Analysis Overview
SHA256
1b5a8e869b055d982bd716b578823324045e387f6fc1dd08bfa3af41d521810f
Threat Level: Known bad
The file 2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (86) files with added filename extension
Loads dropped DLL
Deletes itself
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-14 17:22
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 17:22
Reported
2024-11-14 17:24
Platform
win7-20240729-en
Max time kernel
150s
Max time network
63s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe | N/A |
| N/A | N/A | C:\ProgramData\UYQUYsII\KmggEwYg.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KmggEwYg.exe = "C:\\ProgramData\\UYQUYsII\\KmggEwYg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tykkYIwY.exe = "C:\\Users\\Admin\\fSQQcIMQ\\tykkYIwY.exe" | C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KmggEwYg.exe = "C:\\ProgramData\\UYQUYsII\\KmggEwYg.exe" | C:\ProgramData\UYQUYsII\KmggEwYg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tykkYIwY.exe = "C:\\Users\\Admin\\fSQQcIMQ\\tykkYIwY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe"
C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe
"C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe"
C:\ProgramData\UYQUYsII\KmggEwYg.exe
"C:\ProgramData\UYQUYsII\KmggEwYg.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CUgUsAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MGwsAIEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWkkAEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tsowsYAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fgIIoUEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYsYoIAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RaoEAUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIgIMQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CokUUYAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WooUIcgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SegggoQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fQosUQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWsYkkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xqYMIIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lwsQsEwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\umkgIgMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sKkoswMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OAsMUkEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wyQYkQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1276490681-2143973628-563057983-827462945204758279818902039832484148-2029328464"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tyYcwsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lsgUMUso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lkocowwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13563015291216316142-592465361482467033-397818061202391033619757826562039031530"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "603388801584603998202743043538423027596340746-10905222352020213210954195218"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15084832901146298332-68631705126703698-1264887355-4433096921507012637-1081678912"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\juYYAEIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyYAEgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CqsQwsos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KuEAEYMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QeUkYUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XYsIIMEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "622939208-1847088399920666298362018149-143260812-5914486111418954198-518439880"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zoIIoUAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xookAcYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RcMwckQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wgYQEQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8765545191662633477-574365400-7495695741564513600-9390357-1248257710-1006056097"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1965860021-1150610840-512722201-14166980661195517371-305079680212947587-1797946196"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qUMQsgos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1412561420-139185483126672942121083130711031755902-6941419652102851021-1247997257"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCIcsYAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aioAgIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "109120090320444004948000852371991843953183108199110816216785114096141292902966"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rgscsosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-74383857-1655244438620192632307748891-1736029534125785961916396524551955276791"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2007448363-173474745397754976-414907195232105367-19593668171829206824-1239522962"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jyQYUMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jMoIIkoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xKsAssUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1645843485-1614205120-261966123-1913340093805245344-2046821868-1199324017-1972266098"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vSUIUEUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1034779942-1201004914485273321-1074558851636643198-778612130192505787-429305052"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qaMgYEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "854522223-1492492830-18224246088974977602099810958767900282-1655250687851006119"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gqMwoMIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17372097781093378494505352238-100085335351226903113172544601681364982-931592613"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-579029972-1222394546-1675905739-1757837219-1365894587-81467423318689404711887861409"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SoMMEYAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OGgIgEMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-637575650-565729861-122823225210549661766774455-1276597507-1044235091685916534"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-412115781-19551691891798385596-68502210610877158291460519151240738716-1881016560"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1503201775-1204450192874861304-124535814-706409329-23123279178077461488830197"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ligcAccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-765148294-15292869681272388903-129922401-215614391-2098445912985170856-385388246"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1644618814-1800363416-253243433-748923661-11540531736888452791079707220-1199918875"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TwwQMYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-947817127-1877280428-20891711161508528198-11808571081249326880-13011476871734295459"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-124198394622483207217249771891848815799-404695774-5466868161542913857-556347997"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zsgcQEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-854926542105423204118092401201906590898190130356-11074055211792638603-687534173"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16954399352043402414-5036313411482669700-19626750511400986964305724716-456759215"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XSgkUkQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "166558777767324430-179042678958247333736412244-1502583548-6554540501513086786"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yoQQUUIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1164570331-19182650608349026774734888115273441811727162777-15471641580799241"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1566779929244250562846619832-11057506661502309441-160487886819006394421075388775"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\USYIAYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20323631-138645960976439055886217803-1410356752-1459960958-1112155484705309505"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MEAowAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MIYsgEQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lwIwMYwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-167177007992447765491925264220993657211228496964-3975322111407802304-1229320104"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hcwAIwYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-864190778-99082694-4486602651497648855-15504971521849457383-5554327601888185151"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9150355871975559989-13561835824053737151843950458-1210728126-606003634382693097"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "174845790453971967012402175303595306521083393909-14866321404551082991944637409"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bAQYAsYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "951950626-1962874894-3195473251886212753128187584-44595272814686528341997525649"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XqcEMAQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "234523922-976270720-959944113-1587738946-87725660-139037672313200947492073632469"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1092571273352588841-1154552660-7681490191037049623-991683928-18186034691878243675"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xIsUgQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-84622628-167361748614690780-538226195-12042484551297153980-767699026-990866417"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-135740335888069818835509122717378996641375287999-735479062-5052194031023822991"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YAsEoIcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1218744702-21383659977646787621129189500-2146765392-972385048931514599-770842985"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aqEYMgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-863122949988354361848772055-11837727451960512417-514277398973092665-1799593575"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "34627120420010167551619252096-15439397518905386581791388197-159576353359401804"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-148162748-2070962029-1076417618-93613608018971984171875717417-864961108-448802384"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uiUcQMwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-751320647-648912373162475233-845845274-11209155741800281890-15668961661622614416"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18352217671493533290-11825213915806658917988469661913461722338274388822302225"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kcgssggM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "333508772-188723377175602773014777013761978799116-1103814929-1643607255633104666"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11158906541085234707-19560287733679148784174980621526334111969533927835491552"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AocoMAMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5881408731398234998-1943691897-1530848071-2089986271-14227309841601052084-1386677195"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fyogkwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1462673869-971740665626742241-774111590-10823935769188759641000509240-1023796902"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1825965236-20546263076336940052051513811-252453081829946858-1793743530923982853"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqQYooUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1192060788846493047-17832725632068078081-11436349991263453213-20162826051063115276"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rSwwUwIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "378857876113740479-1286223440-1577704804-1004429994-1258695741479300264837025748"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LIgwIAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-604111698-1627199494-7611452271639190335-13481411897512698951644711982610593776"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CoIoUYsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2072697174-1785294488-1449874836-114844363414758127231502287619-1818588686139584577"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1696958502-712058858-200356460018849721481635269513392028891790103627-941958990"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "619715340-1789074711-668448051550022146-1838770691780906016200100959-1001257186"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGMEQcAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1146100537902044969-14977271117922349211722333685427225548-9516461631032657557"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EscgMEAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11885800551144120975-748281811-1429023508-10047472621864911289184849861-278275618"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAAYIAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-129734735816651184425395653721036838833-8489164551873620562154184839-1995037812"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1643681631-1379801219-1645212134-73100189577032934-813127728-12068783631612601970"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1252220274-635232607-916652908746515724841388076-2116826268-407111210-1467250031"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gYIsEEMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1769825553-367462831-371548899510674248104496904794352326015552911912100868133"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tgIggocU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17057254261002495258-757171417-750622279159608008-2101837701-1955836378-1058939399"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1922409077-1935466801824346203-1451939223-32207342-858246139765400081-472528364"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "937784425-580001179-1984973410-8757420483489785001452267562-1019696301721890978"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17162277991091940161-1771909142437911899-97521500921103963181961761628-463876489"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "373805015302386838-528153182150163079220512932141017459847-20510183881623731425"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XYcIwMEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17698848492055864341450074651755722584441880667-1650777872467691779-2098811311"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "256775802-747091774348564411-349864685-627899298191210786346547110398120346"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BCYQIEwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZkgQYMMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "346710158715718538-11341548641560946496-1303841226-14117592541078853126-188117141"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-159251071010518087282040929324-1032732744-21027374901539553118-932001746-1816376696"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYAkEwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1200656301-2128003022-1689544213169660871218138925391853753650-106925188028874531"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1608604417209476007-384660126915393094762174707-6727223891293693235-431709740"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10297666921568496288-1942969394-2088305194-15514138161438002325-371893149994004433"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1973954458-75876744-1589690263-151048321-9161477893257862641862013671-1225433551"
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.187.238:80 | google.com | tcp |
| GB | 142.250.187.238:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2744-0-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\fSQQcIMQ\tykkYIwY.exe
| MD5 | 3215e5c76e0f1a09a058174a99292d55 |
| SHA1 | 0ba5e0c4083efa214698e0cc152d76a499105d2c |
| SHA256 | 78811584ba5441d5e232239701e9da0baee1ac1c0b330ad84b5a78d961ca3ac1 |
| SHA512 | c226c7e27d1831bd5f4e2a9da023ab73a16b3dd1cb1f27e74e79490306d428dabcb679f35524b3405cebb49aa511c27fc7b292ffaa652ff9ff69654454dada58 |
memory/2804-31-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2964-14-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2744-13-0x00000000003E0000-0x00000000003FD000-memory.dmp
memory/2744-12-0x00000000003E0000-0x00000000003FD000-memory.dmp
C:\ProgramData\UYQUYsII\KmggEwYg.exe
| MD5 | 554025dc67564cee2a526b88115aac51 |
| SHA1 | c2df71c9b35fe2ccab69a01dd92d9a577890d55c |
| SHA256 | d766b3fd29ea740739a36141f915192af2c1e24a11884e85d34324b5b620b5a2 |
| SHA512 | a1b4c1fbc46a3440ee038d469ec580baa444b4140813fe97c3a8090a6b0d37c0886f17e8a647364f85cd70d83a27fa0e8c13bb4886e280ab66839fc4b1dd3b4e |
memory/2744-29-0x00000000003E0000-0x00000000003FD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CKQMkQEk.bat
| MD5 | b3a73e507edfd3b3e9fdf7a3f6802706 |
| SHA1 | 880b24dc2a6cce3b52cc8b78fad9c7cc2d26b52f |
| SHA256 | 2f97b990358561120012088105932c2b3d8cd1f15237ff4606197d7f9e36d295 |
| SHA512 | 4f9d89b55174ab4fcadc2ef4c816ac52860e52bf2fa667e200616741f497903729caeed24f5f7f8662c2e896e160c1cca9ce8327a024906d0f9bdfec9feffb8c |
memory/2788-32-0x0000000000360000-0x00000000003C0000-memory.dmp
memory/2788-33-0x0000000000360000-0x00000000003C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CUgUsAsA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2744-42-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\qoEAgwAI.bat
| MD5 | 4e250f9f160b62126ec720e69f78680e |
| SHA1 | f81552320101071702782abf609eb21dd089766e |
| SHA256 | ec8f9dcc3a2d11d3a95a3b85e005d922450d2fe03dcec5ed42b13c5b004e0325 |
| SHA512 | 85eb1941c30c48e444887759377e0ff92833f386d3a255a958126623bb59f49367abab1a75fa7bf63cff71b20da16f4abc33da128ffe3cb24ea69f2bf5533314 |
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
| MD5 | ea4ee2af66c4c57b8a275867e9dc07cd |
| SHA1 | d904976736e6db3c69c304e96172234078242331 |
| SHA256 | fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c |
| SHA512 | 4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412 |
memory/552-55-0x0000000002290000-0x00000000022F0000-memory.dmp
memory/2872-65-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1788-56-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IiMIwYIQ.bat
| MD5 | 4aba066345d839428a6ce1594c18c60f |
| SHA1 | a3dfa9dc47ce8a5494388e209eb5b04ca40bdd42 |
| SHA256 | 7054475d34639e621b1591b0953532e9d7a82c4e0d88fa842711c72da2fbf235 |
| SHA512 | 260a8d4eafd22abab8771b425ac63570f51b24fbfdee261d029107606584248b413ca99b11057ff15400b84fac48bd1c976bf920bb267024014a2c684f336a4c |
memory/2404-89-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1788-86-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2940-88-0x0000000000120000-0x0000000000180000-memory.dmp
memory/2940-87-0x0000000000120000-0x0000000000180000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pSIEQkwE.bat
| MD5 | 3e0d654646a10a012e2c712f3f923b8d |
| SHA1 | 698dfca9f2222879ce7c22c6e1855808ce5e1cbe |
| SHA256 | 6975908e34f89904d7b6c5962a83367c3d5dfd81f72d246cc12072b14bedef2e |
| SHA512 | 5897cdefcb0952efc88fee283422b391e8729b0af7a88e65ee7a4b6fe58acfc618ec3d1648989f97ef7a5819933de4a90db6333ec5669390a2a5bf6b64f6487a |
memory/2144-102-0x0000000000170000-0x00000000001D0000-memory.dmp
memory/2340-103-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2404-112-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\naEUEUIE.bat
| MD5 | ab179d87d50136e7f5f66169c6f97a60 |
| SHA1 | 0e3f4d0d65333dc4a6d2f589400349c2f1c6d36f |
| SHA256 | 5214e92564b3086bd5e8e99c0dccfa115ff801c6ec58b0d8ae3e9966f237ce4f |
| SHA512 | 51328b8a53e18f7eec7ca17223caef88eadce6c8ba3c89769e3d9226c417f147d568bc995c969f3152d1001790ceaed5067b5e273ecacefc95bf61e76dda9085 |
memory/2660-136-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1472-135-0x0000000000120000-0x0000000000180000-memory.dmp
memory/2340-133-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1472-134-0x0000000000120000-0x0000000000180000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XCQMQMUc.bat
| MD5 | 3fdddc531d386a8a42e19675ebe237d3 |
| SHA1 | 4388c2531cd048111ba4ec45fe9a60e43958fb20 |
| SHA256 | 3534656ad798defcdece96a4f4cacd3141ae4c3fc1478028442fc626d59aff17 |
| SHA512 | ff5b9e11b66ad9e33a7801db9471e4027ce966ebcf4f36b3e90eb154bfeb452891f21fb19f791d10bb87e9554287403b08f996b37b068179a7f268e84257656c |
memory/2660-158-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1724-149-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2032-148-0x0000000000450000-0x00000000004B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DYEIcwIw.bat
| MD5 | 1f5369e068d0e7af54105a663a0af3df |
| SHA1 | 8232fed7a3f2ad70aff89fc8de5578ccea0ed1cc |
| SHA256 | 7b67567e9b29c5b2fd2a146ea6ade7ebb2a8f6c456db4929a33ce62ff5393908 |
| SHA512 | a08616a54cba6322dc46313b9372ae2acfb074800460b673675d6bbffba0d26bd39944a13c72789fc23dbc92549bb3e6a7277804d6f39437fbe4068aba9ad1ed |
memory/2960-174-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2652-173-0x0000000002250000-0x00000000022B0000-memory.dmp
memory/2652-172-0x0000000002250000-0x00000000022B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HCsUkAcQ.bat
| MD5 | 6880a893e72b387c0dca3e4c65ca7eb3 |
| SHA1 | 5d31e98308a621e96eed89271298098b8ec4858b |
| SHA256 | 483cf9a6527db045d86e6bdb55282c26283d29830521f10d74b0f5c6bbde5642 |
| SHA512 | 601cbad170ed925612c55682492f82200e11bbb39a5f116ffc84a64e24119fb1031c4119488703404a568a3f0f7ed39351421fa257bb8a9f878639362c995972 |
memory/1724-192-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2276-198-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2960-206-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2284-197-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2284-196-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YqUkEwcQ.bat
| MD5 | 67771e4e5d9babb0fce3bef850be4f84 |
| SHA1 | 605c915049796e7ac62a6bbf8da929fe3861b4fd |
| SHA256 | 39f4fa0f2ac781244da3bc47c46e181e32e881c2fdad13b2c8c28f72734c1674 |
| SHA512 | 3323e33c7019aee6a585d43d80c81d2e098f59f2ee36dfaf9260687ecb43a9d21dade540dc2a4207273250630e13160ea8d08898153470db4539e582dec7bb53 |
memory/2276-229-0x0000000000400000-0x0000000000460000-memory.dmp
memory/772-220-0x0000000000310000-0x0000000000370000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SsswwcQg.bat
| MD5 | 7fa414d64cbea1b73ee3e26ebf26134a |
| SHA1 | 07f7bf6f175ccde60940e32bc7b011430b6dec1e |
| SHA256 | 14bb7b1edc7b641deb464ef5909eac61c85fe72fa27f597e5efab52238718885 |
| SHA512 | a0ff5ec6b043a44df2e6812058f15b6afcb85fda45260c0ade540e685b2d4cfa829a55fe289f90dcd8e778d5890a5a2f6e76bd9bc1cf8717621272505ddd0aa7 |
memory/756-243-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1872-242-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1020-252-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OcMMQYos.bat
| MD5 | ca3b02d0b5b5bb9e86a3bc6e71b2143c |
| SHA1 | 5f2944f33405fdd6ca3616020b5d9426848c9dd0 |
| SHA256 | fc4271b82938df8cb7ea3531fbdb6a7cdac54f5fd436dc797dbcee7ede481778 |
| SHA512 | fabc8730d34f93ebb9978cbd78432bd13efaa572a1a7b03bbebe9dae5b218f907ad61ff7fd4c5d4e43dc29a4d7ddc186b4da5247d684d630289e2226230c60cf |
memory/756-273-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1908-275-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2436-274-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jyooEIUQ.bat
| MD5 | 5188bbcd237138e07e03d84eb28f3f60 |
| SHA1 | 65c83ffc53012283d2a15016027fa37508c09f4e |
| SHA256 | 7cb224d1fdb005773a5b4dba99e5c50caa416cf0fda4f80d9b877213bcff3ff8 |
| SHA512 | 5cd9078716226d3a14b3ae0f0cdc7063617b1b4b398e096c88e08d03b5780f82f95546643f0b79aadef9b2aecf618235caf9e2a41a4dc7b93b117b9428ebb547 |
memory/2052-289-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1908-297-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tWUkYMcw.bat
| MD5 | 05882b7679311ae3e077574989d4ce7e |
| SHA1 | 5d4f5bb5930aa4efac731c6f4775ded3005ba8cf |
| SHA256 | b5c8790f1c249d059bdc48ff695f46a610e80dfb01c624ad6f6b1ffacdc587a2 |
| SHA512 | 3c6a31d216d6891103d43def65debbd9e1ccb4b3b86b621d5963515c69b5f42a075b5ec4055ced46413ac3e84df3cc40a046b70de86200b0cad6ca07427be758 |
memory/2052-318-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HowUkMAo.bat
| MD5 | f1ebaeadc69e3352670b7628fb862348 |
| SHA1 | e50d2ed3eff9125156f31b9cf6ca359300577ae7 |
| SHA256 | 6a2cd005ccf236a7e18a42f99b5f4dab659ffe4389e94e1669e1418292dbede4 |
| SHA512 | d2f91fd897e4ea9dc76c21166016d86203e01e1a2cf0b87c9985084d4a55dc295c9393a4dc0db0f18f461e2a98db95783002f26e291eb128de8604141955aacd |
memory/2320-332-0x0000000000260000-0x00000000002C0000-memory.dmp
memory/2320-331-0x0000000000260000-0x00000000002C0000-memory.dmp
memory/1724-341-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xiIEIwAI.bat
| MD5 | 0381185906494e785d3482dd5f4896b6 |
| SHA1 | 470536e1cf0aed50acb8d4d5a8ceedb9b8ac973c |
| SHA256 | 296314f114dd05f8c1165dd8d2bb851904e040d0c547c3bc1470fa837bab6b75 |
| SHA512 | bc4a31c23182a2ef142ee6585dd9b6b944599099c5eb7369f814ebd11acf84907439570209441eefc31b96cf22606970d5de7362258c292228ffcb089b3770bc |
memory/2284-355-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2284-354-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2268-364-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qyIEAIQg.bat
| MD5 | f6e9c4947b157ca297f4a071139b78e9 |
| SHA1 | c7f4742c7f19d36b2d81aa3b6f3d3a7cf2788b59 |
| SHA256 | 0c17b83a50ff7f5836a825ff7dcaef9f7ecaa7727318cf4ee9385d7d928a497c |
| SHA512 | 2031144b201d0122d1c140942e4e9f68d2f859b0e3a6f77257310b867fc888ab79a11094129489854463cacff4f08a35fdcc09f0c81cf9eab3f3cff50795f47f |
memory/616-385-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GIsAUIoI.bat
| MD5 | 589c654476e6676edd6d7b86db955a2a |
| SHA1 | 6544cd120765d77f38307c0dd00c808056de4efb |
| SHA256 | 1609d8034f2aff89c2ad811089e994c61a9ff67711607592918e5a9b11b3d4ae |
| SHA512 | ce9b0416aa8d3d48a3b694de3039ab82540bc93e0d08db3467029c81748cb975b5a166df597b3090aa89f85bb6eeaa36e4bd59cf5caf38d96791f3608847c40f |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
memory/2644-404-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1016-403-0x0000000000170000-0x00000000001D0000-memory.dmp
memory/1016-402-0x0000000000170000-0x00000000001D0000-memory.dmp
memory/768-426-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2904-449-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1556-448-0x0000000000180000-0x00000000001E0000-memory.dmp
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
memory/2644-447-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UQgoUcYg.bat
| MD5 | e16335ff950e769ca6d0c9f973a34803 |
| SHA1 | 11d5be1a45e3f5b17bc85eff207a53632f11301c |
| SHA256 | 5ed83d9e701834848f06386084dd02fcfa5e5c8f26442644fb32318704aa1c57 |
| SHA512 | cb8d8301c6ee6ecda25badb10a93e7cc5a1279955d2fa13e4778ad2e54bc8b25da1e1144cb6e63476d7944a22afaa3fb98831843c5ba817fe54b37e7cad54161 |
C:\Users\Admin\AppData\Local\Temp\cAQY.exe
| MD5 | 8120e0c6b1845aa07a913aeb5a7a6b53 |
| SHA1 | 9d2fb9e8550f7529417bf81161ca0d167173d01f |
| SHA256 | 616558a63a45f329237b61580e8b733a1dc91f016e06ff6279cab70205d622da |
| SHA512 | be249b29db4b2346ccae750dc03a306f74eb71337b05af23470a24985307ab3ed3aed7f04f4d295ae8a87f8326d37c3f57739627d03b23b2eb7ab2aa8657e31f |
C:\Users\Admin\AppData\Local\Temp\GAAIcEUU.bat
| MD5 | fdbad67104f5edbfc0e3892e85072f22 |
| SHA1 | 1231b8fef69bc51f09e385a855462bf2c52459d8 |
| SHA256 | 8934ac2da78517f469c339629ffc2dd839742877a4ee75d40f340fb654252f0f |
| SHA512 | 1803418451c712ed89782673d137dbe3c0da41564c33015f5479c9aec529f855619c9b401a1de20123e0fdc0f35e68cc641dc816b39a3e36a8bac112311f576f |
C:\Users\Admin\AppData\Local\Temp\IQUC.exe
| MD5 | 18166094c576525b0b87e3894b858941 |
| SHA1 | bebfaf63585ffc086a7a3ff68765143791adc257 |
| SHA256 | 11a41686acbeb471e322ddc141a6d7c9e9ec0568d1aec7472825d7184da47fe2 |
| SHA512 | 5fbf8b4500258694eab8b5706a11b906193a423ebbf4fce182f310e214a2c58b477d4699607991130f94e017f862e8acee48cfbd4f713a51735b134aa331a02d |
C:\Users\Admin\AppData\Local\Temp\ewgq.exe
| MD5 | d62a62fae45a169d79f600fc86c43068 |
| SHA1 | 2ab6e346cbce0a9a27f42f57ef1d1df2888cf8f6 |
| SHA256 | ee7d1902c3fe04c0f7c1c5d6c268067a57e6c98d9560ab16357b8b1fdaf94965 |
| SHA512 | 6203b22e6a56aa1bbde2c8039336ff562e169a9818f66b610270e39729e0224d35033e944757043f991cf78310297540bf37c5cd37f00da8507fe3ad05cfab84 |
memory/2248-477-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Wwwu.exe
| MD5 | 9f971bdf515007868453c2110ede58d4 |
| SHA1 | 7e18a8e93046b683ba1379a0474241a636881be9 |
| SHA256 | edf43def74aba860687c0c0778d27d94c896dfa37907875d938190fc1fb4558a |
| SHA512 | a8e71d12074969f3494c8c34ba927054a07b676e2d731a557962873c3bac321ae33a92b0714a0c584d11ae7ed2324878070dee9890c91082ce8b498e814ff36d |
C:\Users\Admin\AppData\Local\Temp\kkwS.exe
| MD5 | 2ab5019af3ecfdb17876f2d44e532e99 |
| SHA1 | a05afad05cdc58c5fd3e98a35c82db324af81246 |
| SHA256 | f0550b252aa1600327ced819e2b905602ad59ea601e721217ed96c6fef72bef7 |
| SHA512 | d6fbb04a5aecbcb2da87b5fc6ace7237c132bbb49af9e9b7686c1f1a0d629ede3a985516289805ef86c57acedf26806fc98baadce746d6398a595cc8ea9d37ef |
C:\Users\Admin\AppData\Local\Temp\YEMm.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
memory/2904-499-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2272-476-0x0000000002240000-0x00000000022A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vIoMoIUs.bat
| MD5 | 16969bb656493aa0530f0719d4d8c7ab |
| SHA1 | 1a193e7108716b4efa365261abe67e10309e4988 |
| SHA256 | e10e0c4e973f507fd9f225be80544ea43b3cef865abb904315b46c0d67161e1b |
| SHA512 | b256ea3138ef83ac92d83ae9b620592f2ca0c9e4f4222904529765f356985340913ac74548a69cec419b3837a343909ba5eff7714cbd5a6d7ea648b3d955b3d1 |
C:\Users\Admin\AppData\Local\Temp\iUMu.exe
| MD5 | 6e54b6c71312c25bc7755a1c9c90466e |
| SHA1 | bb851057826bbbb4229bfec363bfaa2bc9ddc90f |
| SHA256 | aec7b30be4f77c67ecc0e123c587646b27f63c06fb1a5c9dbe14826c6ddaf699 |
| SHA512 | 1f64e3b491f1647f3e5969f3c61d9c04a34682754fde6819a87b68f7fd88e188886efdb3821372579aa778bc6a3f0ec83c671a027cd7db75026748cc83c01942 |
memory/2248-569-0x0000000000400000-0x0000000000460000-memory.dmp
memory/568-570-0x0000000000120000-0x0000000000180000-memory.dmp
memory/2164-571-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EEIe.exe
| MD5 | 294f3589aa18fc5fb7f6f116b3d254c4 |
| SHA1 | 620d4b1c767a475bafa649ab309d2502266e9ca5 |
| SHA256 | 6c984abd8e7092c4cff3069db860f576d843340b6b7b194d8c539c7871202d21 |
| SHA512 | c62afc8cf7584c595fee55eea709b1be63df80552bc687dce2bf233e44c1802622b7e517057f426b9fdb57174237a66c1ecfc5b772687d2f70bec8f5d48ed29f |
C:\Users\Admin\AppData\Local\Temp\qIAi.exe
| MD5 | a9cf797f9c5976f00ec0cb6e1e705fde |
| SHA1 | c8dfba5ff6e1068483300d363706e2bd4cbc4b99 |
| SHA256 | 85acdf3ef2cdb93a516067a3505caf463afb989f9e0d6d800d9702f3cb45e9ad |
| SHA512 | c354f803aef4b95c84b4f7dbde60625f4b4e52a2f644ba144f9b2b941a3bc54b32ee24ac49ff5de97f1421b6b652f280c287673404fa33dab57317e8784b97e8 |
C:\Users\Admin\AppData\Local\Temp\mEYa.exe
| MD5 | 5c3d71238589fa29828fc7fe9a2268fd |
| SHA1 | d41d35b6d4ebb7c39da3221bf164cdd60a487630 |
| SHA256 | 16ab0bef07cb8c5d304973fe10e68d8550c658a7c70c936b5b2760c4e6df89ce |
| SHA512 | 23eab00fd68d08393103d7b9d1dcef60458f53445a7eb9879330b246b19300a91c800999d67b3e517cf8fbabab7fdbe22ec4c0c26147cc5e4162e68ad057ed2e |
C:\Users\Admin\AppData\Local\Temp\GkoK.exe
| MD5 | 74c3ae157d918e85d03c07bd6729c268 |
| SHA1 | 42904b7e6aa47fa4b71081f7c48d00363c3183ea |
| SHA256 | 0db08eb9fc68ebb2b6b367fde39b35329fb5c6c4d2c1d9df24af98f22db87cab |
| SHA512 | cf60575b24c4f6acdef1c3183ee05a4fcfbee5d055237467f14a40d6e2bd6bd86ccfc2ecc1ee31cc9c9a086911a8a826f2e1b875b2a74ee8c5d4745063aaea3e |
C:\Users\Admin\AppData\Local\Temp\CsQO.exe
| MD5 | 47b785622d089d478587de4312f4fe4f |
| SHA1 | cd78f6ae3a698864681aa9151f74bcb87c29b22e |
| SHA256 | 3939b0937b429e99d6e5e78e0727a8c3eb955e993704c43856440e91c10f20b2 |
| SHA512 | 201f21a44740138731577be4bc6663ba3fddfda6a79f2fec8fd8ddc5cdebd60c97025513bb4399530664eb98222ee0c442c55703da39ea468dc6c4b0f1b2680a |
C:\Users\Admin\AppData\Local\Temp\jcAwoskg.bat
| MD5 | 5c5cf4d7d00555f295ab407798a78e21 |
| SHA1 | 256df0ebe3c91494316e77136297912a03863947 |
| SHA256 | d41a0a2a71fe573793bf1e0899d738f5ff8e6b8c7cc122014bfa02be98c33c4f |
| SHA512 | e336b4d9e92e1ee337b216db774e5e8710df7e5f34067d8f6c9abf6d6a554634c3b9cf982ce8834b32e40c795bfd6b494af7c75067192af6fec02ca5c83737f9 |
memory/2664-646-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qwIq.exe
| MD5 | 461a919fd8f86d967d477cc40fc9e311 |
| SHA1 | ff362ec141fb70daa9652806acc81b596d9fb2b9 |
| SHA256 | b1f8de0200a041bb716e1f7739864789bc28b9e48717bb44b229a6f536cbbfb8 |
| SHA512 | 125a731e9258ddadda0856740e7431257be255473cc830f646410ea97fc8bd28302333ee0331ea06e423d1439aa4b651ead08f18e3d900c2cff8654cccd9c928 |
memory/2164-680-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EAAa.exe
| MD5 | 0f948175f25a795203a38318a4daa1e6 |
| SHA1 | a844b30732178814f5d0e7e268a744431fc50584 |
| SHA256 | ecf5c4f34bfb881953fb6ddb91c33169015e955c22e60cba5b4f5438131e7c2f |
| SHA512 | 25d3e43bfe8e3d10b254ee7985d1ada06bc59e8432f3508cb1ae3955a50f07ec48d671a41d0066810a2f7bef28d30c58d410ce7109354d5eb87f296ac6a30682 |
C:\Users\Admin\AppData\Local\Temp\gkcS.exe
| MD5 | 512af626d31ec8218ec368ee9ce82b65 |
| SHA1 | fed7b4141b0034aeec7affc46102b3ed24b2739c |
| SHA256 | c38f4c870dc096c6c3d3652bde363e19f44bb449e082982d0333458724e0e006 |
| SHA512 | 0728c51f8044684d9588bcc50a3de1016139bb9726172ca43d27e45970410641bd598cb9e238c61d4ecbdc4a72b75089b87ed0545bf2c23bc14ee1c61a6860ea |
C:\Users\Admin\AppData\Local\Temp\UYEY.exe
| MD5 | d3cddc08cc15300ce8e1395544f1e1d4 |
| SHA1 | c643eafebef8d8f35434d3dea81bc5ee8b451c6b |
| SHA256 | e535c7d27613263cb1de269b020e04661114dc3327cd8a6fe0d299a1e59a3d95 |
| SHA512 | 9f22891310b876ce00a612a0d87e9735b9cb47e5f8329583b2a3991d1d08d6341717ea56b7936cf5351e802b27a72c72e82bd076901e29d2e6f18e933bb00d43 |
C:\Users\Admin\AppData\Local\Temp\pQQMUMgQ.bat
| MD5 | 559fc64eced26277f3418bf30a95556b |
| SHA1 | 50f5e330faee43ce628e99163430fdf94d198764 |
| SHA256 | 55a622b0b5f9e19118aae67121cdf52a9431c9b866ec2fc7052be9a05cc7e91f |
| SHA512 | c4f8c9b65ba97270b9f6a67b983aa7b1b8a02ec2c10418e8622a97b49e7445fc908c42823eeabcede87308e4c02f70e2af30796e414972b93c0a382191804f62 |
C:\Users\Admin\AppData\Local\Temp\EsIs.exe
| MD5 | f1990d3d91c939c35324ffc5660a8e4b |
| SHA1 | 6f8723e7c991b50d9171631c1d8f0b570c8d6b33 |
| SHA256 | 6bd3d079ab1b9824a923a203244641fe6d1193e4555a8ed5a2173208e900322a |
| SHA512 | 1e8d294bd0db0d16c494330d7295418b10648f8b135547fa47a807e4b17763a2b4b172005ab65845dacf44e36910a0aa6c89ea166a18ec54d5621fa047e8e766 |
memory/2720-731-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2936-730-0x0000000000160000-0x00000000001C0000-memory.dmp
memory/2936-729-0x0000000000160000-0x00000000001C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yAww.exe
| MD5 | 83e811e538b19ae3670c4ffd73934b4a |
| SHA1 | c2f54c29a14a8a56b5de78fbe22230cedafae4ed |
| SHA256 | 9f4a19f2fe36f1ec909398ffbef06a046cc9053faf372ca0ab77fe52b91df49c |
| SHA512 | 6dfe44ea87285ea06ea794fb2b2ee86c2d3a134a55ae4ee9fbdff226a527e800fca62e40c8ce29eff0f3ea0c96dbdec7e9b95239ac54fc7823204c9cfc43faf3 |
C:\Users\Admin\AppData\Local\Temp\eAgM.exe
| MD5 | 9c7b46ad60ce57f75df98c7ecc4111a2 |
| SHA1 | 4ead9c47693cfa34297d2c9c18bf8510d42a2433 |
| SHA256 | 9b75e4388cff5903a83ee5fe251cddc1140119568032f0fbe0a0bc4894c15e4f |
| SHA512 | 838e699a5feeb93c54338c4c2da97be40bcb926f903020b62375032db744be30c2f1443e5de32114eb5bce240940514cf6e47c1f08537be8001cb0fb018e6a6a |
C:\Users\Admin\AppData\Local\Temp\mwIc.exe
| MD5 | 2a927733043afa4f064e377b3a2557f0 |
| SHA1 | ab15aa90ac737c2f77aadcffe8e17b94191f5e82 |
| SHA256 | f2baa91363ecd4a734463ff69f3aba5e916a9416f5c07a383ed137ee48be2a1e |
| SHA512 | 3834c9d3e87f634ea6ec9b1cddc8cfe08b3334dbe25084e4fdbe623dc71cd63579aaba7b957eb0c9cc2777fbe7062dead71ca731a4cfd81dc1e05ea93f0e6c9e |
memory/2664-753-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mkAw.exe
| MD5 | 42abe9e543c00eb9c46da7b7330520e6 |
| SHA1 | c5b00add8888e4e462fb056a6badd7b4dcfb8a9b |
| SHA256 | 7c0103ee3cc2dd11b4eac51cd5af9b60953b756a6fa225d2494f667c0c24ef58 |
| SHA512 | 28a70960646c870ce5bc8d68d92542dc317fe945cd051bed82da7f88f42a0290485cac0e8c35457a2695f25eadb0b820fe079f9477ba0ffb9e410748f7667cef |
C:\Users\Admin\AppData\Local\Temp\duwAkAQs.bat
| MD5 | 0e52652bb8ec015af47744d643258e78 |
| SHA1 | b2bcc915f277aa41713bfee1cc12e50464ea4bcd |
| SHA256 | 807c58996b534c8c36fe888419a7bfba149d9382950cec26ac988e83a9e80289 |
| SHA512 | ea645f85d45aee579df37de756d8c5a33561d2a2cba98ce01d7284b0c1e5b8d1a92418692f789b3abe77ab0ee16fd997cfbd8d43d03444e426f639df5bece4aa |
memory/2972-815-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EoQs.exe
| MD5 | bbba5a18bcf96608295643cf57a0fb4d |
| SHA1 | a6615fa26db30d2f3c67bce098f99413ea0bfcb2 |
| SHA256 | f2fc0837c88cd2e75ff3b787805f6e902cb53039b200ca2b69e3b34075ad67f7 |
| SHA512 | 9b2ddb4beff85076fb1cb1ff96ff5d065580870e821d26c47a3acca90574e76bf2e30610ad7a55fcd0150e28e7ceeaf18f9aa2db0513a4ef705523cade7cf15c |
memory/2720-824-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WYcc.exe
| MD5 | 9a5f24cdcf5aff52687aa29e543b6324 |
| SHA1 | 4d4ad90a909acd610643bd2006e907f4c9eff3fa |
| SHA256 | 9a3dca2ac390a754a83659331a73c019377c7c6eb6e3a492746b33c1b4b73c27 |
| SHA512 | f94dac6df34d3698163acd782177efb47781d7497121043291d61b325c72ea258fb4feb9ccae5d2d1b200f59f25bf1469996ea6a8e96e5f8698506ab03c56b2a |
C:\Users\Admin\AppData\Local\Temp\uMsE.exe
| MD5 | 48186ae9e418fbcf76d598325cf91b2f |
| SHA1 | 0f739b8b66e5720687a0a685ae722ab162a4e066 |
| SHA256 | 458957e36788605de99eda3f4a94b02db1dea47d6eccaaaefc85b22ee4d58cd8 |
| SHA512 | 2ecca20a3d467eb6968c3036e93387cab22be1adb74f694b80de046ced00b54bd61809fb012c2185b4b9dad2c4cb673bb2666eb969883f67932e8cc3da29c0c0 |
C:\Users\Admin\AppData\Local\Temp\KEcO.exe
| MD5 | cbac0833d6e5b98980dc061f50ff425d |
| SHA1 | edb5d9425fcf30c962b6f797e8eb9e4db7384c3b |
| SHA256 | b72bf03b91c18f5f4664e224e60a1d2bbf936ec013ed44f2b7acb719f8186082 |
| SHA512 | 861b6b347bfc00fa8cb27709c0037402567799a6a1dba2f7802da5f6b9c32d58460954f97900e44c7d79fd5fe7ff2333f3c3b43b97e9af54a32308b61f3b78c2 |
C:\Users\Admin\AppData\Local\Temp\UIQu.exe
| MD5 | 2b3446905076ad08ec8c92895c0adcd1 |
| SHA1 | 5b4a23cb4dd8389aebd6db742cf33707f4a85a8c |
| SHA256 | be5a36e4f2f9324197528426c4c4194f7dbab708e609b937204e3e0cdb985b00 |
| SHA512 | 2487c546a67c19924b500324f2ff91c92bb994514fb3178f0b21fbb4a5029df7ac3213946fc8d35de3894f031269f4007fee16c80e75603e3dd2d605c0e4cc72 |
C:\Users\Admin\AppData\Local\Temp\EMUQ.exe
| MD5 | 5c44b65c73515a83594ffa56f1b2dd43 |
| SHA1 | 1c4a243d3248ca783a740d8ccf3f1c819053099f |
| SHA256 | b37d11515a4cdf9bde807fb77a5e15c10e0d0fd4c6d4dc0324e4d775bc18502e |
| SHA512 | ae582c5d6fc14e429d3849ffaff76feda0c86967cf52372eec1f39f8c523f509a7264ba85c2dd06ab2af48ecdcc7234704b59bcbc92ab1a03b81b8c98b7a4435 |
C:\Users\Admin\AppData\Local\Temp\oUscIcIs.bat
| MD5 | e4cee5e88dcc3cfc8341f0a15edc343d |
| SHA1 | 2459e7c53379879e6cedc14a0a8b48d378fefc19 |
| SHA256 | 082d7954a9989aeca5f75a9dc10f18df64a3af4dfe6899ae02ce2d57c39b67c8 |
| SHA512 | a60aaf620e3408103a5301f3174873c24786d563c833f1c1325dd63edf74393154fea5d09fb471d566379480a2fe545f67dda7db9566f1086935f18b5e8c9fcc |
C:\Users\Admin\AppData\Local\Temp\MYYa.exe
| MD5 | 8960481fdc8232bfb2841b091eb22bd4 |
| SHA1 | d89977c2d7ebdbb25578878f5b4c0478795af550 |
| SHA256 | 309a6e1cb934f0e023c6712f242570b57ab15e7b1bb35d7534a920645c3c6990 |
| SHA512 | dd36c179bf98c2d4dad4911b7f21af0da800abb66f4b8b9e51afbefce6434455b0d89e34501dce3589ddd3315580741c95375c665706ee9fec836e44e543c52d |
memory/3016-912-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\csAI.exe
| MD5 | 3de97e899521ed733846fbee8e1a6d4f |
| SHA1 | 33017a7b39e6dc81e5d15ad1cd27acc3d0ca63c4 |
| SHA256 | ac9b08053d45f0d89fc3db3e6db79f7a274eef2e16a704f065daef43a5fe4edb |
| SHA512 | 76e5acbbc224b56d23f8c5794bde3c68dace3d7b252c0d78110531aeddb63f7884fa202af8610c86adae4a4bcd252f8c378390001ba59f8e889f2f8b3ade9764 |
C:\Users\Admin\AppData\Local\Temp\YUEo.exe
| MD5 | e13c0a103eab496e00d16fbee7379fad |
| SHA1 | b5205a4394574a11835c05aa431d226fcfb34eab |
| SHA256 | 94f3a9bc82f7bb805390f9c00dc5448db08e076a257a0fd2af23d0e6e50e0e7c |
| SHA512 | ba2fcc016e0df5061fbf4c49863b383b5bd807a165273263b9ccbb40b43edcdede0e1040b3a9c1025b3500eed8659e6801e14231bceae6073c35d7b97be2d68c |
C:\Users\Admin\AppData\Local\Temp\IAck.exe
| MD5 | d3768c8a14ca0b119ad7704795f61710 |
| SHA1 | f134b9e00115720264e54a66915909cd2e108100 |
| SHA256 | 22eccc2dede07f1571a303f6d289b7bf0822c147b86e4c972bbb4e508d8e8b6b |
| SHA512 | 38a4f2da05a679c7fcf26f487d127766329ab2faa5723b2e3a7c6154ee9830c1f825743779c3d3137aef74fb4cc0c038efc86a222b5308f4082f2270ebb56c3b |
memory/2972-960-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GYkI.exe
| MD5 | 893e61d7901cc7d66d2682f6ae0b006d |
| SHA1 | 068f80d724db04b3d26a04add02d76462737753a |
| SHA256 | 4ea0e33da526ae787d3029edb548949206d1645344137550ea8c4c0d9228f373 |
| SHA512 | b4392a12780bcbdbc8eac10bd4de1d5a5d8a895b9ba6340ebe2dc7d187b05b870626b965cf11be2bcb042fca1626672dec4f9e9fde36695e54dac8d1d265792e |
C:\Users\Admin\AppData\Local\Temp\YwIC.exe
| MD5 | e7dd5dd825db2fcc3daa178d8044d93c |
| SHA1 | c57a77e11422f3d9f026a52b87f011f91bebb643 |
| SHA256 | 0cc764cf22f11f7d808f7fc584cc64093698220ac778253590a0f62a2e804ab1 |
| SHA512 | c61a2c7cf324dac6d8b35bf089f6f388af679d2c4c1631ad24899794f729d5695f0e41dacc2d9d22d95337b260c3a91de618915a6046a403fd21a479b90f375e |
C:\Users\Admin\AppData\Local\Temp\akoU.exe
| MD5 | 0a8fdc937ad5284f55f92c003ccc7ee2 |
| SHA1 | ff057959b1f329bd77bb8f32495fde91780490fe |
| SHA256 | 09c4414a0418a9be0b0a57df552410300453be1217878caf50b0616cfbabd7d9 |
| SHA512 | 554850c2ef2bdffa3b3da2a9a981cf50a8e584c0a89c4cd21f12f089fd4130de41b92ee0c2345e4ec8b164b7f33f4f3cd17cab4b6c51fb4400c0889ae84142e0 |
C:\Users\Admin\AppData\Local\Temp\uosm.exe
| MD5 | a9d6818858ff27747897f02e35422c94 |
| SHA1 | 66adbbdfc20297d1c59285cdfd611937a437af05 |
| SHA256 | 0b6389e927b12a86a894a1d7f736a4079db99bd5c6be4178bf8d00428f4ed54e |
| SHA512 | 2483482247b9c3f666c2b811658cb9c2b21633de4f1025769702e89d58262330a48e6a442609abd34e9cccc771011194298d96b837675f0375a7c082bffc9a4c |
C:\Users\Admin\AppData\Local\Temp\kAUEEAww.bat
| MD5 | df93a7204eaf7c8f4bf5c78706de023d |
| SHA1 | d4ad69bf01d8d15cb0e6e1db9593b13b78dd16a8 |
| SHA256 | 61badc8caecd5336858f2864e0e1e1b3a3171c3203a3e9d82f34113bd8a5bae5 |
| SHA512 | d6c6372519fc06a134ed35b5659a06207f5b1ffaf8092d8c381f7c3c87700e6c79563a35d2a8e494f77f2e7ff5d32e703a002a319d615d171e7b371a5e0436cf |
C:\Users\Admin\AppData\Local\Temp\cAso.exe
| MD5 | 3cd3a0aa7d197bf04398eb63e153506e |
| SHA1 | 704d65a3c6e6024a0fc14348c9d577568931fcb3 |
| SHA256 | cc11a7d1d777e77a20bf83d3b52c8d91f3421ab6526baf4e765371d66a1b3b61 |
| SHA512 | d538d91d3b2f55a563eb792fb114b37446eade1a4a945bc393fe89e9144264cbffee2122f15885142fba929253df620cfde5339f72573b5e3a77bab4deeb335d |
C:\Users\Admin\AppData\Local\Temp\EoIu.exe
| MD5 | 5e59e7f49d141d3288ad722b9493cde6 |
| SHA1 | 5be3404ca16dac3085f17c561b0d3b9a46c1a44c |
| SHA256 | 4b7668fb97482ea2ce450f2e3845eda802378a6d0c397c932346528f998d73ee |
| SHA512 | c628df66237c43bb2770e91de36ae45839e4188d1fdbf0f197d8ca7e34ad341179e7a92bbadf8b8bd0313e8baf99180e56fcfeac7d0303e9d1a728523dd73f84 |
memory/2328-1049-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1892-1048-0x00000000022D0000-0x0000000002330000-memory.dmp
memory/3016-1071-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CsIE.exe
| MD5 | 45668d9cd305d42a2ed6523da44e57d3 |
| SHA1 | da8f06718ebe659564c31edcb78f68488a3b6a77 |
| SHA256 | 49ea1f6a34bdc7fef7f81feb4b2980359e5e65a5890ff7adeb70467664155933 |
| SHA512 | 87d6e51ab0b237359991ea5a8f089a3e1b9e294d8836cfb6b092effc8f95feab9c19f7f9b06471037940572ee201603d352a6be4ff4e80aa8db8fb288a4b6d09 |
C:\Users\Admin\AppData\Local\Temp\kkQi.exe
| MD5 | ac3bb501835dddc9ed7596aaa833484f |
| SHA1 | 5611f0d691ac28c266d7188d04bb2d4b40f6a0c4 |
| SHA256 | 047a4b2888bcb14b801d57878d6d5398ed9b751cdcf95def846f64dedf50e01d |
| SHA512 | 87127879c1b059ec90c641d60f2af9cbd2f3dd7dd22ee47da1763156c401ba1f9a11cfb38cc9700693c8b9a4174e1328aa7f6041c91a60105d51027301fb65a2 |
C:\Users\Admin\AppData\Local\Temp\wkMA.exe
| MD5 | fbcb59f012485f1fae1a460035047275 |
| SHA1 | bcd53abc757c0b497dd1be657720aafa224e307c |
| SHA256 | c6ac21fdd072547d987f147f1165f92112af458b782575641352362945c4d7e9 |
| SHA512 | 5541f579ba81387d8d16305c95df93bae2b238b50b15d875429900cb76088fc4e17eb1eb90b09fb97ed321d35e1d8b34269a16ea9c07f859b5483b6f645ce293 |
C:\Users\Admin\AppData\Local\Temp\UCMMAcUA.bat
| MD5 | 62e4383a93a315d6a810067bf87f9641 |
| SHA1 | 099f6e34b8c27f3ed1328148bd93d0e540703618 |
| SHA256 | fa9d2edca0a9af4e1c2f67ce86193ce779d7c06945d05a4a19415fee3ba65315 |
| SHA512 | 6eb220432137132fe673afd6b5e2275fbcb975e9ba141547071e4984d307221ccc1c33aca9c14a4a0fe06c0ab73373fa203fdb838bfa9efd8b990f824e29a6b1 |
C:\Users\Admin\AppData\Local\Temp\Oscm.exe
| MD5 | 6f75a1c981b70c57b5c0900e263d9039 |
| SHA1 | f827a46af40482290e0b13e133806b317c4b5d2b |
| SHA256 | 39f12b36a58a71fca3232fd7e2a31ae436e9815c0fd8ef0afdac1e58d649358c |
| SHA512 | fe5bf3e4fe1b20f30749186a27b2ac9111833daebc896684715c11247051b493b11842011dfc79aa7362cbfc8d361210342e192c054b95cbe6ce6cf67d7de31d |
C:\Users\Admin\AppData\Local\Temp\CkkO.exe
| MD5 | 608c30fdfa3defd2bcaf0c323cfab606 |
| SHA1 | 1da211214ff788eabaa2a2b4d801496f5779ded7 |
| SHA256 | d268931beb628a0262e35dbeea22801332b31cd53b5e9aa655a8ad74fd0cc798 |
| SHA512 | bfb61add5a38fc28fa5ab14f71eb5941354cc17351145c58c6cc3002423cdbb26ba8fb32e8b9a44a975a0b522d763aa37958c2e1471dffc3ccb3065202305dc2 |
memory/1640-1142-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2328-1141-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QkUW.exe
| MD5 | 282410b4f281fa97655c10eae577942e |
| SHA1 | 03199b33f4248658a1942d87b836f15234e2fe8f |
| SHA256 | 44a50192bbe35956dd9f7db69e24943e06584f41c5459d9b2909b817eb6e700f |
| SHA512 | 0ace008a9fa4d7be5db95e7341152c7c65f1f7ae571178181799e5c0401cbc2e71b171b20dca40787ce9330591ba3f57f6358594d995f68a4d935364bdc2023b |
C:\Users\Admin\AppData\Local\Temp\YMUm.exe
| MD5 | 3c0ae44970412822770d7c8d737d6aa5 |
| SHA1 | 1a32367864b5c2b90229a810cebdd565a967322e |
| SHA256 | 56fdadabb64342c01b302c4533b60c5da84ea151a9d4c0b130033c51f0929b96 |
| SHA512 | 8ac6b07f94ae0ac7bd4f2784228c43fd3401d58524bdf55f9da3a218b452103a27b598869c4852cc75801a7b7d2d2a2533c55f24ac2e8f6971fdb3ec2e8c3c3f |
C:\Users\Admin\AppData\Local\Temp\GoMS.exe
| MD5 | 8cc2001fe07187b2f79e5d364870f2f3 |
| SHA1 | 143485a0d5ee8059dc245f8e32d24edfde2190e3 |
| SHA256 | efdad3331e9a9fbb23f9c4fe50a3cd991493a513e287ae0aa6c005fe982321fd |
| SHA512 | fd2d41b90bfe80cfe0c6c8b2b7fb0f5f22ebba0281ff63da27aa039496ecdaa2b924c0822811703415685798a9f9e4e84f1b1c07b5488bc9a158a6f6603f859b |
C:\Users\Admin\AppData\Local\Temp\qwkg.exe
| MD5 | c643793ada090ce5663415bebba70eba |
| SHA1 | 7cd02d89e83c1138a31af7f2bf5a058e46b9f467 |
| SHA256 | dab84f223531ce25dbe550e55702ef949029e56b48b3ab881dd81d19ecf8cbc6 |
| SHA512 | a7fd3ece4e3414959ed683b8f8c1aa46bb7107f0748ae979a089b1fec6c8ec7aef493425b239eab222bc80d7087faa024a0a75421b7c8b2fce1294747b3806c6 |
C:\Users\Admin\AppData\Local\Temp\CkUY.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\SwoY.exe
| MD5 | 720386057b7553bdb876d395c567bc69 |
| SHA1 | 18dc1f4f77194af313fea303cf19a970ac985229 |
| SHA256 | 3f2a1d4c0727923e131fa87351ca07191eceb093ae949c9d82950c79274f2d4e |
| SHA512 | 4c95d1d35374cbb4de758dd976cd152fd553977b92bf2d0bffd2f6d135495a2694fbc62ffc519aadc3bcdec8fc1f5398a2ea17bad32e5e8627b161ec39da6359 |
C:\Users\Admin\AppData\Local\Temp\QgAskowk.bat
| MD5 | c6035fcf2e20978d5d80e9710d6c391d |
| SHA1 | 3ec6ea178c029d1aa9ed8bfe4f00af31133f7ee9 |
| SHA256 | 89212ca98d6500bc367ea1e583ddac9fd2016e65a776206f87ebfbd6b146f6b6 |
| SHA512 | 22a8a00d99b5c5c51bd5b691904522b5fbcb769c93ed9178b0c1b984b72873de5ea265cdd69de3356861beeedcb818f0e02a7e09f567da963dd3c400506574f5 |
C:\Users\Admin\AppData\Local\Temp\IYUu.exe
| MD5 | a229cd5c28fda9856178a8fcf74b9a1c |
| SHA1 | edcbf9dd977f6a788a38ffdde5ab4edb2e35d6f4 |
| SHA256 | de58bd39ebc67ea608bb508b4a658eb42c8558fcb58838191de7a7a4368f45f7 |
| SHA512 | ce84e3ab0cd7c2ed3b65aa4ef68671f2dffc840151f2a4fbe2cc61c3ea8a811e9795d353d110d8237a7c4b669d1085531f539bd07cf1a05366d1dd591c16a867 |
C:\Users\Admin\AppData\Local\Temp\uIMm.exe
| MD5 | c71b2a2e8c1d7e1de42429f063874f28 |
| SHA1 | 01a76dd75ce6e56da5d306408202cfdd0a2ff9d0 |
| SHA256 | ca58ee76aed85bc31fa19a227a61104b02f140346e2a0761209c6cafac0452d1 |
| SHA512 | 9ea705da6c6921ee0e03525eae7bc9e25f79695a0388d3a12d2438a42ba9af3288ab574f40bc3ec22d1623097ef8d7dd42fc01f910c05006b2de67b276efe5b0 |
memory/2372-1231-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3008-1230-0x00000000003C0000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qEgU.exe
| MD5 | e3da0658145917b31ef6d512457fd5cf |
| SHA1 | 9bd170976ad941b1f214c77266088108dd4764c4 |
| SHA256 | 7904e41aaa71f6d0f99e6329accbca0f58e71ce06f2cef7576eeff648ce63257 |
| SHA512 | 0692951e090fbf68a6b1a7e98d47ebd8d8f9571228e996ea3f33e7bf74a071d18e581f0f75eccf2e26632ba3971ea63ec03b2372d3aaf1e84cba18b2994c2801 |
memory/1640-1266-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rKsgwcsg.bat
| MD5 | 01750a1cde6c2a976313abbce0fd1a37 |
| SHA1 | 96d06e044d409dd989a3a94d36082f640bba9170 |
| SHA256 | 74a5dfa71eda5f613157ff981976990f324ed17c7c3b397bf6b38685ea6ff24d |
| SHA512 | 894df9ef4f96fef96e1929774c48c5b4968fb5bec2bc7d4352cd3ddb882c9d9990c90612d1ca5db7ec46313ba986de5bca6738d1b11b7da70ff03c2aa2625b83 |
memory/2372-1284-0x0000000000400000-0x0000000000460000-memory.dmp
memory/896-1288-0x0000000000370000-0x00000000003D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OkEC.exe
| MD5 | cd7254b011402107356351429e8339cd |
| SHA1 | 02ac403fa99b5f1d4f1d2af4755fecd3fb420ba4 |
| SHA256 | cc41b74b5977e074585fd777de6f098076d58d8108d235bea3eeacb31c0de47d |
| SHA512 | ca75a39639a2413e17ec5ebfc2bc2a9714f88f2e418ec23d8ec621b0b5b196913be9a6e9144f6ba2905ebb670108c8fd43e0dcc9163410b03eb0872bb5d4310d |
C:\Users\Admin\AppData\Local\Temp\kEUq.exe
| MD5 | 4e59e677596f580f3f508cfdb87db996 |
| SHA1 | a0687340c4fdcc624ad09514ef77d6018b1ae6f6 |
| SHA256 | fbe8371790e986a04faee8ec7ddd0dd9c7a2524c4c4907f140cbcb7432f7cbce |
| SHA512 | da1889dedfcce4bc80893ff944011686ce5737f1a8a5e076e3bcf6d4e8e670c4bf033dfe50f8a597af0b817df7b2bd897a4f82c51fb4cb13688300efa89559ce |
C:\Users\Admin\AppData\Local\Temp\yAIq.exe
| MD5 | 7c51f8640fdc8ee2acd5fe197bbc0fe3 |
| SHA1 | d2de55d68cc96cde6dbf5f0982b00d7fc548fd77 |
| SHA256 | 8aeeccc5c92ff2d9c8e1167cd1ee9f13185af9e4dff535723901e57f48a2be7d |
| SHA512 | c062b1fd22736c3b9723cfaf8bdc42e708d5e3af2c9fc6e376000b09dc607146dc0dbc9602f1887deb9b1ec0b282e8c2fc8327885c433aa6142e047464bc3a0c |
C:\Users\Admin\AppData\Local\Temp\QAcW.exe
| MD5 | 519b09678bfe61ab9258a39a9e196e37 |
| SHA1 | a437dc6d61a7ea362dfd7a8c62edc8145fe3fc43 |
| SHA256 | 9c788ff3104db6b5d9b9ff897813802f0c2b9e662d8a120092344dfdcb87766d |
| SHA512 | 06ae6dc3875dfc7dbe6d4c6729b897cdf29af7590f26d569cbde22cfda66bd6d543bcd6956af2ad9073830158535676aba017e4909458b961ae9ce3734f6a08d |
C:\Users\Admin\AppData\Local\Temp\RuYwowAU.bat
| MD5 | 4f07a3b31744640b0d6e4ef6780c013b |
| SHA1 | d2f56efe8c6a2e0db453ad0bff90b765b3785822 |
| SHA256 | 407d9e03257ab7f82a544305d8142271ad7bab557798d8667901d31271e226ff |
| SHA512 | 2cb786ce88a577a0344c438a6c02558af686aac21e412185599f06ff95f2d10bc7804c577531835831a4923ee6685b71b1178fbb5a6efcbe5f8f690d0a3dc968 |
C:\Users\Admin\AppData\Local\Temp\mgQy.exe
| MD5 | 8b0e9e35b4142601dcdffa31cd04643d |
| SHA1 | a5db551b6a6ab8c7080faefa9ca51a03e1333b90 |
| SHA256 | bdc482301779dabbc9d847e837b8d4dfdad45c19a66ed423adbc94ca2922e269 |
| SHA512 | 2959f94173a84d9b74a2a3b0d20079c01dc151a3963e8ec323f275966fc6a1bbf39d4c992fc3fb17402e36effada2995780f2c4db46662286a1cfd7b4db0d23a |
memory/800-1369-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Wwgs.exe
| MD5 | b91cd53bdea6af77605090bb747e4c39 |
| SHA1 | 32766078954fee651ebf4cff097e8e15d971d750 |
| SHA256 | 58753d89945ac7a535a39e4e790765cccb2da4eb39b0f9749f5e20f8bf785907 |
| SHA512 | b444042ac00b1297426967f168c4144fff2b72362238113d4e2596d00fff8b7e06b9f75f587e0c105df45b3a75e3936d1f50bc0b93c39ccc609cf72cc353c632 |
C:\Users\Admin\AppData\Local\Temp\jWkskgQs.bat
| MD5 | 5de6fb3236d74270d35e58cb0e821910 |
| SHA1 | ff5b8cc9e45b8fed4ef61c1bbd9191487c6ae4b2 |
| SHA256 | dcb42395080a62781e25ea23aaf7eb3a78e3eb06465e5bf5f4fb9c014f477749 |
| SHA512 | 3ecdbbb14f8293290d55db42ff25085aef16c91bb60db4c8a2c71219c46cbc5d89526455f513cbfad2b5148935691eebe2ccfd00a16ed1090f7027f58b7f9a27 |
C:\Users\Admin\AppData\Local\Temp\GoAo.exe
| MD5 | 81048fbf10dc3344e16fe8704f1d61fa |
| SHA1 | f340f43431c40b2b38ff0366101a7d715a6902d5 |
| SHA256 | 51ccd55596e441599fe895578b6c43bd705ac016088c718f2005929487a75837 |
| SHA512 | 4ed3ab17e3dab272ed3e4961b59672b9b6a80d9c35808227235b5f420c90049654cc2b77b4d582e0dbc3dc26e10fe71091257b47b685c6b5288f304339df4364 |
memory/2132-1375-0x0000000000400000-0x0000000000460000-memory.dmp
memory/860-1374-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2956-1407-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2864-1406-0x00000000001B0000-0x0000000000210000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Okga.exe
| MD5 | 7fe506efccaf8e7c6d164f2e473653e1 |
| SHA1 | 124380862350716a3900f744b10738dc24448898 |
| SHA256 | b17ffe70dfdc27aed4991e891e9cd383628b3e2186808aaba65b6c1c120dc6e6 |
| SHA512 | 414f436db07834cd8e5d05674eadd366b60b926eda964b9aa96a0f8f4e1edea7bf7a917280930e018c74950d28004fe37c2884d58907c08e414ce6f1a435e46e |
memory/2132-1429-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eMkK.ico
| MD5 | e1ef4ce9101a2d621605c1804fa500f0 |
| SHA1 | 0cef22e54d5a2a576dd684c456ede63193dcb1dc |
| SHA256 | 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0 |
| SHA512 | f7d40862fd6bf9ee96564cf71e952e03ef1a22f47576d62791a56bdbfbff21a21914bfa2d2cae3ca02e96cd67bf05cade3a9c67139d8ceed5788253b40a10b32 |
C:\Users\Admin\AppData\Local\Temp\zesgIwIA.bat
| MD5 | 66f216cfa9ca82c000fb444cc40527bf |
| SHA1 | 39dd632f1c97e618878c1f65dbe2a0de3a5e7063 |
| SHA256 | 19f3034bdfca2f45267dbe31a4090ad734ac5e71da6c2430a368f2f02cdbdd9e |
| SHA512 | 4e1fc0afea28fe1fc844c7681c2008c6a4045a03c20d58daeb3332e5b6b651d30833ee0db3e00920d0390fc720e76f0454a6ac682f1613dd5e131eba3ae84001 |
memory/2956-1510-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qEEo.exe
| MD5 | dddae8f23973150de2559484ca1f48c0 |
| SHA1 | 7d609ad892d30d2ee9f752e3f5c290cfde9568af |
| SHA256 | a37bcf1f04be1c86a8eeb7857c01eefd3eb998ead15fb348ef58a06c102a8ac5 |
| SHA512 | ea7415f026e19d76e43ba32ac9fa718fa6c86264971c8d16af3bc9084c6d1052f2f1a52d95746a6cd061efc7ec57e87aad5e0ea9766be7215ab35cd6aef21f35 |
C:\Users\Admin\AppData\Local\Temp\skoY.exe
| MD5 | b0134a1a01b9daadb1e588d8505ad373 |
| SHA1 | ddde9c6ece3a921c489c81e1ad719a4b546b1973 |
| SHA256 | 652316cdada5c0be17e054301dcdacd2db86b0fb7767430e3bdde77d2e41a867 |
| SHA512 | 8b0f0afd7886568e4d6f8a3b8e43ee00a6c03f4541838c8caf5c5b350d07d182a5358d534fdb1d7faba4e0ad92300c8bcc07be9b9eee189511a36ac3b7cb5e43 |
C:\Users\Admin\AppData\Local\Temp\QsYC.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\EkAk.exe
| MD5 | 03fb3560cf8a1a83bb6eaf71ccf438f6 |
| SHA1 | 3116070946978c129b6e4af520660489d6c0a407 |
| SHA256 | a5de449f99fbebba69cece269984220bc22c8502933157b5dccd399ca445cfad |
| SHA512 | 927361d42397165c38b653bb99534ce1c8913effaaf94cf33e0ea18ca79f5445d0e3bdc9263bf33195476fb2150e7d8e0255cdffd19084d7824c034b46819c54 |
C:\Users\Admin\AppData\Local\Temp\CkoowUMA.bat
| MD5 | d9e15f56c572a1c8f7c465697fddda16 |
| SHA1 | b143972c0a40235fb3be1b4c02465e0e6917a98a |
| SHA256 | d7ddf5a953dcca3a1a45f2271ea386422776bb8c096b689946152ad17b8ea540 |
| SHA512 | 1851ec1e20b27bf7da36f9ee2462f66e9b65eb455788dda7c00197dee21c91d02dfdcb930ca84a4e3df5c34af823ddff380ba383880ce0d2a6fc202f37988cbe |
C:\Users\Admin\AppData\Local\Temp\acMI.exe
| MD5 | 536173fa10115ea08c2e82646802b41a |
| SHA1 | d4a89532f6bc707b79c04c355213610f415a3a5c |
| SHA256 | e7eed1e9ecbb42d3eea03a67fbfac7af8756e503aec1af747feab55ba8428a7c |
| SHA512 | 7e389ec162fc186476c4291f7edd3919aaeca2026c931eefdf37209be6d1c4d6f0bfd3fe22e7148f85e6d03e0e6858ae2c798c81865143a2fa944ec48ecf7fd9 |
C:\Users\Admin\AppData\Local\Temp\uIwk.exe
| MD5 | 13e45d44115b28532c92b205acd2696f |
| SHA1 | 0638d3b825425e7536e75461b5481b7c42257c40 |
| SHA256 | 9d7e74a5cac019f2e300c03ae85c4d135d9d5923de5d6a251849e85a460af1a6 |
| SHA512 | 3913562d538a9f94c91124310c8a85e490fb34ed23e88f52bc945c4613dab7e9db165b6f507679a0ca674fba203c84135425dcc12ea94feb93daeb172b72345b |
memory/2892-1564-0x0000000000190000-0x00000000001F0000-memory.dmp
memory/2892-1563-0x0000000000190000-0x00000000001F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AQAw.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
memory/1888-1511-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1792-1499-0x00000000001E0000-0x0000000000240000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\icga.exe
| MD5 | 5409c8d506837f24c4ba4eca4084504f |
| SHA1 | b49465f60115d9c8fbc78aa23498b179d0446754 |
| SHA256 | 1cd22a248d3239a2c618c4564b72673d41d55634e01880f3f57250e59344bad1 |
| SHA512 | cb1878a954e9d0c90a334680c79004b6739ea8e9c481bc7af53409241b1b8fa2110fd0c766f7021e16b0ece4483805093c46f27c748f264f221824c1729ff13b |
C:\Users\Admin\AppData\Local\Temp\WQAm.exe
| MD5 | 9fda1eacf3710bc8076d2c2d7e36c5e8 |
| SHA1 | fc2c8dcfa53e023e14a822eee064fe6e4fc867ba |
| SHA256 | 7e64b2599cb2c7229b7b029d8c64adfa5d07fb254ad88353f31f5ae96d87317e |
| SHA512 | 9d05f22dbadcf32b2df0d2baf4164e558b13bf8a012e83a72db32acca4183ff79e27deb4bec80aed3b51ded2a026dd4c76cc42a857368970a5510bd8a7b1c7f1 |
C:\Users\Admin\AppData\Local\Temp\Oscg.exe
| MD5 | b2a09785750a58e0c4910b321d832142 |
| SHA1 | 20538b569c7f86e55db07e688364758454d263e5 |
| SHA256 | 735b97ed23ce9781eaf31f9b49d3d0e90fdb643ca3be3c25ab01a34ee09dbf31 |
| SHA512 | dd9d9d5d2f81c02b8a491404f841c9d86936952034784dbef7153aeb1c48000e7b592cbfbed0c7ad443a4ebbb69aca2918b44fa748e099304b6ad2235e532c6d |
C:\Users\Admin\AppData\Local\Temp\MwQw.exe
| MD5 | 2336f211d6eda936909ee80a573eca88 |
| SHA1 | 1fd320d106c2268f213cc3b08411df496620b381 |
| SHA256 | 71634d9c9614a8b6ff550174a8ef452821d31d8a90231701632249b9d628ec98 |
| SHA512 | ce12fb9b49e333d8d58ec6c6eee1f9d2385dcb6b5d2ac0b1394861b8663b23031669c1fcf87870330bf9fd8e723dbc7af513f8ab24f0509073b9d87305d9a568 |
C:\Users\Admin\AppData\Local\Temp\Wkoc.exe
| MD5 | 62ddd9f5d294edff2360b5d915639bf0 |
| SHA1 | 54421e0be5a379673277b098c6d3729e02fface0 |
| SHA256 | 3465ff7cc796136653ba41ac22ca480e84a67607383a5b1ae3bca90e3aa94061 |
| SHA512 | 06908fba3af6a07677599fbda2f98f2363bdaabefb7017ac8c33ba336d29f710977ba3407c219e50acb145c68588d47624c8d242d651fad7a1595b6669a63b5b |
C:\Users\Admin\AppData\Local\Temp\cIAo.exe
| MD5 | 78226213ef49f862ea4cd09d0586d45b |
| SHA1 | fb6039dd3a67d4388b7dc9d243bc9cf6cbbc3a17 |
| SHA256 | 68f689316802fe48eeab9a2e89eda4aec0ce2988b055e271f12a42e34c085ca4 |
| SHA512 | 090ccb37eea40679d20c66eecb974d027fa83f43148dba9d40e0c794f52118510763e67fb0dedf06096a6376c2a07c2a6f276162166bb15d2e60bee40bd6c3e6 |
C:\Users\Admin\AppData\Local\Temp\KMwI.exe
| MD5 | 5b04c917ffbb9f3b7f2cc4b2f126c8a7 |
| SHA1 | cc440232d8a76c57d8b67b6fa57c333915748407 |
| SHA256 | f206ede743a8771f6b51f87fb04a6d75d5eb020ef52bce44bdda3b318979986f |
| SHA512 | 691ec2bff693f59b9e7efaf5e9edb5145c5b931c19ce16395a5b50adf5c7d14030864e6d5f2d203ad10dd559880e3835ca3e89632c6a9654c0d803355cd80b54 |
C:\Users\Admin\AppData\Local\Temp\ckoEEYIY.bat
| MD5 | 335147274addb6ec0562c5b7eef53f49 |
| SHA1 | 2a0769645e3dedbc273dee95c1c7b28aed47cce7 |
| SHA256 | eac87fd9a42c01ede40523e54434e615b840c58584f8c9aeba294e887b977d4c |
| SHA512 | 1b2b35f94dda739057b3620ff4bbef4e381e2cbd41fe9b3cc4f91d82b682593e4e142905e43f3b35d283d666b83e182972a598e58ae135da80133d09cd2b9759 |
C:\Users\Admin\AppData\Local\Temp\MMUm.exe
| MD5 | a3be6d93404b68c03b5442656e9afe5f |
| SHA1 | f84786f5a6e8e47deb616e898609914cc73af336 |
| SHA256 | 8e16ecf2a34578bcce29b45e7327c7746f8483de31732701897a7c0005da840d |
| SHA512 | ff53b1253a3a4a644fd9cdc12c21c277c19ba37097f94b842dbcc4f4f4b658da40607808b7df37698d4112ff564e8de32213ebbbf9dff4bf45d2f81994912937 |
C:\Users\Admin\AppData\Local\Temp\GAIy.exe
| MD5 | bb95ffe658713b4c1cea99b7eb260c5c |
| SHA1 | b38b8ffde824fb2ff21023c6b94bd3118945007f |
| SHA256 | acd47b6da80f1cce2d8840f22123dfede1afc1ffc2a69b2f8a2e3cce96050759 |
| SHA512 | a8b4e2d85b3ac4d4b499289699cc772bd7f9a3e96088a7f2472ab9e2f5415a743df4526db3dd2100ea4943c2e0ba076fe12e4c32f410867239acb44ee6daddff |
C:\Users\Admin\AppData\Local\Temp\AUEk.exe
| MD5 | 9544bf91e72d9c669275e137bc406f50 |
| SHA1 | 39d8c8bbbf284e35ef7cba59d54ea6a0a52f0ec1 |
| SHA256 | eb812c29017faef6b1df51656cd612e6cbc73dace943ce3ec45286c1bdf008f6 |
| SHA512 | 13121bd7f6387bd9d19d29b8bf7600b04f48b7950cc43f115cbce6db6aea174c8c13aa7a82275cd902d23aa075c7bf405c12874d38d914d64a170c71d39bbb4e |
C:\Users\Admin\AppData\Local\Temp\WUcskgkc.bat
| MD5 | 6626a32f83c7f8c3747d3d261c6a8352 |
| SHA1 | cc70f76e25f8d7b9974e206a5aa80c734556f35a |
| SHA256 | f925914b598879c56819983b7e70ed4804a97ae7dc5d073e6dcf94829eab388f |
| SHA512 | 69910dc684e2320405a4bd78c5b5c50518f8116805546e167c25a96c017e88acc4d63fb857bcd93330be71f2b7bb3c9b46d4b20d39052a3da4713aea81a21535 |
C:\Users\Admin\AppData\Local\Temp\QMQe.exe
| MD5 | ac4090889ee40b9de90e05f107aa68d3 |
| SHA1 | ef51629ab9d576fdbab6fe560402baece220728e |
| SHA256 | e7e0555b5eb8ad61133f8874110e2ae885d071b8485a5d64254fb18c4ae12723 |
| SHA512 | 8fe5df56c5ca15507d3fa12ab8615f7b20889bf2ad367ad29395260bfea6b475a3e404eb0c07a2ab0046abf2eab131b672f478d1854febca063483d50ef36fad |
C:\Users\Admin\AppData\Local\Temp\iYUY.exe
| MD5 | 981aa5eeab511c581ff85c1902ae5fe5 |
| SHA1 | 4f8f9354f489c9e5b11c65fc8929ee8767025d9f |
| SHA256 | 366ab3dbff1508254f1ef09ba4116ec66f17bda8840bb883204f749efb65b9b9 |
| SHA512 | fc92125c391381f8d280e43b6d272278aff9c44b51afb63df1867e156d6b705b185d09b8e9feb17ca3ff49ecec2130408d8ddf505c7694555ec3f947426091f3 |
C:\Users\Admin\AppData\Local\Temp\cQUW.exe
| MD5 | 7a1828c15ca318417acf5b91fe8a1b34 |
| SHA1 | b16f20264851c66fd4cea677b7a3af3de8fb0c44 |
| SHA256 | 06bb707b4660aabac2ec21b2401605e5dfe58110cd54b7d395db332aa2d5d7be |
| SHA512 | a7891b15b67f9ae217a888debde9475e97b7f34cbabc2c4a5d9c5cd95c4680fc9267f83ec9f0b326135e0a137e5b3a1a19c571c0fcbc50be57d4200bed27ef75 |
C:\Users\Admin\AppData\Local\Temp\kMQUokgA.bat
| MD5 | ced29d13a4ab0bbcdad3c908e61abcb9 |
| SHA1 | 7522349e800cd36fc77bbd03541aaceabc1f078e |
| SHA256 | e839d5c9247fddaf871984054e965cdd09da35ca034bb8bf7aeda062e5721a80 |
| SHA512 | 123f714944af82230d1a266bc89b3ac9d1eb97537da10243efdfbe427f1c39033080a5eeb1d86c2b1683d4230f4af3b543379dd843f42cef382706031228f8b6 |
C:\Users\Admin\AppData\Local\Temp\kwgw.exe
| MD5 | a7865573cb15d6429a6d7f0ad500803a |
| SHA1 | a91e56dbb802b71ffd167f8709faff187e29be06 |
| SHA256 | ff3e8f2b45851279f71227c19a78dbffcac6937f84b5683f4f0484e9424171a6 |
| SHA512 | 4f7d8445b930477ca7ff01733e6e7a90984cf16b6eda49aa5b82dbc3d83b9721cd4e1db6b8681bac5ff3cb49160c5df2749e746ec36b91c1e131f34563a711dd |
C:\Users\Admin\AppData\Local\Temp\aQIw.exe
| MD5 | 322c0e0bdf84737e1614896674f696e8 |
| SHA1 | d99286c6ab4bd20150bb447a682b469b6d7c92ff |
| SHA256 | 2014697f0ba1326913e47f62c826400d1d70ebae5a98fbe9726893e12a53988f |
| SHA512 | 9244808a2a77ee3a090725e943056af73db336eddf1d5e8e19055df993173a8f21d8329a44072175123f697627adf95016711f00aa3de53165b04b433a5f7d17 |
C:\Users\Admin\AppData\Local\Temp\qsEE.exe
| MD5 | 6a005091e45135ba949534f1fd51c122 |
| SHA1 | 9c36d5df0acdda1dbd8463658e6b53886f472fcf |
| SHA256 | 557819ff27204fc22401664be6dfa1291cc6e0a6e12b03cf62bfcb14c35ad88e |
| SHA512 | 75631e75e980ae354cdd65bb64a4a977123db07e6c9ed66f2a89ea49c57cf16b51a864c67f4df74a0fffbba505ac2340483b9ac75dc6725bf1f7a33e0ca59084 |
C:\Users\Admin\AppData\Local\Temp\wOIkcMoo.bat
| MD5 | eaed0a04dd47a3ee259855cf1004fd74 |
| SHA1 | 98baae385c47582c63ca008d6a81dc24a71a272e |
| SHA256 | 790e04a61d88cd04c644666d3a09f6bcf10fdcd6b42f1e5477e2888bc8d10138 |
| SHA512 | d7c9d31a323119494eec39135ce40d58ffcdb66f522a80e68a6c8577595931011cb5f03900ecea27f5555c46c16bdb234d35918a57991b7098adc13122ce89fa |
C:\Users\Admin\AppData\Local\Temp\QscM.exe
| MD5 | 392d3a4f8df87532e40a038974ab9242 |
| SHA1 | 23505229210848c54aca01b414403652a2824824 |
| SHA256 | 82e6109d566713418e4db3fad31af0ac18c312cf26bf1e2b8e955ca56c314d72 |
| SHA512 | 52d9fa852e378fa1ee3d5a5e9f20c174c7019f8939e0e35a24608331161033fd287d755bdd5fc915a428af00e938c48048363af9211332ae8d40cf335344c9d2 |
C:\Users\Admin\AppData\Local\Temp\KksO.exe
| MD5 | 4987b08f59f468070c429628307796d5 |
| SHA1 | 4d2e5c6cc71a07507cb22912b9e1e72c78dddada |
| SHA256 | 416cdd4200d5ecefcd191cded3e1ad15726e9555766ec8529b946f082889bee2 |
| SHA512 | 7a3cb9696d52a1a148201251102bfef744ecbf0728ccc6a2328e608c629a289df483773507ded3ec1b69553730cf7a70615fd5acf88769db3e55b189b18bcc4e |
C:\Users\Admin\AppData\Local\Temp\CwIe.exe
| MD5 | 37dedad343355b7ffd5e25f3a32d83bd |
| SHA1 | d79d045cafe435193317ca2233d09f02025c7e09 |
| SHA256 | bb981f1b9bd8d0afacf75e5aa95fb65df40ec88818f72977f4cbdcb525f78c4f |
| SHA512 | dcb6215619b290d7e6bd62dc0b2a86d0026a9805ac3707f58bff0b72d189b7a9a6cdc57c37e0cd6332b73b17738dbe5c724731fee261fc12f6d50b59f072e74d |
C:\Users\Admin\AppData\Local\Temp\LwYwEAMU.bat
| MD5 | 139596c9e9792d65419af495ffacb10d |
| SHA1 | 9aade3a3faeb912566f58dffcfa39aafe38a3494 |
| SHA256 | 7afc79f76c4f8e899985ea40dd1475a0b0b5f419303112bd9e6c1d3e8cc8e846 |
| SHA512 | 7f35cb16a1c8cff88591ba84c84dc66b987fdc52e550299d18e40155acae91a1afbb20bdd5c3b0b50ff0e57d16482b0cfe1a64829dd9a7d8b362fe54a021fcc0 |
C:\Users\Admin\AppData\Local\Temp\wMAW.exe
| MD5 | 38bf2a0f3acf2dfa2a393cab59179101 |
| SHA1 | 462a44f9602ceea6afc2ea8cce6518b3b8c4da7b |
| SHA256 | c4a13b5f8272fcdb632a70b1aff10dd53a964217092cb8071b82022e5fd58c18 |
| SHA512 | 26755c864a840606b57a70374489524e6a341fb0f8fea17e1916b79db06799def305c32c89b48cfa42d1a1b59fc796b563855d4098b666e80fc664562722d0e3 |
C:\Users\Admin\AppData\Local\Temp\CscW.exe
| MD5 | 23ff28ca06857b82223e9ab0f25fc2f1 |
| SHA1 | d88f27977ac5b92006899b0c20cc5096e99777a9 |
| SHA256 | 77840db677e3496cf7304337122d85749486006518533309626abb2e808b31ce |
| SHA512 | 90c23a5c4e6abf487b7967647375c167fa96f430b19ff0d78a58d01c9885f18eb3c89ebaafaf487dc725efcd1011f42dd9a38b7a3dcf90409446835c31b93ec1 |
C:\Users\Admin\AppData\Local\Temp\MwEw.exe
| MD5 | 940f2e6f93bbea66d5ffb300dd28eacb |
| SHA1 | f57b59b61327830045c7e46fd35ac3f89ff6eeb7 |
| SHA256 | 16684a66abf46bc886c88cb4ecd312fe25d8e5c6c7cd8139830e3491288b5561 |
| SHA512 | 528dc14b4dc9912b6c341250a9bea545e19d28c78c4cb654a4283063ec879dd141e562166cd62dc9dad0fdd0bdb1aea7d6287d93d0dd85259500b15342466f99 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 818c552a39e35f2e0911077058f1d4c4 |
| SHA1 | 9402e82fb644f370f576e590c8d7334ad17d5160 |
| SHA256 | 9e31344ca66ec4c3c270b8038d27da11caaa07c95201319a67c2c657c11397ca |
| SHA512 | 7d5b9d0b01aaff9c31085d8b2c629091ce1a39bfb93e51dffb65f483ba7dea54d36a28927f39b2924db272d9c33411eb7fed1997bfdb1bb93448b5a6ffc9ea02 |
C:\Users\Admin\AppData\Local\Temp\XaQoIQgQ.bat
| MD5 | 3af3872d74ce81c7dc8604d5c155881a |
| SHA1 | 5906169ad6f604bb333e917d54b6de75a2ef52d0 |
| SHA256 | 5df92f305ea69fa51682cb80f249962029c1c46d4c6d7c060d4f5ca18c1e6f2b |
| SHA512 | f43755a5b45891d229b0cc22df232fc7ee7b10d7b8e9445d294b8ba8a02dfcc30f00f79900b6ab47522e36e395a292b025a6b2af9b52c23c4edf5210a5cea2f2 |
C:\Users\Admin\AppData\Local\Temp\AkQw.exe
| MD5 | b415a261e98cb3f965c7b25795c7946b |
| SHA1 | 9c52a03b3f80f3d0d15224f5f7531d33fbe7a592 |
| SHA256 | 201ce94b0508770a2b270742920c8c3ded626950f5e857fab54d18c6b7953ed1 |
| SHA512 | 58ccf66b2224ab631c579f5610eb019f22c013e8b16657b95b8f624f6906e010d58265c0be0dd329702ac3f971b510fa4a59c43633fa1da6332c72dae69c7efd |
C:\Users\Admin\AppData\Local\Temp\Igkk.exe
| MD5 | d873103b5d0ffd85391ba9b14c4e3c23 |
| SHA1 | 2e532134896714cfb7bf47b7446747019afb29fd |
| SHA256 | eb22fde8f354ca0c0f3874e3d18e626c90a1902d2e513e93c1908fe1ca647c92 |
| SHA512 | 508a0750d983d388b02c923814a954767f62dfc8c3fcb8800a4da903280d93003c88c12016dbfac6c37e7c6dae4a0da1bcb28538b129a4ae73f5fc790752a25c |
C:\Users\Admin\AppData\Local\Temp\OgQy.exe
| MD5 | 504082d3614816c314dce45c46025d7c |
| SHA1 | 73fec6f26383ea090e9468ca5f273a0356a63137 |
| SHA256 | d1ceab7293473dd63dfaa4b603d757c1a394fc47b1f5375f1e78f948905ffa0d |
| SHA512 | d1dfd4a5ca638f937d47e6c3bfc11079b8ae4ec6c04351809d8c0dfb2e07096b1a2895c456ca356093e469c54b2b5977f6f19a2e7a4c7b2528b13a6eb76dfe1a |
C:\Users\Admin\AppData\Local\Temp\Mkwu.exe
| MD5 | 8b4c9a4a111ebb85f22a515f4a3088f6 |
| SHA1 | 69256ca85d0a95f2febd3f47088d59f83ae1e6f4 |
| SHA256 | 00ca3291f1f7f267bf61b73fa017a2887e0876a58ae4491e23002f7b94dc2590 |
| SHA512 | 15765dd46df1c98ec8ce3b18458cbc5d9c9525c517418818dc66b4b3f11691ce9aa6616a878761f782bcf52e9f69fb5576ba3d13c3a88740b9dbf42f252c2806 |
C:\Users\Admin\AppData\Local\Temp\TuQcwQEM.bat
| MD5 | 0c535fdb2776d66a697743bff3f458f1 |
| SHA1 | e3cf6782471e59ad76d9937b3ad4b43ea2a64079 |
| SHA256 | 1f0b5d1e32464928ad5cf30c4f5e694f12ffa562de38fa7615b34f59763ed612 |
| SHA512 | 9d54ec2b3786c39bcfea0728808149cafbdc65fd79e5817a677f1f9e6f88020f3c8277bd313b16bb965ff086be962a355c68e69b662a49b5ded336430984aef9 |
C:\Users\Admin\AppData\Local\Temp\igIc.exe
| MD5 | 7cc259569f73066e8716a2f26b1cd412 |
| SHA1 | 522c96801c09ca29290dc4114b64ffa9ae814577 |
| SHA256 | 0349e11dd4d7d272d1d9840246fee7471f58f1bac769e70ed8ca42991efb5cf3 |
| SHA512 | 5f845ac4e2b4d3701caac85623c58a3299c3daeb7c8692457305f180d305f09c066b8fc3d99f5656a7457210e703dc004e8ae317d514d5fdb9a26f9b3c2ea17a |
C:\Users\Admin\AppData\Local\Temp\oIge.exe
| MD5 | 586339487d118a4048f3d5441b4a1099 |
| SHA1 | 0516b8ffb5e5955b8b9eb07521243100f0d1c660 |
| SHA256 | 7e3116016697ea05cd5f35a1828607191c761d0a9162d37dd8f20618781ad5ca |
| SHA512 | 53797d1cd444f33d567130f8a5f7e60465dbc7d332e1da2599c8cb54a111b86606a69153621103044267a482eb89dc53ad1db5b53b62df746ea2b4fa640379f9 |
C:\Users\Admin\AppData\Local\Temp\AoUS.exe
| MD5 | 9742e53999060659b75e18338b0579a6 |
| SHA1 | 9f0e6f9f417546796ec27fd818a2bc2d784a1b13 |
| SHA256 | cee3d3bae71c7d574feec241493252a2de871462598064341fae6aa9fbcbd57b |
| SHA512 | 9942f167c0c17b72d391e7980c736059f1996b5e909940c57d0e9540e9fc2caf91ecf493999308e9e290d546bc101199ea3ae17f1d25588d080847e4a95f1cee |
C:\Users\Admin\AppData\Local\Temp\DUUQwAMI.bat
| MD5 | 620266927498a76c12e33c1bf135b354 |
| SHA1 | e8c4a0101c4109a3af734941ca2cdc29fcec3cf4 |
| SHA256 | f63d0b13869363b0dcf27f103d36bd78f28ccadcaa4ab7300ed59df2a6489087 |
| SHA512 | ae0505db7f2f529cb70e321ca7803318e6ea328f1864f7b53a8e3d048643a30806d451e75de3d7fcd0375bc04919487a54e3ac347b0e32b62e3ebffa2d60d3dc |
C:\Users\Admin\AppData\Local\Temp\sUss.exe
| MD5 | eb5dadaa22098bfe1a006817d1577d45 |
| SHA1 | 4b29c037f0d57d70c1752b2e2bd711d43f4a4777 |
| SHA256 | 8fa3f5d629f8b45459623d62fc449eb661815a4cc2d49d132659b8cbe7873003 |
| SHA512 | 65e309e46b73d08c25fdb43d76c2acd89b78766cd78ce67f543825efee68a7e57fd5e144f28f617f397da23b17bfcae408edd60349c46f06010b7164c7f288f6 |
C:\Users\Admin\AppData\Local\Temp\MMQA.exe
| MD5 | aa153077af1c0f5504499e82421fbdbb |
| SHA1 | 7b44aa0220c0ed1afbf80581b8301b1ea2c95aeb |
| SHA256 | e925e516b622fddf01fa7eefec9e0e234e6c1b86a52695b1e8b85c3172f05e97 |
| SHA512 | ba740d492f3a1b40ec8429fe74dfb20d79b2b008ef7ed92e34e88e0b673d5a861420ad33050dcf155749a62d000732247a27a0535a0420f0795a0baf384c1c4e |
C:\Users\Admin\AppData\Local\Temp\IGkUcAgw.bat
| MD5 | df743011fce4f3125e6e8f9883bfd66f |
| SHA1 | 0d9043792e5c88ee71c5c58309ec6071d48ac164 |
| SHA256 | 2d0857c6c2aaf7989727035eea039c9f54501157267dfb01199a7514b3393897 |
| SHA512 | 5089d87b3197f635a6d32539d32a664d681fe5216cb3254beade5258fbebd509c02f89fd85c9bf4eb25c9028864a6becc9d6caf5ed448d9da56a78f19690bff4 |
C:\Users\Admin\AppData\Local\Temp\ogci.exe
| MD5 | c8c0e373c07a630035f12c2fb3d51765 |
| SHA1 | c0dc91990039ee0d33f578fa11709e4832d02dd8 |
| SHA256 | c093ca433a696c63136972d95512c1a3d3d4c5a41717c0b18368bd5786448c82 |
| SHA512 | d4f40e637b78c88b7467ede7048dd655cc4529ab0f80895fe43acc9e62974938405fb7b0bf3040df3bb21ef0fc2241db9dc89718c862cc37e2f6beb3d6ef7e20 |
C:\Users\Admin\AppData\Local\Temp\yUsA.exe
| MD5 | e23bf38807f9cc29a00f33bb16c7cb7d |
| SHA1 | ca9b91afb2f2ea70296deb44d2c90a24d759e22b |
| SHA256 | 0636584db8193882e030cbac8db053858882859b851b0e990224d6b6f0f2230f |
| SHA512 | 99765f48003e4fc24baea3cb507acf2c9f23439a4ba19f671e81832db2bc4a207907438e82e07053b73d2e8ba3bd300ff3a20ab1330a2a3b0a1d2306c7cde906 |
C:\Users\Admin\AppData\Local\Temp\OskI.exe
| MD5 | 7728bcad0fc26c9257a80367fbc19147 |
| SHA1 | ca7c85bcf66133d5971475a7af6b37abdc4ef890 |
| SHA256 | 2cd280626a437472307cec64bceda958b4df81bbe462d9fab48370a4a695c3eb |
| SHA512 | 8f7fd1bc5b17a8c83e78965405c6f5f02d925c06376c90ce219e543469d67d52b9af9d659486ae33618f98376eac9965245f2fcc8107d7eb47f7dbe28f4efcac |
C:\Users\Admin\AppData\Local\Temp\IgQs.exe
| MD5 | 4e0b4393b29cc8f9305a31d174f2b475 |
| SHA1 | 088e4a5ecb2a2f6473fd85a7db745b49b35629f3 |
| SHA256 | ae62145f3968e9f435928ea7218c2b539f0b845b4a4a715583c0eb4b0fc21182 |
| SHA512 | 4800a28d3d8f4529e30cc1fc6d252e0018211657387db88e45e8c2e40291a83ab8283340cfc91e0edae0c1c184ba3bef355a92652d487525dcdb113dc3fa6dd5 |
C:\Users\Admin\AppData\Local\Temp\AWoIgYYY.bat
| MD5 | c3481085a3e2f08a60d017b96b779305 |
| SHA1 | 36514bee19eb875404286aa534a377ff61659a59 |
| SHA256 | d35be41a343a919e2666a86104ada03dc4f99439a6996a3f6d85a27e9ba8bc01 |
| SHA512 | 240e887514a49ccc10ed2669d4eff4436087fbe27b8a2b8f1531a4728e346ed7683632d7456f21aa31c850ca724cdd4ef1994778e0d9a6449e8d9c1aa1c3ddaf |
C:\Users\Admin\AppData\Local\Temp\SIYu.exe
| MD5 | 90a75ce6ed09c9359e23eabdd3182126 |
| SHA1 | 1baa207514cbf4fae5dd37406bf8535c0362c6fc |
| SHA256 | 6922142d96c668bd269d7eeacef68ca82609ab6d26a7a7de366bc6d65a2cd99b |
| SHA512 | f9d80c66b9d788edbcbe22f1981629b2cfab904d816be3aa89b12bd436220e467615387b7fe1dae7be5c288ef08b385a9509fd7c11c3be576372312c067faa8e |
C:\Users\Admin\AppData\Local\Temp\OAAY.exe
| MD5 | 6dd40eb0ba447a66f37cf0a260ff9f3d |
| SHA1 | fcbf84eb5a444ad9f209ab59e12148d40ec4e5de |
| SHA256 | c1e8d01584b4d5fb137baedfb5815490aa2a444c98742ca8371f84f18994b0fc |
| SHA512 | 2c0a546ca2ef93814492320df5e64b2aa865e2f2678f18b6656756d60cc1779f54916045c86d9ed1c77c2d11e697dfcec719349561af7228eebf90547804a59c |
C:\Users\Admin\AppData\Local\Temp\sIYC.exe
| MD5 | 7d7a9db5b9635a0ce1f1f7a83060dd40 |
| SHA1 | 55ce16ae177bcffa168168e34c5ff94fd7373428 |
| SHA256 | ecae200783d3e5200cc8dd5ab29dbdb3cc4ed385d3e9bffe9496fb12388d5dfa |
| SHA512 | 6a2aed2bfb7e487d36d72c0257ab7ed62633dbf17c5b4ff5ae5e016c105aff83b2f57651a92eda1f99e6dd6b42f8ee4bf9b8f6d4973fda7d544c466349928318 |
C:\Users\Admin\AppData\Local\Temp\AUse.exe
| MD5 | df22a31e69d989f4937c354913c34dde |
| SHA1 | 5fa4e685a01ab39286dd3165ca191b254008a4d0 |
| SHA256 | 47b33c1ac961c7a3fddb51604dbfec0fa195af236599ad9fe5dcf2a55315bca2 |
| SHA512 | e77d16bfb431526eae7e2fea2da003d5c073cfc199c45b2a67a530b0c89cb3b47a516ff3edb426b7d4ba955e40d011b26c795996e8aee2292d5b4c72b3b80721 |
C:\Users\Admin\AppData\Local\Temp\KoYUMAQo.bat
| MD5 | 87b607c1c8d23a7bf7e58b02f9ebbd70 |
| SHA1 | ebb666539797dceb329f4cfa388129fbc27ef0de |
| SHA256 | 6a041dec63fd3a541d28f8e63a12b15add9349c48711fc8840f48f4a22422b3c |
| SHA512 | f77a39ab9349a4ec89907a0601a2a26910b15841a98ff102cbb248a9786e19ef36c453e24b6a467695b115732c5bc4816a74e50dd11d50a4e84f97f4c3b0b41a |
C:\Users\Admin\AppData\Local\Temp\SEIW.exe
| MD5 | 3ca6a22e1502fb746ed38a87495f92be |
| SHA1 | 6f78e27033b3c2518ef33ddb5dccd059c788ce94 |
| SHA256 | ed097a8245586290ac780293c7b88b0192a9be49e5f92c3baca66a9a777ff2be |
| SHA512 | 1f00392b5f0a0b134ec5fa51c5ef427ec09d5e5848ca8e0b8f9ab154ec5e39231e2a8dcc256301c3a1f527215f0def0f96b63b222132363b4e1f75e32bda0ff5 |
C:\Users\Admin\AppData\Local\Temp\GkMm.exe
| MD5 | 94eac71116358a869fdc418d4e4853fc |
| SHA1 | 696df6349b0d74b113e42cbc498c2731f294a81e |
| SHA256 | f8ef5b4b7ee7d65d2b3a89efd331e963d047cebd2729bf808d0195077c1f166e |
| SHA512 | 7c280e44057a779d14c838490f854d4134fead524128de0e935b4e6fdfc9daad22c728d0203738161678efb608f819cfa8db6781b26ea86b34f82672f54bdf2c |
C:\Users\Admin\AppData\Local\Temp\SooI.exe
| MD5 | 5ce60a2405efbed5e804813e197f08ce |
| SHA1 | 0da95607612c593ba9f4cad6bbc4a438532cb7f4 |
| SHA256 | ec91b472733bf78ecb4b121959898342e430d254e732176234406c469dd45226 |
| SHA512 | 1c7e85c8df54d0fb60515926c8e572424410eff7bda4793376ec1798c745df693953c1913444c71375697b61bd3e4611b3d2cca6e9cb516e5fb0b986435343eb |
C:\Users\Admin\AppData\Local\Temp\wUcsMkwI.bat
| MD5 | be151be56cc403d67420b9bb7afcec98 |
| SHA1 | 2055d2dad8bc45588291f2ff23f48ee1afd52321 |
| SHA256 | 29eccf2b0d3c67d6f096d88fd0df2ec5d4e511ce392f049b2f764cfebca395bf |
| SHA512 | 7b8432e5f847ceb24002701be0fdc2ea83f973cf52f87a5e770daec28e11c580b715ed254670912003f2cdf6d854f46703f52f7e619c78c79f3357ed49e9ec44 |
C:\Users\Admin\AppData\Local\Temp\WYwG.exe
| MD5 | ab1637a275acc85736d525ef8c6306a4 |
| SHA1 | f6f32904c756a5ee71f612e85e37b29be6197041 |
| SHA256 | 1dbbce42b692694c616a8e55a4e0fb49190ead448898f079045eb4d6d35e3c02 |
| SHA512 | 31343b2331c535d09b48e3897bf386a148ce200a198c6a4927e4a16797afc9b7dd11b9e855a5ad4e196b4585b3e3c7809399851e689844f94815c8ff7cd1e1b3 |
C:\Users\Admin\AppData\Local\Temp\WQkK.exe
| MD5 | 909e81e1197e26f12d8806bfebd42e4e |
| SHA1 | c6dcbebad6ffe4961e2c19169214b45f5a226dc7 |
| SHA256 | 20a8cd4408e1f567fda96356ecf0558b2d69db62d13e2abbc147279f2e893472 |
| SHA512 | 3c94c14572444fb61233a8aca9e099eb590f88a25eac360e4a9d6c75eef83bde749a60c881374b5529a842e092f6f105983f0255dad48fff44530c618f703596 |
C:\Users\Admin\AppData\Local\Temp\swUi.exe
| MD5 | 5f733fd84c75f4612a34546c8b38ec2f |
| SHA1 | cb1ae6f53bd162a8122e6409e0691d4727d305bb |
| SHA256 | f0c4e8d561f75049095d8d33f6b12b9e993d0212ff910172f7690c0bcc4c6a81 |
| SHA512 | e83aadad7cc909b57ce0cfb3ed6e609493f3bf977955b00e635da03697d52e089dc4e1add40d53334fdf5597ce48fd6c782c64d5d6e9813ebbed801bdc2e00dc |
C:\Users\Admin\AppData\Local\Temp\wEAs.exe
| MD5 | a30ccc68f9e14e468746a5494708c6a3 |
| SHA1 | 9b822537ea7e03fe05e7ce5ddd1044ea1fd17390 |
| SHA256 | 201565ea7993d8393c8aac2614c91d3b41c1785da79334bf6783b244b6d43db6 |
| SHA512 | 7bb541ce74e7fd64d89776a207fce6109ed72e9d5fc8c2b8f3ef7fbb4411a60ff52be2ebf353e0a5d0ce1cbfda3bc858f60c5ba5b1006b7294947a3637de01d9 |
C:\Users\Admin\AppData\Local\Temp\ROUcQUEc.bat
| MD5 | 7c304e8dae2af1ff4e7c137ab7104411 |
| SHA1 | 549226baf3618e65fe4b72109b8f7d31b659f456 |
| SHA256 | d03cb09b93727f36a272427eaa51664203b961d6a317dc67fd8830876057a460 |
| SHA512 | 70238cfaff0b1fe538aa75df5e4b94102840f4a1b2edaefdd15359098ebe686bf463d925089b16f6c4e5f5e1093f0242e057207375e0e84bbdead316e7a69b2e |
C:\Users\Admin\AppData\Local\Temp\nwIogccM.bat
| MD5 | fc2b0fce3d8ffb1b7941c879eb97da21 |
| SHA1 | 8ffbd805a805cd89259598b5aec597c19459bcd6 |
| SHA256 | b1a23d815400067446501b1780c3c3a4d6ad23a6594598c85615ef2fd04a90b3 |
| SHA512 | d08d5345f04269160cc15ff483c340126a4751129cba4e87b1e1880c0857e397687905a7049c4f54cae9026cd1d30ff32af0d14c0760ec1bde68bc14a049a07a |
C:\Users\Admin\AppData\Local\Temp\Kowu.exe
| MD5 | 9844426a3f30f7e328686f243a6e8780 |
| SHA1 | 802ef60a487eb9c3fa55ef65b7212494a8974fba |
| SHA256 | aff6e3558f6f7ce598e7f5cd03c24d52f7e1f5cdef16f739f23f9d69d683edb4 |
| SHA512 | c7e1e567dc5f9e6e22b4338103c43d4e5d9615644b473a030cc2796bd033276115ece137ae2b54888f5bb06267f2022b5dc6925cca491c2846491b5a90951142 |
C:\Users\Admin\AppData\Local\Temp\hawYQgIs.bat
| MD5 | 8684b8a1893f6439fed752f7611ae458 |
| SHA1 | 06bb74ca71a637d4e0a931e63a09eb03f5a71c41 |
| SHA256 | d50d9a327d86a27583fb68fd8474a16c8216371ada4314758cd927281c793f7a |
| SHA512 | 5ec2c3c50c9ec1544d361ff7967458bb0ebc50fe0d11ac0909687bed9853d47a896bd30360c85fabeaca4e399b1b7b90b5aafe7a3cd0733fdcb26f9077d4c799 |
C:\Users\Admin\AppData\Local\Temp\qAkO.exe
| MD5 | 970205bda724890b89c82a5ef31efd81 |
| SHA1 | c9bdabb21e0639f8affa7b81e99cf177b5efdc3d |
| SHA256 | ce6ee744d3e0efc046038a3b2f5dbdc8c78989334d5585ba0faacc1367757a93 |
| SHA512 | b954945089a4dbec9e8f12c809fd4cccc390d31aac3416e6a81de939280bcb61d9d1df1f6b1770ce4d2d3494d18768f0198dcaa00f3c34d9f4f6b98751ed5f6b |
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.exe
| MD5 | d4c5bf89b6c1f2ab0ec84491d431057a |
| SHA1 | 168222500d57c9962c24e2ff09ab159463199fce |
| SHA256 | 3798b7cd0908106eb779b24e9cfbb1d5ae9efaa07d29a08b22645fa52bece4f9 |
| SHA512 | 115f6b33fd90b066ec85129f0636db52038d61ad446d53655e2fa78142bbb86a4c2d683e8032696ad6ce353899a4d0dfb85c5de35da0fb1b62c92f5de1a7206b |
C:\Users\Admin\AppData\Local\Temp\cQgE.exe
| MD5 | 9cc79db92b9f29933ec8adecd1661dd5 |
| SHA1 | b978019303ba78d88091baa0a671b4f3276cf930 |
| SHA256 | 872fd13a1609ad71e07cd855f88d90659eeb5892b5975993e3fa0d032a4359a4 |
| SHA512 | ea10e5f27e9591b1acd60e554eae1dfcc05c3327c18cd715362194a7484fdcd1b7186758c944c7c045c0b7e34d287052649334f35c041b1a7ddd8c2845fd0dbb |
C:\Users\Admin\AppData\Local\Temp\aYcM.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\VooEcggc.bat
| MD5 | a6f196c6680061b8e1a94dcf2d94257c |
| SHA1 | 7c3714a84e1205ff4811de2aaf463b01b7ca7070 |
| SHA256 | f5468dd33e177fe05cf3f3519d937af33fe798b4bb4b22eecc1ce359e54a601a |
| SHA512 | 0205239425b0875f19bde8d3d8fd0659b65b29bfd5ff2923140d60b64299fe618c5275ccc01436a292fef337b0ca1ae4600e0abde97810e633be68197a5b80d4 |
C:\Users\Admin\AppData\Local\Temp\aEgw.exe
| MD5 | f6b30784e3bea859e606c257ce6f0ae6 |
| SHA1 | c1bf2b8a81bbaf18c6a620c448a9e3315b8d9b72 |
| SHA256 | e154abb05a371b609181dfe1309febceb739a22f717d5d7a5d6b2e88ff958e34 |
| SHA512 | b6049f1e2e83a739ae005f66cae46827f5ba3b00de97028ed4ff9dd179aa47e84f33eaaa8aeabe2a3ab2e2882715ca4591ae22a54e2a298f5a31a922676666e2 |
C:\Users\Admin\AppData\Local\Temp\icki.exe
| MD5 | 933e022a1c5da1503e3fcd88ba14f1d5 |
| SHA1 | 67715c38b79fab5762cd918869229ac7fd1837ee |
| SHA256 | 5d2aee919a96bf056edb0099c886ab1ee658d60fc4980c4d3e7ca45c8f138ec0 |
| SHA512 | d90ea2208771d26db453f27b13a0358660e62203ef4bafe56d3e97181d9dc7b6d9c6778ea64f3f8ecc4288930041d63219b555bdc2cdbd10cf9405425e1dcea6 |
C:\Users\Admin\AppData\Local\Temp\AwMu.exe
| MD5 | 1a3bdde616f408444656964754e97011 |
| SHA1 | 460ed61ce01df4cd8e48544f2118f60e4325c89f |
| SHA256 | 152362adac17deda8cafc3ed41dde499726fbec0ce7d827a90c7072528f1b380 |
| SHA512 | ceb43310e9564448d32a8d42721e70a15f13bad2de8c32aebdb014b3be42a6077a182686ed132c66643394cc6b95edd15102849aeacebc7833c9cc63fc0c99b1 |
C:\Users\Admin\AppData\Local\Temp\PioMcAcY.bat
| MD5 | 40c2af6c73d1dfb2ada6fc9ff3bb7d90 |
| SHA1 | e8408c512305f8d5d20184304dede0f750cf3986 |
| SHA256 | efa62e3077e019cd8c324bb12ef1767a1a48e9b31b4225d5a491ec2e0a1eea78 |
| SHA512 | 2a299b2f096ccd4a5462c059a8a2a85b94c0d62a52964d650d91aa82f56e42da2550b826f74e6754357b39e2783626e2d21972a82dca8b4375298b586c29167e |
C:\Users\Admin\AppData\Local\Temp\CyEUskEk.bat
| MD5 | 8ed3f1af49b5738d8d7cd64a0c65df45 |
| SHA1 | 2092dc85d33acff3f70fe41c5fcaae2bfacbfd5f |
| SHA256 | cfc85a4f41e1c2dbaa10eded0ecc8912b3c3e290301ba3015cabadc42a6a8e18 |
| SHA512 | 453492144853b5bb64c4ffd1c3c45812c0a651c4f673f8447dde029c11b8199c835569d1d36ff3206cc79ca5914b4a0ffc5368a9879de70eba9c90d0684ce026 |
C:\Users\Admin\AppData\Local\Temp\kAwW.exe
| MD5 | 699f7a19d49a345cbedd0d7dd31b956c |
| SHA1 | c59c400a6c8f1829ce89074a8e3dcbcf98bb952b |
| SHA256 | 033a515698e129951e2721bf4da8b3c5e0a701744d3f45b7dbd643b533d473d1 |
| SHA512 | 709ff5b9cdf6cf6ec12ba33956bb820b47bae4243a4bb136b64573c7532bf62fc5290a35321903c7b23e3a6489c6f679edf62d903d96988abd832b29862afd03 |
C:\Users\Admin\AppData\Local\Temp\GUwE.exe
| MD5 | 1304dcbcbc5ec90750bece438f90a33d |
| SHA1 | 788fe0092f27b89fdfd1f9ce115c8e10f199f794 |
| SHA256 | d53c082eff9ca7e061f5366c043e947a669a21d156e7c22c9b3fd8700551c3c6 |
| SHA512 | 137ee728d9c4944261a900281cd1e94149c098fe6e8c53427e3b75d6bc24cf35fda6d353025dd1c9fef78bde104865532256f3a8f12e3b23728c0d4cb0c48a3a |
C:\Users\Admin\AppData\Local\Temp\eEYw.exe
| MD5 | fff96533924c0a573d14ab300597ab6d |
| SHA1 | 948adff9899b34c6cdb55964d9646a1eb6040326 |
| SHA256 | 979f420264ef373a8872f58888636289c37671f1abe96dcd3a5be67f0d1eaabe |
| SHA512 | 6f1bbfa4cb365d6bc95d69ae0a996baf5354738f5ab8a91926395d73be1549b2e1eb4cdd2ad3d2d749a252135d049e352e46cb5dfec67064148cb14fbdec64d2 |
C:\Users\Admin\AppData\Local\Temp\wUsK.exe
| MD5 | 94df24efed812125320e50651734dc66 |
| SHA1 | d824b5b1f636d24784830c20b1268d4b999b37d8 |
| SHA256 | 0b670163f36b7fcf80d3ce077d2314e132d3f6024087ac571a5a269fef55ccf1 |
| SHA512 | 465c98899775687023dcf8bc4f84afa87861071a42808334b4720e97ba2fa4cd474bcd295b13e033ac111c86a7148160e3067e3fec7b17529821a6317d413d62 |
C:\Users\Admin\AppData\Local\Temp\iaUIEUAs.bat
| MD5 | 47633c3d8b47fa7186927279def879d8 |
| SHA1 | 078f1c07da32eb269e3f6a7b576ec8981935ec78 |
| SHA256 | 536a5fcfcc43ab05f82b013ea6711f62037cd3c78c6197f29f0561df992b8966 |
| SHA512 | 7a34c9648a4a8e77c4d355c0e9173a9c2bae73ce9a602578f65eb88b254b661573ba7b4fba20d3fadac29d081d1e2b6d5df399d18efc353879ac77e5c81053f7 |
C:\Users\Admin\AppData\Local\Temp\QggEAgsQ.bat
| MD5 | 870845ba1db4be513114c06e5d736b21 |
| SHA1 | be67ec03d234f0a33122b7be0acbe8a57c938ddc |
| SHA256 | 49f4088aa7740b6ee117e0848b9e2e79b81bf6953427f0c2d5c51903d9e2c386 |
| SHA512 | f53f0d95f0c5bd0f0fb0acb16f35967fddef8fa89733760f05ef0fc81ea85f39b0719ba392ef9b17d74599dd9cb96fd9459f801f0c9a552c6014226cc136a1db |
C:\Users\Admin\AppData\Local\Temp\GcUEIQkY.bat
| MD5 | 4c825355f40fb22251360773ece8e8a0 |
| SHA1 | d6c33fdb714a0048af451fbcf85ce74c2dc86d82 |
| SHA256 | abe27fd17014b4e92a65c614eaad175f8d8ed5111dbc602c8694aa16611b2f77 |
| SHA512 | eb0f123e2773c2525bdaba41f1434865cad5c613a127300c41cb6882652f9e53a615de4782a3b2040f8f4e38d88317c66c249c6b2f1d9f5144e1c518e6c160b4 |
C:\Users\Admin\AppData\Local\Temp\HkMEsoIY.bat
| MD5 | 9e784e4f153c0fffa637ccd727670a32 |
| SHA1 | 376da9de308c67006ed227bb702617996d370670 |
| SHA256 | da403e4ad1a6dcff3724244ae3f1a3811f3af249a1d18105b064a42f813b52f6 |
| SHA512 | 4451e858b52aaa7f7b931fc5e8375d2dc713617a16c2af0bf220f9ba38b5447e256ec3f3c92ebc3f9f8b19859119e8b99a3dfb267224272f1ef39f3736cf4053 |
C:\Users\Admin\AppData\Local\Temp\DkYYccAI.bat
| MD5 | a27b7c7c4736814549142b70b8504802 |
| SHA1 | 16a53000d02cf904ff748f2a2f7be2281a7c0a28 |
| SHA256 | 23cb6863e604ac5695ab5c08acc07ae735b0b5afefce3f6c8c4c39d586646997 |
| SHA512 | 3f5fde3923a212654690e356720f663e8c5bb9afaf366b179f75da2575c17559d3b281ec243519e75d283ec8cb6a9b84c4066940f5553c2cc521dd4fb5dea4b4 |
C:\Users\Admin\AppData\Local\Temp\xAgAkQsM.bat
| MD5 | 8c14ad6f99ccc9ffafbda1a2e8123798 |
| SHA1 | d31368124487fee1298d97de22bb72f6b88b0df0 |
| SHA256 | 1d98b744029883dc5deb9dcaa9a011f8317e2fd2fdb5ccaee14afe19a6868365 |
| SHA512 | 07eadd21a3a23c5a50132277c3b34d2fc706dcd8da07135a08226704250aabfacb8fb76404104c9dc568c6fd559d7854de73335c18cf20d95755a663cc5c81ed |
C:\Users\Admin\AppData\Local\Temp\hAgAsAcM.bat
| MD5 | 7f14cd2e0b1c1b3eced7374fccb72651 |
| SHA1 | b7108a2b63ace1c8634f28e583c043930b3c3716 |
| SHA256 | 7574534ab38332b2473cf47e068c410ab5d522389fa2c1261003b215c66eb3fa |
| SHA512 | 7e962647b25ff601b569898f62416bbabe36187103ec8e6fbcf9f2e9e69fd4d31d5999cad18e593881601ad49689e7c6c87c08c9c6f00ee84375488cd765d976 |
C:\Users\Admin\AppData\Local\Temp\BGwgMMUE.bat
| MD5 | f13f136f4ee167861300975b40efda25 |
| SHA1 | c45d298b21ec1e7877ed2a877a8b46cb0a279e2b |
| SHA256 | 0363b6085f021dc8638f0c7d9e8af18f6f24079a860dacd2a2036fd066408d60 |
| SHA512 | af7d3c5a4cab2f9d30ee1cabc595d462d22dc0062584c640818719c2909420c67a3e86fab2273b79c618c5598f5cd8a7c441370a7165d38198c76ffccced930b |
C:\Users\Admin\AppData\Local\Temp\WQwMAAAw.bat
| MD5 | 32ba9179020f4e8447f021eb57f3a52a |
| SHA1 | 0a678197716acbc8ac05af47957487a2e7f003f7 |
| SHA256 | 841d71ce9b9e66952fd5ebd674a0244958161160145fa373171b9b4cad5870b8 |
| SHA512 | e81fbb3ee656965fbb1acc36b3444a1b7b0d72be33066facc86ab7b9a9a437855a09d46fe8db62762b1909f6180765694bb0614afe7aa7acb4b3d64cfedaa5a6 |
C:\Users\Admin\AppData\Local\Temp\SesUYgQI.bat
| MD5 | fd83cf762cb6190e6db14b2caf9c8283 |
| SHA1 | a2e54684cd92978c515fb42241eb90b3ddb979c3 |
| SHA256 | a204c64bdc25e167b528cffed51e263766989ec252373774020326d9642fae74 |
| SHA512 | b7579d67c25b5318e224380cace3fddaa60d8f23adfadf57ef35138a42c6102aaa3c5db5cad69a70bb065f652410a77c2057826632b96c739bab790055050e60 |
C:\Users\Admin\AppData\Local\Temp\CEwUMUIo.bat
| MD5 | 8e8baf8a385acb643bba40fa7c1ca446 |
| SHA1 | 12b4456722066c59f0d374178aabf07ba8f444a6 |
| SHA256 | 98edc38193c8bec29fb64f722b075aa45d6e5f64a2bfa26d6c3275ad86dac64c |
| SHA512 | 3198e7bae5a6051da5975b696b952a0fc4d8ad5893032990de791564d8219b8c37a7f795d95456bdbd81973f87cc15c19540e3da3a3deb36375db144a220bee1 |
C:\Users\Admin\AppData\Local\Temp\msEQQksQ.bat
| MD5 | 14379c8f04306c455dd1f04ff2b42e5d |
| SHA1 | 829506d958d0dbc8d53a82aa13db29bdc3d40bf4 |
| SHA256 | 9d7c85d2f7cd40d66244bb7dd00ddca15ec47a911cd0b253660a27941fba99b3 |
| SHA512 | 3e0fb56874b0087b365ff096d9704ddffd74923974b06bde588912048934cb64396c775e2b6cab78028d9f0bf9ad30dc460e249a5d0e15a201d4592b2ce75fb5 |
C:\Users\Admin\AppData\Local\Temp\vUsEYoMQ.bat
| MD5 | 6e144ad68ae4d7f3401c6e675410893a |
| SHA1 | fa2c5a9df2db2bb1fc2fe3de390f0d810c5d37e8 |
| SHA256 | ade7d3706b5d0874de4be9af765ee0b13e8a6b5dd55b747ba187b87518200f31 |
| SHA512 | 908e5dedc8e213da9fd6c880f4497432c35535ae0602f4785b9819083b2c74dd2e6cf769b6c4ec82173c70e96cf7eeb9f6db8f9f689a9e13bb192b3ba608f758 |
C:\Users\Admin\AppData\Local\Temp\rUUQQEIk.bat
| MD5 | 244f29828b117ea42737b917b1a8b7ee |
| SHA1 | c37b5f8a86dcd85616858878be144b1652e1c7a1 |
| SHA256 | 766e1a7fa223b08b664a568aad72e64a682676e589b23afdfc2a8758b6188acd |
| SHA512 | 15ff1e5932cfd783ef97ae6b306356640c8ce2faa5efae9275b5a8d003f35e1b6135338a2366d9f91c4fc06350134860e20ce49ab5eef5f96d83f8bd20873fca |
C:\Users\Admin\AppData\Local\Temp\VAUgAMsM.bat
| MD5 | 96f383eef09c0afe7e94b78b4a3a35ec |
| SHA1 | 85618d7ddd5530ec7a75e6cbde038bc757221d37 |
| SHA256 | b05eed5cbd9a3de67a80e52bc01fec2d30855d24f8743140c917edeb50d0c19c |
| SHA512 | 42788af10932230b36ff959ef00a15ffd0d7f0ad8580d904084516c9df8428453323e0aad8365da9ff661ba7cb24b1d3f417e259948ac8271f296ec1c6a6a4fa |
C:\Users\Admin\AppData\Local\Temp\FUgMooUY.bat
| MD5 | 4b7efb9c2107b299e7feb8eb9b9ab648 |
| SHA1 | e70b9c8ab49dbd0ac8f2b5872d73a68d5845c583 |
| SHA256 | 815805753e0ab001c6da2ecc4023ef6394b0dd43e82dd229e71e884b6935196a |
| SHA512 | f4b95483a03027c5f1a6e377c9adb7b5d9c6e07ceb18d4b36c526354b5c9d6033649d139ebaf29cb1420e7365b13745c7bb5fe92069020dfe413803fbb651841 |
C:\Users\Admin\AppData\Local\Temp\QswIkMoA.bat
| MD5 | 8dec9d08447e5b384cb3b7c7199838a6 |
| SHA1 | fa2966a4299a7db6a714fd217957078526e40412 |
| SHA256 | bddab283de9fa6aa02945686926999c5a1a6865916e0c07bcff085a8f4294541 |
| SHA512 | 2343acf987fd0d7de7b974e7c83600410fcb5e7c2a24f2a7f8fc4826402ef59aac2d596eec672ba97eff3a7679729c63ff1dbe0661f7191e93b4dfea44109209 |
C:\Users\Admin\AppData\Local\Temp\iacwIIIg.bat
| MD5 | 924b2ac38086c9b695a3569440b33217 |
| SHA1 | 829cd73a65438aab3a73fada9db8bb175b6067ce |
| SHA256 | 48727b97b1200a456e96259f60fb97dcb585b6ca4b5f55c63d6f83b010f8af88 |
| SHA512 | 529e45dcf93459efb8451da09af85396852d5dd0a453ec3910151cc1f0fce4a57ba3005c067a75fbfb8e92b218e4c7000c5ec851976d9be388d2e0f2045579c8 |
C:\Users\Admin\AppData\Local\Temp\CcMEYoEU.bat
| MD5 | 72de6a2da6fdc5983a476db75f63c6e5 |
| SHA1 | 8a05f7668e1e21835ea1fe93cdf4e2032d1d1a9c |
| SHA256 | 8d24ac85d08788ffd5e1e085715b7a03d99b81db378e1f0751bc54dd4f3b0cd4 |
| SHA512 | 41cf1db600dc03b5d6250ea5c3b90b3291715b86a4a189faab1f9885154295079e9de5e79ad8b7510c13a17a96ced9ad0f9cade5703f5e2eb18462fe171e2fae |
C:\Users\Admin\AppData\Local\Temp\AcMgUokw.bat
| MD5 | 824486e8f78f7c436cdf7409aac7e64d |
| SHA1 | b3c1826de2c7f9424ad0d29d94680ddfea8bb0b9 |
| SHA256 | 6b6eb297aa22800da3880bb2777016a3d3cc537736eab51de2307858b8078446 |
| SHA512 | 33a032532b098b5a7dfd80518cae20dd16d9fa14097502065e590d470b07c776dcc2b0648a3f7730770a7eb6047f5defcc8a49225868d2d713bb69a3676dc294 |
C:\Users\Admin\AppData\Local\Temp\acIQckwI.bat
| MD5 | 22c3654056b10d637238eea1c6d1f016 |
| SHA1 | 8b681f04dc2861342ef3a10dc6a8099aeff7aa32 |
| SHA256 | c5350ad11bf42b471f258f711b3d0b8abd9888bcbde9b2738425bf9a5dde5650 |
| SHA512 | 3b060e68ef23ace09e989a90343e68ab7ef8e06a0a447d601a5ac21ac81a747e9eb679545d9daed22ad795bb811836669303c7f321b1b20dad8852ee75757fed |
C:\Users\Admin\AppData\Local\Temp\BUwUgssU.bat
| MD5 | eca95a616e1e982cd9b7bffa5d6cc1fb |
| SHA1 | e36fd3b672fdc85fd93a34ef2dcebac35ecfa014 |
| SHA256 | 9e5aebe6707ab4be79adb9120768e2565ab8d282f9049f0239463652b7434404 |
| SHA512 | 00848c929b40383f202ed7f437000aa089bc38751a203dd988ea4731d82becb8c43e4761efe9ac03028cbee4a0588d04a5754a4b0f65873a760a054a58617663 |
C:\Users\Admin\AppData\Local\Temp\zcEAAoME.bat
| MD5 | fe87dc41031f1645f35ac253502a34a2 |
| SHA1 | bceaa41431969222c456fedb0f03450ef066db76 |
| SHA256 | b9fd3b098dc9efd6a3df646c8b08dbc0212d6ff92056d08269d1de49231d3bbb |
| SHA512 | 9a280d5c5cd603b4ce79433d68aff9ef7efdaaa2b653f256024e2b56a08a4885a0ba2c2a28b72a3324b5a533389f2e0363e1602583722e693eb2fa6a107a7d6e |
C:\Users\Admin\AppData\Local\Temp\tUcsoQkU.bat
| MD5 | bb26913d95b4114cc411e2a88c6a4103 |
| SHA1 | d16d99b477c148fe72fada249214e655bb475da8 |
| SHA256 | d88ce8c720fad6d59aef85c7c3e04c847511d781c01a07e93a8cb38e9556f7ab |
| SHA512 | 19ebe6bcdd70bf52a1862abe56ddc8c5c3632461a551bb288b35be2d5a288889fd5bb4203e650eaaee9d334aa3815dab76df18178fff265d34f950d07298f7f5 |
C:\Users\Admin\AppData\Local\Temp\HQAAkYsM.bat
| MD5 | 062b4b71ac834cae6c9a60dd5129e348 |
| SHA1 | 8b0fb3364524211ee0c2eaf62429610f1b532290 |
| SHA256 | 893a5d3e34b3cc0765ffbf0ecf1b5ca82b587b998c40e397af6f7d777484835d |
| SHA512 | 795f99526d76b332d03ba3ab6c8954a19b08d0e096b4d07d5666249c59363e1718bf4d43d34a0b62475c9bab6002fecb4d42df3c51461f7fe2b44af9b615573f |
C:\Users\Admin\AppData\Local\Temp\NsAMIMck.bat
| MD5 | 7a5445a70fe5b027299a146b0b3290bb |
| SHA1 | effed6e93cb38699327d73cdd84ec55508746e7f |
| SHA256 | 28641e409755e316546cf398df60fe3f16bed5a54fdd12c74a2d9aa61c89e01d |
| SHA512 | 3c0d3c76850318f02355c285564a9f75ee85ad575dca12d45b7b8687059543ef2543cb7ee0515ae0429230b9effa27e4699e7a073dca248fe79ba9c836c8fbf3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 17:22
Reported
2024-11-14 17:24
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (86) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\ProgramData\KCMwcMsU\fAgUoQQY.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\DsgkwwMQ\FmUYQswY.exe | N/A |
| N/A | N/A | C:\ProgramData\KCMwcMsU\fAgUoQQY.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FmUYQswY.exe = "C:\\Users\\Admin\\DsgkwwMQ\\FmUYQswY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fAgUoQQY.exe = "C:\\ProgramData\\KCMwcMsU\\fAgUoQQY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FmUYQswY.exe = "C:\\Users\\Admin\\DsgkwwMQ\\FmUYQswY.exe" | C:\Users\Admin\DsgkwwMQ\FmUYQswY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fAgUoQQY.exe = "C:\\ProgramData\\KCMwcMsU\\fAgUoQQY.exe" | C:\ProgramData\KCMwcMsU\fAgUoQQY.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\KCMwcMsU\fAgUoQQY.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\KCMwcMsU\fAgUoQQY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe"
C:\Users\Admin\DsgkwwMQ\FmUYQswY.exe
"C:\Users\Admin\DsgkwwMQ\FmUYQswY.exe"
C:\ProgramData\KCMwcMsU\fAgUoQQY.exe
"C:\ProgramData\KCMwcMsU\fAgUoQQY.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reIIQYQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hCIoEwEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lowscYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkQsQMok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UAQcsAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKYUwcQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OqcgkAgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\baYsgAIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pIoEsssQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vicUEYcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DOYYEUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SiIkUowQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uwYcYAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGwsIskI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kuYwYUsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HsYcgcYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUkEoMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jussUYIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tqUcMEkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yWkMggAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWkAowQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSoMIEQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AuEUQQIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bQIAkIsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rSkkQQks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PgkYkIwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UCgIEsAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AKogMgwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OgEUAUUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jWwwcckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIgQssEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\leMsEYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wcUIcUsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wWYAsMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oCgMMYsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mgYAcsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JGkEccck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCsYsgwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LwEkAYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iScUgAQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KyQAEYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kOIsQwkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSMwYUQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NeUwssEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyMgkQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\huMIMggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QsQYcAIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AsgYgsIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKAMcMgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSogQgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bmkIkAws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dkUsUkcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qmkUAkQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qWQcMQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qWEYoYsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zsUswIMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIsgUAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jeIMcsUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MOYUsYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ucgQsgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgwkUkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGEEsgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vQYcEgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeQMEskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSIIoIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEQUAUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuoQEcQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yGoAcYMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LsgMwsYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LCcsoQIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HyEAwYkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IWkUgYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kKYQcUcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYcIQAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmkIwoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgIgoIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkUAwUcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqgAwIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcckoEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SaAwsIsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZOswEQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgoEIkoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xSMcAgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYskUsIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmIokAUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OaQAwUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KkUoAIEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XQMAcYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYYggAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MmsEMQMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgMoAEUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UqMUQcYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ecYQUksc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWYIsYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv DGREyEaeckKFsJ0qxUkkDg.0.2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.187.238:80 | google.com | tcp |
| GB | 142.250.187.238:80 | google.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1652-0-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\DsgkwwMQ\FmUYQswY.exe
| MD5 | 7e5c1b2fcdf513a8fe3d91f72a43fecf |
| SHA1 | 976de28a56c48aa8b70a02f582aa472810eb8477 |
| SHA256 | c2f529e8537a0e477136f638c84c08228d9602b0edb66c00c5a27bc94008f7e6 |
| SHA512 | 15d01b0c02a8a83fea24103ea054f7e66e1f457c5911cabe140c8219b36f9388b636b3182feb9ed9c52244601779bc231b2579e7c03df84b48e2a51ef0c6b883 |
memory/628-7-0x0000000000400000-0x000000000041D000-memory.dmp
C:\ProgramData\KCMwcMsU\fAgUoQQY.exe
| MD5 | e54e27fd8223453d2b276b4185986ee7 |
| SHA1 | 817e78400448cd38d6feb4812d16bfdad2faff8a |
| SHA256 | a99a7d17048c3d3e71894fd0e7cc503e67b4bfe383b7bb78a2333f226880631a |
| SHA512 | 82df2eaf61e5b7d89c4c1168726c4caba31bdc35a3f1efe9d70e9cd4a8af95c75a58f6e409444687526ccced5da21e3ce08ad59aa429841b63a49fb244c856f2 |
memory/4212-14-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1652-19-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\reIIQYQo.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-11-14_1d9405d141447fab969a9e235496a0c1_virlock
| MD5 | ea4ee2af66c4c57b8a275867e9dc07cd |
| SHA1 | d904976736e6db3c69c304e96172234078242331 |
| SHA256 | fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c |
| SHA512 | 4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/1676-30-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4804-41-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3396-52-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1532-63-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4516-64-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1532-75-0x0000000000400000-0x0000000000460000-memory.dmp
memory/452-86-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1468-97-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3952-108-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2868-119-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1260-127-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3108-131-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1260-142-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2652-153-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1752-164-0x0000000000400000-0x0000000000460000-memory.dmp
memory/220-175-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2360-176-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2360-188-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2548-184-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2548-199-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3476-210-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2872-221-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4640-231-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2136-243-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4664-251-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3144-259-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4644-267-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1456-275-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2232-283-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2524-291-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1016-299-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2280-307-0x0000000000400000-0x0000000000460000-memory.dmp
memory/5076-308-0x0000000000400000-0x0000000000460000-memory.dmp
memory/5076-316-0x0000000000400000-0x0000000000460000-memory.dmp
memory/5004-317-0x0000000000400000-0x0000000000460000-memory.dmp
memory/5004-325-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1644-333-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1464-341-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2640-342-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2640-350-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2492-351-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2492-359-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4404-360-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4404-368-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1644-376-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3136-378-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3136-385-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4220-393-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4728-401-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3356-409-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2684-417-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1108-418-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1108-426-0x0000000000400000-0x0000000000460000-memory.dmp
memory/720-427-0x0000000000400000-0x0000000000460000-memory.dmp
memory/720-435-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2268-443-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4088-451-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1476-459-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4344-467-0x0000000000400000-0x0000000000460000-memory.dmp
memory/412-475-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1072-476-0x0000000000400000-0x0000000000460000-memory.dmp
memory/1072-485-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\msEo.exe
| MD5 | 7a3594ceddc08b754c824d393463f716 |
| SHA1 | ed82977c0bbaf3faf8d1d86bff13cfa1d6ba1890 |
| SHA256 | a8a83596c53eed9a0fba41365263892b499b243d209c9cb1046ebf6efc7189af |
| SHA512 | 4e423bc2c532dcebb11cc5b1fab38f1595e63b07246fb77006a9cbf243ccacd06c59a5faaf855254718a9f8c65d41773997733b0b042e81687bc6316de608db4 |
memory/4340-507-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GgQo.exe
| MD5 | 866747cc9134af19aa19d5bf3b86fb34 |
| SHA1 | fec01fe1a8fd0c4b9ce405bf3a5982e5ac204a63 |
| SHA256 | 470657a4fca6ae156eb763613e741971ea179f7f5cc838fbdff112c4ad1acd70 |
| SHA512 | eeb46592f13e706159507a7e21a0e96a547999bb882d764af70f5dd9ba7b3b6867f639cf98a4c8ca1f9a2fb6e6ff5027c57522432c35476023b65a0864a44c4a |
memory/1952-522-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WwMw.exe
| MD5 | d8e32a6e1f8ed391987b2d3e243668e8 |
| SHA1 | c0f23be9ced72ab0574518a6d5fa546f87d7fbdf |
| SHA256 | 9222bd58bd0a66d00802bf142161282c873334c54d92349a4636b116baa403d9 |
| SHA512 | 93ec730a4eea13895669d635304f6dd440a0c20429543676e180c0a829a9e2b5d4d9fc8058a3c019f7c69fd7578754f37529d8f1dd7f421006185274b288a3af |
C:\Users\Admin\AppData\Local\Temp\qswS.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\iAwU.exe
| MD5 | 4100b0bb9edc7847cdfa55ca13157d2c |
| SHA1 | 3604221eac132ffdc004071fe239e267b4390ac5 |
| SHA256 | fb442e2c9c4e705ce31e3f0b27bb9447a291a038d681cfa67434ac9cfa9fc0f4 |
| SHA512 | b369970fd13fb056ca27ce4709ab24d0c0e41eab80982d9c94c68c0c43a27368e6c7448d820059835cd6e3173d005a45821f955b1f22deaa8e2aca7852313675 |
C:\Users\Admin\AppData\Local\Temp\ewwU.exe
| MD5 | 6d67135fc13f5cee12ff0ba10d8098b6 |
| SHA1 | 1d6f08996c5120cc6fb157224c6a3cd0d9208c78 |
| SHA256 | 34f85d1652ce3bde630c6bc3e1431aabb89a6da59af67a00d9e7d46d25e5f739 |
| SHA512 | 1e0601f4e000cbcf403a1210ce5742135fe361fe8cf163e26c2d611c9d9ae460d914cbdd3dbb55f9e4aef0c4ded311f8bba94036e810fe4c7e19a191770459ab |
memory/1952-572-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QAMW.exe
| MD5 | 66bc140eff853f980fc4d9cbc0e8a940 |
| SHA1 | dc4c001ac871175123ba1fb157ff696173044cbd |
| SHA256 | 17bf9413e3dc3c833d5103e85135cf394161e272276c36288479f6e30f0d6147 |
| SHA512 | ca0966cd104b97e3c5859a575d1e7c70481a818090dbc636550e8e4cf963f0d33a083dd62063087a697c1637923babffee97945f266892d7a3cd807faa3bae89 |
C:\Users\Admin\AppData\Local\Temp\cAIe.exe
| MD5 | a94a97a82bc60408f3ce3d54e850e49d |
| SHA1 | 6f080943b54c02bc2ba5567d94ab4a2cf0784293 |
| SHA256 | 1258d29328c79f62863475d2d20e9da22becac25aec59fe516780a05a1f196a4 |
| SHA512 | 383d021630c74cf1054fd9247e340d000260151081a9fba423fba8bd403f536974cacb675aa8d670df1b9f4ec5a5e6b1654fff08ec0fef6c3f8bc55a27233ef6 |
C:\Users\Admin\AppData\Local\Temp\AEsM.exe
| MD5 | 83a6ee7c0e8ddfed1632b01c8e0d3c35 |
| SHA1 | 12b80abaee739f4bee2685b0cb231488fa647205 |
| SHA256 | 970fd4c5680b91ac53ef036f1740ffbe95e02199694d1fead26b9bdd0a3ccfc4 |
| SHA512 | b9e7c44c9e3465eddf4bb53d1980b6de1df61d5122189c126037ea3cf1f4fb1ae1de68388399f3532ed9ade64e7ba6e2b2411de899d4a135d1c49b9b3ca9da3f |
memory/4496-636-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gYwO.exe
| MD5 | 0fe8ac199a6fe353fbde6397869cb1aa |
| SHA1 | ee2e05f3a8049b9df345fc84c5602043262ca1bf |
| SHA256 | 10366a1ed8a72946968036666b4e66d231edf252dbf66a499579d61ae3be03c8 |
| SHA512 | 2e8805038e4332942efcf0457cf3b3de96e5673a6e3424da118cbcaa2fd2af5bc1dccdcbff1de72199d87ae1a237198794629af3c78338075361282b1b178ff1 |
C:\Users\Admin\AppData\Local\Temp\aooe.exe
| MD5 | 5c67142d180dbbb42afd85008d240da3 |
| SHA1 | b61ede9afc29a3e3b5024b2bdae439e26c017622 |
| SHA256 | 3aba2aa08bed7989391e3d0fa69d08c12d51ce9889e07904051064680524883b |
| SHA512 | b132a8f5d66d3e8f4c62d83e474cce4c416fca362f615b7ad56eb46a010713e5d22e796b07843cec24cda3e47a49a3901f9dbbe1fbe2fe6901f67f39c8240371 |
C:\Users\Admin\AppData\Local\Temp\wAUK.exe
| MD5 | ee83295df731f893743f64d8cfae77e8 |
| SHA1 | 6bc7ea0f92870e741e317d79556c02e5b226db7c |
| SHA256 | 9e052a33971a60fcd282bced77f303fbae84b374cd6e9956082e03d6c0b07297 |
| SHA512 | 15a11787460d28f4a5510485657b239058408371c2ec93a39339d870b6920edb865f753d6ff51e2345282f10ad729ce91c0aeab850782849b3c5f236317b8135 |
memory/3620-668-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ywkC.exe
| MD5 | 9f55748bec98b9e16abfb12797bff328 |
| SHA1 | f69790fef915b95283443708a1b75babaa7d58df |
| SHA256 | b4d56d8c0fab5e16a5a37aaa0b91e0b3b910769547eaaaa4af057c4987b81b8a |
| SHA512 | 026dad1c4b67678a1d481127a578841a5211c9cff80d2aeb3aaf26c2e2e42cd63a932c7faf76d304da96abf88531be9de88f6b546fe5d1d6bd4b9cd1629a40b0 |
memory/3144-673-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wUku.exe
| MD5 | 658bfeca623970a1f6c2978774fd9bc1 |
| SHA1 | 03a78a27d610d819c4e211969bb7ff84d9f24ada |
| SHA256 | cd833981d2e4ff00bf03fa756cb276385d96e913acfcea0fa5b4afbfa3d2cdce |
| SHA512 | 863247652b01b9dc58b11af77808d9c371d1ea36a3184ecdbeb386dc48e8b16c909615653631b03455d3c6df8131bdfd50f9f4f1e906913936fccfbf1de1b470 |
C:\Users\Admin\AppData\Local\Temp\mggE.exe
| MD5 | 697b8d1cf6ce73568d5e8c29f5cd4f0c |
| SHA1 | 9ae4b11082ae78fb1e82b39c397a337d13844c49 |
| SHA256 | 089c58cfe7f6268355a9cc86987da0e1184c3cd101d0f474c11715a7bcfedaa8 |
| SHA512 | e71c72876dff1ed7ab26f4f57be16e03c3c3e4bebdb407a3b2f93f5221bdaa0fbf2eb0b0aac5ef6098e0d15249874eb13253a8cb90476649605bd42f83568763 |
memory/3620-737-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sYcQ.exe
| MD5 | 9106de900cc8a7d66800b5c84ea0b5fc |
| SHA1 | e44960a1137c3abc1b61d474332ac69245b5590b |
| SHA256 | 8e55e1048aca5c12e13b0d85cfbab48974dc55ffa8710ef119130de4fb21c846 |
| SHA512 | 75c9f78b0930e65bac6b37f1073d650fc53858d0507e9d18a2cfe2e3e31994702eb8488f1eef5d526fa61feebf2f8ec2a9a33b9b455990e86619a46bbb973955 |
C:\Users\Admin\AppData\Local\Temp\qooU.exe
| MD5 | 75df3f64b68a08eb5b624d67fe4e1718 |
| SHA1 | c908a542670f2d05f28b311b8d51564edf6b2b98 |
| SHA256 | 7032eb506726166b98343d66860494b54847881dcd01c467e92ebb90ff47ac9d |
| SHA512 | e5c98421635dabd2ea64a1927f395f1ce65b2af688dd2aa5b71e7a1417e3f7de8d2ed0111f2f20924fbd0665950efc8570d799f3da2272723c3817dfeeb92d9e |
C:\Users\Admin\AppData\Local\Temp\Gowi.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\GUIK.exe
| MD5 | c806ae3c600e48edd1f83a8d9cf502e9 |
| SHA1 | d121f529e56d186d6a3645711ea5251801f4ad55 |
| SHA256 | 2e5d1e44ae598873ff56e46c3861d79a04d388f976f5814bed4a69e9d659e719 |
| SHA512 | ea63305596d54c386067b97950baaed37570bfd50b6018ff972eef979df9886b49485ac082028602271ecd512d8ecf45771d00ed3f9016ae34e22b4a5f1a6335 |
C:\Users\Admin\AppData\Local\Temp\eEUy.exe
| MD5 | 7db839ca3a8c62c8813d0b700f430e1a |
| SHA1 | 1eda7da426768d96aa435dd10dfd7561edacfa93 |
| SHA256 | 820b4c04a8ecd3a03cfe2443030113f8a23b209db4336af317c15e482f940d0c |
| SHA512 | bd08ddb9df4f4118ab9e26bc700f8021593acf7074bb15bafdec716b80cdd9ead2cc3f1a62ea3da874580fdd9f77756a0fe311f98f0068291a3c6f4864bedeb1 |
memory/2040-781-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cAIg.exe
| MD5 | b1363ec38ba5629f256ea14df11a505c |
| SHA1 | f5eef6caead6c818d187e4a883244a3db5e943e0 |
| SHA256 | f623ebc933ce267fdfb3e8724a689ee04b93d7b21e5517f23809f76c89700355 |
| SHA512 | 9185a132b95934f4018b53d2212124d829132d19830e4a29e3e335d8c4aed7a5ff3502a060f319b5b7978c833f0b7edb3644a7ef7e8cf3dafecd999aed280e91 |
C:\Users\Admin\AppData\Local\Temp\ucUm.exe
| MD5 | 7fee896d2623ab97b54385ffd63c06dc |
| SHA1 | d07ca2b9732a40914514f7a0023d0c79b812b584 |
| SHA256 | 5ffe02a079e879db8d86c06c665efc9b988ada891db9dbb9c8bb7356fb06f8b9 |
| SHA512 | aad9dde972d2679bfc0d393f41d3f66ffda107a339fcb95f0f70b72a7b4c09352ec878b2633e9c07114f2e07fcd9641cbab09440e5863fabf6adfe943c33e9b6 |
C:\Users\Admin\AppData\Local\Temp\SwcC.exe
| MD5 | 7d771aec59c0c58129c2c0a3463b34b0 |
| SHA1 | 193d39430e52ad74d0fb5caf0e0ea12624f3b207 |
| SHA256 | afa3bae4c9fb612af6d5ddfe8591d397091af53c64f09fb5107a6e52ce57ebc6 |
| SHA512 | b4162627102100bed1700ca0f6a0a13081bdfd7d37c9459e8b3777d54186ceeb9a801715d59b2fea0eeeb299f0527d4af36ef41ebc79353214aa137a18f903a4 |
C:\Users\Admin\AppData\Local\Temp\uwsc.exe
| MD5 | d0f46edd6c1529be94b672c61eaea1bc |
| SHA1 | 1e1b8425bc869dcb0b4d9e661d49c5cbee1c7c87 |
| SHA256 | e00ebc539aff4c567512b79839464eb8c9a5473e148a1a942241d20057e4b563 |
| SHA512 | 46763372fca277fef8e31481319bf23d8cfea82c8249bd53a03877491185ef0e2a8eebf36b5d2fc5d88dc4200d770c13a9ff5cacc1b2bbbafea9988fe570228b |
memory/2040-845-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2268-844-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gIQK.exe
| MD5 | 6da2640c789c55949db0861a482a2c80 |
| SHA1 | 282afdc8e5409722db52be97dad34eb6e8881397 |
| SHA256 | 046a84df264ae9927c6feed05d25f11a4d2540524cb0712d103bf4cc4ba60142 |
| SHA512 | 81f12743f1530c2b4b90a776c1a2886e77a41e2feecc3e9d6ee8f0b490c9ab2060aefc01e8fdb3b360b0460a4aff99263c9449bdb01ee210f54aa1d882427b50 |
C:\Users\Admin\AppData\Local\Temp\ycMa.exe
| MD5 | a218603bd124663125f51f412f0aaf36 |
| SHA1 | 31fec80fefcd1f10c8c3f1f2a9850a17e7e2977e |
| SHA256 | 6c16f8848ddb5d337b5cc25136020dbbd671e19f16492d06c7d28fb77c6410c2 |
| SHA512 | f891c431366d0b4ac169a9b1f8b79d41abf1f0a6536c56fd5cfddf22bfc0afd606b3429b6e60123bb37c1eb64645a80789f2e76fb3d912d03258d523ebb0bd15 |
memory/3620-878-0x0000000000400000-0x0000000000460000-memory.dmp
memory/2268-882-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ogcc.exe
| MD5 | d3049f367db66c85e13a4df69ef48bc3 |
| SHA1 | a408438ea42257102dfbbad30e508de7ff4c2e3d |
| SHA256 | bdf78424861ae27b76110eec879c9024d93426915419209cda5481c899252e01 |
| SHA512 | 0a10d56605548b427f15061739a5bc9b8fba97ac9729ba7a333ae2e1e10a131be9c72ab604df41e82c32fcad5d9ba8e77c72b15d2a8681f9697dc0b0b55b0227 |
C:\Users\Admin\AppData\Local\Temp\Aksq.exe
| MD5 | 7974e0b065622d37e4868196cd3dafca |
| SHA1 | 718d08a503ab01b4704a2438758f712addfd4d49 |
| SHA256 | a6d5f7704a57da36df670a1ec772b532b8f9b893697912ab8ba85fb1f727a41f |
| SHA512 | 14aec696c48badddb4a6f747620926bf08e8d83d8aab2a99639f2185ba60b184ba545c295bebcece2eb7adf628f0f713985188139732383352114992f8ef9100 |
C:\Users\Admin\AppData\Local\Temp\yIkw.exe
| MD5 | d614e169f4ee71b845d47826566427f3 |
| SHA1 | be296bfe8bcb679d08a4d6105dcec0cf34661520 |
| SHA256 | 41a0115def270f38685325bac61662dc67836392d6e197e4cb4d301c16481626 |
| SHA512 | 49269df67d845cd06faff724ee6c3d0d96b42883d82d1c72a9ccb31539160457c701098318ed5cf99006c850fe8e8e4748215738abdbcd62761249e2113001e2 |
C:\Users\Admin\AppData\Local\Temp\CwQw.exe
| MD5 | c6c88c2f4710ba5fa7d68a77a6859ae8 |
| SHA1 | e4ab2bcd75c4bd8f22cc9b92413981b2cba061cd |
| SHA256 | eb58a656ecdc7541f565fb77eb2f456ae0bf85e1e7c819bcdb33a9f9836bb245 |
| SHA512 | bda13fc9280d201acd53f2328b85e88dd712364cffb4abac59fc3b73832e43aed16405808c870807fe56738030a7d9202fc3427a44bb6d8006842de7451b3e0e |
C:\Users\Admin\AppData\Local\Temp\KAAa.exe
| MD5 | f75ea359038ee35363c7f35fdf208f19 |
| SHA1 | be83a567708cf075f672d72cf0c1c45ec78923a4 |
| SHA256 | f0b766f9e82b617e713b65cd4c151f99f0a7d3e40df862cff7e72708db7a33bd |
| SHA512 | 608b808283c1543d3e19421e922dbae86b3e5edc6ba122e3f8eea43a2cbf899da6f93b573cb9fa3a0123be89ab58168c4f392cae83f970eaf21997d8192b7470 |
memory/3620-960-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yAMG.exe
| MD5 | 82ce79c46cf5c575a8ec5eb75ee87af9 |
| SHA1 | cddffb4d1f3574e538ebdff859f86ae6ceb3f7fb |
| SHA256 | 246fe0ac0414da5a8bc5b15ee996ea96923ba22e855de6b982e13c776cb1ff58 |
| SHA512 | f0778c11b8aa3d8b5fc48fa4d8bdadb873d6504a0f9b2dd3ae59680ccf8a38511b6e2f3a5da3301e56bd2579ea208370529e1b0ebd5fe25c994203b792d2bd43 |
memory/3652-975-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EoIu.exe
| MD5 | 1813b2dce7a418ac11a593adbf9229ff |
| SHA1 | da9ef915898a303049f2862ccf1e7a84c23d8a0b |
| SHA256 | 92225bb8096b40e2b4a1920f464ed89bf8a595206e9fb621593ca5ee229b66c6 |
| SHA512 | 59f216539d03f45becdbc30bd06eddeb49980ad22d98aa5663a5974bbbc47baafa1820de004f9684c8a52f8018b7d9e13df91de1bf72e26c991f8a2e0490860d |
C:\Users\Admin\AppData\Local\Temp\EEgO.exe
| MD5 | 5803d172a37ebda0d29ddc63b8acb0f7 |
| SHA1 | d5d306363bcda6a52796924ab49b6be19b1f3af3 |
| SHA256 | cf12e575cf61467066377856a691c0b144e60e54099fbc8e31c476dfa2d8880f |
| SHA512 | d51a61f63127b855a69756652b35c072be0e7fa16c615a7f7b2df134ab85cd6845f03df5658275858661d6e5e7a0423ce16e9922b9c52b8757e100300cec3258 |
C:\Users\Admin\AppData\Local\Temp\Swsu.exe
| MD5 | a1cc15b0f2c729b40fa0033546296944 |
| SHA1 | 1fff29a241c5f6644d7f2597eb9cb17c150b5ec0 |
| SHA256 | 57b36a16853b43fd633b8c9d45d4b733c03d96b802cb6a78c6a20918ad486e55 |
| SHA512 | a31d37b1db216b88304e5dc5000ab58ca94c0af5c74140e05ae19eee1e9f4fdac9e35c9e476829bae094b74633e724f02cdb557f0d9937b2b1e886533fc8fb1f |
C:\Users\Admin\AppData\Local\Temp\kYQE.exe
| MD5 | 50581e7b7bf405dfae173efe59bc0d05 |
| SHA1 | 708c523c8c4ab4e897df0b6f6d1bc2c466ef758e |
| SHA256 | 960fae898deb06f88a231877e3756b589ecb80124f745aa307d5c27dcb232c32 |
| SHA512 | 8385cefb48aeba7ec3bb221708e0a617bdad4d1464bfaab5dd41c2087dda047b7a19ead7e395e5eb9f54d99109383e30a96b24f0cbec4b415e7762e30301fabf |
memory/3652-1038-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cIgo.exe
| MD5 | 2c27b868e9d0996cd91f679f8c4f1c48 |
| SHA1 | 72d9a5515e6e449ecf8fdbd5c74394f452eb92d9 |
| SHA256 | 3d44c4dd795d20fc2c01afb76483b6fd84ddd6b2916ff15cd75a2f6fdd273b7e |
| SHA512 | 16f1245f46196b02b6a088de2ee80df8387d76d3fa5133cdeb80e92514e9a280a19368651c7bb2c39fb2fe4c5b278be950a9b7f2e1e5ae0966e417394ceb8d6b |
C:\Users\Admin\AppData\Local\Temp\QIYu.exe
| MD5 | 47c7925e540c4bd0a191bcbbd12e4114 |
| SHA1 | c3b6448491f82ba1f302ce54f72c00055a005b0a |
| SHA256 | 0b32aa08542a5f017e3ef9f24468662c089497450a068a64cfcd601007395a01 |
| SHA512 | eabfc429df3584269e0bc77c50bab29fad1828b8e2378c7dfb35d32fc13aad0465b0d6971af7845214f83908448def6843eb273ecd3f1204348c372282009ce3 |
memory/4228-1074-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AoAA.exe
| MD5 | a6b03bdfcb02808e25d97f66097e5ad1 |
| SHA1 | 9b1293d809d2a23e322f588db9f6cc2f7a78f6ed |
| SHA256 | 8d0157b4398b1b8e377364412f9372af5f52511752e8a3e68e70e523744ca7b1 |
| SHA512 | 05056dcc309154b284439284502548999f3faaf7d5d79c860114cffc568ed8c949feec50abdfcaa6652cc90ae06c3a721b63538a656bf8126056605456a4d162 |
C:\Users\Admin\AppData\Local\Temp\ggoY.exe
| MD5 | 811b57dbef8a4df62be7fd0cdf14358a |
| SHA1 | 97cf7b09ef96eaed54f2adbf5358f16627720170 |
| SHA256 | 73352bc8068d526d6c006016e8a337b387a1b510083b7bd5fb1316adbf9ccece |
| SHA512 | 0aed6982ae985182297272b3d43064550c922dfb3cc11bce02a9f68b4452d51330cf55270c9d57c4c9c17bd3bde2c56db8869f3dd09fdf1b2560ebf0213c4853 |
C:\Users\Admin\AppData\Local\Temp\sccm.exe
| MD5 | e01059721798039fedd92ab231360ce6 |
| SHA1 | 54fefbff027b13482b5dc0d903dd186aa543963c |
| SHA256 | a70e75d244106d799fe717a629b0f08e7605ee9c5ff82456a064fdc1d390e646 |
| SHA512 | dd8d69b58c231594f11d3bc89c923f6ce2083ea9ae57ff8a3a34d8c2842569976838e1957fc874d3df0e462fdee8ed7d343d056b7a5c9ea3e6c1e1622295ffc1 |
C:\Users\Admin\AppData\Local\Temp\UgkM.exe
| MD5 | 835e40654e493d1b688c1690f74661d7 |
| SHA1 | 05dc98b7e60a831d3c028c414d3e705e14e7edcb |
| SHA256 | 95d51e8acd88d46021b0b48cd5b5fb6652d73d43355466a3e0acfab9981368ad |
| SHA512 | db7c473e14cb117ac0f3447b4aa5e42700ec313823f05fe2e110dab013e4d21ff167f74a2a6144d3b1b9b2513a1c813fccde2740c23fa09dcc332b9fd8566140 |
memory/516-1138-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3752-1139-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mMAo.exe
| MD5 | 40be66be1565e66b075b6ca7ac823464 |
| SHA1 | 40bbc41ecd760ee3cc5e3bff836814c22c469d0e |
| SHA256 | ad02a211f4cf265baac7363d049048956119e0a3511a7bc03a043da94349df81 |
| SHA512 | a82269023a72ca0725317e24482161a8de78e8f3f8582f60b1adacaab00d7762ace1a0b1ab2f19e0372e14c1ee58aaedb7bd76f2bc752ae56d2c2a96b3e21d8f |
C:\Users\Admin\AppData\Local\Temp\MwcU.exe
| MD5 | ff35b98d83055fa56813edc10aa2319b |
| SHA1 | eb5ded4f30dca5c876085482572027ef3d538da0 |
| SHA256 | c714af79b9500294a1f013a29df16a570ad2f4969b553723864651a80d1cc5ee |
| SHA512 | 8cddc8909cf124743d5ab2a1e869d9d5b6d3b9e1af3f1a7835a9a538b436d7dfe8dc7be058e39259e9263aabd25697ce0f5fa9fdb6ff06e73cf85196a32407db |
C:\Users\Admin\AppData\Local\Temp\Ssgu.exe
| MD5 | 1084ebccafbe52b9010290a0a8af090f |
| SHA1 | 133f61518feda6a74cfe7fc31964d69f4f55e7dc |
| SHA256 | 0c88caa769969b0ffb0a77fccf485f013867a0912a79c5e41446f9c373986b65 |
| SHA512 | a8be7f0d2fe7c4c1fdcef8420124eeb393c6c07f06224d130dd6a9a2054b8d03c6f6339d7477ab330a692aaae34ee5153a1764304570120bbb8d5db7c5f0d679 |
memory/3752-1189-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QsQE.exe
| MD5 | 6737b2af6534af2579844184779c579f |
| SHA1 | 4d65471b72c3cf9ea0f509b6b5246423653b7af6 |
| SHA256 | 4c659c3380c690d4066fd14bd0dd9c17ff09f4584c586f2770a5157cbf232a52 |
| SHA512 | ce72af53d333a95f41ccf5368b67a1c5c4cba143d8d4ce724b454a22c8dc936ba8cc36fb79d3c24d4c1294594eff08d2370700fd04b6e6accfd2f05f466e6ca8 |
C:\Users\Admin\AppData\Local\Temp\Ggos.exe
| MD5 | 07e28fad10a768e345fabcffdbf958fb |
| SHA1 | 2b918e5db6eaa8c08acbe31cca7546a9474c1d78 |
| SHA256 | 19fe4b76dc70308e58ed5a2b388b68df7b8feb911c9d73547c9d3a16e71f23be |
| SHA512 | b776af21b83d980f208aa22e51d5b115a43602a5aba92c5a05b5938d4bdf29298036e64f5d2c3bdf7fc0aef09833a5a5c0208bcf37e48c48186f0d61427d36ee |
C:\Users\Admin\AppData\Local\Temp\IUwu.exe
| MD5 | 54fb4d70dfbc160e28dd59cdbad04eea |
| SHA1 | f268dcc6b6ac26bc0790aec8acb2945e2f68d917 |
| SHA256 | 85b5748ea75c75205395997e339d1d262f30acdb5d42fa9a09b0c054778a157f |
| SHA512 | 9759d340591f9d2cd261f1c3309c90bdc55bfe384b17ddf0b36e23be92fb85807a346cd78f6527bce332b4ff2ca4e12dd09832de065593c893024315f2760e44 |
C:\Users\Admin\AppData\Local\Temp\cYEG.exe
| MD5 | 1036b461c4ab5d347afb6d94bd465a24 |
| SHA1 | 80b8f4d1e61cc989811d93a4c6a823426ea3e102 |
| SHA256 | 3c36b71e66e14178b3cd1d0913d369756c621a24bc9faf0eec81b26d65d194ed |
| SHA512 | d31525f69ed216c15434982cbdeb19d357bda88f3d84062e187503b824e8e6daf965efa2350f05bbc53d6715ae559d9189f1aab96b9a9c6fc42d8c8526a112a2 |
memory/2144-1250-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4488-1254-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Eogm.exe
| MD5 | d0f1cda93d84fdc97ddefe28b8fbb358 |
| SHA1 | 565db57754db5c43d70ea828ed2c2f323408518f |
| SHA256 | 4d497bc4fe04b0644aaf66f62c212c37eb8d49c80caca0e9c3a1a6b7de15241b |
| SHA512 | 00abd458868df3d221aa0b2ac425243c9163f9482f9005158442cf35951fc038b36f9ebc393f7e4291eb32a3d269f020e3cc872baf5c2b7b3bcfebdfbf5661b0 |
C:\Users\Admin\AppData\Local\Temp\GscM.exe
| MD5 | 4689148b969c98882ce6bb3805c39b11 |
| SHA1 | 75648fc4025041f8485ce38e102fc4b0df682302 |
| SHA256 | 4b3ab29778304f0d078ca8dc089bc4c4cd27a5237b4c589864546067fe707987 |
| SHA512 | 61b70039caaef6b39f259998afc27731be6b24316f0dadbe0ebe0ed659df1d7e0268f6cc5692056860b354987ac5c29ab026c5c18ab8364ed5ef93299e446849 |
C:\Users\Admin\AppData\Local\Temp\WUwC.exe
| MD5 | d896b655c26e9063cdf376803e71fc0d |
| SHA1 | 4eca0ee9dfb7cd6789f35dcca6a07b05c89cd85f |
| SHA256 | bf14f98e3d10aa0347c8ebc32ba9cbf9b9f9c5a4fd86b39a00791a3333872fe8 |
| SHA512 | 6836149114a04188a97289e721c223b3bb7559083ef4f1a2615f6d2284c6e70e626515adacaf4b77f3ab70e8e304790b1699c28febbd5d42a1d1001aa8c83eff |
C:\Users\Admin\AppData\Local\Temp\mwsg.exe
| MD5 | 6093706234049b2ea791e119594985dd |
| SHA1 | e4a40c01259cd066f26566a3b5f18972e2f96845 |
| SHA256 | b45f9a99f02cc39633c6b9e4e980fdcafb2c648d263d98642acda174817aee91 |
| SHA512 | 764dea04122068bf03e1bc07902638de037e0f877902bbab10999c0add0c2dc77f9513c06bb162e733651e28bd69637fb178cc03248cba83c1edd2c9e239b7b4 |
memory/2144-1318-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EYIa.exe
| MD5 | 7b5ae7332bfec9356c260c9ee7eb757f |
| SHA1 | fe1dd047e5562ef6fb15dffdbea25c626eb4b6e7 |
| SHA256 | ebeebf321239ea495f5a218756a2d3a08122f7620d3d3828ef5fa5179fec9554 |
| SHA512 | 210a25bf656520073307497d75f45b10a768ee4274282cd22beb94f4f90c256bc7aaa979736f78cdd989f43d06c2cc89a6e7136c125c2189d301dfbe9215689b |
C:\Users\Admin\AppData\Local\Temp\gMQw.exe
| MD5 | e19480960037b92174678a592cfc52d7 |
| SHA1 | 4348069732589c268f889ce5cb7be2e26c0ab93a |
| SHA256 | fb5e99b50c7787574f664372794e58459e14dcacefe54f0d39e389620ea993d1 |
| SHA512 | 8b12bef97a4e5ebe0ae3b45d181392af0a2ccc71384d35c8d470dc2578d022881c62b313c05f2c517f30e0564e301b87abad092ce7c61e5f336d9a8a8e9b7372 |
C:\Users\Admin\AppData\Local\Temp\WUwK.exe
| MD5 | 18c6cc2fa7ed3d92aeb64f6141cf7b7d |
| SHA1 | a5acc6576430c3a9eccaf4f0ee4b026b986c4c3f |
| SHA256 | d633b994b371ed68e7451d868277302ee9e6a7092b925af43b833ed62dc65d8a |
| SHA512 | 0884de3eedacd76ccbd79ae35f59c4ce701e95dc70989a80310151b1b09745fec5770c11133ec9bb10ca63e9ddf9b037de514ff577ae910c1402dc6e58548f05 |
memory/548-1368-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EoMS.exe
| MD5 | c137bf6f816d926ea5953da5645054bd |
| SHA1 | b763601693c372e7df4892d7fd7f6137d786ea19 |
| SHA256 | 22d6aae9ca6754de8ccd0803202b2b0c8e5ae80b51bc2b0815c04f60cf8d9e8f |
| SHA512 | 591417990d4839a4ad7d5ba55d309f8db360fc9ef8bfd25eddb2489a930872a24b9e66c96e989af34ea4b09475288b2a4d8c6df87c204d3c6c4458658ccea965 |
C:\Users\Admin\AppData\Local\Temp\qgcc.exe
| MD5 | 6ba7436fc9f7646919b6020cea90afc1 |
| SHA1 | 9d0a99cd43428c25ec9c3aa4582239355ce835c1 |
| SHA256 | 780b6a476cb9fefe2795815defa2f5149a27b4f13f67c0c7f710fddabddab644 |
| SHA512 | 410cdad733b90c0c4bcee909c03197ddfd917b578f0d20fb3c3b2374d769c888c2ec0b975fa8d88c39b39b8e50173d859a631f17e5e076abf94ee324f8288e55 |
C:\Users\Admin\AppData\Local\Temp\IAMY.exe
| MD5 | ca03d9d0fbff4fda1392b39d5a658208 |
| SHA1 | a95023c3fc7b8ba9eccbbe4a60ac91a3f59ad16f |
| SHA256 | 84b3138802933951877c10852e1d19b84e85d1133d1d4accb8c143e6fdd19524 |
| SHA512 | fb203d4b3e9f18ec8d6ddddc59e0f35d78d6238025e06cf5827921557aabafbfe109b006b8b8a9a504fd7b3ff39d3938f206a0e0039787ab16577555b2b0695f |
memory/3416-1418-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cMAG.exe
| MD5 | 63593ffa62294130ea190b17fc980215 |
| SHA1 | 7746ab1f503fd9efa5bfa86553dd9cfde7dbd0bc |
| SHA256 | c19f4248a7335002dd5174e1b09a6299d1ad194075acd6ff97ce8710fc56d171 |
| SHA512 | 7f1df37f6c9d4b9db031395760ff2995b1bfed0ad64b6ca6e2f29bdaf0b635260dd57e3901a0ea1aa1141afac833d788375b4668b12cd6d86f0226d661b1e1d7 |
C:\Users\Admin\AppData\Local\Temp\ocEk.exe
| MD5 | 26c3c2043254ba32fe40036e4a62c0d0 |
| SHA1 | 5253ae717f495f91f87b74dd71c26d9e3ca704c8 |
| SHA256 | b7e0421a51fad2026139f8f0c8fba2a4f2bbfdfff8b93ed1de5601f7cb54854e |
| SHA512 | 1df6bb60e18473c4a569a99169d3e623b0a2a9fb1f7ddfe511e1ed0cf5f066f51581a9420b6f8f6920d92140c5f20bc343b0764093cb16ed4580b3f8e41bc74d |
C:\Users\Admin\AppData\Local\Temp\mMEs.exe
| MD5 | 1bd6e2582f2a67081c2815add8ee2c0d |
| SHA1 | de302600badf56c8bad6db60860189c90d8366c4 |
| SHA256 | 0749ed79719e993c993d02ce7d2b07beef218c6f47a8382c9a029e2f9c9e456d |
| SHA512 | d58a260c1a82c20275d9ac1d417da4c219044a5d2e8f702c4b16fdf901dfde4703df0c6cac3b23621fb732bf2ceb0aa9e714b6801e64e09188a71c864cf39112 |
C:\Users\Admin\AppData\Local\Temp\YQUq.exe
| MD5 | 23fa40135b0506c0b6a3596414092825 |
| SHA1 | 1b2c92ee41d836cbfdd4762c6f15abbe1d36c91a |
| SHA256 | 299b7b442a98b9a1a72554c81dade6412b73cd8190cd12750a190d529d6021e3 |
| SHA512 | 4f27f2f08d5833952a695caec2a08960a1cce75f522596ce4ea644e0aab2171473e998d8f56e9564096a03df62bd67a4769da67d4ea67e52504cd7a211d2f484 |
C:\Users\Admin\AppData\Local\Temp\qMEm.exe
| MD5 | 9180d672118bbd8a651cb5f7d6a77e71 |
| SHA1 | 2aac83d7cdd4160e3489c42d305a598f959536a6 |
| SHA256 | a91f1291ca260a068e669f810a8316bd420d3dd6fd7c0877a864cda42157cabe |
| SHA512 | a77cf7494a3514bdcc8580015aedb283da4709e9042d45ded26a2a516a3643a3fa8005d9aa900edffc857d670f292d022dc1e21eb9e4fff6b69b36c3e8b4d11c |
memory/3592-1486-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Kkwu.exe
| MD5 | e3d8acfeeef991499ee94c2e04cb35f5 |
| SHA1 | 8178a6936509542af19054e95e0a5a1e0289f13c |
| SHA256 | 70776f7c7d5cff210f96c2eff8aa45658442a7185b6385bca04006220b8ed942 |
| SHA512 | 6b5722550763c0fb0dcfb5e67d4e75e8c13a3c77d53eb4cbf3bb1eb0429f3a7896e00a21e524125410fef7fac319e7b83499d2f6e9dead823dd9d3d38b016cd6 |
C:\Users\Admin\AppData\Local\Temp\IcIc.exe
| MD5 | 559df107a0c79ea90efec595a45596c0 |
| SHA1 | 195a7d68071bdfc926741bd1315378e00386cc3b |
| SHA256 | d943f7a97e4d3b27fa53e5e4723c38aba78d1bd3b5ec3d85556f91e1bb5639d6 |
| SHA512 | fd1be253954b84a3d951946251e374406cb761924c744c9bb451be6067d957f03557a03f8ae5b22e0913f4dc1046a53d89c2b956ee4e624dc921957fb6ae160a |
C:\Users\Admin\AppData\Local\Temp\Gcse.exe
| MD5 | 149a445ae22a71a19319f32ef62bf603 |
| SHA1 | 2742fea84ed637775e68b09807b4dfa30577d1cd |
| SHA256 | 8598be39e5b9b2c595f2b1de63dbfd125c29f8023b4fac7234f1c06561e66509 |
| SHA512 | ff3f35a911a32e773a4d16db8f28fbd445033438b8b4f799ff507cc18d03d52162f38ac07d5f7491fa6acb93f02c14a37809b959315df935d2b718a5538fe309 |
memory/744-1546-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MQIW.exe
| MD5 | a25333a2c29da03ddcc3219c5bfc6a2e |
| SHA1 | fe4f4563ba13ae2b81d2753e786cfb32f1a0fe01 |
| SHA256 | c0f1893f0e9025b9f6b5b8c8c4c7207934d746324579195b1ef99b85ee28078f |
| SHA512 | 7f6af8f478771d309048eb56726c3ee49d64e3388cf353eebc4ef077608dff11dbe05d30f73cd1fbded9872ea3fcd1446c0be46b0e2d8d64fa20c4b1338b0aa6 |
memory/1684-1567-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UcIg.exe
| MD5 | 904b3a31f400e82742eb63dbe2b326ff |
| SHA1 | 4a1ef00bc59b59dce6096003efd8e57c8cba7c2e |
| SHA256 | 73f3985148bd5ed3b650f2f9baece06ef9339347d21dc62a42823be3341a9294 |
| SHA512 | accf46db9d570fdcb31912fa7e55e6c319e56dfa410f8e6eb0cbf1b2902a2b902ede2642c02c067dd1114430486573b773dc6bbee796d6b10ae08324b555cbd1 |
C:\Users\Admin\AppData\Local\Temp\koMk.exe
| MD5 | 4252e4f781d3be2a25236b979e73013c |
| SHA1 | 4a6753690966df22a2d97d40ff15b8f5c9b64238 |
| SHA256 | ed01b4b56b8b7b33629d76d7be0f983102ce6841b0b610cd24434e5aa2ba0840 |
| SHA512 | 342a52a771b25dd9499738525211c68d356e95c38a5e0770069c7bf0de1780686432fab63c95d09ba29e26ceb0e2087e54144197b100c66a0d51d5667a6ad257 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.exe
| MD5 | 4e9b1850c85bd30f80b12c5d61feac78 |
| SHA1 | 4a1bf2a3accfcb47be1fefaf8fcf10189a57534e |
| SHA256 | 5bfc9d0d18afc7321629636badaa2d9c925b232a63a0aa05669aed3325783ba9 |
| SHA512 | 7eaa6fba97fb261e78cf3b24a9dd9d2849c2e7eade3f9a9fffc45bcf3dff29121d7866f0ef6fbc9dc8f490837740fcf281c630550d585b6d8c5ce030dccb5031 |
C:\Users\Admin\AppData\Local\Temp\SwIa.exe
| MD5 | 011931e70ee327cdab48b70f4529bb8a |
| SHA1 | ad283f8a381e0d2237ea7936dd203272fac7ba79 |
| SHA256 | 67a20662415d17bfe5f4cfb8e8519265759a19fa2af149c1c84328afa766257d |
| SHA512 | 57c1a843d324325639d0e377b74cbff455ce059d87c972ec8b685714b9e80782a47fb4bf8c30924af78c01f3a890cae7cfd39dd504f6e58fcdbb157983d86339 |
memory/1684-1625-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SQsm.exe
| MD5 | de7dcb71d6f591608d4ea761ca38fde6 |
| SHA1 | 6b1ec0d1621c5777d7bb7c23a7120b41235d4147 |
| SHA256 | c02f56ff12f6af75de3e2ead4bde88e6f9e19945c47b6adba9f80a82fdac5171 |
| SHA512 | 094bce208356f3194eeb7edb0c051e23646bb0331d06404e5b5fd090480de6fda72009ca910d7603599bc3b6ba7389191fe574640c922cfe83b4f64af4b6a714 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png.exe
| MD5 | 82f52456b6258b745054aede728fcf9e |
| SHA1 | 5471abc18ee2b5ccbc20639dd7e83b9eebac4cf8 |
| SHA256 | 28c89dc99396dbc188cbd62d434ce57c4fb058f009492101759edbca86e1827e |
| SHA512 | 09e6cf522192e5671c074b0c6f2badb878722862850abf4d46244bace57f8036157535674d55647eefe7689df4d216fc58d3bec3c66f57e7b2a430f1c13b2ac2 |
C:\Users\Admin\AppData\Local\Temp\iIAq.exe
| MD5 | 84f7edcbc7a545f08d48fa1fdc3887be |
| SHA1 | 82c02cf0c814f4019f70b08c154e41d14dd3f363 |
| SHA256 | 60809330a6eb28ffe270f710577a20a515ef3fdcba65f72913c3f8f1ae70082f |
| SHA512 | 93dcd0da796500d79c52f13c9c66bfff234d84f1fa36a9b380e4fefda79437064d911e3f167ec8298c7dc833c9fd978f1e6f80b2d1efb9e1b69f418bbd2a79f9 |
C:\Users\Admin\AppData\Local\Temp\WAwo.exe
| MD5 | 00015583fa835cc9bb633b1bcc872abb |
| SHA1 | 1fa131425f46d62cb9b5a6b27f4324d262a96a68 |
| SHA256 | 96d24cb847fd3afbf87e28a26a851f19e4b8c0224ed4eb097402259545dc3be6 |
| SHA512 | 8d37c38b3a3bc81c0953b1a744fae68cc6d53f2347adbc9f6fc30088e13e00adcd1895a6cd5988f949292218591d4835b6908df27c33abad7150b2b7369e537b |
memory/4312-1689-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kowU.exe
| MD5 | 00b376be3aa13f124dfb4afc0c11557c |
| SHA1 | 4327c076c1178cf4237cb0e925437805848a6f70 |
| SHA256 | e18ace09ef02a641bbcf5b483cc9677aeac41b296d5a8960193793c4f3fdb0c7 |
| SHA512 | 578c36529d4d1bbcdc966ba5857f46533e2ca92dd71d8b5cfc599d4246fb6699c38a6aabae59dc8ef01523cba06994647637ebc9cb4a6aef1f6eaa77c34bec65 |
C:\Users\Admin\AppData\Local\Temp\YYQq.exe
| MD5 | ddb10141aaeda44d307c8a3c2f9f544d |
| SHA1 | 2d346b8a2025e3e98570355f309eb111f515c4cd |
| SHA256 | b9dfe908643d8f09ba1a1f3eef4d7580d43233a3aa677a1868b634fd7e8a5842 |
| SHA512 | 28510574d9cfbd200f691032712d64ce05d2c942f10d7bd9b3697006b31b4d306d07efe7d928dcc77eb451ff9dc6db9e46dcc957c1b1c697fd58585d7e3ea4b9 |
C:\Users\Admin\AppData\Local\Temp\mYYw.exe
| MD5 | afac55184286b559632118960a0e0448 |
| SHA1 | 2242c01550eaa0f304f30e3fe46f86756230361d |
| SHA256 | 10ddee0c0273bf24c472aedcd8bfc2fed747aab158f9d32d0e07f19577296e1e |
| SHA512 | 404c7c09ace3212d3e922a062a113211ae692e8ebe9aebc36b55af9609113edad540e5c44e14aafb1152600d3878613db1639e1c1e45fc6235d59b18fb61b10f |
C:\Users\Admin\AppData\Local\Temp\CUcG.exe
| MD5 | 584bbc69ebf93eb886c926e81ceae562 |
| SHA1 | db496da0d7b0b6aead38cf0f87d7e4a2956f816d |
| SHA256 | 9dcce1b5bb88d6c090e54fb180560f2747e5bcdb1800b2bedcba41bc9d9c78f1 |
| SHA512 | af5d7c676cafc53b01c4d8b3a3d03e6db6a05f0f3aa7e48ccf47bef8a6e62fee1ba0b6a76cd38b4f0fd767bd8785f8591ee49b280ed513387887a420b376a592 |
memory/2032-1752-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMwe.exe
| MD5 | 7871b41bb14988bf4694afb27751c254 |
| SHA1 | 3b9492d0606f3787ef69a02fbac5048c7c38086f |
| SHA256 | afccc69b2639e290168fa7022e3d892e2dd01dc94d7329f02461551403b23357 |
| SHA512 | 0301b677822ac1606e4b6a2380b0a3a8e816b30b8d887c73299dca5bb0bdb003da5a68fbac2f89e8319b38dcfbd78a205288ec8efa0cfbe7ffb1329973987848 |
C:\Users\Admin\AppData\Local\Temp\UoIq.exe
| MD5 | 81a30bd674780ca1d922246cc7147c2c |
| SHA1 | 4e082ead9b91a551f8fd7a5697d6fdf3c5d673a3 |
| SHA256 | f8879eb718a177c2171a243365447a03f5fca104841131bd660f87a643ed818e |
| SHA512 | 6a9be63140a4fe653cf1dc0443665be69b5b5c4e75197955202e070e6fde1cc113281f6e66ccb23f709048aafc875b4b8cde4c0e447107ca4426d663005bf13c |
C:\Users\Admin\AppData\Local\Temp\uwAs.exe
| MD5 | 9b4af750d99330c9e6576a153afdad41 |
| SHA1 | 19f31093c7779c0ce6460925dd6372773bfc01ee |
| SHA256 | 112f287cd2fc4ed5f009ba1fb5d6488e1d86785a762e37e9ada8cebd49f6bcfd |
| SHA512 | aa48acaf78beea7cfb3194e5fede7b6765f861a19b1814538fdccb727a004cc412c9ae5b55fde557ad9a68c6e8e7447611c45a5e5e6228a9ec8e9b9cb7ebb96c |
C:\Users\Admin\AppData\Local\Temp\sMkw.exe
| MD5 | 6900764fe215a66fa83c8b1d3a71be17 |
| SHA1 | eef93c35b445f56cda7193d806a27db097e65bc5 |
| SHA256 | 9f86f02e1f195518f6712595f7c47d8f18d809b80413bdbae440ab3f0b1f2fa1 |
| SHA512 | df06dae8ab1cd8f9a3f185905e7deb18ae710804133ad7fed7c880054253d180212a4da5b36ea6c8c131256050f41f3c12af1254616c3d3f57d76b2a37847b7b |
C:\Users\Admin\AppData\Local\Temp\CUwm.exe
| MD5 | 5dc6f64480791f8e48577861eaeb9589 |
| SHA1 | e6d73f11e6b0f8d9f0164bb06e075a2c92c5277d |
| SHA256 | bc244b3bfb1fc5dd450f8bb1ce4f37922bad2d699694d9ba1788450650a8ea53 |
| SHA512 | cdf411a3b6add2cb0de16cb6c8956cce1801f86a2c356f0f958b1a4fa89f596944b15be3f6f550b4aa1da2f552596abb9b36b3268d3627c8ed5e9a519e0e677c |
C:\Users\Admin\AppData\Local\Temp\YYcu.exe
| MD5 | 5f188ac4f2efc6b393d4100ab78bc8be |
| SHA1 | 243fd61d3ea548bbfbc1a2f70abf3304a0978dc4 |
| SHA256 | 2b88cf17c5ccc1c38e6ebb2906f1a118a9810d0fac4465cfec6eda6341177da6 |
| SHA512 | 2b74c56e725db57040a25a23f48e20624b9565c0baa44d2252a32d5ee211dd7967285dda19720dc0ac4018865f929a3df3fa6336592a9f0354e92b31bda44d21 |
C:\Users\Admin\AppData\Local\Temp\agEk.exe
| MD5 | 31791e9d6ec9e0e5c64ef10cc8d9032a |
| SHA1 | 8b9e7dc9ae5029c339be6b4a3ed97350472302b5 |
| SHA256 | 3f279534db5f9bdc8f51632a71f89e9731866d9c0e152ea671c74742c1573c12 |
| SHA512 | 1a4ecc6b47e5389159a2812fb31f176c6db855dd851e16015d371d194b0910b2503e168e2bc6b59caca1747383d2d52e16b109cedba4d8e025a771fdae527291 |
C:\Users\Admin\AppData\Local\Temp\GwAg.exe
| MD5 | 43f86d6830698794e2fe1a588195cde3 |
| SHA1 | 55d2be95092dbd55851418efa5ecd08fbda5bbd5 |
| SHA256 | 3e3a64026a1dd24fa5452631ebcab8d9e9f6d629094c059ef10be0150e3f9a4b |
| SHA512 | 2faf4be80da7b1465b5283d51111b25594e566be5e3fbef87c93fc37de2babfff04f40a3d7840efa62641342811935c857c89376c96cd19f33e3cb9b2a8f947e |
C:\Users\Admin\AppData\Local\Temp\MQkI.exe
| MD5 | a445c1088db3bbd631489d93d68f5cd3 |
| SHA1 | 513440f3d80b0c7000375825faffef2b10b7f195 |
| SHA256 | 049389f92a7c7fde7b79c3468435c4a3cfaa84fcebf74e72384c7cb50ecd24e8 |
| SHA512 | 7b2b4daf79b294dcf4262f3c34fd94c3d706a93f9a5d5ff7fcbc020d884c8696809b9867b29cd3b53884d5e7c5952a7e847a939d8f0eff55760b2632f2d1e14e |
C:\Users\Admin\AppData\Local\Temp\UoYu.exe
| MD5 | b10b300e72adb9e5641ed391d911226a |
| SHA1 | 5cbd7b25f2e0064374e4c0e16d439009b348d9c3 |
| SHA256 | 140693d8bdfeb3ca156f487648eb9e0a03631241015ae55faa11cf1a9b715bff |
| SHA512 | dfba4c6832b06e40e0fafd449111837bd5f76397f80554213d3ed2e0ef7cff548b0dc8b384a7018afc8255bf58008b7b97234975aac315ade8edef26eac7d067 |
C:\Users\Admin\AppData\Local\Temp\IYgE.exe
| MD5 | fd9af07ee24df0f9535911e630b52e6b |
| SHA1 | 318b0d5f8f23edd51c01c4bb2f2e97ba9bd7d87e |
| SHA256 | 649197f60c09ac7793a499d5d95b0bcceef8893e547628fdabdb57a8afef6866 |
| SHA512 | 4eca834cf19d10103bf2ad6e7e92c0fc7b8d9d79cfbd3c59d48eb614cbe6153e25b841a7e1660f25182fd2341cafc40bbd7e9fe341a0bb89e5f017b152855c7d |
C:\Users\Admin\AppData\Local\Temp\scAu.exe
| MD5 | dbd2374e1be69a0685be789fd287808d |
| SHA1 | 2f1b9873735bbc8b35de7de8acafe669561f89af |
| SHA256 | bdaa8db785cd9f10461a7c8c3d10cef279545dc0de08fbeaa44a0ee7bacec4dc |
| SHA512 | 603d598000a9d4a883bdc683f6e4650dc55be33803ced5c21439ca22ddd794d67464090638d340e098ad01d2e9818f0e3b5025a95cbbbc51f3c2eeff334788f1 |
C:\Users\Admin\AppData\Local\Temp\uwEe.exe
| MD5 | 4a970149ab9ea0385342331c56bb6f4a |
| SHA1 | 597b75260d2b7a5ef220a2faac448ebd6273e5ab |
| SHA256 | 8bcd109700f1206d96dba62936ef554b54bacefe1250bb066335241a09f62b61 |
| SHA512 | 990ad36460e78cf4023fa670c6fa4afb6944db106edfacfd1d29288ae416efff33fd8ef9dc3b26bf0af5fb4876a444e6561101fcf65d890be242e4acd04eddc5 |
C:\Users\Admin\AppData\Local\Temp\gIQs.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\Downloads\HideAssert.bmp.exe
| MD5 | d146ece2b43d2902490082a32c9764e4 |
| SHA1 | c35ba4463001db38b3019322ab84093271af7986 |
| SHA256 | e5396c739887482c1b908a115bee9dfef547a159ad108b3350376482f0971461 |
| SHA512 | 306cc5364189a3bfc70cffe9025ec231048c9ddf7bd9a94aacc7d7098d3a20ee7b129a11a5d988c11cc0796666a83cf1b1d8b7fcbd9d5bad416f54c63a3c5da8 |
C:\Users\Admin\AppData\Local\Temp\AgcQ.exe
| MD5 | fbd0c687f15d93adc5cd58205f51c557 |
| SHA1 | 3ed683e3c6dd514c6596a64ca295281dd53d72ef |
| SHA256 | fbc0e7fff1cbd7a11d48f6a7b57c54f7b7636637deaf383802b9a37d3e29e5c1 |
| SHA512 | 4fcf77933d0bf83669b86cdf07887b633475519143cd1706cf2e50e7965d25aa9425c377208aaf535850842bdd2d16121a48499e7db2acf24937aa551a77b5ef |
C:\Users\Admin\AppData\Local\Temp\isck.exe
| MD5 | 408d30eea29cfd58058185ab86a6f24d |
| SHA1 | a0b86644b3c2c0dc4cbfb964ef69870a44526055 |
| SHA256 | 9c213e69a509e5d32a89ab8f3e53f7cc0fa6af58cf6f81cf44c396e0ffba315b |
| SHA512 | eeef236fc0df6da40be3acac40a16e3a5f3082733258fe186d8cb6134216e3d3939c62e65c16165e26b6efc4c24675600fa7446bb6326fa7e5fdc2b9fa4e518d |
C:\Users\Admin\AppData\Local\Temp\AkMY.exe
| MD5 | 176a2392d2e09ec4e149099c4bfe49ab |
| SHA1 | 8df7677ca6575de6c5bd962f85e20e25eb7936b0 |
| SHA256 | 023e1da8a75fbf8908aec9788d8d5eae013c3e1f561ac01af2036430ac41cc3a |
| SHA512 | ff4e473ef8ac0c24c6abffcdb5ae197ea69f0c17943fcae8f308036ee4efa09c6592e75e8154ccecc88da221955b8f8d6a894a3e16e7f01da7d118a189cf2451 |
C:\Users\Admin\AppData\Local\Temp\YAcE.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\UckK.exe
| MD5 | 9dd3c43a6a2f445965e325ac5f139617 |
| SHA1 | eb9924dacae4089a4f639eeb3e2c4e93dd188139 |
| SHA256 | fd9345cbbb3057adb550486d25fb110153ff65cacd36907c1caf4cfce8c79048 |
| SHA512 | 2a78ff841373d473886f9ffe9ea8aebe063dacdf9c6ddd987b1dc0f2fd7b4e36ea84d4e4d476f0457add249a97e123ae4a18c5e02862721e25acdd9728372e90 |
C:\Users\Admin\AppData\Local\Temp\MMcc.exe
| MD5 | 61d6dffed47af92624d8a1af9c4a83f6 |
| SHA1 | e4ab98ca89a109176f10cd34c6a41af3296cfa67 |
| SHA256 | 1bd3e0cf85be7029ef5d25730ebcf65a4311568fd7bd13efd64764b934b629f4 |
| SHA512 | 91d3f292db8af3d432f84d54aacc2beb5b9d76f67bc33dcccfcc117e88b1b035c92c0e3184319906c390d4cae4ac1f9a9f77241112b2d24b6a2900cc2a709123 |
C:\Users\Admin\AppData\Local\Temp\yAok.exe
| MD5 | 2477ce0ab034c7a6d37586c29720b4af |
| SHA1 | 55aa1e4c2c944aef3a388ea4533902f6ae84e03f |
| SHA256 | d01fa8ce1fe462cf256f8e9ad73288b952e68bbca450605e1657748f3454110c |
| SHA512 | b9a8baa85abf2d24d66f310b753c593d34b4b3f501ec6860e493511c64dac3f9720a7617c4469511f84beec6de378cb604037a8430bf6b7689494383272a3acc |
C:\Users\Admin\AppData\Local\Temp\YUgW.exe
| MD5 | cd3edabe099ebe92aaeb56a95fb200ee |
| SHA1 | 850659cf77b1d2f7fe07b6b5dfcb25de1062cce9 |
| SHA256 | d8bd8289c7d43b69a4aca3f9d7408ee407e642d72b00642dd363e70bcd5083f6 |
| SHA512 | e38a3d9278f196bbc7359be2ac228c4e9f9e6672d787f770157013a7c317010025c1b9490da941719868159f9b2925e581fd52e364abfb84ba21d2a270e29d6f |
C:\Users\Admin\AppData\Local\Temp\sUUg.exe
| MD5 | a0797ea0d16e7794ecc7b412df780a3a |
| SHA1 | a65d2832dd9f863c163e92119c76e5d57af31e5b |
| SHA256 | 2cf2c65867a80f198c42c6c4db4f2c8e7c2ec865c59fd2e124492437494b4df7 |
| SHA512 | 58225f1e7eedc4869ce17a4b7057cb89f151e4159457b1c36628262e27691c8e439ee9eddcfedf016350c55037c34fad3b4390b65392c62980fef92a7f6939fc |
C:\Users\Admin\AppData\Local\Temp\kkEy.exe
| MD5 | 2b17d85047b5fa56ffff96c9a46d4498 |
| SHA1 | af21392213a09eb9a343a53c76d97779f1362d92 |
| SHA256 | 49cc7f3dcc6b3db374603799741e2f69c6aed21678bf6578255a4f1946cf183f |
| SHA512 | 9157b9e5c9dfb936b71075a44e4c981a6e560b1d6368ab01e4e1271f40a52c77b11cb1eb3971d78c458f46168deed3c77126ba7ba91d07d74df07f7521b2cc22 |
C:\Users\Admin\AppData\Local\Temp\ocMs.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\Pictures\ResumeApprove.bmp.exe
| MD5 | bf5f6489e8712c39347d76789ab830c1 |
| SHA1 | dc3b3f3c65774aed662b3d2d56c5e0d445306285 |
| SHA256 | 6ee9275495ebcad6426112d7c400a106fb7bf4c61a92752a301d722878874a3e |
| SHA512 | 62d86b1414fff0b02ec572df7b5567ffe8106c23e52c1f5aef10121943be7e01595a3edd193d0d6d580658e91f949b28a372dabd07902d6d24fbe4e40aecf480 |
C:\Users\Admin\AppData\Local\Temp\wksI.exe
| MD5 | e87a711546462e0123e5f653be469f18 |
| SHA1 | ed2d866949a6d9335d9062b2e7f2897cee3767f7 |
| SHA256 | 0dd3f93484508fa39cfb446b69603bc1fce9eae88d3d1db52a0cea01f5b4f0a5 |
| SHA512 | 18b426bf176f01065e13263847c664269092f57e0eb185898e595635ad4cca7973e37081a7dd4ecbc27bead2ace97be64014858689175e55a12813d7658792a5 |
C:\Users\Admin\AppData\Local\Temp\eUwE.exe
| MD5 | 07cc5cdcf89057cd38bf11a425037358 |
| SHA1 | b4bbbe435fb10379c6aa1c72d92838ed02c63335 |
| SHA256 | 8ebbab6e5bd35b456c48794990cc60f1c675dca63630a968b6757ff1a2545846 |
| SHA512 | 4d8435d0f305e5507ddc788cf3f22627dc0ae4e94d5dfb9dbf153a2ae3c4579ed011806355abb9cbb3642bd7176c455d021121fa39a45a5f6b8f3ea8de69f9e0 |
C:\Users\Admin\AppData\Local\Temp\OoAa.exe
| MD5 | 3bb4ec3cb5daea12c816abfa340792d5 |
| SHA1 | 0eaa05cd1709cbf935dd8e5e8aabc1f0ee5db20e |
| SHA256 | 003153f13d9f0d8b9b3578488234f0d8f9cb1e3f08650c1b697f9ff8dde9eadb |
| SHA512 | 896d8cca1feda63c2738007a44ba79eb62736c8b5bb48c495f98a3e9310aabb825a8c5139359455753d2bd109f3a27e283730d2326a20a9eac4c435d89966fae |
C:\Users\Admin\AppData\Local\Temp\QsoY.exe
| MD5 | 781afd80ace0a86f3e415fd31f3e22db |
| SHA1 | 915f9fef84fb2c85a776f51a8e624a471e95e0ce |
| SHA256 | 57e9cef1cd9978a95997bf9781683027748df23a1f60aff77f6e12ac4afe0636 |
| SHA512 | 1bed39928647c1f1852ded7841feb2bad80908619b3c3fedf97496a26287e9dc608ac9270b73c335433c1d7887df49631f4b1d1ec5cb50ecd97fcd69f3b6f83f |
C:\Users\Admin\AppData\Local\Temp\mMwK.exe
| MD5 | ec75e3d4faaab7c4cbe0829ff04d9a16 |
| SHA1 | 35396d5fb66f5e45fb66b695bd139ca7a476746b |
| SHA256 | 073cdfc9c7d271685b6183a512d36501f3c60e92ca28bd9052bf15157d03b920 |
| SHA512 | 3c0c759a4e1d9d7e5aaeb1a0f55cb1eb1f0b7fe8a96a32f817d811961204062dacfa11f8068b18ae9f64de39dca7aef71fcb5ddb2f923e414ae44183f965e511 |
C:\Users\Admin\AppData\Local\Temp\EoUs.exe
| MD5 | 131bdbb6db63d8b2e69b02316dab3731 |
| SHA1 | c8d8f6f022255ff0c6b0e5c1197b6aae8a5521ce |
| SHA256 | 567e6a80383423a1a757aa9ed82c2bbd98d55d16ad8d21e9884a9238c291ce12 |
| SHA512 | 6e87c27a0e6804f703040971bd1ada00136822952273e82417ebcae828e0fa5c581192052f75b428a2aa9541bb83fe4ffa189a17e9094631dcb11c96ec2db5b0 |
C:\Users\Admin\AppData\Local\Temp\ukcG.exe
| MD5 | 207651a87e68f1fcb948cf0833c03e50 |
| SHA1 | 271269666def09c01a68dfd6a20cb030df73f822 |
| SHA256 | 774bbe73c4f7c168f8e9dca2b611a5c9b7690d82be7b0b9ee87fa6e1761b19f1 |
| SHA512 | 0e3f0a784747855a7d2b449b150cfd96efac6638d49d0ef483e6df5d0d064fb1eb1d8a6faf6f9992b1b2dfb46a9b344c3a70cf8dc3d60ec7da69cfc8a2d9e5b5 |
C:\Users\Admin\AppData\Local\Temp\SoIO.exe
| MD5 | 19d8f3b484bafa96fe7298ab3c908d52 |
| SHA1 | 812ef07205eb0e02549cd337b6987641c21f3b85 |
| SHA256 | 39d8be5f796afde6ec83d00f80d664bf0704fbd08c1f9a6035fcf97dfca86781 |
| SHA512 | 46a755050251201f3a3f6bedd8d13fb8849d2f8b9537e48296b47c916914eaaf1fa646f26b205340fcde1665532ee4530f8ee631baa16f17bfea4a46d5e51bc1 |