dc2 |
| SHA512 | 39ef003ac547a84f2f9f5676c96a97157e77078826410820ed3fcc9365602c84ea9a0ba79b011c7efccbb872c14694a3049f0c3e7dbd4945531e51775e9fe09c |
C:\Users\Admin\AppData\Local\Temp\cgMa.exe
| MD5 | 7c58563d58472b03de3ac1fe7e9da982 |
| SHA1 | c141ac5c1e577fbffee2ec5a8038dd02b74422d3 |
| SHA256 | 254bdf40e3f47a47e5cacba07d4ab13cbb75ff8fba31ff3ceac3f4494107687e |
| SHA512 | 35b3f885701fc78019365a8d5d7d714e0f7e0b167635d3da204d6b16e08202bf0967a00a148c796c2552e240854385f4cc54e7a92b9d185efabbcca4a7b856b4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.exe
| MD5 | 3ecd2b7761c6c8d4f9aa39dd991ebbcc |
| SHA1 | 61af2bc8f4523d4d115f6f33510b31aaab1528b6 |
| SHA256 | c3227d81e5ba2b00bf85a9248f9a3aaee9fcacd604210bb4b80e2c72b0ae56ec |
| SHA512 | a2151254c16fadbbae843b425a7d5212514c2b49fbcfe9e79252c705400354f88df7264f59ea28a5a9c6bd3214b1635590bdd3671ab81c4a97e7624c2447c038 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
| MD5 | af7c0cfd2ead8315d933304095f779fc |
| SHA1 | c7b6a185820f318f01bb4e2f319db3a09fbcc5ff |
| SHA256 | d0ab0b8179b0529adb058fc601272d67712f5bf0c094b6ad8a172db668f04460 |
| SHA512 | 39a5399fe7aab8eb5e6b4a13018c02f1932075770093a413aa8e704e9cee1a6ca866445b2003c0e0572894e54a944bc6aa33b09c75c2e1464ea148bb39b6b82d |
C:\Users\Admin\AppData\Local\Temp\cQEe.exe
| MD5 | 6ec0c192959fdc81afb6feae127364bb |
| SHA1 | a905433726072f844a1478476a356abd5e8198cc |
| SHA256 | af607fc67ebca17e47f0f127ed89c315204247fee593090d7c7de8c67dc5ca99 |
| SHA512 | d8b070c1a6d11dd3f3d0e321547f67fc4d90ba3f92f583ce6982d3dd2139e015fadd7d6d8789424ffec3bcce99ccb49bea1cd6e5177438b329ad433dda964cc6 |
C:\Users\Admin\AppData\Local\Temp\aYYC.exe
| MD5 | 9026fa9c9ae1dbfe101da71c4aad6dda |
| SHA1 | 9de50eb8c8f272316b07134aa8fdbfc87e3113ec |
| SHA256 | 9cfea1741da1ed90dd06984adea4e9b41eb7d93b5ff304a1fae60b6d0cb259bd |
| SHA512 | 42e969fdfe04092286d299e0d9da38663510797ed2786cb87d546abfe6fc9ae2b8f5c67984f3136798159ae2e63556365ebecb53e46e8951759ebaf629bef6d7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png.exe
| MD5 | bff0d7bd87cb2d13e91b70199767e1b0 |
| SHA1 | 1ec7183a30375d6ad98b99c8b137dcec5696bd09 |
| SHA256 | 5de4b8e1337d62c1d29a9b88069f7715a3d02b94071a902aaa67089c5d6eebed |
| SHA512 | 4f00b825c3b53656df76135057918190e25f38dc2b1312dfa76118f56fc157e2ef144602536882bb8247b1f8c8e38d4a01859c2a9357d4692b663d2011915455 |
C:\Users\Admin\AppData\Local\Temp\SYIM.exe
| MD5 | 7065ebb0fa91fc8780458aaf74947ee4 |
| SHA1 | b79b16be52fea79bb779d3e2a748d26d94aa33f0 |
| SHA256 | c035f5d682037bc23970caa9bad1aa23ce73837f0982e7bee9a143672d136e56 |
| SHA512 | 58544a8b9cebce21535b9c8973b1197cbb434e7cd529b5efc815cc830e8126dabee8d084882bb87d73b73ae3269c43402c4619d0c7e6fb2f23102a8cc61c2020 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.exe
| MD5 | b838105c66359159c5263fa6dda00683 |
| SHA1 | 7e9c6f0335abd30c0190d54747db224e6b80b400 |
| SHA256 | d4543765bfc63174f793551d3d4c8d725ec9014bfc3073db69c0b1c150c2e3c7 |
| SHA512 | 2ba5616b4befc4d5ed8313c3f88786ada6ff1ee3f28b9f7da0a8854ef8af6e82daf0372f67e7ab9e837a3104355eb01b8217a3f61d88dd54fb57c07fe3e917c5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png.exe
| MD5 | ae78ad85cd590c1ca83266180514905d |
| SHA1 | 90456bac7b5927e4111f13207bcdc9d55d34c2c2 |
| SHA256 | b142b01f42359fe45eafd1ebd9eb1d23c8b85cf63e339ffae3a809b8f57b3783 |
| SHA512 | 7e8dcf9369c537ce2c5b35aa54669b10a533c9fc91ae6f6d189a6d509802ca98a38f11cc5090c462da79cc70dd6a46e00c04f8ea348c839b927fdae3438ff068 |
C:\Users\Admin\AppData\Local\Temp\ogIo.exe
| MD5 | e987428b7b9cc6c3a552cdb3156e44eb |
| SHA1 | 5628348716fa1d756c8d81b3e6e6d604d96cbda3 |
| SHA256 | ce888d3ed42489efeaaaef6bd44d43700fa4bbfe0a9a54dca6a17d77b64f3eb4 |
| SHA512 | 5cccff9b34ab6be40a2764cbe4691d573db34b81504fe1b7679e1c3dc9209ec98c09516a73640468b80bc3a1c2b4e63ed2b03b94ca51c0a0e6890c429688fd91 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.exe
| MD5 | f327e407b8faa44e4ee927088558daa6 |
| SHA1 | 952ba576c79eb3b09be09532f45429bc3a30d78c |
| SHA256 | 1150ee6d18bebd42d707ac6d34a26551f107e6f21151a647a0088057ed52ac2e |
| SHA512 | 4d563756491bbbc46f0210732d9713bbfbf241f49613f6747b62df488f414891424e192499c1b112733f6a2dc0754a45845e0b2905ba9a710bf74eef69f191bf |
C:\Users\Admin\AppData\Local\Temp\EcEa.exe
| MD5 | fdfe6eff6a476f77a2c232f7aa03120e |
| SHA1 | ce2d1542a322676ac271341d5414cd359c181fd1 |
| SHA256 | 3cfb5588d1c265ee1409e29a7474b27a667aa96c884cad4d52aa0084b7eb9deb |
| SHA512 | f1e336f699a38422c733b1b3369e4900232f4b5e0bb1ae2d2076d9db35642c6a584e46917e11274d98b8f43f6cfe0564aef59a5d63e32203ea506063026238d0 |
C:\Users\Admin\AppData\Local\Temp\CQwo.exe
| MD5 | 7df14f85d27b9c1ed521cfb5042f4650 |
| SHA1 | 292182e26b123bcf43d7ede6e285b4fb698bb427 |
| SHA256 | b6e7fb9e4feea9c19f4621e4f843b3d22c2dd18aef90964db1b01d75115fd220 |
| SHA512 | f7f041fffd26afe5a4edc107ed7a1e80de01df924c5e686fd83a18ffdb5b9e678da484de1a90cfbed7a0a3a7bcc3c15ecf704f6ebe8ecf6d67ba4e91af417399 |
C:\Users\Admin\AppData\Local\Temp\awQq.exe
| MD5 | b6af16590a0c727b96b1d89bc7b88ebd |
| SHA1 | 0d9465a8c1351369f5b8d9d7278620a0096a7975 |
| SHA256 | 95b9f884782bac52efdbbb963171a7e57f74ffe9d5e829941399b622ec4d9319 |
| SHA512 | a17cf961cef6d08f3b36d18b5cdb000b52b8f1f6ee01a15d376713a2e3214e220ba84dd3a5bcef0a91923f442a174cf39f28faaa47f66c36f1a3abea7f5d9afa |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png.exe
| MD5 | 845cbf66e0dc3e1d57ba53a312e280b6 |
| SHA1 | d9a318b4871a6627b815f3100a4b193678f62de9 |
| SHA256 | 46c14eac2419dc1fc50af6060e02c6feb56e94cd9501b36e6699c8c3cd0bf689 |
| SHA512 | 0789800a827caa6798ec34392dc60c245723cbeabd89e6f708c1a1065defcd3c8197ac445c1a0304f38f935d7ae679aabb28bd548dd25b29b51831f2c7a8b1dd |
C:\Users\Admin\AppData\Local\Temp\eAwO.exe
| MD5 | b5785d75d9f7654716b9a9f1f07f8ac6 |
| SHA1 | a71f9086b22c6990f0c9db5eab9538746a87ffd2 |
| SHA256 | 972c8eff57cbd346ce808af46d41ed89a80f856172febd766cc166ee0f9e0e81 |
| SHA512 | c2c241271a28cea0cb025e5d1e6fd6954eb5d0b0908696008fff4cb9515fe7bcfb513c1a8293ccbb634ec38b2c0f37b3e3bbd3846aab04e34f423ea0020d969e |
C:\Users\Admin\AppData\Local\Temp\GYQY.exe
| MD5 | b0e4a09eddd3e97e945c9739c763fa3d |
| SHA1 | 88310756ebf5bd7820b6701d17641c68efb0c6a1 |
| SHA256 | edba1500b08cf8010ce8d4851a19182a082146980c22788170ecdfe9ab1b51a3 |
| SHA512 | 88919558cdf542feaf9cd491c1955f869d25e75274f2b680373a431ac44bdb7e0da523e058aa1a7870412e52c9d22edf0df8efd2896d1e5b10dc46c78a459eaf |
C:\Users\Admin\AppData\Local\Temp\woUS.exe
| MD5 | d601b4990fc7aabc7de488533f1d973b |
| SHA1 | 72b9bf93449f0e3b5a020a58531c68702bb323b6 |
| SHA256 | 92cc1dde0a889f6bd4627a976e47e86dfaf20bab4c772f0ff8b558c62d7a99e0 |
| SHA512 | 03fb18032617737a85ff82e5f77aa3315e58b2d7b8c9914d79b06f94eb82add161e165aa8895151b86f856fe077199cdb437b4b7b5030cacbe90dba5bd9af3f7 |
C:\Users\Admin\AppData\Local\Temp\ksci.exe
| MD5 | c50c98583a70da50c340b060adadeb83 |
| SHA1 | 595104e156f1dd40264b0c9900c99dad92d08917 |
| SHA256 | 78ae286d8789fd648f3ae2b8adc53048b4604b1f05f10075d1289dcbc565c2e6 |
| SHA512 | 3bf9708dd5ccf0e390eae07e38db04e6039061bb5be7e628db15ab671eb04b199d636125a5c8ce06333e2d4b3867b6c2e5149fb2f484852291b2abe5b314346d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 0f355c9a2703d2ed8897ad2783e0529e |
| SHA1 | c93c55ab2ab20ec496499d48b7006a90519be312 |
| SHA256 | f5ec878da1ea04da7b2fb5d6a5118ca93db8dbd917bab83ed6ba1d365ae87717 |
| SHA512 | 749b771ec6e12dfcac84b75a9ff3aac62b2877d6f5e6636e25568cbd98279c62c01684cf2a33f1bcdaf40d0276dc4dbbe8fc070be172c3b7ab117f8791341142 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | 88cc7c78c535ad3605914898d75917c9 |
| SHA1 | f34ce56a7cc6aada01316b8990bd00b24b130548 |
| SHA256 | 52bc8d334fc5555f255e2731ccd3b79d714a861b5db7a1a24ea293601c3f0c61 |
| SHA512 | f70759fefd1a93118c1d91e424918d9f4df6f633f1634548e33a0280f8acb77187c048a1406b23f2408570e78d9a9b2f51385f122dd9a3a3f327619ae3a195bc |
C:\Users\Admin\AppData\Local\Temp\IAUo.exe
| MD5 | 50560dc04ad5f718c37df6a4ebf0dd17 |
| SHA1 | f2b78f4c6e14459ca520562a7cb261e4bcf87bc7 |
| SHA256 | ef4d196808088a402073299439b912a30f8ebeab558a4f3a11f99cb52f415bc9 |
| SHA512 | 0873beeb68ffe51dce3f2080b469a5ddbdb8e998d41f01ef62f2ee9099e99c6a98bb545c35b95db9c3015f05982e84967a845e57fbe76b10ede9b9a3203e0e71 |
C:\Users\Admin\AppData\Local\Temp\gMwW.exe
| MD5 | def1f1813f74032a0bd72efeca3ec5cf |
| SHA1 | cc4220e5ec603d9236b665401254af4e69816758 |
| SHA256 | 34809e5e9de7e5a1c8f58df37bb45d9abf1097306c2ad35358362413d0ce2931 |
| SHA512 | 171d28ab83be3a44988b3c152a8e5fc32c5732b3e2cec09573c95e677b88b516751c83b6ab8c6016b7c088dfe866c78fd8560d8f107905af5fe6e861618ca4aa |
C:\Users\Admin\AppData\Local\Temp\SEcu.exe
| MD5 | 200f85209c44a70463181f719192927d |
| SHA1 | b23db1ddca56a2559a444b63cc26a5c850b87cb5 |
| SHA256 | 21189d15f298148aa1c2c7ef1e5425785bf94ca1c8322647e0c1892b17b0b5a8 |
| SHA512 | afd9eb094f021899658e39bd64d0fc2bc41028af6cce2576ac8ac1dafe65ffdc37df8ef4a7b7cdb112f5d18bc1ea62989bb373137c0eeaa1403792c7937b1866 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png.exe
| MD5 | bbce166d8967600fe36d40f771642b70 |
| SHA1 | 4f5ed4389d0c14f80cff49c5e8f85c200e14d32b |
| SHA256 | 1c2426a27f6ce0f1d454b0b35b8bff8002a597c2ebc05076a87b2227e6a14488 |
| SHA512 | 58146d6fd432555b4907b570dc6d918471bdc0165e376f76a4d5defd7a73329329990521cdaacfe5712b4d54c4a6952b78884360a37d45dad8e700e7784bb1eb |
C:\Users\Admin\AppData\Local\Temp\WAgI.exe
| MD5 | 0f9b1ca50a5b0c0c829ffa324560ff84 |
| SHA1 | 73dc0645abcad3be19a6fdfc17d643cf51b0cdc6 |
| SHA256 | 47f717cffb1f244dcccc22405c4a291242af32719015fc8b42dd7affdaf2e4bf |
| SHA512 | bef32e26999a6d2dd09edb3f9de0402ff723255d386b8cb32c84a7ca06377ba6c124c04af5337b268ee33a3e7a3ccbd2236e611b0dac7a0d60a3580f729ee7ec |
C:\Users\Admin\AppData\Local\Temp\gUUm.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\QEok.exe
| MD5 | d05ae5f17c632749d720d227581b2a59 |
| SHA1 | 8aef01b32afe8f173fc166bae818835828424ff4 |
| SHA256 | c7306237acdd2eb0cf6a3ad83a5710835353786585dae22de3face56a9c76ff2 |
| SHA512 | c721f4a1c240bb447e4d7b763d03a1514a8892474bc26c79e33182ec771b1e23bdd4ef0a1507856323672a2451f8fc17262019c58d243aa0f544b4bb81e6d705 |
C:\Users\Admin\AppData\Local\Temp\qssY.exe
| MD5 | 130843fc063bfaaf8d423c078fe16c4f |
| SHA1 | 62385fc244e46adecda055de605ed4147fa9b27b |
| SHA256 | b081a611db738be622163d692c1aad841952cf8ff5cbc84e3f579a0369bf1ead |
| SHA512 | 8576e70efe4d939541e1cb5fdaf7e1c913254f1d11d8fdcc78068e2dcc4b093afb7adc6c11f9137211ca4a865f67cce9d4bd36af548d000d0295598caef4bcf6 |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | b9285417b4af86f43f968c9507d1143e |
| SHA1 | 79bae1089485fdaadb4147ab2062617cf734bb45 |
| SHA256 | 2ce4fbf16c7138eb52e215837b7975983f1e0bdd79430ac6fca149bfb693f092 |
| SHA512 | 8d7f7832c0ac295717cb6213a372aa2c75123856dac1c015637a6c06b7e24b38d40d12c072ca0ea2725146b7c77b1508583e44eef53b126f184d2167325ac25a |
C:\Users\Admin\AppData\Local\Temp\gMIi.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\qswo.exe
| MD5 | a58cf8dfa05c07cdb042b6d388b6d5df |
| SHA1 | dfc132c44ce6b4a7aacf2ba4c177d4b8af198889 |
| SHA256 | ebf2d6f06e78c2cfc93a169d9c5f60e01a4bf52510fdb6f47ff935dc14945451 |
| SHA512 | 9b3a87ed98ddd924d820c165daf8bb1d79c863acae96003a1c55477f83ee30fd776f130b6e832bdfaf9d4ab6441805bd8268fd2425b124ce7c861fd12719a2c6 |
C:\Users\Admin\Documents\SaveConfirm.pdf.exe
| MD5 | c1a5bdfc02ca041f7c03834ee7ecbdb0 |
| SHA1 | 480581e6e4dd0dfa69f67ce84febbd5832da1eb5 |
| SHA256 | 3c6f14ef7b95fc11bc08bd95530cc7c7f3afcef58337824b779da044fb275025 |
| SHA512 | efe4d8e3eba24a46f485d5ffbb5d972e03e69d737264b1515829259d0b112382788b6fe2dfa69bd45bc8cbe4f99736d6cab6451da0d87ad4c3e1249b7147eeea |
C:\Users\Admin\Downloads\SubmitCheckpoint.exe
| MD5 | 394de52ab8342da3644b91d63ebf4c3e |
| SHA1 | 4d0e0268b5a19c099da0c9563d4b930695f036db |
| SHA256 | 0634b18e092da78a7ec8142762af394429574e7e3e2f2b3e74526fd3534fd5c3 |
| SHA512 | 31b7747fd307e970f637b18d317fee50c8c7ce91e54a76bb3de7cb701de7e3965c38d82f162786710a83d3161e93ed14e97df13c251f48852fcbc1c4a16e7199 |
C:\Users\Admin\AppData\Local\Temp\okgI.exe
| MD5 | ca77547da6e9fa10fa1fef4fcba90b3f |
| SHA1 | 0b093703fc90eb9451807a32942668adf47690d3 |
| SHA256 | d00d2aae0abeae882021dcb2065ad188f28ec1547b7a09b5985fadda1025a9b4 |
| SHA512 | aa9636bcdeb45e0cddc3c0adf1c4e03eeb2bdc992f17cd1211ffcb2a4161ea98e40a0f5418dab449aa308c2ca4be43f3e88417ecdf6748c413e51fb8bdcf11d5 |
C:\Users\Admin\AppData\Local\Temp\AUAU.exe
| MD5 | 47cd1346b3c19ff19f3acd7ac13ba645 |
| SHA1 | fce5bff0230af0465e002fc74df4e8ef830925f4 |
| SHA256 | b534e3991267f96c902fc66ee7bb89d04814fd9b4e6a586b4e3a9b4c9105f5b6 |
| SHA512 | 7bed126e2448f9ab6f511c5267821a81ac8e7703dd6566dc346f893c53a0ded82f2d26442770f11d37b3e2a75df0b2d1e10734754706d22d51ce5d6192985faa |
C:\Users\Admin\AppData\Local\Temp\QcsO.exe
| MD5 | 9fe235cbb2f0c06eacc2d265d796d68a |
| SHA1 | 51481ef8447a0e5592ea34d282e6e5cbef4cc2f8 |
| SHA256 | 0bc53d1a68667b44b6a4cc92ca78ddde94fc4861a114a1386bbd56d37d6215e6 |
| SHA512 | 729dc74c1c3f13eff54af861b8b21bc6f75391c4741ebfe08f8df8141e3e8c08cd5523022d0b9afd5612429cbc05564b1a94bacc6870cde2524eb6bf661b890f |
C:\Users\Admin\AppData\Local\Temp\kUcK.exe
| MD5 | 03a72f5aa909ee5cba957b321de099d0 |
| SHA1 | 5116dff34ad8b395d1b399b6bd12049463b6c025 |
| SHA256 | 74899a00b583018083ba37bb038e4e3e76f9c414f35de1b26a8b5fa8774055e3 |
| SHA512 | f11c4f5cfeea59cfcb59661b2541906e5af66633b241015216fe303a65a00426ffc3136e09854aab9bdda11283e2e5be01c5b9e1c3b939449bb6987d37def766 |
C:\Users\Admin\AppData\Local\Temp\mgUU.exe
| MD5 | 7267e959759a8872df2e27b0ab7012bc |
| SHA1 | 13d8c62adb1cf655449787d458941baa98304552 |
| SHA256 | 01fcf733a5f8e3a6974e47f31dad170ac0a6fce4128ace1b6447963914d85a93 |
| SHA512 | 10b5a4dd2ae11527647e52f3607b05c48934737c0ea2fa92bc0413800a3325f1e5f4e7300dccf1949adf2e2c5eca8b18121246d3edb75ad42e457b6b224c04ea |
C:\Users\Admin\AppData\Local\Temp\Ckwy.exe
| MD5 | 9e79f7f8447f8b972189c22caf1ce7ce |
| SHA1 | 77acd9b5fb0800529a1f478e2131bc1683225ebb |
| SHA256 | 13594121c1eea0e72a504ba12d5477cfc01b1aebb9755a8bad2905085ac0cf3a |
| SHA512 | 147b182a7aac20a101a4f20e81bec0bc29c867378be41ba35a218d9375b2ae2b18d01f5be13aed2ad798f68aa4e57052a9c2d0e5467cef078a86c816e4cf2f4f |
C:\Users\Admin\AppData\Local\Temp\cgwQ.exe
| MD5 | b89193cf030f88193380c047d8e6c8f4 |
| SHA1 | 42bc6d3dd2e2781f54563b5f9b95965956093bf8 |
| SHA256 | bb959d728f634e5d44407c034b1e65b33646f7b67f2d62abe776b2315dbb53f1 |
| SHA512 | 0a9d00f443916f149f48942c7cf86ec04294d547b182f270d46316a819cb9636c1220368d32483fb2bb150edcf50e651d9187f1a204c0933d975766faa9bb61a |
C:\Users\Admin\AppData\Local\Temp\UEEa.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\Pictures\RevokeConnect.jpg.exe
| MD5 | fcaadfbe817e88d97bf6a6525a202b50 |
| SHA1 | f243aa3b6cf536cc07e4c0a9697c046a69d666ee |
| SHA256 | 738217f5140d8a242ad78aacec601a54a4b1c1c6a7a56cf72c590bc802ad58b8 |
| SHA512 | 98b6566578aae4c798adcaed5c5abbcee0d45af0026761579e1c559b9c28da1bdbd288d66d7059312f639d18a58c4196ee91df2889b6b88f95ee4ba3dc3037ec |
C:\Users\Admin\Pictures\SelectClear.bmp.exe
| MD5 | 2f0e68d6e846bdff76017b5ad919e79a |
| SHA1 | 6615c1a72b3505580e6af030ae70718ea74c5991 |
| SHA256 | a0ec39315757ebb147861666480ab12665afa5e964d0b7542ca2392d985d9c58 |
| SHA512 | ef661ebbac609a9f8cd65ec097f261bde6c11a1eb2fa686d3a9ad240b0d7e4fecc88510c34ceb5c19bbd5e3f6076f939cb1c38006e0a0757df788efcff4efe7c |
C:\Users\Admin\Pictures\UndoExpand.jpg.exe
| MD5 | 12a51326fc431a0477f4cc2e109f3d08 |
| SHA1 | 9808e5063daec1e61affe5554528253b36ae08a1 |
| SHA256 | 157dd20dc3174a48f98124dfdb3259b32f9330f66afb6c67bc11003f404f4f92 |
| SHA512 | a7ec651737fad758caa86d3c0a0d45d10cd317389353d22ac3f911fc6c2d9309de818df9605bbaeb1081cded4c2b6e16fb822b3ce5da94b07b473816a9025f24 |
C:\Users\Admin\AppData\Local\Temp\cAYM.exe
| MD5 | ae407f6d457b22320aef87f8a8aad0ab |
| SHA1 | 61e23e68778aa268723f96ad5b5e84428722b925 |
| SHA256 | cf702d06481b77421adead265de0f08d5696da1a956c11bc9b9ed3fb7c741ed9 |
| SHA512 | 4fd1fbc82731b29667d90ae40f5e61ed207cf910d0f67e4e82d404b649fa06129c4e26630a7729056300430341472dfd1ada4eebd1caf8c686d4a8fa57152b11 |
C:\Users\Admin\AppData\Local\Temp\KwAw.exe
| MD5 | 6003f85bccec6ac2fdf7866bb0b736c1 |
| SHA1 | 1744b7fd258cb0ea39f97f0533d963636de6c24b |
| SHA256 | bbd9aec468b6e4fe0a027e4414a505611ab950b1d3a4ab64e2e33e6a257457e3 |
| SHA512 | d2c673841ba6b6854c66a6b81ec254362ff9c379a7166726c6c45db9eab397c6ea54c2aafd5e034625424a0e660b83874bfef6653140961eed27b203cae32000 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | fc560f22ef5da49e9d6f606254329f86 |
| SHA1 | 852c6cd6a0889b2f2008d6975c42dcba1d451961 |
| SHA256 | 4d03a334d31fec328e56593c94b87bea4079ab4c4536bbbbd5adc098ed5f4d46 |
| SHA512 | f4d25e5605237be2f43bde9fc41c5126111cfa6628edcd009b592e698ec86f354e9f27b32a04547d0f6bed956b28078fcd9c98e1d8dedae50db4918efbd790fd |
C:\Users\Admin\AppData\Local\Temp\qoMW.exe
| MD5 | 3c2c4d783eb36e2f944732e8159348ae |
| SHA1 | f4894775e2f8b0284f8f38b8ffd95b8f7528bd43 |
| SHA256 | dc7e6366c0b6c8b9e25e36812792eec171e873b640978809ce3d610891f1f1dd |
| SHA512 | 829d86584692a2f0fd18b59ebdc033dec2a6c8c33e27fb301a57f96f75c8e93d7cfcb935bbfc472b9111dde04e5baca96add618a020e583b06cda62b245b8f1f |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 60d3b004dcac874df1f13996eb1e4a27 |
| SHA1 | ee650d95e8f8376eb7b898661d242fe7df2ab2cc |
| SHA256 | d48c9c59f0b51fdb2c8c76c70f5b4489fc3a7f5096a0ace8115b72d49a270900 |
| SHA512 | 463d6e50a824b80e54bb028cee457a5a602e9e1e00dc67f98103400e8f6a2b16050a2f27f6654eeaacece480d11c46b9e7e878b2d207852b9a8bf774f46cbe5b |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 060bc5704591638e455b41647295fd99 |
| SHA1 | fb27c0bcab850590bbeeb20831dacc0e99d9ce8e |
| SHA256 | 33d284d8c7c7b5bfbab29669ab7190719487b0eed471a4d37f993187068ff362 |
| SHA512 | 9ce179a033f759a7fcccd40084ccfb3f61a26f217c580c9563fff35798fb64c052b33cb4f01644ec21f3680af459be58a986292a609afbf923539509f3a58aa8 |
memory/1488-2032-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1696-2033-0x0000000000400000-0x000000000041D000-memory.dmp