Analysis Overview
SHA256
c73a86117863dd382b1bf3b47cc95d79b111fadff9665e82193d265b5437a6d7
Threat Level: Known bad
The file 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (78) files with added filename extension
Executes dropped EXE
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry key
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 10:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 10:36
Reported
2024-04-03 10:39
Platform
win7-20240221-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation | C:\ProgramData\vYAUsUsg\XgkwYogg.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\zgkYwIgs\ZkccIYgY.exe | N/A |
| N/A | N/A | C:\ProgramData\vYAUsUsg\XgkwYogg.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZkccIYgY.exe = "C:\\Users\\Admin\\zgkYwIgs\\ZkccIYgY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\XgkwYogg.exe = "C:\\ProgramData\\vYAUsUsg\\XgkwYogg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZkccIYgY.exe = "C:\\Users\\Admin\\zgkYwIgs\\ZkccIYgY.exe" | C:\Users\Admin\zgkYwIgs\ZkccIYgY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\XgkwYogg.exe = "C:\\ProgramData\\vYAUsUsg\\XgkwYogg.exe" | C:\ProgramData\vYAUsUsg\XgkwYogg.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\vYAUsUsg\XgkwYogg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe"
C:\Users\Admin\zgkYwIgs\ZkccIYgY.exe
"C:\Users\Admin\zgkYwIgs\ZkccIYgY.exe"
C:\ProgramData\vYAUsUsg\XgkwYogg.exe
"C:\ProgramData\vYAUsUsg\XgkwYogg.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zUsMIcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AwMYgsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BiIQQgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IUkUwIwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XGoMMEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PiQUYEIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HWYYsIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QYQwQMso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jOkogEgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\besUQcgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGokgwAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmEwMkIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QawcMgco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1164015407-83263679814248953931652111062-7485447151450733996-104359558-171568185"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcAQokAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NWMYckAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14712578220019959985407645-2031997773-1811758945-1796608953733381374-706557059"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vkUkgYoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yKQIQAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jEYsgsQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TQwQgYYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jMwgYYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zKEcgYsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FuIYAQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14481486461803314791-1583567641788117715-260367756-2096661927-11197524711634166926"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CioIMEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XksIoIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xqcAwgkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\seYcoscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1667194495241903806-1703085092-226220267183167298742901098-8446069961369211242"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\paokUQYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-294336569-56485929112052284771219790565-1992889209787577594582999813195472259"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SWwMMsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-986492658542551088-995406744-15436005356287696413290746321055388164-371250181"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aEEAAkMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JeYwYwYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "192157485415476453961523702842-814651430-492284824105320493-329212591499242762"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zOsocooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "437328829-346739045-170533794725874460302234707-1432080156-1252656834933258607"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wwQEAMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCgMEYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1756134745682108046-1369058282-380071299-120613023-921699843228396908-473403000"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10438353141055151607-1975910037993288847-837297004-989614011621309291-661682198"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LaYogEkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2409688311821248654885891739-16776984411847556981818677657-529255140-1137785149"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qSMwIEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1269599140639551947-10947868201643827967-712160434-1312644075-1501866526-368750026"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RakEggMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "47836698121144766301158834529161960117818484124451900181610685432434-1635245111"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iUAccEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AuAIUAIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1099458973952047348-1417971374-136298260247623347183867981914216764661659402158"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CwYoMAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2126061442-1158333009-310419201582671473679731270-1563449797-1547195096-1299707348"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUsQcEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VUYIcYso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12114742601012432991520795531-1349868762-3026119102540283312044106380-538983276"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "377853671287221726-1329793932-6428716-65398629216139519158392804221340031404"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCUwEMAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1659644443-633648525149101253017654015401836144671-987420475-84437219715613771"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "402992478-374480161732842788-149873540-1064841798-1567503241-1150990199-252581324"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmIIscMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1351193727-1162998725-1776739932-1250914315-792742550-1873675965729685575682535061"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGMEsUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-774028357-37535231533884886815391834668053841101743247384-10687971991353207335"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-138510971015518669402061918131166606782013796491551396917974701087670-1020190868"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGkMEwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1037229859-408294397-757431462-1154012658-1183263465191308276317316354371272161849"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-637324326-2087875329-733956998431072019-2049235541401126572-1678467626129671180"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bWgQooQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "856861826-16365323911278542263-1734885553-647948265-1297222157-17024947411642833785"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VmQwwAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cYEYcwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1591829306-601915761-1356024425-325897696-375692410-1419926204-38886079-343762697"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QgIEUEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1371155218-205888484-1096653318-1546400701444902664-1689829076-810586128-51073642"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "555524174568423864-197066105-93076903311144870353381255833445072601429073027"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-202767118-15365210731534090759-1144347052-16909987548188368518255852521836425965"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\foIsEQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1628855849411418330971984500140383300511311139942145936812-212980939048242874"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIYgwIoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13142737991021864292-1955893238-1113314120-17738488491343963997-1761438830-1424869345"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-195632221815124153601063200812-341502960-2154196851220908426715223352-499233757"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eskAMoEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XAEUcsYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2909331161537115197-335311665-19863913411131362918235607560237652938-1765144300"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2646447610385778461748936303168960624933538379-55775052419427451621383387928"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-337916926-5313065605526103422047404657721002513-23616339616028759611446880913"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\omoMIMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1166221626-1680653583-106444746254081568-187834117219368047492104496238-1912313009"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rQckUUMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2098979938-169485698-15824349381428390940-557207711706615326-20315588091724337213"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKUcAcwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-186325184176436981947122632557409526-1907729732-825869059-1321412208-1918472896"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-116607384169693197128054559412969901441892520359-12041986441556500523-1925981660"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vasUgUQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1005294918398874576-1682573215-1527240121058160136-684973648-1207437907-1042780600"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWMUMEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1769896651-1999269758115440694616834182551107925967-805679297-2035997482-1197210243"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12311489437711646471377680976-2141136790-32788387010894411642410747-1553767851"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2083687626886782263-12671775691664892161-13670370662047833341929741864-1477274442"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14811583541569975146157696543114329626661537897222694247102908063972-1400082323"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tUMEQAEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-958906213-17861491292131903242-4217565281209229690-384448847656277154-1515593682"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "159954301810137301683904091672251095667611952-12927874-242126311248567577"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1975986726-580427549-18242491151377096140-18493229611321391789587953215-1386037053"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9676760312057540048-1368190091107284721317338575461709735611-21333183111339961844"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hkoYsMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1580104818713313716018964211388255265564957209875727711-1475960502-1425242382"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1182316321645933454217792750-1536682691-1269826972-504693141313077513-826536550"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12393644361641162125-17844853141186803172-680778099-5007340101323411880-1947798682"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1130368567-76848638995471732-715794875728249481-631697437-883362587-1891024584"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-619101625-90816953-1239385564-101741356416327031518854809705248107901214603026"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KwQgkksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1274776359-435364261820983010-17875738082063738000-16425924331120091829660676089"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sakwIgYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17498297381406266990-1022259814-151149562-5142387571185328698-175314451395852263"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "108036815016330025257326691657347283131703595658-1029820546625468787-1183132114"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2037028725-2099419776-1738150401-344091676-1028880750-1164879721-581424381-75415899"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1782169071251741078-316351724-672119517-1518698313-1306163297387061529-1959237025"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yskAkIgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-197717118122453142-21107493011510159880-1922828213-861624107-124666923-897908148"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "873200383-9909679721668878131-1400950072-1294480568-201798103-1951186634280396145"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-151110896120827562667306249-171683075-1231556130-223201793-1352425846964443041"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-567395956-1454678860199606054878180062-6622972-882122705-14989124831452004121"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LskIwsMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1425445576-2091029414-1279419623-61544594-2077062941934778623-216862374-2074509223"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1226751479477111339-20941942171067888667-1126593595-682355303385886179-1008930106"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2687764242010002843-1604441774-349508139-715710183101377252511423949-1052134419"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3803147141476851112-156042308214486285521456066064-1572429312620881041156944132"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1159784125341015955-17062975881777972143-1642187568-1995535679314833182-875706267"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gwUgQskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "977143228-10111450971331177253473956649208844401615161231-3176953541855718840"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3923769342105677978-1127124316600538584-116651658818429008701956036371510513079"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 216.58.208.110:80 | google.com | tcp |
| NL | 216.58.208.110:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2220-0-0x0000000000400000-0x000000000041E000-memory.dmp
\Users\Admin\zgkYwIgs\ZkccIYgY.exe
| MD5 | 5a3fe52bf99c89237ae69916653f2006 |
| SHA1 | c61a12156ca50f1fe547fd903add0c6521ca61fa |
| SHA256 | c319d49cccfe5fe860ea5427bc05744ec1c1db8471eef64e1611259f7c64bd78 |
| SHA512 | e9292fc6fff56c70b65c37a92398aa04e3e28c8f42b9494b4f2dd576dd572a03247f15bd22cacb614e0a8a71b273d884d6a0ddde4cac5cb1896eb087f82715e6 |
memory/2220-4-0x0000000001BE0000-0x0000000001BFD000-memory.dmp
\ProgramData\vYAUsUsg\XgkwYogg.exe
| MD5 | 8efeff8541c90b9a3d66b91c72bb89f8 |
| SHA1 | 116fb3684065727c9809fa920e721466e4ae0a72 |
| SHA256 | 65a77370d3971185497cf3dc430516adeae0542465cc7c716d39f2db47c8d60d |
| SHA512 | da222da362dc60ec0dc70aeb89d412d078b81391ee3663047a1b02d9b3bc057f947aa031d29e425a5196aac700f90323be8598c132d432384fe06c649a23e1ba |
C:\Users\Admin\AppData\Local\Temp\kswQQAMQ.bat
| MD5 | f2534066f47beaa345d05055dab0506e |
| SHA1 | 3359bffafff5c4a82e57e1ec63d8e57693cf998e |
| SHA256 | 6a2a48b29787c0830340b48b3772d0daad534c0817c4342086b85b4cfceae9a1 |
| SHA512 | 99c67e9f293547e5e5d968cf8f70b6fc1a6683242c679db0b109e0a91e174e6d8398fa40dee97addb857a6f528b11d885ac60b6f7d2c81b9b7663bfe846c48b9 |
memory/2220-21-0x0000000001BE0000-0x0000000001BFC000-memory.dmp
memory/2220-19-0x0000000001BE0000-0x0000000001BFC000-memory.dmp
memory/2832-30-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2628-33-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2628-32-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2860-34-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2220-42-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zUsMIcsI.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
| MD5 | d36af1ec9b66bb61a728702fd39ea0a4 |
| SHA1 | a0483b7947de6daec4a69864328662b3d70aab86 |
| SHA256 | f590cbc7c830731b68b55ca1b1ea11818b5afa3566537440a17017296578dae9 |
| SHA512 | 3047a98c784e0d60dcf46635350e983687156fb5168f713dfde0bda9034419cc1a547999c7f8113d9fb3bd672167f06349aef418c3f554617ea7565eb40095f7 |
C:\Users\Admin\AppData\Local\Temp\EQYgMAIc.bat
| MD5 | 42244f8a3e550a915e8984237e85cc8e |
| SHA1 | 850885044356071a631a4cc80fa225ba08c7208a |
| SHA256 | 4584ff4be72d1e39d4535e7e84e86052f2fdc378cb539c9364c5c242aab4b8be |
| SHA512 | 5f3eb50fca0f19d3de94ab500db413398d1d5856c30264ab4b6857b1af780108e084cda0cee68873447dcb220df988c3fce074997b7df054066c34c211de74f5 |
memory/2920-55-0x0000000000120000-0x000000000013E000-memory.dmp
memory/924-65-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2860-64-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\OmgUsAMs.bat
| MD5 | 6c558004776d9020d730d02e7ba9737d |
| SHA1 | 1c412a6a3f35d859009ff643f45684aab427bbd9 |
| SHA256 | 112e41c6189f6055059ce0ec7562a662682d51f11e1afae595a6b33be38be8b1 |
| SHA512 | ec16e6850a316526137ea529eb0e64c71906b4603f3da5e8ed6f2761f6417b1502edcc18a5b73836657ad9a0ba517071e2c1fb489c06be6422c04fe0be2ae9fc |
memory/2024-76-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1412-77-0x0000000000400000-0x000000000041E000-memory.dmp
memory/924-86-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cIcIMYUc.bat
| MD5 | cc0a7691504dc08dad871cfb79d78f18 |
| SHA1 | 9a1c443eb7a427a7372d260569b35b8cfcae01ed |
| SHA256 | 0a1c698bd3cf380c4bca77fe6603433764a990855c2274129c26df880716623e |
| SHA512 | be82745e815f5d62959ff721f83f861e1d4750914792afac6f57c9d46b5f668f6e64bccc22262b521c16fb3cc843383e35fc1319f6b065175291246341978c67 |
memory/2456-99-0x0000000000120000-0x000000000013E000-memory.dmp
memory/1888-109-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1412-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2456-110-0x0000000000120000-0x000000000013E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YeEkUEcw.bat
| MD5 | cc5b5531729f51a7ae9bc79ad5d4a163 |
| SHA1 | 6d9e83cc4597158d6792913f92f65ba54ec75db4 |
| SHA256 | d5f528b4760fa46eff553f7c590da4e8c98df0740488ed9e9bf2e1c4f532c684 |
| SHA512 | 897f1a655b6be9d01dfed8b7c5057bdf3a9c2684cdbc235f43f4a44bae0ad3f19e7328e88ef288e2060864c23359c8a444c9fbdd2e538385cbfbe08b1479aaf8 |
memory/1116-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/836-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1888-133-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uwUcsAYw.bat
| MD5 | 30c456addd451b2a4ff9db9bb7976c11 |
| SHA1 | 5c399c2584d13e56c5563d18e368f77a467fa46d |
| SHA256 | 4c0c61b2da019597d7f99247248443104f31cdd4e11ddd8f215c229f8a6881f0 |
| SHA512 | cf1889216b76353c4b791a2c89f839b0b3f862e105fb43da74b6bd846bc94a9360963e906b696560af6ce4012a284d945aa212ea290803cee3c19034365ef6a6 |
memory/1508-146-0x0000000000400000-0x000000000041E000-memory.dmp
memory/836-155-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsgYooos.bat
| MD5 | ad1abf6e077219556767a766a5c5c6b5 |
| SHA1 | 93b552e0e595e8c1f158b5e1f2a67473bcb3d9e0 |
| SHA256 | cdb08afca6ab8885d0e6d5fa0f719e6f6c1bf7dee2480b00753fb984c8a17456 |
| SHA512 | f742f51b72ff5247256b343d3596d8aaa32c8b8125c998c307f7c6b653720a064f242739645d3099de039aae1900e5cad0676d3bf2b8fb293c20fd0d89d0f734 |
memory/1508-177-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1908-178-0x0000000000120000-0x000000000013E000-memory.dmp
memory/1908-168-0x0000000000120000-0x000000000013E000-memory.dmp
memory/3060-179-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TiAQQEcY.bat
| MD5 | f91c3649f3823e5ff1856bbb56c68873 |
| SHA1 | cc3832909165563affc3eb4757ad4e6c41fd12bd |
| SHA256 | 7848df177f4c2c8df3fe863119fb0c1f100e29555cfa5870b12b3a43df2bb0ac |
| SHA512 | 12d16c4c364e8dc11d35491238dd12ea3c5f2a08b3daa36a801a618c1454c11057b98929b33b6a1e01e97a39b43608ce9319300933a96f7ce7d744c5098ad564 |
memory/2492-192-0x0000000000280000-0x000000000029E000-memory.dmp
memory/3060-202-0x0000000000400000-0x000000000041E000-memory.dmp
memory/324-194-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hUgwUwsA.bat
| MD5 | cd2b4dcd33c0ccea922783fbba1abc7a |
| SHA1 | 0eba254ccb9accfbb4a68594df5a8028161d4f4f |
| SHA256 | 29ad3d2722755162a11ed4419397e7c021bef9ba5833effc3faad2c448746766 |
| SHA512 | f04cee4f4b40104a8af4499003dfb3b5918e99661224672134038537e4794c10ef4539c74fd264241de4e4b14c8400505eb6345c6c6b4c3d35a6499edf0dea9f |
memory/2348-224-0x00000000000B0000-0x00000000000CE000-memory.dmp
memory/2464-225-0x0000000000400000-0x000000000041E000-memory.dmp
memory/324-223-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wGsoUQYA.bat
| MD5 | c1aa29514adad90b2975b36fd2fed81d |
| SHA1 | de43b907e06539b507be0403ea655e6918cbd1fd |
| SHA256 | b844926fe29bdfde28b3f5470e900f5ce67bcc16d414851b7d04eb8095b75fb9 |
| SHA512 | 3bdf8bc48c3d2aeaa6c6741aa9ef13c3baa092b45ac7051ec0592bf5cb95d3da5a84635dd2e6510ef8fa135069f9a168684f60ed0d9ac1999b97237e65817bd9 |
memory/2464-247-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2040-239-0x00000000001A0000-0x00000000001BE000-memory.dmp
memory/1484-248-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vessEIcM.bat
| MD5 | 46cd51299060338b078b19a9f9bf9ea1 |
| SHA1 | 46223dd92423a7e1b26c574366d7bcd72ae5858a |
| SHA256 | 7205d275084b659035f1d661aa60307251d8a560a5761822d84a0a8dce827f3b |
| SHA512 | bf86f308e67b00535770b4a27978d34ec56beafdda7907ef144fa8f01a1a3066e86cc4f9114648e3782ee6d82500ed76bdd30e05123e4fa45431ee017bf29ea7 |
memory/2052-270-0x0000000000120000-0x000000000013E000-memory.dmp
memory/872-271-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1484-269-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NGkcEQcs.bat
| MD5 | f2149a9513efc119d02b4598cf067513 |
| SHA1 | defbf1c218489589a11ac363376c6d961cc01061 |
| SHA256 | ac511ef386fab08890ead0b595143e8343737769a0a3f7bffcc0d172c809a1e9 |
| SHA512 | 52342713a72c33cc43d759b715f5de185a8f633e89bcbeb0e440054f96ce26aedc37544a0428ade568081f754c2f5a4da0cd5ac267ab608432ab93291e33b7f0 |
memory/952-284-0x0000000000120000-0x000000000013E000-memory.dmp
memory/3012-285-0x0000000000400000-0x000000000041E000-memory.dmp
memory/872-294-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wywgcUwg.bat
| MD5 | fcba01dfb37b90efdc504d9e324bd122 |
| SHA1 | 937cd68974017b9d6625911ad1f133fe2d066a24 |
| SHA256 | 9e92aa12b1eea1ecf916ca2b608bfba034f7b99466b35ac215f5dc8734dd845b |
| SHA512 | b7e55ff7e4c4c60dbcb850132d79f2cdf2b1cb47ad4afeebfc5cc94572c79c3b883f500e46eb6daf61ecf3381e4acb17870ebdb5183facb3d550f760463366be |
memory/1588-307-0x0000000000120000-0x000000000013E000-memory.dmp
memory/1184-309-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1588-310-0x0000000000120000-0x000000000013E000-memory.dmp
memory/3012-318-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tQIkoEMQ.bat
| MD5 | 82b1638c144675f4f696805fdb152d39 |
| SHA1 | 9aac583a43d6ec0e4b8c2d9e1b7ec716a35825c0 |
| SHA256 | b546723162d95fc30131c1b745e00a6f171e93897fdd8245e3badb585a6ba64c |
| SHA512 | a6e4360d149131a1fa28c303344d0bddc324cc5233edd3ecbbfa2978ab0e8c0e3362993daa4bc0a0c4ad62f5e75e2769c843e7b3b46a700695b8bc51684ffa15 |
memory/1184-338-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2444-339-0x00000000001C0000-0x00000000001DE000-memory.dmp
memory/2636-340-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XAMcEEAo.bat
| MD5 | 2819e04278a1472668cf9c14631145cf |
| SHA1 | d1f4efe081d64a5fa359e9f2d4f85a5098aea4ce |
| SHA256 | 2ab22ca9febc7aaa062b09155aaa410d2167462e109ddeecdd85e4a05514f12f |
| SHA512 | b49cc14e82530a006c78b46ed25594ceb111ce7a675caa61976fca7ecf1b36220b159176a7d93c43cbee9f5fd3e411f17be90cd0db6a8c1465f2c79113bd6988 |
memory/2004-364-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2480-355-0x0000000000120000-0x000000000013E000-memory.dmp
memory/2636-363-0x0000000000400000-0x000000000041E000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\FsAQoIwE.bat
| MD5 | 3f036e1da0d776ba37cc65b0a3301b30 |
| SHA1 | e27e1ca44abd3d939b2b4e555a5adc6fcfa0d080 |
| SHA256 | 9ae10f15d30d15fafacc97400084fe8001e9ff26ac6c9e7d4d1c327549f40ae9 |
| SHA512 | 4644ed66aae4e55e0ce86905c7ab87096e305c37591c9e9768c60c5b0b6619c01d6ee4630239ffb6b1e2e509650ab3f420d94f84785504e642b7473a7cc3185b |
C:\Users\Admin\AppData\Local\Temp\qIgg.exe
| MD5 | 37cd5c821647aa7abb484fd124a6abe7 |
| SHA1 | 6ed2e33382a782c7aac1f891441e8cf5f809d1ef |
| SHA256 | f59fa3eb06cabb3bd55ae26068ce95056d3ec3d73704de067941db783533258f |
| SHA512 | becbf298d396efb0b74f8cfdb1c6e35d11cb0653dc5c3ed69eaa59fbb737c80f15b4520ec64c6519254d86e0448f004eca1dce9b7aafcdf287757eea24062442 |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
memory/2004-402-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2592-403-0x0000000000170000-0x000000000018E000-memory.dmp
memory/2592-404-0x0000000000170000-0x000000000018E000-memory.dmp
memory/1896-407-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2456-418-0x0000000000170000-0x000000000018E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AeocUMwE.bat
| MD5 | 0f47a2463dd825280febe3031ffadcdc |
| SHA1 | 178f89407af50d65bb3725fcd0113b528a9d8ed8 |
| SHA256 | 374c5b712a19b509493f84c1389c0d22f92464de82e23e3d694ec7afdbe1bb9d |
| SHA512 | 0dbe7f0c5251284e1ebdffebfdcb0602ff51be2ebc11e8805b224a77f3506512deea9a75cfe55394051cafe293a106b16bec62202f9d22cc69d9da2a48416f01 |
memory/3068-419-0x0000000000400000-0x000000000041E000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | e08a1c20eaeef6dd2214b8aad57acb3d |
| SHA1 | 7dc821747687ed11576c56f6436682599cafe803 |
| SHA256 | 279675ef07a03218ef4c67cdf73436bf00ba35d8a79cf670e30266c839943068 |
| SHA512 | 57010dac7e5a7c6640f455d873909c01cd9516cbc8302ab5c156a9cd076e80508466a6e584a62249720ccd2b413b3e194bcccbcbbe6b9494507ae1b90eef2e70 |
C:\Users\Admin\AppData\Local\Temp\bYYm.exe
| MD5 | e90e226f6c77982b86de5cd8e03bf3a7 |
| SHA1 | 63e4fee7f8a1ecfb27db464d2c6f632fa633660b |
| SHA256 | 38a906b603dc6a22cc04242289f82b9fe97dcf572332c523e8dfdfb6ae551e9f |
| SHA512 | a14512af4a138ed3d720a789281a58a81db7bbf4bcfc9b57900ea8927865b2c68495b084234f2011670e0a2a9fc3fc021c37d47fc58cdac26ddec73dc24e562d |
memory/1896-454-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hIgM.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\SYcK.exe
| MD5 | 315f986872aab36ae38bcfbfdb917487 |
| SHA1 | f2ca038525b5c98689377c9822c2453bb889c493 |
| SHA256 | 5e9b99e3fb57a6e223c40db5817e3f733377c5e28654d7b4063f22109076cc09 |
| SHA512 | 21fcc1eceafe056a79b776631293345c367579ef696228032ef461ab05982a6bddba1ff19dad382f6849c0397a249008afa43d9cd0c5e4a0c9ca9ab8a39881d3 |
C:\Users\Admin\AppData\Local\Temp\HEgMkIIE.bat
| MD5 | 9a56071a2df43013eed4f2c43c95f39d |
| SHA1 | c3d97a65764d18a22d64574fced2e93de3a10af0 |
| SHA256 | 3afadb9199b906a7275e143609376aaab3aa99c44ce0dc627f266353c4c026df |
| SHA512 | 2d6b86f78ff593cbf8cf16b94d567314164a41db2967e00e0f386517ec75ac1962c9881c33f4ffaad168b559b5e13b4e854cfa934f7db29c7269f52a636e1b0a |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 9e8052e915538ab6038248cd34351e9e |
| SHA1 | 3c206ab7e255b88b360b77184614ab5733c026d1 |
| SHA256 | 1f51b361fc1cecc7b22dd60fbf04a1a9990a3cbcd756799dc9d6d8a94f595078 |
| SHA512 | 32f6ea6aed0a96f294864affbe53bf0b736d4d62eceef16241cd138a5ccfab2cba03c491432e4182968a7cc45affa3fff39df4fc4d721ef4338da13c030a800f |
memory/2980-492-0x00000000002E0000-0x00000000002FE000-memory.dmp
memory/2980-493-0x00000000002E0000-0x00000000002FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\okkS.exe
| MD5 | 65da0f95201889512f9375aca15e1ec4 |
| SHA1 | 405b1669bd5f861bc694e17d5801ee244560aee5 |
| SHA256 | ccb47352c72055ee57444dd991911a8a8b508fff805d3cf7141eb30836056348 |
| SHA512 | a0fb4540c95b2576e6d13b7a3326b5fea6b557488f96572fce0eebc87f968d3baa79b628df715fdb74b01e9d1b3a267b2c7aa4d1ed4d1db873ba979da0b3a516 |
memory/3068-517-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HmIUYkwI.bat
| MD5 | f654b39932f0018f082f4439020d35ec |
| SHA1 | a86cd4d999a5d50e52092aca52cc32eb8ec31532 |
| SHA256 | 0fd064090e8e2c44c5fc33ac16dbb624450e0aa13a50db3970490cced814f73d |
| SHA512 | 8bf93ab5edc1a618b71f4c4d63d1d86d0fcbd71e63f5de85e3bdd988c93be31e8c78aa3aed1d6e516f14638f1418163e074e44a32299561e0aeea19b99f85d47 |
memory/868-509-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qMAk.exe
| MD5 | 40009f9166e24cd32f90be57d0cf2997 |
| SHA1 | c9b7b334b7579aa7b1cd4a672262b8f404e83b0f |
| SHA256 | 5637ecd1525f4176a10b6e86876079d4f1efae91d4f151af823c877a9866b3a0 |
| SHA512 | 7a1a2c698e6b9a64998163dfa5a3ec2fdb9f7f804eaddb52e121c1397f041f3a4c8670924bbb71665228b13413c9038f0abe7198a18563f569c29c74e420ca1f |
C:\Users\Admin\AppData\Local\Temp\vUQe.exe
| MD5 | be1926c8bff80219bb3d58a579fdbf77 |
| SHA1 | df7f80d4a4108c1d03471443c13f2bf7814cf63e |
| SHA256 | c447b6b415fd2e768452001aa25753108faa5703011d431f9960dcbb9537b123 |
| SHA512 | 192c037e46e2e681394170d9f13db55d463d70b17aa192425c855e450cee005ab87773455cc069edc908a5c2be288335df2a35741f4ece9329ae5ec7a1f07e97 |
C:\Users\Admin\AppData\Local\Temp\fscU.exe
| MD5 | 37b1828b4ee51b3882e259cfece5509b |
| SHA1 | 22720c628f730838f7bd18d126ab4cb1da8ffd4a |
| SHA256 | 1b5a9466a7915da9a19430f09ca3fc14f9869f8718453648e9da71336c3632c7 |
| SHA512 | 27c2e5e42dac5013cc32156a1c13e96cd57c2cd063cb67f54f0670ca3199cd4161b908243a59dd1ead98c739c76de5e511ca9a658c0393bff357275ef05400ce |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | 1a7c883f32e08019080a2b9f3beef841 |
| SHA1 | 7626e8f5e7e27483dd1976d940e05f57fb881789 |
| SHA256 | bba66398321726e41dd84797424467a8e22970c87fe816dff82adbcd924c8e0d |
| SHA512 | 95e564abff20a732e66802494bcbe4b339c1a49ea2af205e22b00a87fb140e0b59973627bc1900d1d26f0b6024858701de71b0e8bf28b20a851fa8682236347c |
C:\Users\Admin\AppData\Local\Temp\nUcQ.exe
| MD5 | 10fb57b53b7d0fddde1c6492d64bcdb5 |
| SHA1 | e074f62576f1bfc74a47801419c73e5fbb17d84b |
| SHA256 | 5517958c8c41ade69c38860835033b2dcdce01e0f7578d0bc1919828939014b4 |
| SHA512 | c0523368da4690d5fd5c41febbefe2cb76f966b98bbd7683e46ed5b2b482baf40c3a7fb358f3a423156d2e4f029db1b9a8902f7162df21c45fc39f973d5e127c |
C:\Users\Admin\AppData\Local\Temp\fusokQwA.bat
| MD5 | 89220f8744ab11e00183353c4329df7f |
| SHA1 | cfbb91e7b1c8e319fc4986cbab6216d04726824f |
| SHA256 | bc10d65bb968ac884bf1982bf19ff7e1f5ec394ffc431335c3b90c161639934d |
| SHA512 | 7d587df90c54c853c13d35c8d19add72454192b6d0927d949ef06326cd2e1abd86f44287b1b25c6250130e3a856a25b6fade96c9a5cdc2628723f31ef0363d1e |
C:\Users\Admin\AppData\Local\Temp\uwcq.exe
| MD5 | ef182545eb42e3bdf6112fa9c0679164 |
| SHA1 | d08ae3e8c385bf499b8f1f29cebc4fefecd1f3e8 |
| SHA256 | b291eb92ff250a0d8725f8fa69a514d655ac38fbc4a340346a1938bae33cf4da |
| SHA512 | aa712d72855e54e1b0d951f7a31693fe82bde99fa8af672d5654ec09f46508801ffcb80b9567254692c3c1b8fa9e4b05a72cf91074bedd8611a8d7ced1024b7f |
C:\Users\Admin\AppData\Local\Temp\wkUG.exe
| MD5 | 2fc59c9cf51538d4593ae04fdf255ed6 |
| SHA1 | 22b006dd855d746d2c23c2e1f8ffe67cc7662866 |
| SHA256 | 37f67ee228492e41f74cf11b6b328d107b5f892e69bd5560ed1e1382a9ceb543 |
| SHA512 | cf56904757f0646b84b3287dad050e4caa6677577334981bd365676deea54a696aad2f194fd3d52241ac28c2613a7a4fdbc9feacf5a9c0b2e089a0fd9ccfdf1e |
C:\Users\Admin\AppData\Local\Temp\hMAY.exe
| MD5 | 96887cf728caf45def1f0350b38b0419 |
| SHA1 | 688b4e204455a9bce8cced348347c7a973357a06 |
| SHA256 | b6773658e8d386f4a73ac83b9ac4e74643640e16f458e8f1ba18291f3ec188d4 |
| SHA512 | 72ce07ecbd2fad459ed88c337fdd2e88ce4591ba46746eae71e2500881930d92f7efc55f29f509fe3124d03a02e5f4d5ec6505ac9d29ef26771ccb8df538d1aa |
C:\Users\Admin\AppData\Local\Temp\ykka.exe
| MD5 | fc38705d332df3831710fac3ea3bde9e |
| SHA1 | ccafa4670427938a07cad367f1f57e840bdf3457 |
| SHA256 | cab3e846420600e1d3f637341b2893d8beaf4c4385c16c5f78ecefa46d044c85 |
| SHA512 | c98ad0e6ddd614586e0f0f581670654cc42ddb2b8feac8c7a9ae37b9e4f7430265fa04d628eeb7271113323194ca5e9e8659cde96bd9ca6475028c324828a90b |
C:\Users\Admin\AppData\Local\Temp\BEkS.exe
| MD5 | 1596ee716996eb86efdc86b97a97d2ef |
| SHA1 | 251ff7ed0a4bb89f2b9548bf99868e710ab12da3 |
| SHA256 | 9968c30bdf41aaa4575b87d35c91014d39119cf2f69bbcab358848533dab3238 |
| SHA512 | 24d2621470c97e23bfb44bbd7bf0c3bf042d39aacb0d7482e5109a598380922a25a1b54ea61c481dd491258b1eb348773c330e66cb8a5b1c720acc7a81845bca |
C:\Users\Admin\AppData\Local\Temp\OgwooQMM.bat
| MD5 | e86a54fbbba914769ca83370f63faa21 |
| SHA1 | 0cd697adb18ca9337cd62be675ff775bb4b31862 |
| SHA256 | f1429738dffaf041fef0841dce0d2afbe13110b02e8d2f5858bcb672fc45dff2 |
| SHA512 | 57768805b04617257607e4bb53ee6075d69ed9899c760f41c9ecf850d9032006fb2167d3712684efa513178badec2af9ec9edd76a487a49ea415e08f97e660f9 |
C:\Users\Admin\AppData\Local\Temp\zoAY.exe
| MD5 | 2f457eb97ce6afe6c31fd1c0a91fd1c1 |
| SHA1 | b716573ffc092cf263cf355e2002ad416b2e0935 |
| SHA256 | 88af5a9578063f6e38b0607b02d54aab200ccc5300af4884e781680de5eda640 |
| SHA512 | 07d603dad9c359a9b963b4feb42c55bc4cc9c413e2ce9c626e97010a01a11f14f4446ff8a025201d9922f823e0010473b7af16a789b6ac12e7991d303720b577 |
C:\Users\Admin\AppData\Local\Temp\pMgm.exe
| MD5 | 2264e81bd46cfe7befc0096da4531337 |
| SHA1 | 4986bcbad3f3483d8ba7434bc73873a4e3ebe9ee |
| SHA256 | 3e0074d47424bbc844a691527009ab2cef89121c7fc013b6bfbc9503cb3d89bf |
| SHA512 | 511500fd9d5ca79315d5660288e6d347a1bc83f9e926f157e26a27f818e2385d58a1b989b37b9dc4dce255b61614c85739aca398ddb2c820af61d6960ad22c04 |
C:\Users\Admin\AppData\Local\Temp\XQwO.exe
| MD5 | 1a7e1896f0490fed4380e34cab725b6d |
| SHA1 | 38274004ae3a770fa7e9ae592c0f3316cb682db3 |
| SHA256 | d85007f21de23d0f78a4a2b33fd7c4026b142f1b28f37714a307dd8052be0376 |
| SHA512 | 3e69ccc31438b86c00632322767f108afbc766565864f9957f4f7f05081811d4a67a8469002d825531799d41f171143fc454f42b90d4328a9eca2b0edb535bcd |
C:\Users\Admin\AppData\Local\Temp\uYwi.exe
| MD5 | cf5159173942116b11e882d5a9951091 |
| SHA1 | a69dce3d61b2f4477fab3d9185de8464e7335fb8 |
| SHA256 | ecd868c5cb91bffce1e487966947039ec575f9bea50b78d3ac5b0f17c20f93ab |
| SHA512 | ca6336ca8b0634636cd2edb7dbeb1bb20f3a44d2617c049b4e0e3f7dc50f35fedd3726fdbaaf24fdb4f54536904d7379faf84688cfdf16fc0f2428c27c6ac5f6 |
C:\Users\Admin\AppData\Local\Temp\GsMM.exe
| MD5 | 107418ec43712e8193895a5af5ee58d0 |
| SHA1 | e091be18554e60e0c03dea75a9c5cf37634007f2 |
| SHA256 | 5daab8287db447a2fc549be49a61b9dffbd2eb7fb54ed9327f1285ff8a36f05d |
| SHA512 | 2ffee827c6802d393ff27f971599fec524eb358ff2998e9b5466c0b127db67b090c1643a0ec0deba30de477ace106ff1adf5a44e5c7eb37ec48128258c738bdb |
C:\Users\Admin\AppData\Local\Temp\KCYokcoY.bat
| MD5 | 4357b0aed2bd926b5c6e8e7ac484bea9 |
| SHA1 | a23d2ce8755ff3c95414b34591f76bda346de202 |
| SHA256 | 5b03882b3018b0b7cd695bdb92c47e381cc4f211e222f465f93859aab84b6d87 |
| SHA512 | 300358fc159a11512e15b3cf577870562ae0fb669506245812082ea0f7ff7a631a13e9840fe148b16ef7439d21bb8d6b19a6ea64becebbca15166f9cb280f9e3 |
C:\Users\Admin\AppData\Local\Temp\zgos.exe
| MD5 | cd575d5752a960d555722f6d17614f7a |
| SHA1 | 7f43889a9515fc4af350ecec248d47ca9dd174cc |
| SHA256 | 580bde3835bc8a0f0b2061b9421d499da58a2c833003345e8d551963c672020e |
| SHA512 | 81d4f37ce8667c8a118f82a45add81fd3ecfe29bb7dc2daf856581e8233fe1037eadbb7a242e7d602553d7bd88c0838f5ddfdab46c567534f6262c1f1eccbdaf |
C:\Users\Admin\AppData\Local\Temp\ZYsk.exe
| MD5 | d0cc4b93c51616847b6371c593436aa6 |
| SHA1 | 9837bd1284c9fe4b111be39998bdff2d1b9edc68 |
| SHA256 | 36434468aa4ad41c09116de1565637eb52707accf07cb568daf069dd3e6cf38e |
| SHA512 | 3b8e94ac48464a93187300b50fbe89bf322b561e1f36586e88607979e3a1ebf48a81437506a1bd5f7c8fa1e888e30f368e3fea36e3024554313c4d3263cef22d |
C:\Users\Admin\AppData\Local\Temp\hoMI.exe
| MD5 | d32c8ecf08690aee8183aee34a6e0cbb |
| SHA1 | bbac34d3bf3458ca413eee8fb5dc0d12b7bef645 |
| SHA256 | e17cdba4f0deafecb3f99e03d795a01b65cc72f867a1c8d53d898d8209d64dab |
| SHA512 | 2525b9dcc9ea90eabff462c7c882fce4c6609fd18a440d80c48e14ed2f9dcdaf0f5332d92e21818775c2519567fe2aa487b916449e70e461605918c908cd427f |
C:\Users\Admin\AppData\Local\Temp\dogq.exe
| MD5 | 1dc4b47f9aa2cc15467c619e236e3003 |
| SHA1 | aaf6582bd5614472e25aad541b081119e324fcd8 |
| SHA256 | d93631c3a5e6597b1b9ce5e505ee7c0e7e3d7ef8efd4e7ba374da037c1abac7f |
| SHA512 | b61f521467e51683826cf7498fb1f8b663f76fa410a7b49ebea89792745df7d7445f02f6445b11fd8adcf1287ba437926c801385b47ffdbef1a62ec7b73c560b |
C:\Users\Admin\AppData\Local\Temp\yswI.exe
| MD5 | 8435839abe7cb1214e75cf873533875a |
| SHA1 | 8f963861a9e5d701102ffe416b9c58d23a18e7cd |
| SHA256 | 4d47a71d6baceac4594e0eb4b25b65676f16458e8ff628f75e643427ac1c599c |
| SHA512 | 3604183a9ab58d9f96c7cf6dd9d91ca72190d525cf2ca14513fb355f38df7f6e1a6f50b6651e2ffabdaaac3f2a44cfea8abcd801c4b24e48107d7905cc1b3c97 |
C:\Users\Admin\AppData\Local\Temp\agEQ.exe
| MD5 | 826f3cca982196436d5d51313b0db7e5 |
| SHA1 | ebb6e4544258e5029bb06dd7c1713b9ebc668811 |
| SHA256 | 733266c8d9259764e1a60ea50604cc33dda46211b04ee412fc1467ec0afb990e |
| SHA512 | 3948712ccec83215bb20ff6edfb9e1b99a3e34103cb030bd1da2079ba0e881d2fe88d3c300f5d469f70ee1b428efd9f4426d2afc025303c772fa7b3faa29f9ca |
C:\Users\Admin\AppData\Local\Temp\QqoIAIMw.bat
| MD5 | e7fbe5fa227fa73793971547e62d4b24 |
| SHA1 | 0a45ccbff4e40682d409b67ca5127c956a60240c |
| SHA256 | 8c73d8d31991001973e9d7d71fc6cc93d03adf02c27ae35b3cc60a6c5ec6c9e0 |
| SHA512 | 63dc5dfc390db218efb22505bf95a6f57c13ea45d738b279ba864d99a813a25549dce5fea9ad662b4d9bfaf97ea28a79ee6651faf482406930eb254613ec9314 |
C:\Users\Admin\AppData\Local\Temp\CgMq.exe
| MD5 | 1b32822cbcc8945eb807d6d367a2b5be |
| SHA1 | 8b9d7096eea4394a5de41cdbae86a91b383bc040 |
| SHA256 | 3944c8b43c6eb8bb5d34e9e5d6041670e4c9332f8681c21e6f801a36c8295616 |
| SHA512 | 891bbd80242245c71dfa4b2529874200d25ed1f23e496ca43abcc1d15c674246bab86ed7eea8a53e72b618a2af4aeb7e893cea5e67757571620d516aaa405f63 |
C:\Users\Admin\AppData\Local\Temp\lsgA.exe
| MD5 | b4468d3eaf4b170a603ebe49cffe806e |
| SHA1 | 02fca832e5bd4146bfa854ffe0807f2a0b96e9d9 |
| SHA256 | 909c3b46db8882c004d37e7831b33386f4559da605fd23be9ef6b1b8302b8423 |
| SHA512 | 815b58d2d553371fc9ca50de1ecd85aa41151b4e0f228fefea64e8c7c6eae5f1e893510184059eb743844d329eb0abd066834de72325b65b4ecd9c2d53678768 |
C:\Users\Admin\AppData\Local\Temp\YEgO.exe
| MD5 | 87c8d4dcd8188247c97feb4dff8562a6 |
| SHA1 | 34ded373a28a7430c2141a3c347a18f83897190c |
| SHA256 | add928043fca4a5fede429fbdd6857d00ccc2f7e499713b64877ef302f638efe |
| SHA512 | d8ecc9758f5884cb5c33f94604cb1a88a36460f6c9ff9358abcf47f95174a1a9c43de8744bfdbbd65ee1a24d2547247f4034a7d5708b60ac990b46d444e78b29 |
C:\Users\Admin\AppData\Local\Temp\JQIK.exe
| MD5 | a1d4d782d602ec7b1f7ca7acfd555c95 |
| SHA1 | 3f354da255a4bca7f3fc1982938cc729eb4a73aa |
| SHA256 | 18a69b9b6286d0aa7607b0881d535b10cc22c854317a92259da4fcd07ac966d0 |
| SHA512 | 08c8793c888c3f7a695018160c639b2e130b74d61dbfaaac89258a9c3f0c55697fd83d0c2860a499203e6545c2d81326516350ba63021d9b32ee1caf2b13b1e0 |
C:\Users\Admin\AppData\Local\Temp\WYse.exe
| MD5 | 6d1806e7a404745c9cc0bfcb0fc7cd9d |
| SHA1 | 07493924b0b8fa973323338e3339b4b04f55c088 |
| SHA256 | 400fa1971beeb2db8f68489d0f3bb7de677d94df6d024d5eef9002ce1f82196b |
| SHA512 | 133edd12143566cb9716a03018f840568b00ecff960664ca520f56d08c64c55003053dd91638ecb0cd785ff249eb6025d1f1c973e7f28d2ad73f60586d961c9b |
C:\Users\Admin\AppData\Local\Temp\QYYi.exe
| MD5 | 129771bf14a6f2eae8505a63e6def1a7 |
| SHA1 | c91f1cf0e55bdae635c09532e17824871687811a |
| SHA256 | b64ed6beed35694bbcd5b1c3cc4fd804a028d3fa4868c25a831b8b84f546aa58 |
| SHA512 | 674243609de4d92fc9d2d698a5d4abd012136c00cecb8b82b259b2836e30cc9aae1adfee275453d4695055f9e7fc270f2bf9d3d7b95941fbf9d8adbc2c8c72ff |
C:\Users\Admin\AppData\Local\Temp\VEYQcgAc.bat
| MD5 | ab7216c170821203fe5fb7f603e5ba58 |
| SHA1 | 2bbda253ce2678d764a838e6343765f725d0d97c |
| SHA256 | ee738946ab261d138444aea92537dd3ce8b2585a8cf3444365a912b5a531c78b |
| SHA512 | 136db29b1c8c69ffc01a879af64b7fcc9b3ad2c8d62d4b911e8a7e9b944486a081f2d510bec569ef825e8c32ec6d4689e0d0db7191173b5078495fa9178eddc2 |
C:\Users\Admin\AppData\Local\Temp\zwIc.exe
| MD5 | 3e985b6d950afeb09466f6b9cc7caa35 |
| SHA1 | 7b668a51c6d2af433b331d56128e6cb297b5a47c |
| SHA256 | 301b219528cf6b7fbadef43e1e6ae074ad0bd4b2a4580ae16f35a046527824dc |
| SHA512 | 7ca56f97065f4f275e6687593ea296fd6f31a68003b93aa0dda698c1cfa1b4ff48fc8a51a44de21e06223f73552021e32223816701666537bb152adb548bb360 |
C:\Users\Admin\AppData\Local\Temp\Nwwc.exe
| MD5 | ac8a1a2bf11d54393920e206ef6ea893 |
| SHA1 | fca21546677a22b7a99ce2d5d4854d94e536a434 |
| SHA256 | 92f38fdce4462d5876997b2a38d775b4089dfa732e506bb503f2c3d741700ca3 |
| SHA512 | b146ec31c8e986704f1c3f6c13cabf78b736a2b52b5c69151a5cfbcd3ddcd122f867aab499a7cebbe18276e60203864de973d15d3d01fb22e5a2915b298576a0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | c68c68a29d20f52abd00abc3120ffee7 |
| SHA1 | a56ebc4bd169e07d5636631d8624f3c71a41358e |
| SHA256 | c6ff490c196676c0400b2496eb31811253812e7069aa74c2edb3b6fd3911e10e |
| SHA512 | 392c74bbca8c005e8164629ed27eaa1259dcac6d1fda48ebb70ecce7935a87e2889329870e6ffc7e668ac006ab53b8c6b968cff5b15c028330d231b8168a0989 |
C:\Users\Admin\AppData\Local\Temp\PAcQ.exe
| MD5 | cfeed6e305539820849e76c5af302a29 |
| SHA1 | 16747e696a3f2e5066f18085921c7e9f6e6f91b3 |
| SHA256 | 34a9276a235e92d956261488ca09e272d1c4fa600ebaf3f3e2626b0f10f8ff7b |
| SHA512 | 089f181a91830997b277416df7c7c1ec61dacf14ae12ec88b5ace00b2fff5ae252c18f3a265cdde7c3e3e2014b51a6d69341bb48e016b040a9deb283344bb24b |
C:\Users\Admin\AppData\Local\Temp\Yksg.exe
| MD5 | cee141857a5eb1136bb9370991c80f7a |
| SHA1 | 1444da405c4e3604e5dd2deabe24f361f996d314 |
| SHA256 | 8ca16c7ae7818a9538ceafea81c6246676d9dc200e61cc7359100881dda86fad |
| SHA512 | ae19037f763d7d2d0d9111b472843585c8cbc14185fe040b1a5899ca20890ca2a8340035aeaeb666229ae5f7cf31c623f77ace8a7602bc5732dc4576dad3a704 |
C:\Users\Admin\AppData\Local\Temp\lswYQAoo.bat
| MD5 | 2a2d251b16781d26d1ce9b113b4d69d2 |
| SHA1 | fa9b1d87094c81f78e550664416230018f4e303e |
| SHA256 | 9b653b802cf6cd3e38d1db30fe25b778878e6c7e2e6f26873027036ac120a3f6 |
| SHA512 | c6338dad8eb9d560983c73085ccde83b9b1dbe60fa0bb79ea1a91b68f6d2030da85bed83d2301f931745e48a82e9bed145ba36a2649fb974675cc28eed12e484 |
C:\Users\Admin\AppData\Local\Temp\Nsce.exe
| MD5 | 38d03b60f89cb5267baa5e85396db8c9 |
| SHA1 | 150f89a15b705f9d1a36aa96f876636a0d3a48a5 |
| SHA256 | f899082a2753063f689d87686084243589e222c72c95ebca15cb0068435f5e14 |
| SHA512 | ef4af95226fd4af9c889e0a1493ce302eb858c35a7b636638054c8afbf83db43f826892f24dc53440040c142a1602e4ec9f54b9f311b6b3e4efb2b701dddaf61 |
C:\Users\Admin\AppData\Local\Temp\KAAO.exe
| MD5 | 29c9f5e6fa77a02bd760c69b2657641f |
| SHA1 | b7cef08f8182ff62471d8b0810a650a3d7f12e03 |
| SHA256 | 97b339205f22796da0d034d326fb14f21393870ebbdbfd140e2742db0d143f6b |
| SHA512 | 469ff84f2595b1f22e865bc482d3640a06e2074f4eb5a5d712bfe11aaa11a5cff97517bfc2be59651a3adadfc73a526ba8c20d4466ef0d3be7256dbe2f49a110 |
C:\Users\Admin\AppData\Local\Temp\CIII.exe
| MD5 | ac8896fc62b0cccfc3e8908d2efc2945 |
| SHA1 | b62b4fd2224af5650a3fbf6f9ff0936dc51dfcb8 |
| SHA256 | 47dfdb5289c8815e0a9bcc0eb2c28bf2942ac3b80888550b5170bcbe27a771f9 |
| SHA512 | 39fd7674175fc3f08d216c0b37441586c694dddaa8639e51a6f03a0b25ee608837696057dc98f6b4ff681c61856b5a56f104c4df3dc545a136f0ef995a6b85b6 |
C:\Users\Admin\AppData\Local\Temp\cMMI.exe
| MD5 | 01b558453ee2cd643901eec38d8ceb0c |
| SHA1 | 1f79cf345bc4ef873cae0e6e92b21e30696cd047 |
| SHA256 | df80cc156e37c1f2fb675d9b2d4bd266dd9cef4f5ad3855cbda3051822472a0a |
| SHA512 | 6b5986614827a03687710dfbc2e89f1f84735a1007eb59e3224c934a60d57bba0040bf05d408986b9bd4353d88572dcac308953bbcaf28c17f030050f5834433 |
C:\Users\Admin\AppData\Local\Temp\fekMcswM.bat
| MD5 | 5f652c1ea74ee7eb6166f3800246276d |
| SHA1 | 87f2f5a962141a60b15a451d5b846a7cd910c4df |
| SHA256 | 43c481d0c58f678d51671b794d1a55c8f898356dc0a1774443a9d0990ca83917 |
| SHA512 | 523270af6c73eeaa52352ea1286f3aaa06a351d916733ea7152dbdbd4985c5403d42f5007ef610abbdb285c3cfa283d7b8a81dcb682d8aba611737e1d3625b7a |
C:\Users\Admin\AppData\Local\Temp\CoUI.exe
| MD5 | 89bddbab585067c5f8655a945b3c2025 |
| SHA1 | 8fd89ca4bbb84c2143e6901a7b2c5c6657698cbf |
| SHA256 | 258f02d1aab8eaec271851e0233a9727682e952b76bef68d9b0622eecaf60c32 |
| SHA512 | bf2dbacd2ed8dff1a8d3294872c7683d977ade620cda71de7493372ab9ec8411544a056143e4033586093b29fa6c9271b941a7bcaeb76108a45561e5b3779aad |
C:\Users\Admin\AppData\Local\Temp\vgQe.exe
| MD5 | 8b013d13b730bf09e102f4e55828b2e0 |
| SHA1 | 84a9823a9812a9edae5f16927303f9e50ffb0734 |
| SHA256 | c3cc8296356ac3c31c793b598f1fbceb5212b0d52101c5aca47447180bfb3338 |
| SHA512 | 60eb8c2640247d14f16f0d7c3dff9c252952c5e5bf103092581ca525965472c21d8b833ebaec6787ebf3841b477c04ae8cf04f47b6098626fe3503563313746e |
C:\Users\Admin\AppData\Local\Temp\pIII.exe
| MD5 | 926bfcb199755cfc35e22ee30ea2fbed |
| SHA1 | d357659342140c04a6186a38906e7971bcf1ed31 |
| SHA256 | b49b6326e0c5b7e42a31ac972ae49ea138da8ad2ca65851fd52cb314b8f0f761 |
| SHA512 | ba0c105c29588def88d8abd7a86d308805cb7b4c5bdf827555bb9d316bc1cdaa283eafce94b27742797f873c1ba37f0bb698e5e5c113e0abebdfced57991db7d |
C:\Users\Admin\AppData\Local\Temp\tokG.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\SssA.exe
| MD5 | a84962e9cb20838326129ea744940ccb |
| SHA1 | 81f8bc0fb51c1ca59ec1b54ee6676a6dfe61401b |
| SHA256 | ae13b4266305f877b575bf7ca051afacb947cac5efed73c2d729890fd4cd4715 |
| SHA512 | 87933c312f865a129e639ee92663deb98925943be4c22d6403a452783d9df1c22d65a5d472721f0f64a77cf7ab358699492841fd59f8b4765798387c150097cb |
C:\Users\Admin\AppData\Local\Temp\HUMogcYg.bat
| MD5 | ed98bd173ed351ffc668fe9414781394 |
| SHA1 | aa1c55666e8a49bb3c0c20c732975fca86eeff81 |
| SHA256 | b59ff692d267b0e2a5cf386aa58bb79003b84bb4e68d5bf5432f2a9190a68552 |
| SHA512 | 1278c9647e0d5234b35369dda6784ff1df286d110743fe902310d7b9e271c1d6734cba57e8044f6e233ce059d3423556fa74c852706ef6f8117a676516c8c766 |
C:\Users\Admin\AppData\Local\Temp\DAQW.exe
| MD5 | 1521dc36121d5d89087add032e746766 |
| SHA1 | 23a258da17d51dc5ba74c8921f27371597790ff1 |
| SHA256 | 73ff3ded99a03d57d5f1f0f8c8b6467b581269808c545c7e5bea37b17e59c40b |
| SHA512 | 41ca5060c4a4edb27ada0267dfb62c1286d24cf05bbdd8fb8682a34a2dc5269a0a3799aea3c18b7fedc15bdf6265537ebd4219cdf69fe310b498534d16734117 |
C:\Users\Admin\AppData\Local\Temp\jMgw.exe
| MD5 | f266439bbc3ae3df021779690f1a443a |
| SHA1 | 2f27d7a8c06f6b0964bcfed79a2cb7793b0be6ca |
| SHA256 | 2b08410db8127e33b658c5370984cbe125ccf8ef583e15b5c81060f117e93dba |
| SHA512 | b916c3f1a3cfd7187c3d28730684c569061b4b175b6f0f52b7a73f5d0413d663322979d907b76bb1e02533645c7b55f1055a041a6140de920b4b46397dd75bad |
C:\Users\Admin\AppData\Local\Temp\GUIE.exe
| MD5 | 14504b4ef9d8c0131c9c2ddf136d3532 |
| SHA1 | 0ebf8b950a43022ffe8f12741f5e2511ca50e0af |
| SHA256 | 08bdb10ea4fae2c8b2cafdb3de09727426b0efa059bcb04b60fc15087bc5fb18 |
| SHA512 | 92e310e0e7c86d2e30aced8d37d4734aa105be8789180bc5fc7d0a87fa9c7de41bd9f8c918a283def756bce172dc2f0b024585dd424e10426a7cfaba0e9e7898 |
C:\Users\Admin\AppData\Local\Temp\DYcYYMkU.bat
| MD5 | f4644722fead5e952619f5d0296499a0 |
| SHA1 | b34a4a0d87f0b1e12f967fe884c8aef392a8c2d0 |
| SHA256 | 806a497c98fe6f4632f156a236a2e3871055a485a92c56eb207e54c3ba9445cb |
| SHA512 | 7033cff17d99af4c4058d435fe09cb8307fa26aaf3e72f2ba070a409ff6d6660c68b7c54c0286262eeec6f4205ed9d4c2e6649b11865db031cdd9dafc6f66826 |
C:\Users\Admin\AppData\Local\Temp\tIMY.exe
| MD5 | f96786f7b894835bb6c3bb90396be5d4 |
| SHA1 | 4602ce8c70ba3de66ca8b5da4a2494455e592226 |
| SHA256 | f901c8c0710b556abaa3c52137f2777c52f6f1ca6f78935b78dc7c3d8c59b995 |
| SHA512 | 02bfe48b72feb2969e2dc1c4f92b8e20c401d083eade2a314c9d1d6be31ef2d0a3396ef1f53bfa93bf11a4f2234ad175ac96c3ed1d6ad2f8067fd7d5a9b7f7a4 |
C:\Users\Admin\AppData\Local\Temp\XUkw.exe
| MD5 | aa3ed4a517f2ea9f2190a3b9980441e9 |
| SHA1 | 9149a4504146ebb7c06d5ef421b41feac49d6994 |
| SHA256 | 04f579be02e08e6cd451be39f3c9c115ffba48cebffbe0d4c9d7ce17bcda72af |
| SHA512 | c6bd5cf236188560e9d9f4fc46f142802bbebd50ac9c050713e18a8bf8ccb8f2a3e584f89c630a7986871aa84ad87f892d1d65437a634bdb621d7fa96b8162d2 |
C:\Users\Admin\AppData\Local\Temp\HwMk.exe
| MD5 | 0ad79bf4af1c397ae93aadbd884d917c |
| SHA1 | 7f0835c25944e3fb6f3b05e1601a5097cb32c67e |
| SHA256 | 38092f06c8a6d3668b6a30fd5ad0b8260cfe8f2d8eca79dadd529522a6e2364e |
| SHA512 | 8b5e73822e69c1387a09f34533bba607c7f2a6023aed43dc98bcee87ec919a953f34e4d365eac6ed47626173e6fdfcd4a2e2b873fb5143fe768cea3f3d4ffbea |
C:\Users\Admin\AppData\Local\Temp\OQgC.exe
| MD5 | f9cb86923b5e02dfaf844f57ab41bd05 |
| SHA1 | aaad32508df0617f1f6099b5fdd19c7d2c68bf0a |
| SHA256 | d7fba976d017379817e60f616d3eae5746fe7e65fdd9dab35fb59a5e7ad7d608 |
| SHA512 | 982a15cb8ad551857730ab320705b9f5bb206af8f72d3281d4eb93825b7713982c999b66c1f5a0ac21b0b293dd654d7e5be88c8b62a18d307fce53036aa20b9d |
C:\Users\Admin\AppData\Local\Temp\dmEMYgQo.bat
| MD5 | 218dde1c8279c37b8cb5b4de81990938 |
| SHA1 | 48b15adf6f5f17c1a0d80e796c038245f416f670 |
| SHA256 | cc6b83175fe48e5e4be012b247a4d16d84dbc404a47fe230eec3e5af1aaf4daa |
| SHA512 | 3db62efe20e5c1b70b1bdfff865e310e6523beecdc44155c2e538e44c258d20819509dc74bd6d227fe7844a9909852db21f65937eb202858fbc70ced6d556dc4 |
C:\Users\Admin\AppData\Local\Temp\xkIK.exe
| MD5 | d9a834b5597bce005c719c71f62ab124 |
| SHA1 | ef7b64ee740c3471665ebdb6ebcdc1878eb6189c |
| SHA256 | eab8355abfdf76861346a12a9055d69849d449815333f29afd15eaa58694d72f |
| SHA512 | 668eb32b3ebf0906a69bb45f0fd0c3278f6bf1046e0e202150218134ee1c6f796cf0bdd027749248aee6ea0e464002a767e143f68e30e0d701028cc91fa194cc |
C:\Users\Admin\AppData\Local\Temp\DkEo.exe
| MD5 | da2cee63c7c82154eaba905befc1455d |
| SHA1 | 25653ef8461a628df1e91225cb3fae3cb282395d |
| SHA256 | 217469a3f4102b7e94ed8e1c658f2ed71a75a6fe899505f0af6e71990d72a1fe |
| SHA512 | 7c05fb09b28efb71439765ec6373fb76462b8e0f49448160ce0ba1036d40e3947dca320a07f08f36637842adfc546ddef3e96996055cc70b6f0f73948e1cb206 |
C:\Users\Admin\AppData\Local\Temp\ycwK.exe
| MD5 | 24a7037f3be65399b28f853fbc75574d |
| SHA1 | 5f19ee43ae3ca5d279070e6f7ec2886da7510047 |
| SHA256 | f70d03985029c3e6b45a586b907b201bf7a52b1fb866012cb25f30e4b86e4592 |
| SHA512 | 2cdd5bf01827d5c212a1f772e5faa2ce4cf82e8b52de127e072437ce09da8eebb725c4bfc774cf88f5da7eb3c3931acad1c7e9e63343233eb32e9c0ba6cbf865 |
C:\Users\Admin\AppData\Local\Temp\ScEG.exe
| MD5 | 3bc9ba84a7c4b36352b8613284ca67f3 |
| SHA1 | e014c2cd20032307c6655d4ef5fcb862e9c9beaf |
| SHA256 | ae2302c29c2331ac22faa85a2885512ad98d529fdf53928f53de90778f9c14df |
| SHA512 | b7b32e9cb2f53db9fc41c6dfc738296b583cbb43fd0566458447714d26a3ba92ad3d3765273af3d90e25a0b6751deaada5b8fa404e123cd8123e4568e2c1c978 |
C:\Users\Admin\AppData\Local\Temp\JgYW.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\fcIg.exe
| MD5 | 197b06860dcdb1ddcf68e657fd5b70c0 |
| SHA1 | 20c100248bf1927aee837eaf221c4e6acfc95c97 |
| SHA256 | e9b4d5704eab7b6998e5c464d39825451c0882e50c9905e94a2dae1191a5304e |
| SHA512 | 3f36aae54aec5910270d0c4490b3f538b68ad15b6074aac3161ecdee8f310276833c62bb73bff0e7726c5a3540bdea959c20203cee8b337f1a320affac4f8222 |
C:\Users\Admin\AppData\Local\Temp\zkoy.exe
| MD5 | e4951fe7fd732926fc52a83188a73be7 |
| SHA1 | 83a26030b426a0c5517980df37c63b8375f9010d |
| SHA256 | aa5bceb98c28aad484e26fe7e6f8500fffcb30655c1cdc8e64e0c3b2b1c8b96a |
| SHA512 | 60a09767e6064ef6018a36a5b7b8c360570af949296d9c66e27634a846748d2f6f33b3a748ca274d0d8b34f9d8e32afba932d1e53b590d9f1081dc1c3ccba2aa |
C:\Users\Admin\AppData\Local\Temp\YyIUUgwg.bat
| MD5 | db8c929bc20809497563b5d467e68c1b |
| SHA1 | a7bc0a379c82e23b0ae461b7191b2f707eebf381 |
| SHA256 | 51f00e8b4d4fac6739eb1c695cdc1d04855b12fd5c846c644a9c080d7f0ba5d7 |
| SHA512 | b72c140c3da39d79e2cbdb9950fd9cacf8eb65b8a0f994c4ad238d9ab2dd8360480d7192b76f029a94d363d096bd48cbbea93184246cac54bd9e2a11fcdb9af8 |
C:\Users\Admin\AppData\Local\Temp\zwQO.exe
| MD5 | 4dd00ec7551769aec1f9337f0d1c7f2e |
| SHA1 | 103ad8b670d663c72685f7fe68f1edef017fb408 |
| SHA256 | 9a44a14fb9f823cc8fbc37d58556db7a9c74653f02d910c982effe298875c3e5 |
| SHA512 | 7fe4e44eb53ede392d0eebb19abb55b7db1a3ff5934cb1a46a05c7f85719cba97b9262c704ef04a38d9a987c739b5eb92e5e9cd72279ca4f6a17de482171a029 |
C:\Users\Admin\AppData\Local\Temp\GckkEIAw.bat
| MD5 | 7738141849cd566a15020e36deed8612 |
| SHA1 | ac8b9e6420c570fe1fcc480342b4fbfbee9ec07a |
| SHA256 | 8030bebe63359cddc651f5ff2021d48882dfb9bb3a49bb3a13c89f1eb2e577ea |
| SHA512 | a5d04fd9aaa83e9099c682cdce88a44aee16c52ca9a922d4da21c9392a7d19461bb03c4f30396d40221a0d17c0c703d029ed626612b01aeb420504920e2ec8f9 |
C:\Users\Admin\AppData\Local\Temp\yAQW.exe
| MD5 | 824cde85f9fbec2dbdd9307112f14681 |
| SHA1 | 3f1254a5a723c869ff44fc593f3aaad56b16b1b3 |
| SHA256 | f50608f18308680fd514057cc4dd99899b5e4b06313f2027c8ec8603cdbdda36 |
| SHA512 | ff86a5f6e1d750ee8854fadb289501695aea4b04d64e57e4557ac64105f528e8e132e92fb62f5c5b8142e0ac2066dfaca734282dbb8f362ce391bab235e31e45 |
C:\Users\Admin\AppData\Local\Temp\IAkI.exe
| MD5 | 503f4135061f3f55cb0ba56fdeb235d3 |
| SHA1 | 1d6a7513cdf76aa0601580bad908b5bded06ecfa |
| SHA256 | 48ddfa3aeab7ef32e298a0bd8d36033515c39cc963fa5c494fe66536ee9066e4 |
| SHA512 | 3462fd47ee681cf11ac1c942fe60a86ce1993f2fe10120a971e2287c94baf7cbc362bc853b8894fcaffbf7d8a6b327eca77d15c9ababf23ed8b11d81bb20037f |
C:\Users\Admin\AppData\Local\Temp\HIgc.exe
| MD5 | 3e8e3ee517906b00064b085ee94459cd |
| SHA1 | 04800099a802aada9540c64f776817a2b98f521c |
| SHA256 | 3e10da89a285cfca09302371d8c7b8436eb72207dece565123be7b093ccf8385 |
| SHA512 | 89bb16c287c3e4489199a2974fde2d45dc525ef14ca3ccad40b4662f608c3ef4a93495d91489387005d3c8bb94ae9db2fc4aff6b96bd494d95c4f46c972e7f2a |
C:\Users\Admin\AppData\Local\Temp\MQkS.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\oQcO.exe
| MD5 | bf6be8571edf1c5380dd11b0500d185f |
| SHA1 | 8668f036eaf937d88293788f259c1ee594dd8d51 |
| SHA256 | a1b1068eb57591fa3b38c2e197eed3b21946247f1469dcf079bb17598a62260b |
| SHA512 | 837e4f42a0e0bf5697d233961229d026a0c3e1ea9018cd24933da0a5c7c14b9b28a1fd27494ab0b0faba51ea12ef9f4977a1ef1bbde23a9575fefdbde5765b67 |
C:\Users\Admin\AppData\Local\Temp\OAIk.exe
| MD5 | c86455653d782150ff6b6644037c8f71 |
| SHA1 | 3d1dc8806aae5ef3006a85804c4f094f21d410ef |
| SHA256 | 3ccd1f90a61e96a537514223cbe4a7beb4b775281487d855d2683eff72103ffd |
| SHA512 | 4a3533f29b02472071e8e06b5a00a8e958c1647afccf25ab9dcfd8854f5aa137d8342eee7d43e4f0b96aab0969bcbb5f029c3d5364e3597b6c170c16f97fe892 |
C:\Users\Admin\AppData\Local\Temp\SEQm.exe
| MD5 | fb7b5f8f89f0acc88d7d3fba58f92a96 |
| SHA1 | c324ee1014ba48eea5d500e8e03e30b2a2d966a5 |
| SHA256 | efb98be950e0e8e197b57f8d7dfb60a0952d738bc95d70d3a4836eea302dd47e |
| SHA512 | 15a968b4e1e3759a32460ab752eb511933a67a68fb3f338ada4a2b7d7d4049b6a5e93b7bb5b47d6d63ad4dbbbf1f0cd8caef0ded8bbcca7883b411ea63c1b318 |
C:\Users\Admin\AppData\Local\Temp\yOUkYAgI.bat
| MD5 | 83b1b126428dca9e8a9ba207b40facf6 |
| SHA1 | 7644f72bfc09e4794b1036816409e72d207f2581 |
| SHA256 | 21a4413f8dd0038f0468bc0073d8fbabeab4136e87ce2b6adf7c59e34fd73d6a |
| SHA512 | e07775f807b53e5311fc9302807f9200cb1f0296979a19daa50db0d397c68d186af9ed2b98a3a6636d6a17d4a8245a33b73217330599df026f52bf1a6d6f43d2 |
C:\Users\Admin\AppData\Local\Temp\OMkI.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\wYog.exe
| MD5 | df79274db15867f10655c114e898e327 |
| SHA1 | 88d4d67aabd5bc4048e56dc7f6d3fbf4754edec9 |
| SHA256 | 0d9c93c8185a8b4b32b1736f1c17842f6cd98e7d2afc3457504b363af609e195 |
| SHA512 | 6f893472d2030581e1e873f0eba0d606b5ab7097965bba99a50f460d2688b038701bacdb0f0cb40beb6ab0fabeee94ce9f4ee22ce14fa68bf579283563dd980c |
C:\Users\Admin\AppData\Local\Temp\dwMW.exe
| MD5 | ee1f2647b51d3c654da41d71750afd80 |
| SHA1 | e6dbdf94cf9d85f61ca4e6711927e1014958745d |
| SHA256 | 2bea7527cdb3ec7a4dfd15a3a4802ea5ba3806e3beb8a5a245df6a5471937afd |
| SHA512 | 3e02462d9eb15c0e665ed070d6474537ad60ec47c60291321ee99a6cb604ceaf381bf0a9f84d4338fc84392179960b782474dae4b91374e346e8ac8790366d2d |
C:\Users\Admin\AppData\Local\Temp\QkkQUMUk.bat
| MD5 | b0a4d66c9b9a5375e7bba532c8ff2ba4 |
| SHA1 | c24f42a626d1de04fc4c324ba00fa0238f39b87d |
| SHA256 | 500434bb7eae22bbb6e1f8bc96c3df0be2a67403b13151ddf5859c99a1ac8fd2 |
| SHA512 | a4f17b66cddf5af5760a0adb07caa58070a0527332765eab106306653ae0136d279014031f4b4d6f0f6ee4e6265f4429120e8ce08b79dc7b5f2a088518f6726a |
C:\Users\Admin\AppData\Local\Temp\yMIY.exe
| MD5 | 0bb67f22170b1c20f4fc6e3c6716f2b4 |
| SHA1 | 0befc548d2112b5dea12e666fe80ebd544828ce5 |
| SHA256 | 44499698f99c587895bcf8303b7059a0d82de651dadc4b35b97828aee0097d33 |
| SHA512 | cae0c346894524f184a8137497a2beaa0c784e9f90d7a7177bc70360ddbbadc5e4be634fc966f310f65d13fc97136b832a70c593551146c98098a7b37c763af3 |
C:\Users\Admin\AppData\Local\Temp\kQQq.exe
| MD5 | ea6079e8353e3b0fb602f2085ac76bed |
| SHA1 | 7e670dc7415f797c5e2590105cbf950a577f653b |
| SHA256 | ef480f16cfafcf4601098e3df4d095827a2a3dc7ee35fff077aef8f1e1aee6cc |
| SHA512 | 189b1678a97c428df7e8004000cc1db6aba4aa3047de8c43721e45a502b9351b3221166a840ac196e555496c70ce56e213e6b78c9a65c9a196d0749861df33a1 |
C:\Users\Admin\AppData\Local\Temp\jwcs.exe
| MD5 | 4370164028979ea0ce6522ab9a5f2f72 |
| SHA1 | 086b470504bde6658d4b7a238a9c214ee1997daa |
| SHA256 | 3f86222f11c546488b8b4d27bf9672b13bc096352d9cea3980637685c8ea7fdf |
| SHA512 | 1107ebab93b9c0330205d4946a3cd80309375272053e6ef06eca9208318afc69bc721860341c25d70a98dfbedaa52ad60b4088496ccc009f3b25c306bff52ba8 |
C:\Users\Admin\AppData\Local\Temp\TKowosgQ.bat
| MD5 | 7f04ba67d0be12d0f6d755cdaee8b797 |
| SHA1 | a26c943d3f9972c36af459262bc68a3abc77b798 |
| SHA256 | f4e40f46b72cd682209c6d897cc5a5785c3d07a12720b187fec37de025aea2a8 |
| SHA512 | 34a8113d3995aba769807691afeebd72f7ea72c2da291c2a2f1063ee161fe184e42103b3e9fbb3bc272b46980f3a0184651951b9fc0ee96a7e0f01c1bf80aecf |
C:\Users\Admin\AppData\Local\Temp\fAMQ.exe
| MD5 | 903d912aea628f209dbbffb3f515c018 |
| SHA1 | 17a395f717788c2783d329e67a0904dbf04750b1 |
| SHA256 | 21e2568afbde31514d7ee31dae3d0d5ef8a255afb96426548e9fe2d1dda07733 |
| SHA512 | 94350d3fe005a8b6ad6cd5c9c9bc780191c7aecf0ecd342ee0d1043fd52298f5481875a9d10599464f96be96d58f0033742d0f69a94f49d3e852303af4a11c95 |
C:\Users\Admin\AppData\Local\Temp\LMoS.exe
| MD5 | c8c61638eda038a6ef282c8ed4f0e9da |
| SHA1 | b7fdc2708b4fcfe23fbcb881ea022c650680fdf9 |
| SHA256 | 6b552efae6d87d56f6edff7ec55c664c6e5afd4337221a747bae595be05d5be0 |
| SHA512 | a100bba5e192ccda8bace5888559dbe99b99dae1e233655980b4ac37ab05b341eb10897da75a4f729e86a0b484cb2e8c05d9cdefb17c8aee609fe11372d0fb7a |
C:\Users\Admin\AppData\Local\Temp\yuUkoQYA.bat
| MD5 | fed12044482da48d193792aaafe98923 |
| SHA1 | 8de91a3108f5b2bf03535c9fca776637ad887778 |
| SHA256 | c7bd0d63a464b2bdde6d7a0d34b5ecdd47d69ea874bf4c8f1691d8859bf6c14f |
| SHA512 | 0faf180d5604a664df308bb809136f3f44cc167dbdd6dc7f48b0cd45133757877c520f029632c61d8291b4fc50aa981f66a66b733b74e8ce5520fd3925faae57 |
C:\Users\Admin\AppData\Local\Temp\kwQa.exe
| MD5 | 888135dc85b6d1bc45890c0e5666d93f |
| SHA1 | 0e04c25cc9069d56d7e58df0a5474891da8bec28 |
| SHA256 | 59d37ca5263af2dd5eec6998a49fe70d3330cc328ceee7f83352536a038dd975 |
| SHA512 | e93c68d840fe97d50f901bae3144ed6fd1a1dc9bfdeefdedf8e34fd2af30dcd3df8888c448cab2f952b0a9e6fcc706d3634cfa1610230e3f472a2030cc621bb5 |
C:\Users\Admin\AppData\Local\Temp\oUcE.exe
| MD5 | e7eb2ccba55d6238dc0a19730b791e9b |
| SHA1 | 64a11830cfa7d1e3a78966258766e125f8243ead |
| SHA256 | 01b59b39becb67a7f0a0dafa56d55a23f306f0467e42228db0087811fcde10c8 |
| SHA512 | 719dbf706737aa770096dd9919887511bc76d684511bc4a458afcf775e82ed097d775910599df0dce209da2b272e3dd400c7d92dd1fcd355ea9acdc5b7397f25 |
C:\Users\Admin\AppData\Local\Temp\YYYs.exe
| MD5 | 985e50625916dbf8d3d8f8b2a1448153 |
| SHA1 | 42a8edb6836687e8e47daafa27b2bd304f223ef7 |
| SHA256 | 61e07e7ecfe033fd5ffec34186895746cf83c340094a6342900687411d9878ae |
| SHA512 | c399e6f4f856e7b4b8dd8fbcbdb85cacb91946f56b86ed475069d67f8aea83d9e84ef220c76b7648432b25e4989516b4d699587919199162605276569df21320 |
C:\Users\Admin\AppData\Local\Temp\xscoAYYY.bat
| MD5 | 3db7697f9c532426e3d2e50e60f53cde |
| SHA1 | ae9f53d8af8c2d3c59b7e5def8c3e25e2a64ee61 |
| SHA256 | 5e5c157c88ce2607e549cef3165df859e44158dcdaa67158570ea0eb6b8a67eb |
| SHA512 | ffa69764a612e0d45c14f35b86a640dd2248c3944de234036a293d05350bed65675a2b04c13d9cbde9cb60759529c25849c672f040c05508684a284a3ba2bb99 |
C:\Users\Admin\AppData\Local\Temp\vIwA.exe
| MD5 | 3226f7462ae527d3f300186266c6b787 |
| SHA1 | ee386fc4fb9f5f64fb344029d24c9e76fc79c77d |
| SHA256 | 5102103c445353db3f7f554dbecd113fad7ca46e75036ff56ef65a340ac15526 |
| SHA512 | ae71a2924117b87a95134317eb662e03260e47d807f94872174e66f6085fbbaf1107c65f92a1cf8493766ab5d625ac1c01d8fcbfa0288826cc9748b823b3171c |
C:\Users\Admin\AppData\Local\Temp\FMcc.exe
| MD5 | 8d739d62498fd5b4e47bae9f82925c68 |
| SHA1 | 53337ea71144f0fad5c90607e243c47c34eeddd0 |
| SHA256 | aa7858ba8a9798d31733cb5cb7524b6cf2ebf4bc911bbafd886b9e825e06093f |
| SHA512 | 5e26a6ed41141a7ae0d1e60fa445fcdddc264ab7a464d1454cdf49fbcf241d474da0bc45c3e31a4be9d9262daad9ebc4ad33a3fb2c0c8ec9ca603010be3e35c3 |
C:\Users\Admin\AppData\Local\Temp\KQwa.exe
| MD5 | c5efa99e1b3b2e46ed3c13e21da65d43 |
| SHA1 | 9eeb928dc90869d1e467cea55da51bbc9c784d89 |
| SHA256 | 097fafba3830cbcebd78b739727e745a9a61af4798bb8709c367f937777aa40f |
| SHA512 | 02e0f49e4ef85a97286c7cea6708efb01186a841b3ced9312b573d35d6945ede301ba7421ea313acf9bb6ca20bb7a9066410d130d2dfdba206f7d0072362022d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
| MD5 | 343ae86d053a449061183baba3a01b90 |
| SHA1 | 15f22c7ce3193abff8532b89e6c04f6b20a8c700 |
| SHA256 | f1a5c3db6098507e727fbffede594ab9e8160905f1050a65071c811af029b83e |
| SHA512 | 579c171b47e635ca6d45b3f0bef194aebdfa36a352a2b16f75a7bafa0618bdb0e6db2eed9bce4d078514cda82d800523cfedd3092bcdcc6a3f8426e44241e31f |
C:\Users\Admin\AppData\Local\Temp\xcEo.exe
| MD5 | 6ad26b1b870ea68d63f45f9f4beaf6d4 |
| SHA1 | bc729c478be4daccf4d00a330b7898ddd44cfd65 |
| SHA256 | dfbe6b965bcd8d9b9a2604f58c21ba4a3009f82faed8b7a6e354b73dd0a4a0fd |
| SHA512 | c3b16bbc9d14d8c94c3bd47a63c4bad49fa956acf0abfde77047c2acd506c8658a5af50dd6088d7c07f563d434622178106c7108d1ffc24c3dfb57ff5dd65e9b |
C:\Users\Admin\AppData\Local\Temp\iIcO.exe
| MD5 | 7ad22a3cb2b5b010611eb1ec70e9c13a |
| SHA1 | 27f356709a3987e87a7633467662adb5bc3011b3 |
| SHA256 | 9ffb0bff06be72b506b6010a00e77897d890d1a38ae8e5969d8c2022db462af7 |
| SHA512 | 25398ddbb2038b68624c77e723b8425b5923840194b36fb8beaa6f31555e6e1e0ffe11efda2f468c3af50cd1e8d3dc1a9cbd9539260569a3a544a64b9698ab96 |
C:\Users\Admin\AppData\Local\Temp\XqYMQsIc.bat
| MD5 | 2476bad92b1b2dd411cb794ea1bbea94 |
| SHA1 | 46463487786307586c7baf95a32ddabd35944f6c |
| SHA256 | 47594685fd68fef1ad7a0c60f9ea00c28d8e733685880c810f05e0db59780f77 |
| SHA512 | e3237d74fbcac769f35f48dd9fba600b72e226ab39fceb4be15306b1a6ddfd3a934988f35e676e1fc6a3f8886c9bb6c4382a4046927b5879585f9a8983aba716 |
C:\Users\Admin\AppData\Local\Temp\wogA.exe
| MD5 | 4f0a1d763acd41d6d20ab1b34e4833d4 |
| SHA1 | 8c9a0a3f80b9c55cf726c692d2a749b706287060 |
| SHA256 | 48ec236fdd75dab36a860756dd470ea59181c275cf3eb390f8d61a80966e4552 |
| SHA512 | e69010751ba39c98d30d2e2a65b7463fee59c162514fccdb8ae81932617237e621509fa30c9e7f1e2e0f8460cfb27e8328aca5ac9d68f1cc4847634696565927 |
C:\Users\Admin\AppData\Local\Temp\PoEs.exe
| MD5 | 613795df4c6fa1685a73a0301060fce5 |
| SHA1 | 6610178b8bc4f42868cdecb3d7b387370d49c978 |
| SHA256 | e2989ade81c88b766d71dedeb46ebe1b27fb15fcad999178837d62009a4a644d |
| SHA512 | cca26365c6fd8cb9888846838bdb996e726e8adaf6803b20acd5c1c2bdad64137ef0011cf208f3c48a5f8f0c4680c935d7ea25b32b059816b0e7b8ee3577d430 |
C:\Users\Admin\AppData\Local\Temp\rwMoUkgU.bat
| MD5 | 1c2582c596a70cb21dedc22e55963594 |
| SHA1 | fee4e026f2399ce010480032a8d8c89bc28ad0fe |
| SHA256 | 2740fd49138da11437f3dcf0c0ff2e5ef4033add2c881402b94ac5f9eace125e |
| SHA512 | 2ca45fdde0deb49915b4e9d557037c7a25607dce7b7a09a4f2689975835a4d2bf5086edb118bd459bac319a867ea66e6dbef1b0be69b40f1cec7dfeff20149c8 |
C:\Users\Admin\AppData\Local\Temp\moIW.exe
| MD5 | 19231529c68e7ac948284d0df882acd4 |
| SHA1 | 14bb740b0c239fe47fef25a099c439459a24c026 |
| SHA256 | 1f3eed7ae787d6948efe0d7a64840031e1059b891d5a4830216bc4962a9afd7e |
| SHA512 | 39ab47e236ad7ae7294c391e81431c1feced07f14e40e798445906e2deaf1c20c7ac1621998b83a591a3569024ec7d3c002e4151dffc3cf2ec34bfaf2a8b60eb |
C:\Users\Admin\AppData\Local\Temp\EIsK.exe
| MD5 | 6d522f25da2116564f92e7f9fa0679b4 |
| SHA1 | fe76812d30488f89f49dde074498d3c41bcffad0 |
| SHA256 | cd4e19199f62155a1e3684643435d6946c6bc64fdd756962eea4e0e7fc318052 |
| SHA512 | 576f90af7e4b5fc2af26a86b9e2bee25d6a4afd35262c7eb5a874c8a123776bc137780a52d530e1e27bfc2fcce82bcb90fc65dc111016d952cd0f88da5580430 |
C:\Users\Admin\AppData\Local\Temp\SsEc.exe
| MD5 | 91fc9f62bc68b8365b4752efc4243614 |
| SHA1 | a9054e139d67817b0588c437342611c4f0ea43ed |
| SHA256 | 52c588a79df6f39965784eaaa6a11c6b16d9c4ce1239d2e4b970bae2afbfa523 |
| SHA512 | 1fc8e3e7471107ee371afcda7384ccb8364d0aaae103154fa7fbc9b0a2b8cc0d8a7f081025a88b6b02fd1326e46f7c006459a764f8ba3128fb3865a3af33c6b6 |
C:\Users\Admin\AppData\Local\Temp\USscMosY.bat
| MD5 | 84abf2213f60587b2bd59bdc2524dc46 |
| SHA1 | 3da4410fd8f6672ac476b5e61b9a591db1ade0b4 |
| SHA256 | 63530ffcc9e56ea26bcd0884ee0c9b900f4d270ce1f61c08c663ddfdae82c4ef |
| SHA512 | 2c2b2a692c9ce7244caebc4f84143129833af754fe61c4016311d03b88634d0846c2594588d9aa3ef62f9b393dcdea8913872228317a767c6c73ba56f96b8ecc |
C:\Users\Admin\AppData\Local\Temp\ccEQ.exe
| MD5 | ac391b3780c33cd82cd19a446ecc6c00 |
| SHA1 | 897420018ec185953db817cfd3130c6247c71fbe |
| SHA256 | 6e6e42e2a8b4f2b4921082c65fb99d22f09263ace23da8a5faa541429669023e |
| SHA512 | 6293582aa1c936c1e01ca277c4622e837d2a9affb807c6e53a42e32b81142408882e9b1bf307c7adf6501a8e5fcd32620805c663581f85c62663e6130154d66f |
C:\Users\Admin\AppData\Local\Temp\OYsG.exe
| MD5 | bed142b5fff349fb3b8597ec5fb2be84 |
| SHA1 | f341f65e23501d2c479f2f13a819a4e65a627b3c |
| SHA256 | c7dd1c41e5c220e45b39b0b92a4c628d7dc7939e7448b758d5126926f8d57c51 |
| SHA512 | fc966b4d6f2226ddf800281c521c2d82dfd5c0c0bab0a9b53d1a4461a153b720f79a8749ea25bf6a1b0428c26e24976f5607d8ea1f7860f992b9a223c599666b |
C:\Users\Admin\AppData\Local\Temp\lcAE.exe
| MD5 | 898f8e66b370a15ef80a8140bc6040b8 |
| SHA1 | 4b7d0599434a9f8d5fad8983df2a7fdf48ffa010 |
| SHA256 | c7afaa93d532792671b8f64ea25e4f5874471048eea5d8d6d2198365e94595b9 |
| SHA512 | c88aaac584415a9183c9f78dc74784fa577445aad85368937e2731a720e9ca2d0eca7ddaaae6b6abe1c83fac293353d7f25646c21771d8b0ca06e37bdbd172a1 |
C:\Users\Admin\AppData\Local\Temp\IMgc.exe
| MD5 | 1a01ef89bbf3e48c855c74293cebd2ac |
| SHA1 | 358f7245a6310058554ff0b5c48bc3485ae985ef |
| SHA256 | ce229094f47f8f5f23004ec57b9418de6aba20582065f2e0a7893bf95328e1e6 |
| SHA512 | c708775e5d0c3d5545ea1ee2dcd16a07e7579efd03e4f4caa474edddc50e84ca5a7179eed120e17c1ca80cd13ccc90040bd9c018c25099c3c29ba90784162f28 |
C:\Users\Admin\AppData\Local\Temp\cEIQMIgw.bat
| MD5 | 7c834092ae4fcca0032f89f546d6326d |
| SHA1 | 0b82177930895826ca60f76f5d58d102785bda9a |
| SHA256 | 07e47f301c51e0e8f2eb86215a44bac11686eb2443635c4df62cf6aabebc8127 |
| SHA512 | 27bfcaa562e06a8d180da04b0d69c9728a24ad2349af6c698dcb1dc259598aac5d50cee3865891bdd75253a107282b94234170a0f41f53be6411341fe34ad172 |
C:\Users\Admin\AppData\Local\Temp\XcYm.exe
| MD5 | 0d4b33a4a42f49132595181b88aa7a6a |
| SHA1 | 2b889852247edcfcbe2230c10763373f70ea7a1c |
| SHA256 | 94e51a761cc625cf4d9f2a2db234e0575ad5c7af3649666140a3847601e76411 |
| SHA512 | b90e3ca3b2aee90073575cfd992cab0d4a32b6bc076e5a2501903ee27e4835f4d457f1f959b5dd45b3fd6d5cad89380aaa03e0dfa6e1fd1261fabde7d6fdc464 |
C:\Users\Admin\AppData\Local\Temp\oAck.exe
| MD5 | aaa48ea5401c5556251e902ea2223452 |
| SHA1 | e0a57174c61d49d7f013d6c75cf10f4c57b7cbee |
| SHA256 | 3205f09d27b5bb425d4ecd07830a405fd0ce6ae78254e324d418597d97ba147a |
| SHA512 | 4e05def2183dda2a22cbe572cfea782a4645c04d4b2dc2fd5455fd452f6e2fb76861695c80fe595e8873885acea8e3c35370b2f575935116413e2cbb3e11bb21 |
C:\Users\Admin\AppData\Local\Temp\PUYQwEAI.bat
| MD5 | a43cade50c3a91ef520dd757d38c0b51 |
| SHA1 | 35aab512a493367a51aac4fd852f15a50335b280 |
| SHA256 | 3166bb77874c0d9102c017f2e620eaf9c5f77a00d265c8756ba2fb9ef496e821 |
| SHA512 | 93e832af0fd4430c7a3232551bafa52a63638afee237236a38f9696ca946e99ff560e4749c1e0cce13314ce1afeca11ab25b90c9c0f16b8c6221794ad50ca5fd |
C:\Users\Admin\AppData\Local\Temp\YsUW.exe
| MD5 | bea158ee91d42b284c839bb152910364 |
| SHA1 | d1c036c08626fa074d9f7804f1d958481c6d44a0 |
| SHA256 | 82c82948768a4f048ea064fddd3beffdaf813588f6963d0f6e6d9a5de00274d2 |
| SHA512 | 51087802605b9e1dce1efe6a6b195cf2fb0b22681ad28b9ea9b18f3f906e27acda5d50805c5f3dd29e1621547f5cc5ff428c5fcfbebe43c60a81228a13e57274 |
C:\Users\Admin\AppData\Local\Temp\qIMO.exe
| MD5 | d3e881683336498107f1b89871fa6854 |
| SHA1 | 49d8a267b98cdd232139ba62e995130b8da0e97c |
| SHA256 | f86dadf6e1fdefd48487fe6a5550fd4ccf16dcb24bcf0d3fa72b52741db12fe5 |
| SHA512 | 33a457407680672e150036a643b112f2365aceafb3b462dc9ffe490e3f2c03f8d61c3060dbfc3a08da97823025e45b5b8db99d214d080f7400f460c2f8d99fcd |
C:\Users\Admin\AppData\Local\Temp\soky.exe
| MD5 | 8191d6c58e0c12df6456ce22e7636fb4 |
| SHA1 | 3617a87c6cb5cf27637f08cc57806ae739494ced |
| SHA256 | d75e6f3ba7f7d04ba714ca5d4994a3d4835df49daea0e7e7233bdfd05be2c5bf |
| SHA512 | ace7bf3465a10ee9166396d1126626850f79e982c2a47f0196e97b56f67967c37c56bae3660e8a68c200124e44a24108610a2c6da7833ca2e31c0c11ab29d5a3 |
C:\Users\Admin\AppData\Local\Temp\ZocY.exe
| MD5 | 021f436a5fb1a7f5d45cf44b880e6787 |
| SHA1 | 7f682b39e46555dc034ad596f3f8710ea82fdc24 |
| SHA256 | 80471f2b6c49d3b32054b0c4c95370f528e8b3b94050febc0c989d50e26737e5 |
| SHA512 | 82135707ebd15372efcf3ea935f246dc808419639b1064ef446066d6873d6625357c3f879baf405b40fe5099237f2b9aab9f2d47bd9f7998d6a6f1e3b3feef64 |
C:\Users\Admin\AppData\Local\Temp\AsUu.exe
| MD5 | c8ebc903d754f357f7aa4c1e860094e7 |
| SHA1 | e096451492c3e6a043702e79df71c4f08ded4f1a |
| SHA256 | 34e45d14561bc1ebf9cef0180ce92778a2c2e2a8be68b7c5fc5198e2576eec55 |
| SHA512 | 7887377e73e7517d8ccccad470267177e11b39ac5dfcb9e38f0ef9ecb5db095e5fe66c62c164b7f1b2be2c8ab85afffff4923001e027be0c968c794298b3038f |
C:\Users\Admin\AppData\Local\Temp\twgm.exe
| MD5 | 7a6587232b4dd9f3f9c43390d723d516 |
| SHA1 | 8520c3a0b7a328c738f50df9dba924ede6cd1486 |
| SHA256 | 26a3d5561f94d5bd3de0f6647d706d3e98d317f8ff9ab6546518ecb0dcd5a9d1 |
| SHA512 | da2c5838ec5f48a3ee69be6a27a9c6426e65be8fca02017bd850262e37b52a8393a898f8eae4f0b819206b9f1579b62d45a17a69ae4e295974553024fd93a349 |
C:\Users\Admin\AppData\Local\Temp\tEEwkggk.bat
| MD5 | df851e1b3e1688ae64be8540c07471b7 |
| SHA1 | 7e92b6751102481e2d595439fed3b698a18ac333 |
| SHA256 | 5b18b7fc3da93fd8c46a80903a9d9ffb4035759b27137d0da67f6df9e9cc140b |
| SHA512 | 123fd33a5a21ef4fa30b48d2e883f5ebfbc2d1710f1c3f1405a7a596226108b3a3791bb473fdd8bba7e94a890a6709d27cbcd91562809a6d7845672c55968851 |
C:\Users\Admin\AppData\Local\Temp\CMUY.exe
| MD5 | 77d77bebeb1352bf92b93876b0c3376f |
| SHA1 | e51e2a6c930195043ab035f22e074442a75bf917 |
| SHA256 | b29bd1a023437375176f6e2c42cc7e49c6a789fc2c8ef5cd6029a699f99c1f70 |
| SHA512 | 79bd3a8e8cd92a827bc8720a54c748031c1a4735f3256f18ddaf417a9d09525a40bd2e9b5925b92833f82ab5d3beddf26af5aeabc9cbb7361b1be4cd164916b0 |
C:\Users\Admin\AppData\Local\Temp\qMYU.exe
| MD5 | 3b1cd1239a02d43d6a2e60b57066a382 |
| SHA1 | 00b7332a3fd4923d974364723846efb3109c6afb |
| SHA256 | a6ae426f8715402971638b2a6be2d47645819302a28b6f219623c752367f6121 |
| SHA512 | be7c027b9e43a5fdc5a1f9066da924465ed280357c10cb64e82a2872ac46b35565323f55f9f6bade652d058ff06818154f2d2c5db2f853c133691efc061de454 |
C:\Users\Admin\AppData\Local\Temp\GEUsscgE.bat
| MD5 | a18e93d0eeb36e9cd641cfccee10f947 |
| SHA1 | deb4f1255ac73dcd5baa2f45e6a2aecdaaf0464f |
| SHA256 | 72a065aa436b28f6517f6e7351ab96c20d2409390b6a3c87cd13f3a0ed5e7acc |
| SHA512 | 0737099d7f5d7d245567c2b1c41d288b3de1f1a7e23baec67232c525e65c89d229bd3db407a648cd03fe7eb5965238ae8b9b6c9cfee45d50088eed5713535638 |
C:\Users\Admin\AppData\Local\Temp\pQkm.exe
| MD5 | e59fd6d3d8f9031bcb2fb231eea20e10 |
| SHA1 | aa6e89b07629919e6f6c238e2bf55e90660a742f |
| SHA256 | 87c8e5ff22d57864c63636c5d6d0a49881f20809bd058ead3b70169faebd656a |
| SHA512 | f01f47093a020ffa162dceebef866d4cd198f338ca6a209bc720368802a8ada9ab45eb10e7c7b745801b06021f6df1be8521e9f528f9b50b05dcbfe2e4140c52 |
C:\Users\Admin\AppData\Local\Temp\vckK.exe
| MD5 | dd5de44166768bb919ec61f98a5ffb97 |
| SHA1 | 972e86f50778de8ae8786c4f0ae46adcd3fb40ca |
| SHA256 | afceb92b393ab773153dca11dd395b8d515141ab7cf5f2b713d58684067084c5 |
| SHA512 | 1893395e9a6cafb19ddff71a949e525553513e5cda835329379e3c2aae22d845c7b13ec2170599367d2a97e575385f32cfab60c2a973bff62f26511aebc119a1 |
C:\Users\Admin\AppData\Local\Temp\wSwAUgQU.bat
| MD5 | 4b2bb26b664cc8390c3050e5d21d731b |
| SHA1 | 64038cd531da0ad97c45aa23cacf844c91ccce1d |
| SHA256 | f874a38cf55072b451aea13445d33e38f997297546a34a4e2b11720fd1a10fc4 |
| SHA512 | 1160baa16551161b5b1f0d623561f73e0d9bb9efff55f89aff9ba89d9ffb9a40a01ecc2ff2c4cc312b6099937922b2a4c3ab9b2f8a3acb02196cffe9bfc3c577 |
C:\Users\Admin\AppData\Local\Temp\nQoi.exe
| MD5 | 11a66397056d4b69224e1f070d212b48 |
| SHA1 | fc4d562004a547a5142fe07c994e67ed4ff3d00a |
| SHA256 | 5dbb25e384980a12be9b94a95cd3dc262d2e3a3e30fe6144fb254c08389d0259 |
| SHA512 | 72204ad764dbbcadd208312d3062aa9db87d45ff408657ab6e5db606ab2358c4a8ac214989ffb127c1457502921e769957c80740151c7df59ad0c4401b8d6ea8 |
C:\Users\Admin\AppData\Local\Temp\kUEY.exe
| MD5 | 0fcd2b0e6fe3614e1b6bec97db1ffd72 |
| SHA1 | bf1056759b2c4a23b82abd3a005ef32c818c16a5 |
| SHA256 | 8b9e438debcc2f6ec8954984b23fcc549b7a46f5010f46f3c1b8f530d11afd84 |
| SHA512 | f482483e02d3c5e9f6d2263bcfeefd77ecae470f6ae1868f4ad97db1543dac0fae4e700ab1b66409605cf5b5859c30d5c6ad487a19fac79b0079a166b18b6b8c |
C:\Users\Admin\AppData\Local\Temp\rwsYUsoY.bat
| MD5 | e2bc9aa4ac5a8c40a2b16ab31abc1a98 |
| SHA1 | 51ecd50617e8ef5da1d09d3d8f2ded5f93e9d58b |
| SHA256 | 46cacdd86fd50bd65ef6db74a6ff18179c5e9be5a858ba317647049643c1d001 |
| SHA512 | 0c6908b2208f54c58491545e7ce82df913b4bf3f66e6eee26da148d26b6951d401e06bb42f336b665916d7dc70d9d0fae3ef1e4bc5cf36b358555a42dcf94b6d |
C:\Users\Admin\AppData\Local\Temp\jwMi.exe
| MD5 | 0e466a9376f69322fe51561bd7b95171 |
| SHA1 | ab47c1c84733ddb55cb86f442a8fcdc7864a75fa |
| SHA256 | 061916e955604c828018b5cbb2d98db0120af97866604c59725e54404b3c9bad |
| SHA512 | 6f920278686e3cab68a69a730a3d6bbb96d40f84eed754bf6c8757a3c2f36688b1e020981ef18ada1541cf0a2d4db4175d4016b850d0fcaafe5ebfb239ae60ea |
C:\Users\Admin\AppData\Local\Temp\CMIE.exe
| MD5 | 0084316a41f95d17ba2273ad7be0d984 |
| SHA1 | e32501acfd642d885e9987f57d50441e60cc8bcf |
| SHA256 | 54dfdf39848804dddabfceda9522310079e3b831cecd2e20acaff81835e17867 |
| SHA512 | 4084edab2b021e5b202afb9a5da9b65a9da7178d8f31959660a500fe8f9f95c6b783409a6061458e46bfe9e2ab46b388ee5ccde407d7cded398f45afcbc3a7d8 |
C:\Users\Admin\AppData\Local\Temp\iUwQIEoQ.bat
| MD5 | ec4ea1c489e9105e16184549610955f4 |
| SHA1 | e44eb1f29ddb5770b4c1c2d97336cbb4c0bfcff3 |
| SHA256 | b3fe105c538a8d027b7aa755fcf6378ec779102514cc005dbfed2da543d80ac9 |
| SHA512 | 0c534a3c51a924133bed37af58e5d83d95fcd3aac00de3f961e1b945055117cdc0979e13f1327715e8aa544a766bc1500d94c04f451edc5a84c361333139b1ae |
C:\Users\Admin\AppData\Local\Temp\BaEowYoc.bat
| MD5 | 2c6869bd17eb8d481771a8b90083965a |
| SHA1 | aa029208fe04c0b6a84b4a4108922ca88ba402cd |
| SHA256 | 1f90d9ca014a5127f9c5feb68cc61f71c1bf6f6ac0091878dc53e27a4eb6c4e7 |
| SHA512 | 114204e629c4f9f587d7f59a39328b7be7c1a82b1fff0aa347b103c972780815b266071c6c265f01f9b0455d957c33d5c49fac858f48fcbcb8e1edd639f3377e |
C:\Users\Admin\AppData\Local\Temp\USQcwUoE.bat
| MD5 | 1963e076a08a3758fa4c3ee50711299e |
| SHA1 | e2b8a2723dabb919d278bcb3da4463ccdc3e86af |
| SHA256 | a432cd80f2675eca75930c1315e2fa71399f5072d386d0e46c744e0c00c5cc54 |
| SHA512 | fe10a9aa8c76bb3f3df97676defa99fae213df813693ab5a7f4d8b3471e1fd501352fc2c6c95626b03d2a9c1f8dcae71ced56fbaaacb36bd05294a89d9ef4bd7 |
C:\Users\Admin\AppData\Local\Temp\aEQK.exe
| MD5 | 544274a6e5cfe9d3179c682078ad1f22 |
| SHA1 | 4e1c119a0461906d28005bb3702d7620e7217d1a |
| SHA256 | b265cbb081039979522f83f98961c9b95a4af24c8821061cfa6eb191324ea87c |
| SHA512 | ca7e6344bbcd86c3db0555051cd2ef52285c575c4a002a9d164ca3b5911d4f3c202366a9417d12005824ae6365d953245ece15251b47ff993380cece07e5344d |
C:\Users\Admin\AppData\Local\Temp\CMcs.exe
| MD5 | 1b3e72040057133c6c8ee200312ef7f2 |
| SHA1 | 0ff761244636279d50628562565c67cfdfb95518 |
| SHA256 | b9a3b28e4ad6bb56cf0197bbe44464296f68e8395fbdd5b04b1d750849859d15 |
| SHA512 | c8a1e2c59723c5174c44bf76401f3344c9493516a9efa7176f0721a255d89bc5cea4a7fc7c8900cb2ec4c9cd425ab539d8e9d4789e048ec05ae7d37c8a35cc16 |
C:\Users\Admin\AppData\Local\Temp\mckW.exe
| MD5 | 308dede11dec7a54074ce06cc4119d99 |
| SHA1 | 173a205852aa0dc69e5f83354c44b521e8284cc2 |
| SHA256 | 27b3c360c437a888dae3f3ce749e9e50b5f147d96c79223a74eafd8a7388e73c |
| SHA512 | 7973306afeac28e692e896cc197299a2c082844e256684e4e8e89d97a8ee95f009d26c612f1d08ff92ba66536a86e3ef7c3111b0a9457839869b6c15e2042d2b |
C:\Users\Admin\AppData\Local\Temp\bKskUAcw.bat
| MD5 | aca8c0818bfe3b269c6fb2ed66702a71 |
| SHA1 | 5050d83b9271b4df517ceb375742b24e9035d231 |
| SHA256 | 421ba7f57fee6aaf1573c885c81502896f4088668b2efda382ca40236919d43c |
| SHA512 | d79e87e09a0a52962a006c33a672f734104abc70c499fd2f3bea4ea1befc6a47a5daead36895810e0d1fd48d8f36765f7dacd0728b9cd9acad176624b919c52a |
C:\Users\Admin\AppData\Local\Temp\qooI.exe
| MD5 | 376d27fdacdab728365dd952ff52a8fb |
| SHA1 | db6da4c3c4309c8ffd5f4ca9bf71416fbfdd2320 |
| SHA256 | 555723ee1510cdecf6ef9dbd6cd4a92b857df00cbd65ccd31acce28c8593ccdc |
| SHA512 | 5100942be9bb9fd4814a35a6bd0e6dd54d2972aa5976d47fba05885214bda7a52d52dd349ec3b7894b9862510d606f81955dac9b9ac4877842efdf70906eecb3 |
C:\Users\Admin\AppData\Local\Temp\Dkge.exe
| MD5 | ac5705651e13f0b67b2062e939b91893 |
| SHA1 | 689398b631868a96d6cb6af252c9881dd7819727 |
| SHA256 | 7dca5daa8bc0e53454149ce4f9cecec66c35e36ef27c6d2b29e1a8414eb9999b |
| SHA512 | bf6091afe5dac8a443c5e9975b91c233c0e4ae9cb12d8bc0654a58150094f05bb35eca4df49181524e84b5b5973e294cfc2f97baba986fece6990ba621b88148 |
C:\Users\Admin\AppData\Local\Temp\UKUAgogs.bat
| MD5 | 726b94abf8f888a565a8a79f64adcbfe |
| SHA1 | 4d6be7791e9e3fa83a0d5aef908dde5fcec4309c |
| SHA256 | 1f7260132c5d2e93ee193699270902a0424c8100a32f6421cf8fe34c26d4cc3f |
| SHA512 | 14aaa6c66a788d80bfa7cc66d2877d14100021c7cf3f09a6451caba9cd98071ff56996aeaf245db8c16640dad82d64fd90f12c1fded9626a708787930601823a |
C:\Users\Admin\AppData\Local\Temp\fUwq.exe
| MD5 | da11bd399c0c29ef1908ccb15a32f2f9 |
| SHA1 | 2135f358a2f921e1a08a1a7be99d578b3e148fc1 |
| SHA256 | 6150173c9bbc10ff76fa1d3000a7e71b9e59e1e13d2b386cc18537eb5f100bc0 |
| SHA512 | 8fe05a69bcff0ccc8a7aa7d2f50a91a8fe7be8d5fab14bb809b85d55534087db8b8e372e5caaccbca0dc93ab0adf91bb50768e4faf5e8646517c6c8669c95c7e |
C:\Users\Admin\AppData\Local\Temp\REcS.exe
| MD5 | 9b0324eec9340c85f24767ef58e9734c |
| SHA1 | 8437ed586f9a1aa21d85242958256ba7dbbb3077 |
| SHA256 | 650871b2f09a6e0e4ca300d8b8ea0ff97e8a3362c0a41e1000f58b5fbc3e8faf |
| SHA512 | c74ea82c4b5df6c9c54f8268038e32765ff19cebda0fc676fa5ea2920d43f0642843bd2fd2652b9ca0f5caf76c799d53385c71ff0edb00884ce8d0c9822d9e6e |
C:\Users\Admin\AppData\Local\Temp\Vgsi.exe
| MD5 | 58fc98d8d38e4be340198e220601848d |
| SHA1 | b756d69594bae278aea73dbb86ad50fa77251d7b |
| SHA256 | 90bb7f41974c2bd895bc626dab3151027f43c8d42ab927ceda9cd71daa35a8e2 |
| SHA512 | 3e13c2ca0287f0c4f51425389c33fa688e80bce888dbddeb33befe00b3c5bc140d7bd6a1b12f87bc7d35bc317bf0422d7cd73045ba27845221db6d7f455caae4 |
C:\Users\Admin\AppData\Local\Temp\nEck.exe
| MD5 | a69a2d369c5290b6c14ec54944b12455 |
| SHA1 | 7c2dcb44d4738e1dcfd1780f40f0e77b8ff7bbe6 |
| SHA256 | c665f537f4ad8f523dda7f5e180e8a54194d3948a6b76c4a0c8bb670b6284c92 |
| SHA512 | 6ca8dfb706c58a4ba38ebc323dcaddecede9fd4b60d54e6290a16ef70aec2900e6c76a8065d9e66d44dd2b00eb13fa3f60620afe81a7527caf699d2182f94098 |
C:\Users\Admin\AppData\Local\Temp\VIYk.exe
| MD5 | 23451f577e06dede48c109b00d6c947e |
| SHA1 | 2243af191397d61b61ad3f05c5c1e9329246b62c |
| SHA256 | cbf8a68004e9981333cb82cce3ae813373c87f657ad72bd66f7738c0145221b0 |
| SHA512 | b80e2159d4d36f5276cf1b2a969fa1ee204a9b8ed14edabab28b9f56914d7c0bf7e967c30cc772138f3ec146dd84d52babdf6e029656d12b1c8d3d1b269420d1 |
C:\Users\Admin\AppData\Local\Temp\fkIIAYUQ.bat
| MD5 | 03bd93dfc1a7dfccde1913ce661bd622 |
| SHA1 | 32d8288bf83e95357b8251a54a14c85fd65cd169 |
| SHA256 | a32ddc03700d05d11525f21069522dd5944d4cb96d20177bb4fe3a1a299471c0 |
| SHA512 | 073b6c3f77acd183b468c64290110bc79a513247647e065ec9798f949751d47ce927ee98abdb21639f0897ec9784ba38fef2724a6c4c1d3f44f006d77f9c81a7 |
C:\Users\Admin\AppData\Local\Temp\kAoE.exe
| MD5 | 551f8bc2dc95771476f0bce7b2c44f94 |
| SHA1 | 2bd9a37704296c59eb56cf77d5c0f98a9dc747ce |
| SHA256 | 946d8ed988c8f365e4100b81a1bea72bbe87786fc25d6720ddddcdb20eb46264 |
| SHA512 | 460f4986d924fd1825e18517a221459946f7a77d13cd5587c60e533ff68fcb7218780d6483f8278248c3959b3d251891a7d0e6510346c616312230d4cc765f2c |
C:\Users\Admin\AppData\Local\Temp\ZKkoYAUQ.bat
| MD5 | 7bd17272f6c7b9f94264c30285a6b824 |
| SHA1 | b960a20076a8800a0cd2b898cee1ca160d69cec5 |
| SHA256 | 29b1f601efb6852c180a723bd5c50c76c5ec1434a8cc9ed149a094dba56cb0a4 |
| SHA512 | f3b03e8394b59a98ca10c34c24584c329455f44f4572726c6cefba78e206a135baf3451df0357d1bb26e84d3c4210009390e5268e277e0f4d1c98fd13d79c58a |
C:\Users\Admin\AppData\Local\Temp\FskcIMMY.bat
| MD5 | 3b3495332cbe9379c5c6acb23964b2f0 |
| SHA1 | e09b44610e34b80f18e14980a4af04973cff4a58 |
| SHA256 | e4037a4bcbff49706f77c30bd83932722224c34cda0dc0b06b3001fab03fc5ba |
| SHA512 | d333cd80cb61ba198a69f74de15902641606daf7db72ca649f827a91cf00174b7fc38700fa7e5bdc2ddf3bd55145a5271a1466dede911680dce60006b6995040 |
C:\Users\Admin\AppData\Local\Temp\nKAUEYMQ.bat
| MD5 | 382b5461a3b3013d3a92eaf1123e6558 |
| SHA1 | 8de23d62706fc41121d890c32b6f67d90e983326 |
| SHA256 | 48d2b7684d662c6d837d5c4e509c765f69139685d2f5ddee8f050aa24aec37f8 |
| SHA512 | 21b0d6ca529a01e9fa9b9d4edc996790ede45e208b7ee3459b092af7b973ed46b7697d6c1e5003d8b1ae959e2028c34ec49dfa0726f29408860ba9e787c6cdfe |
C:\Users\Admin\AppData\Local\Temp\TuQYYQkY.bat
| MD5 | f8191782e710c4a9d5a09c5b405f3446 |
| SHA1 | 395bd2df9741f27a24282314c7a18b3d414ab683 |
| SHA256 | 2ac3d0352f225a25bc6e60a5ca96771435a7e2d065549da6952a50b28a4ed73f |
| SHA512 | 56b9a3ce4314d80eb5ac2e803caca040ba1e36337f3285025e0b04e25dd3eb1eb6232167bd759d34386abc63ecc039d37dba5e7c9122099b67c35f42a8a40f14 |
C:\Users\Admin\AppData\Local\Temp\wMYYgscU.bat
| MD5 | 8d93ef72ac1b7e365dde329ef435af47 |
| SHA1 | a75d9c4d002411edb6a2dbcb96e526b642c90701 |
| SHA256 | 7b21419b9cdf66576430640890c5291404b63486137e41b71ffde6599edac5a3 |
| SHA512 | 92284bd92f9a3979d2a8c6cbee572bc74ee47d579d2c8a096c157c81d2705189918e282f382e541c22fbcec6fd6c1f84b30fff54e5cb1110c62726c1fad7164b |
C:\Users\Admin\AppData\Local\Temp\ZyckcsUw.bat
| MD5 | b8e8c43c810ae691662a82cb1e4c5ff6 |
| SHA1 | 80acedd737a468da5aac121bcc8b0a11efaba735 |
| SHA256 | ca8ff6511133b7f4ea51586ed3a7ad811ea602436ce884037f9e00629dc52221 |
| SHA512 | 3660f240ac81067820d62d1c884f632aed682ffb1215a28851f21dab9eb9d1b46e1640467fa00eca67a62b9a0ae53ee7615a211fd46f1d8443253f121dd90958 |
C:\Users\Admin\AppData\Local\Temp\qmEUsIwU.bat
| MD5 | 0a4dff379d071a8394290d77415f9f6e |
| SHA1 | cc0cd1a91e33ea696a89f6106cfe0fa56dc124b2 |
| SHA256 | 17972ea4f7b2eff0964bc81279240a4a0af125a652d201d8957d590db0edfada |
| SHA512 | d31718d76178fb640a2e515620c564295f712b2858b3f5a464fe46a535b4e0a39224245e0a1335da135394096a98909e0da50a5a726e607e8ee9dab2ca2bd0f7 |
C:\Users\Admin\AppData\Local\Temp\ROcEEkgo.bat
| MD5 | 734d89d1895c22690b0f19541c504dc4 |
| SHA1 | d77892b82e6874046737f0e067eda494cc4755ef |
| SHA256 | 1082cdd1a07080c877356acf140fee5ed8020929750b35b8255b1af881a0e66c |
| SHA512 | 09bfd7af4c6eee685eea206ca075b8ee8aa4584b2a993f8e9f0bcaa50a1b7ddf5d942163d4ecead9d754a8ad0fcfe22e405caf8aa295c6d64527c0c353ed006f |
C:\Users\Admin\AppData\Local\Temp\XoccgQoo.bat
| MD5 | 61a15dcae726f1270c6484b626ab4081 |
| SHA1 | 1f5dfed2fb70776f51de70979ccab8fdfae6e925 |
| SHA256 | 37110d3e9f71014800f162c295c518edd5eac28f39716f2ddb59734d7862cc52 |
| SHA512 | 7489b35092442faa51c239eca42ee9704739c1691dc7f153c9a38df522b940624957e243efd520d9a7fca08771dc2e7a621fa232939b9b0a189bc701e6d21b1f |
C:\Users\Admin\AppData\Local\Temp\sOMMMcEg.bat
| MD5 | ccb7c4eadc4c9b7d008a689bde81c0f7 |
| SHA1 | dfab74dc8ec45cc7d18538ce6f1a379b4e86ca68 |
| SHA256 | af5349d4ef1c5de2596234d964d90fa8da916de6ef9b98cb847103728d593463 |
| SHA512 | f672329fba6f11bb821c84f66014bcbe1df64c4bbb083aa9a87f95708733f1a33c962cd07b93650160e05c39f8171a9ab6349117a8072fc8428edc33c443038f |
C:\Users\Admin\AppData\Local\Temp\TYEwocMc.bat
| MD5 | ffea1393898ad5a92f1476d93383b42d |
| SHA1 | 6afb97317615920596ab03365889f10d8f23ec43 |
| SHA256 | 21f746e9124dca577360ca8479b52761ee9522a3e085d88ac8ffb151eeaa207d |
| SHA512 | 11ce07830d5bc232b7d1dc9fb9920ee9123e6742eb9d6309ee9a7bd3e315a5d8584f30daac684158147131bfdd9a0beaf203dcfaaca250da6a2c1b3dd73b223e |
C:\Users\Admin\AppData\Local\Temp\VYgkAoAs.bat
| MD5 | 5b558d1673482babb335df1defea200b |
| SHA1 | 2e34a2a0ceff8a15a2b27bc8d4595d42bcef7550 |
| SHA256 | da39676480a118ebe018e81a038616b7e08ef51a1061a34df22e088393f15fb5 |
| SHA512 | 59f319c92a808dfa6c45544e600acc48861a52e9d155c61ecbfce1e9991b7cbd151b1d05c576bf88f444809894164fd5eabac50ee1393ed81d0ffc9f47649c02 |
C:\Users\Admin\AppData\Local\Temp\eiIUMwsQ.bat
| MD5 | 7a4480d94a8e47801d20a7577bc51ddc |
| SHA1 | a32374584ff9a4835d6384d473772b5d48e8ddd6 |
| SHA256 | e66e54d3a48033ce48b35498edbad861c6443bb10391ad1dfcb3bdc61b6579d6 |
| SHA512 | 78d2e81c40dc40a8dc5ba2e992c50a76001fc1fc10e0e364d9db0cb2185debaa7b211b74516792003b579d9653ad6df3647e7cf6fe54cbee9e7334f92ca7a2b1 |
C:\Users\Admin\AppData\Local\Temp\IiUMswIQ.bat
| MD5 | c6d6e75e3cc0db126efd4dcc3b351f5b |
| SHA1 | 8796633f2c196a4b5172f14fdf3f75d4e282b6a1 |
| SHA256 | 249a4b08e9971f1ec9dc7d6d306788fe8100340bc0eff20ee5281570be377b8d |
| SHA512 | 3a2924a22e4025226e87479aea81a3449535a350999aff6bde5ec291183b05f802ade92349090a3ae10563d1bf31dedfb1ed3886af477e6db03d9f08d724810c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 10:36
Reported
2024-04-03 10:39
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (78) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe | N/A |
| N/A | N/A | C:\ProgramData\cgsEsggI\GecMoAQE.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oaEIYEUQ.exe = "C:\\Users\\Admin\\dOocMAIc\\oaEIYEUQ.exe" | C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GecMoAQE.exe = "C:\\ProgramData\\cgsEsggI\\GecMoAQE.exe" | C:\ProgramData\cgsEsggI\GecMoAQE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oaEIYEUQ.exe = "C:\\Users\\Admin\\dOocMAIc\\oaEIYEUQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GecMoAQE.exe = "C:\\ProgramData\\cgsEsggI\\GecMoAQE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe"
C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe
"C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe"
C:\ProgramData\cgsEsggI\GecMoAQE.exe
"C:\ProgramData\cgsEsggI\GecMoAQE.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RqsQUoYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XsIYMAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZywMYYgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGEcUQAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymssokAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAUwowUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KIEAowMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GaMIUQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIwQggEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FsUEskMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeQMIocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fEwEEMIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aOwIgwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOgQYAkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YwkgIowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MOcoEEkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hiscEssg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FaIggwkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWoswckM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bSMMEYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ikwMcAUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IskAAUsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsYQAcIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okooIYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XKAUwgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dWcIgIAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PIccIMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EyUcoIEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkUgsYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\soYYUcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KGsUsAgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xEIoMoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOcMoQEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NcEskYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeUcYQEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EiokwEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ioQcwQAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UOYEcAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 216.58.208.110:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 216.58.208.110:80 | google.com | tcp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.110.86.104.in-addr.arpa | udp |
Files
memory/3176-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\dOocMAIc\oaEIYEUQ.exe
| MD5 | 7c0603b7930d6e75f131dcd8af96469b |
| SHA1 | 94ee30384f8d0417900e7b643525421abd3c5249 |
| SHA256 | 8e81356f8714ed7095989ca4a7aa4050456b1621c6f548ac6a5511293f81175c |
| SHA512 | c92a3f954c08f2df95734f20f911ddf478d4681578c374f244f7b97ed91e78af68595043ed0936b286e63966a5b74c1f133b4c9cb46303b049802086ac66239d |
C:\ProgramData\cgsEsggI\GecMoAQE.exe
| MD5 | ffa72673ebf12c07232d00bd5f995d60 |
| SHA1 | 5072fae167677f3629ddd7ea9d3aecf4afa84507 |
| SHA256 | c7c45f2620f034ba7970d40d2d80753658621e4826e085ece23271bb6b8b40d9 |
| SHA512 | 5aeb89340017dd81ed3fe647fd94c2d188fabf8f7e2c724877fac386b2683cddf612538f22eca442c57863f50b33dfaeaaf84c8f77f7f5859662d15ce722d203 |
memory/5068-11-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2952-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5088-16-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3176-20-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RqsQUoYw.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
| MD5 | d36af1ec9b66bb61a728702fd39ea0a4 |
| SHA1 | a0483b7947de6daec4a69864328662b3d70aab86 |
| SHA256 | f590cbc7c830731b68b55ca1b1ea11818b5afa3566537440a17017296578dae9 |
| SHA512 | 3047a98c784e0d60dcf46635350e983687156fb5168f713dfde0bda9034419cc1a547999c7f8113d9fb3bd672167f06349aef418c3f554617ea7565eb40095f7 |
memory/5116-28-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5088-32-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3304-40-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-44-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1180-52-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3304-56-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1180-67-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1724-78-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4204-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/740-97-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-101-0x0000000000400000-0x000000000041E000-memory.dmp
memory/908-109-0x0000000000400000-0x000000000041E000-memory.dmp
memory/740-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/908-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4496-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1944-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4496-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1944-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2504-145-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2088-157-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2504-161-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2848-169-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2088-173-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2848-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4228-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2060-196-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2444-205-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4228-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3276-216-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2444-220-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1212-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3276-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1212-243-0x0000000000400000-0x000000000041E000-memory.dmp
memory/396-255-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2380-254-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2712-261-0x0000000000400000-0x000000000041E000-memory.dmp
memory/396-264-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2712-272-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1048-280-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3468-281-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3468-289-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1056-297-0x0000000000400000-0x000000000041E000-memory.dmp
memory/116-299-0x0000000000400000-0x000000000041E000-memory.dmp
memory/116-306-0x0000000000400000-0x000000000041E000-memory.dmp
memory/836-307-0x0000000000400000-0x000000000041E000-memory.dmp
memory/836-315-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-316-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-324-0x0000000000400000-0x000000000041E000-memory.dmp
memory/388-325-0x0000000000400000-0x000000000041E000-memory.dmp
memory/388-333-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1884-341-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-349-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2244-355-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2676-358-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4872-364-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2244-367-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4872-375-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4092-381-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1172-384-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WIEI.exe
| MD5 | 0330f671cbe8c5ff56b906859a286247 |
| SHA1 | 991a1fa994599a340effca567f29730c973bf378 |
| SHA256 | c35c24829b65de67c410b9bb7254db571137423e8446a36bfe7c103e4e48b455 |
| SHA512 | 9d282157a4ba9baf6bb21ba288faeafa86fb3d6fb5ff62f5d81fcbe0c24ecf5f8ffec47e3a7ecd829690afdd99670c58c1193571d02ad78fc9d04821ee81a762 |
C:\Users\Admin\AppData\Local\Temp\oQAW.exe
| MD5 | c453079044fd7ae6ea4d51f4e7949acf |
| SHA1 | fb9bac6f5f2a9b166f6eecabb7416f9f8df6ceba |
| SHA256 | b1c2a7fb9704a1c23255da44b6ea4c29f512d2643eec12dd9862d39aca11264c |
| SHA512 | dbbbad693b6cb45d764ab3d50142d090b8ab80fe68bfcc24e29bcc65cf07e9f5f0504e330d81bb28ef934eb08d2e0031c146c5a173eed01a0777aa57cf0b8bdd |
C:\Users\Admin\AppData\Local\Temp\coYI.exe
| MD5 | c70f593591647006362cbb23930196ed |
| SHA1 | d79ed5550a20907c14362501a00e57c30193ccb2 |
| SHA256 | 3c128d92d0fce62d0bb75676ac0129cc4d04cb6b98860d3b9c7fd242c15c2c44 |
| SHA512 | 0ff1ce6444d7295f35cd20665d31c645d564e5bb07455d6d578544e04c68c3e1b037c91d73545c77267c9dd56e480e57c14c6f3e57f8aa28ddc98a7193da65c3 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 37497535aa821d2edbdfcaa707016213 |
| SHA1 | 64d64bfe2f7e4814a9f17c4cfd0f5d03c0fe279d |
| SHA256 | 60bc0749c6d7b7521768a8e940bcb23fdc8d567a55f2d4df8a341abbe0a2bb97 |
| SHA512 | 894f950fb5e50395865bd05d21612c17265bb82a2b084b02581dced0489f51c0313db5ddda428f42c259681925865901e47b26cb8439d96ca66680821a5127d2 |
C:\Users\Admin\AppData\Local\Temp\YwMA.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\EosC.exe
| MD5 | b5f01194f236d96dd7908cf6e7fca5b7 |
| SHA1 | 3835754890f23c8ae6793e8fb3d85eb96ed009eb |
| SHA256 | b69ab6bbce03cdab22f63831636486746286f76c36f0b0c7b90df0a5d6da6b33 |
| SHA512 | 3d699c403e1abaf85260bd6dc44dd2dd8dabd76531817b09ec9d97e4b41a281bc0e5317e8d6bce4e51742a4e8efaf923b8d783eb1154d3b05e1d92e7a42a99f3 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 40fb56c061b6bf68c479375933cc23b1 |
| SHA1 | 4a6c6647ec357faa87bd1b137078a922feb186ba |
| SHA256 | c6c1116afa2c0af8264611425e6b3046106df1297b35a9cbbd836874ca90a56f |
| SHA512 | 0987043154b75bfbf88f3ad2c33c3fc4301eae6537d1e4e55e26d9a3d7a41821e6d45c327fcf2e76ff3e9e0eaf3042a9443d04ff0c33cd0a8c98339a7ef09b72 |
C:\Users\Admin\AppData\Local\Temp\WgQw.exe
| MD5 | b19cb473166ebda78941327679097c1b |
| SHA1 | 8765643b1a97ffe2ed41237ab40d049ffd6f33e9 |
| SHA256 | 2a4e34e1bc0e956c9eb25f51779ce3c9c1b4b028793186fed8f2205c89e3c2d7 |
| SHA512 | 25847e5963e1e6fe397e83cfc7aa200a86ca24004a2da80fce079e188cdaf857d9edc99d7fcd2e346d93f6c65b5bee830d0d6e4c54edec942cfb47ab8202eef2 |
C:\Users\Admin\AppData\Local\Temp\Usos.exe
| MD5 | 705cb5e385ca5a095877a923e971f86d |
| SHA1 | 5981045f202ed865cc30575852eb10f5c8e1fdaa |
| SHA256 | a7411793d7fa61159250256b8c9ff1ab8a3f3f97e326f24818fefa6fdcd18122 |
| SHA512 | d0bb58bcd3bfc0b9be88250e274191efbc3fde3c6bedace8c2df72824d8cba40426dc980382cf9641787013d1f03b72ddf8996a1c6ff68560dbe899681e98c21 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | 1998f29fec8ddf6b0d329321c60966fd |
| SHA1 | dfd16a5dfba7b5a9409d02555cfc4212a7b4d44a |
| SHA256 | 73952e86d8f9ec9e22cf2a0c473cd664f83c1074d012cca0d942f5a4e8c15864 |
| SHA512 | 6df08c966fd65eb9e2ac9e82b21a334ce0e246d1159ced1da46e5b5b5f8ed67f6c8bb3e430d0e90595db1abeab41169ebbb33496c719019b5e1c8791a7197015 |
C:\ProgramData\Microsoft\User Account Pictures\guest.png.exe
| MD5 | ca2eeb1406c37b704f357ab42e55cecd |
| SHA1 | bc1c3b124309cf6cc4d9e82a30ad99a67f1f844e |
| SHA256 | 6c6a1da419c6ba068bb894262dc324a34036dd0fca46cdad4b7493615b830e1e |
| SHA512 | 7be87d85ec6ec3f96e29bd8e8e2b4d3c4d45e067cdb9422166198662eb7b14a7b24c618745f75d6052136833fea240d9427c5749e3b9e9e2a5e125faaf09d432 |
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe
| MD5 | 4a5c50f266b7a890eea06d51c7420b13 |
| SHA1 | 3281a6b5408db1091b9d07bebaf83dd6fe8cc2f0 |
| SHA256 | a694d7f550f17ff4ec6ca0bddaea6acd0344ffaf75fad416217059c99763dcc3 |
| SHA512 | 81987e97e0f10f2b60b1ca5b052fda88a111caba4c2f85710cd5092154686eaf0c8fa073f1da266718841e5cfefba50be28b022e66b21f8f6bae94ce13e829d5 |
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe
| MD5 | 5e58e7f38045c129c480a43357e573b6 |
| SHA1 | 06c302d54b257cc9886d6ac86e896ef42cd59107 |
| SHA256 | 05f8013b593a72c028eb3aac449ca56e55fe82a7fcb987b5fc13a77e8388d436 |
| SHA512 | 36db6f096c2087726b0614be82fef564689cad8314fc7a29b9a04055675688b04a6cf8749bd71bfac9916382413cf1e3ab90e1dec2384197f74829e7a346ac90 |
C:\Users\Admin\AppData\Local\Temp\ikQs.exe
| MD5 | a6afad7f5a036561234f657c3e7ea9c3 |
| SHA1 | f6d2c98f65857745222073a4ca939302ddc40eba |
| SHA256 | 22267f506f34bda6c45405a86fdde63cd8798a2575c7c35344c07fbd48af2377 |
| SHA512 | d9fecd8028f231e4e8b7b176dc0d76598784b5a0d854bf1b1a472666c3c1b226f5509cef8830e04e09a39d8edc9cb516f05864123ae1076b6a05fcdeb2391564 |
C:\ProgramData\Microsoft\User Account Pictures\user-48.png.exe
| MD5 | 24d2386875e9c0c6da773d9620f387e5 |
| SHA1 | 0df6add6bce4b429ca84c949873f0c7439d65d71 |
| SHA256 | aad0a6b040016556525afd9dcba3e0cf100c07b944f1ed70fdeaae4f1232dd12 |
| SHA512 | 8a622230a70cffc9355b749c00a491d920a4fa8d3ab7f08d08deef48efab75acebd997174d80cc2a76e526c50713ea4272ec84c00ac75f045bb95a35ca3cdc86 |
C:\Users\Admin\AppData\Local\Temp\uAMO.exe
| MD5 | f97fe3eb45268ed9b85e1628c16c350e |
| SHA1 | 281d6fdb7e7d33087c9a7a520dfce0115bcc23e1 |
| SHA256 | 5b4f168162537c73fdba5e89c4b0e1691e0bf2213cd42b54a13e75d2b6078806 |
| SHA512 | 2eafbc64b2a582a670c0cb7a22a3b301ae29af3d1917d30b639d0a9d7f851c8fbdbcf5671d4192547d29044b7bea31823430795c9d327bea9f2780eb4d028810 |
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | fb69d5474d137ea3bc0162de8b33f8df |
| SHA1 | d13bbc293e4087cc8763071e01aeeb33bec0c344 |
| SHA256 | 3a4f6eec1b12f270f06cc30ee9dc7e0b24a3883de6df2ef4be8003c255c5d4ae |
| SHA512 | 70d358b579cf044eacb60fca8b70ed094d52a17b31f21cecf2d977b19b1fb888856bf83944473f54fcc09c6ae536c6431c7167ee2a98a936a63c93310d3f1cdf |
C:\ProgramData\Package Cache\{17316079-d65a-4f25-a9f3-56c32781b15d}\windowsdesktop-runtime-8.0.0-win-x64.exe
| MD5 | aa0b50378432b95bcad2d053da672562 |
| SHA1 | b5b1d4e261361dfe48b252c5c78179b86c160737 |
| SHA256 | 485780bfc804acc3a528a6c89faa17f6c911bd9aa7961469e80fec169fce6788 |
| SHA512 | 2a6b865f7fd266e35d6e0080e521754c5b70ff3348138d3c86266f765e4ae24c80e8ff77683ef8b9d4bbc18611f4eafd97a29dbca8dc9476286d9d25f9c69feb |
C:\Users\Admin\AppData\Local\Temp\OQUW.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | a906bad39ff3d98e3c1537f34ea3748e |
| SHA1 | 18c90afc43473177f2558a5b119705be4678c6b8 |
| SHA256 | dbbef4cb53da0d4373cf9c02d5cda70fbf1b2f5b1e6a0b704f0be503ef5fa042 |
| SHA512 | bba89224e34a73579360ade3ab0409e20e4199379945cad6839bb5e5f30c0dfcd6d880ff28436bf9941e4b509e04ac03ab87c78892c485ba10572b7a763f7c66 |
C:\Users\Admin\AppData\Local\Temp\gYYi.exe
| MD5 | 215d3a524d8b4ecec4ebe7db418278d1 |
| SHA1 | 467c08d6b27dea24bbccfb63ba802530782adda0 |
| SHA256 | 75767cc91098d3110dde1635d45e4e2a05bec5b0da76ea6d748c63ec40225093 |
| SHA512 | 729a006184512eb842e7a5f1621e376dca57d982294eb9cad732b9bb897c98596aa86b97db231fb309fef4a63eeec3574ec6a513071c2d5358d5b9cee5565c94 |
C:\Users\Admin\AppData\Local\Temp\QccK.exe
| MD5 | a3c297b9c1cb4e499ade11de4bc1bf5e |
| SHA1 | 6aa060d52149b11fbdc272c06b160c83fde30be3 |
| SHA256 | f271e624fd79497cc771a26eda50562fa07d98e1199cbb8ca4ec1e62daabd135 |
| SHA512 | 4d524b18c33867aed7c1a012928137f49f116ff4cd7af36f4c165fd1e2764d01af3c26b90655dd73ae279e79677d2c135df7d6dc5d15a0b27de12070d70c7071 |
C:\Users\Admin\AppData\Local\Temp\SIQo.exe
| MD5 | 44d95708e7dde1581c9d3431960a9d61 |
| SHA1 | 5c744baeb7e18556e90ac5127278c032fee17eaa |
| SHA256 | 544c856cb0203ebc0da6d86951a8cb928c111dfd4d8075e71e194878ae8bcde0 |
| SHA512 | cb6a1267544304478143d15b6f1ebc2b65d237a7f7f9529f9b5a99c2bbd6b8feda1f10b2fb6ac300bcdaa203f2d0ea2cee9f3cab1646ede6af41541404e74e04 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 61529bb1a64ab0854bd389cc925a59fc |
| SHA1 | e31b42f20b97d9ae7140aeb86bfd8fc7c10cf283 |
| SHA256 | b78689c04ac9a38929b1f6380cf52b87f3be926c86bc99ea42d7bdad999fbd18 |
| SHA512 | 29436887d4b2c117be070888582ebfc231352009bcc02bb5e7079517d28a1e36a03bb97b169709eae49b40502210f79d508433a27e9f43264dd27dbc227ef10d |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | 023aa754bc4291c84820a2c73cebd7aa |
| SHA1 | c6bbfb16bd1f07d071dd6607c936bbd58bff5e81 |
| SHA256 | c32e9e20cbb67ce7925ba761a5d66801371aca84d3fc2f1bc70134a409f03b29 |
| SHA512 | 844fffa3ac49d587274f101eeaef256e0cf69667d469c7cdd2f6fa437fd046ec5e11c7efedab6466fa63bd682a8f3665899001fee4ae0a930001a8d7518e6c3e |
C:\ProgramData\Package Cache\{fb0500c1-f968-4621-a48b-985b52884c49}\windowsdesktop-runtime-6.0.25-win-x64.exe
| MD5 | 1df8df83533eb1f4c3f18a35d689a123 |
| SHA1 | 16813a15e35b1c3c12205077e0f8510cf3a77dfb |
| SHA256 | 23dce2528633f8748f9dfd5218345d2b3776936b383b14def05bd67aa6f3d9b7 |
| SHA512 | d94a7587122732159381ad68d25549a9d9396b3829bf4bb1a4291f5ec2d8c546302cfe97bbc5f51c0d7c393f6c7e7e17dc7b82b893c74a95c62b81435fafd3a3 |
C:\Users\Admin\AppData\Local\Temp\IoMA.exe
| MD5 | 1e8e8a8c386627728697c87fa2e7a866 |
| SHA1 | 954cfd84e15e66fb74ab6368205d287fef9aef9d |
| SHA256 | 430b1d1f0d436bc6a9f48ab83adfdf4f6407707b4b24d9c48f6acc87536b4729 |
| SHA512 | 4dc460fb4beb75fa6634d1859e37e1cbdd45e84dac499a032ced32e635f7251f8e878e736662c6f5f6be726a16bf778bccce153e7ea9f82fc1569ca73319e12e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\alertIcon.png.exe
| MD5 | 83636874772fc054a382aececa824fd1 |
| SHA1 | f9f512d065b5d914027a6524e4527203148c8034 |
| SHA256 | 3ef550d5b12bce77a9f97e0de926a447ac7a6e5502d144348e6c2122b522c331 |
| SHA512 | 2c1e7c810a313abc48b8ae2f5a0e9d27350c78f85d5edca5f109b1e4fc699e8ab65ab6df3332107a0e63ae6648daca4e31c90a74eb09d745029e90aa68cda490 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppBlue.png.exe
| MD5 | cee7342dac6f951ad97d90ec7ae6326f |
| SHA1 | a0ca959268ad8c0e30b6d7a84e61b61a0fc19a86 |
| SHA256 | 41b4428d27cde5cf6cfc108d8a47069d75927bbafd13513addfc4af5bc74214a |
| SHA512 | c11185f46571345db0a942c6bf46a8805493b3f0f027fd79de2777b7cb7ccc0c96faf1f8d8ef1cc29b1121df940878854d8f76beea6e3fc8e8796efa8d2fbcdd |
C:\Users\Admin\AppData\Local\Temp\EQwU.exe
| MD5 | a77ec5f1d5f274027e1e8453f75c0189 |
| SHA1 | 4d53ea45756d385bd35b66c8ca64dd547827c646 |
| SHA256 | 621fa1dcffa90dca4e5d318aac1dd6e52cb019c1dcc29bcd3f0bfcdc0781c95c |
| SHA512 | 19f640c91740a13dced0a1b12c0271f80d8a44c5ec70be5b332d91c634d9cfa6b9c1991b6a555d3ac30c7f534628e4bd3c5e8d06a089ce8a13d01c90c6169d0e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorWhite.png.exe
| MD5 | 78284f5dbc6053f5635f42d6ea6408ec |
| SHA1 | 18a979345bbe5246f47b1263e05b46c79411b4b1 |
| SHA256 | e5d4c841dd2dab4c9ad6acebc6ccce7feab58b34d753ae508f56fd5d8e5c8b19 |
| SHA512 | 66cb2b777c5e4639ae350d9b84909cbbe0d76ba68f1cfc7714b6529fb52d4dafc3924e79b841ddec3d1b0e56e3144d45303dc8a79bf9e98a19b1beeb367f5ffe |
C:\Users\Admin\AppData\Local\Temp\aUww.exe
| MD5 | b246a22b64d898c488711b1073953bc2 |
| SHA1 | 92957ee74b6fab79630e7b8e48fe9646e253e011 |
| SHA256 | 9a0f2f9e686230771aa1fcf056bcd9378e4b3813ded7b7f9071c4ac60059cdc8 |
| SHA512 | 09b214c63d9b1e048b9cd7645caea82ebc227da0e6b7d6b94e9930822beee4a794bde1a19d1a2813d823fb4f9efc7a07f9fd702b05f46e5320a4dddee3110a2f |
C:\Users\Admin\AppData\Local\Temp\YAkM.exe
| MD5 | 5077e493d94303fb4912c68742b5b8b2 |
| SHA1 | 641f8836f0f1fe5957abb8eb0be957692e761212 |
| SHA256 | b348ea1d55c2bc757a006125fa75ab81172098e753676bdea7136b7d05764e2e |
| SHA512 | bad5dbab1aaba115a4b41d72c0a48c3bf2d80397d9cd871a38ee1afa53b6d8f11248d0bd76512390ca06865ecbae5d83cd6e4442b161dd5d0a7c11828c52bb0a |
C:\Users\Admin\AppData\Local\Temp\cAcG.exe
| MD5 | 301c697d1c50c729490249ad22149469 |
| SHA1 | 0d6e24bbcf78e90361162b5e75a5a90902216fa0 |
| SHA256 | b2dcbd92cb5c7b527f18496a0c00d8ad3b667784f1c6e207bdbc0aeb500c3f37 |
| SHA512 | 95bbf1ab31a06cabde9efede50d694c59da7cda285df86f77c2ebd5e8e60b33c229c046cf84c6929ea18c8409386246940e034345fd06cdc341f1feadb803dd4 |
C:\Users\Admin\AppData\Local\Temp\ogcw.exe
| MD5 | ab195f32dc6ae355820cbc8341f83a8d |
| SHA1 | ea708d5bd2e1d1ec7c6ab98ad0648c810f61421b |
| SHA256 | 0344fb586de7fd7882675c75e1795058c002e37c5f1f990c9697c871d07fc1ff |
| SHA512 | ca8260527e82c5ff2d3dbc1fc5b5efe75142f3cd3112a16c5b6253a1f6097f56a9b622b51da08c9ffffcc66bcec4d33bcc7fad8c995e7cefaf3e1a42e40091f6 |
C:\Users\Admin\AppData\Local\Temp\esIe.exe
| MD5 | c9992a48c30f22a29f91c6751b511899 |
| SHA1 | 73bd5226aa0fc2d320b235bec8a5c06c248af9bc |
| SHA256 | c99e51fceeed85f5c28291767ca84e4527d24b929efb30c7f9d6209ae6f52c93 |
| SHA512 | 3b3b14b492525fab013e292327228b4bfbd9fb8ffcf90e709057517f2cadd56b83892b087498c637bf1af3f57feafb2c898f61c176370425e58b61e01b21c1b1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | fc73a92c516e80d1d0f73993ea3cec05 |
| SHA1 | 662473539a08c9006b90bc4acb81d058f45fb7f5 |
| SHA256 | 40200b6597412e993ae00f51db7ff677ae71e398ae6df3730fd02820eae8f021 |
| SHA512 | 6c43884719e5f71983cf70a229e28c7fb09988bb378c436d482f4953f4c1e5bdf104bda9fd2c2e52b05833675a88f5ab55cc48c5d81c24b3e843e68e1d4952f8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\blurrect.png.exe
| MD5 | 33c8dcd9c3b9ac01127ef35a567e3997 |
| SHA1 | 8121ad8cfdbe37b40f7cc0b96b74ee76bffa802f |
| SHA256 | 96a17e53c2adfe9755ef1c538fe6e1ca0cda8d1f85ba0ca081bd47218a46da4b |
| SHA512 | 2e48a82693d972ab9ab4dcf398c29b6b77dc152de508edd4c47f77a7985976b8ed9956ce3c1ae1206b3196bd773f6e86f480d9b319fc17706b7335082d077e22 |
C:\Users\Admin\AppData\Local\Temp\MMYi.exe
| MD5 | 89bb80261c10fa213309397eee4a6696 |
| SHA1 | 1c5c926a1e0e6e2dab865dd0379ee4c614f7a60c |
| SHA256 | 221b8f7e8bab9b8689659a9afd5bbf0c5b9869907d16da18a5313788b25d7b01 |
| SHA512 | 7306357d122c0dd3ccb07782a37708f1020204a6db4a075bf7228ff1bb619aaf9a6f15d4f02d2366ac71addcdd0e53c4fef169dba08a6c500bb81c30ae1da2aa |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 77af8a8f202d45b8173615685919acc6 |
| SHA1 | 96e551bbbb55d0f315e98a33ef8b45d06d0a8f88 |
| SHA256 | ef2451f4e2905ae1aac678c0d2e812abf0dcc95a18e782d601471ad177ab2185 |
| SHA512 | fbe6bcdb1a80761b492be105af60360d55135c7bb52023c1dc9e2e1568e31ff5b2716c15712f662da8866090d3b0c5d3aca5b1e251b8bd18f49e0e08993cdb34 |
C:\Users\Admin\AppData\Local\Temp\qIwq.exe
| MD5 | d5cf72e07585e64eaca0aebc6dd9e356 |
| SHA1 | dc2e18c024f0ed4bf6adf4d7c4f729292d7aea2d |
| SHA256 | c766afe6b25b663a077f6d70bd0df7f466a03130e800bddec119bbb6f9be3d32 |
| SHA512 | 10ca64e07158db953c25446c509f51fbb00d6c3098bc90bc289720d43f042d985eca46d6988e9576b6b0041cd71013a110fdc2a2761a34faf62ba1a2b52e41fb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | f7373dc4345ea784fe5c28c1862d1e53 |
| SHA1 | e99bd7e55f51599f11acb38fafac5df76f3e7492 |
| SHA256 | 33722fd287e57f4764ffd7b3ce52807bac7d849e602c1ec02b60e65910aa2da9 |
| SHA512 | 28f17f9dcdc9b09ab63bc005c9c0f2e6d3558fda61e4d18fad542f421ef5c30fcd2a8e1f4e434b603b0816b05b0c1a9fa9130421e0a18e41ed747311df3e92a4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaCritical.png.exe
| MD5 | e3bdbb45338d091e967c162decbda5cb |
| SHA1 | 65d64456c27f656117fea5e9b49df54586017b9e |
| SHA256 | 2e2dd0be64d664c7e4b74f4e5bd9f4bc882b562b7eb045b421a89ffa9f9d85e5 |
| SHA512 | b45f94300109ad933beb1ea817af10493a8ddaa1e24258bab14ff82d4f50aa0a8ed0975ced09c984ea3c8d4a2dc05eafb8c300bd64ba291b24a1578fe4288c97 |
C:\Users\Admin\AppData\Local\Temp\AgQe.exe
| MD5 | 9bd7d456f4562916e7a1900e44012255 |
| SHA1 | 304a0671998a7f50c13d1778d5bf5066bf849b8d |
| SHA256 | 2dfce68f220f3eabea4f8ec813084e9ef9c83ab9a9c4eeafb2da73757f8045f7 |
| SHA512 | c881b53460e19a2764be6e28cfbc517456650ca414d6e46dbbb7c83a0a12bfefc8e8fb3c3dd60b6250ec20e7a4c8bf76f577d21243edd3efd5ed2f1e34ed5ab3 |
C:\Users\Admin\AppData\Local\Temp\YQAw.exe
| MD5 | f203629e87103ec67941a63923e31c5e |
| SHA1 | 86d1ba788ec6c7b7f67ab484b74c381a24ee12eb |
| SHA256 | f87e20e21d9f41fa8a1e9b726fca4d4db6887a7ed4be8c1fcbe7b2b208d6b936 |
| SHA512 | a4ff569710cc3c8fc45628c4eb47c8b0d34f3ada280607a1039b189d6e0726e9d5fb1389835e3fd9cf56d0201cd92ef71d461bea5d28317670590b7a1c507c0b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | 186a2c285d070c08953623c5444fdc8d |
| SHA1 | 3bd2d90da4c1a1668f88943987eccf1e0d93a1b1 |
| SHA256 | e035e7a597d36b24faf4e397d3bafff2cafcd799a74b7b3cbdc16b991b014fa9 |
| SHA512 | c87c524a9be312a50a7d9a2145ec21c755164e114242dd93667549ef5e72ca0d99ac204251782d483368d26c253ce0f13f355772a8a2a9ecb8aa32239ee72ab6 |
C:\Users\Admin\AppData\Local\Temp\wQom.exe
| MD5 | 7c94d45baa6a14885c45fa6f217dc72e |
| SHA1 | b3c726a1f66c16f3c7cc0d774fc20de4f1b6f442 |
| SHA256 | 2c4009cf29408cf80245ee1fccba8c0edf7a1c88fc85fa5f151a4b4a4b12aca7 |
| SHA512 | 48befc1180e72d1d74764c3ab454f2d981421ed347c1a740af5644ed3a303d36e6ba9a4088f8f9ff9bd485a04121fedf17ce1aa283f211412f21feb3bee4f44f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.exe
| MD5 | 319dd61908ffe2519ec381e2b8a5fdeb |
| SHA1 | e3a0f3bee230989c832be7f681a29de21bd6a037 |
| SHA256 | 92a9b773f84daa9058b90b81ab15bdedd54f8c90cae3d1ee229b90ee65937bb2 |
| SHA512 | 43458d90897160c8df6aaf968904b2a7929d4f043afcb15456c986606e6544a4d570e66c8fa5184c3b0d8a996bd53d01f658009fcfee5707b4639497de0f131c |
C:\Users\Admin\AppData\Local\Temp\SgAi.exe
| MD5 | a3e58aff6499caf5d8fd96cbac7fc3b2 |
| SHA1 | d05b5284789adc97a602d59f094a7f7e7560c4f9 |
| SHA256 | 7173e2fa333247046c0797277d9221cacf0acdba66eae5f024a8a1b9e369e123 |
| SHA512 | 2f5bab42fcaf3b1033acaff31a04519dc7c2d36be6819921e1f5b7899853ba42a9bf1d33b823bdb6f15acdcb229ac77c9deed6139ae69c0fa2e64856d429f66f |
C:\Users\Admin\AppData\Local\Temp\MgwY.exe
| MD5 | 19a4f802d9d16b99cae1d749584a7535 |
| SHA1 | 1d2e92a80a56411c3608d465335227ccd7c1a95d |
| SHA256 | c07a85e98068cea9e97cd4d903dc2694bb5bc9f88e10796e7452b4831e8ea4f8 |
| SHA512 | ad984c21d4ec1b028145d58a7e59dbc1230bd7c4cdcbb8ac2a6cb172a62b8c839cbb828e598bc443120f627348aee2472f685c4c21551d000e675066bf162267 |
C:\Users\Admin\AppData\Local\Temp\oksC.exe
| MD5 | 7f54de01093f5278951f12a7faeb9137 |
| SHA1 | e38411909cee2da990551bfdde0fc7871d59ee4e |
| SHA256 | faba6c9a4070079f939f87102998ee0c692f9c24fa63e76d586181ed4798fcea |
| SHA512 | 24939e84aa1aa1622582c828401d0fb90c89654929419a4a4575eb80a0109b8176deaeaf47560f4da0d3d966ca6d5f4897cfbdfaaec969246c2fc5f32eb82fe6 |
C:\Users\Admin\AppData\Local\Temp\wEgs.exe
| MD5 | f3d3570134452456e2443eb16b7539d4 |
| SHA1 | d1a5eda237ad875dd582907b6ddda72a4a2abc85 |
| SHA256 | 2ec89763316d45668f64acbcefffa0131db50354dd60ccec8a6f7663ce8ee0f5 |
| SHA512 | 8e38610473a979b15468be53b40d900781f6b4acf281c685c86e0b0660ddb30e6ac6c194ad88f930631a41464f0bbd9ea8233011b846e3815769cae97ace9f81 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.exe
| MD5 | 1f57b3304d3e54c82b6de2b7997f8235 |
| SHA1 | 260263fa3e49243c77ce006a44f8c3a27489302b |
| SHA256 | 3d3cb9b18d97db7752cfb08b7deaecb5ac83979750faf9fc06a49b97f5326c80 |
| SHA512 | efdfcdfc50b7285a50859e35ffa1a7dce7ac0f230b4b02bcb2f59d9f2cadd7894093fc9e43c94012bbaa1990328c7aaaa677dfce17090e1778d8a7f565d38b01 |
C:\Users\Admin\AppData\Local\Temp\eQUK.exe
| MD5 | 03a3fb62c896ee5a3b7c8d81cca68d44 |
| SHA1 | d9d54c39c5a7c2945784dd71813a8790f31bad53 |
| SHA256 | d3400e63e69c4a03b993e8408c8b74976f4cccaa48767a9852fc80fa70d84472 |
| SHA512 | 00b06e4b26aa669e42b85f7efe6e17fbea3583fb4eb7c51563e55f284f7235965a05c7c9a30d1290f8daaabc985e38636206abd4ec0e55d9d0d6913c8c4c2e70 |
C:\Users\Admin\AppData\Local\Temp\ckge.exe
| MD5 | d3fbae046511ee73ea43bd2b659314e6 |
| SHA1 | 30699c037473099d8ca9d28114705ed63eae2d6c |
| SHA256 | 1d34098bed2905083ef0a7d8a25822a54abac41dfc84c4de1084c4ad018d686a |
| SHA512 | b3a1250ca75360263d77926199389f43c50340b966df3f048c512fd62aadc05f3da144497c3553734d2b19de5a10c5d2ec45bc088c8f45db9a15a49815e9878b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.exe
| MD5 | 438a2f296794a24cbf9f04558a7db415 |
| SHA1 | 0ea1816474cb53b45fb9cfcf4136d4e9445cf7f3 |
| SHA256 | c5aac192d6bcc207e8d1e9f245cf71fc74ff3c66d524aabef2f9a6c25451d235 |
| SHA512 | d420b2f125d0aa6b80f52684a956b241706eb9a2352454ae719a30a6e74fcb91cc1a82216aa2ce458a645e8b9a89f068339ae6fff2627de0c40567e47bf4738f |
C:\Users\Admin\AppData\Local\Temp\isAW.exe
| MD5 | 886067eef89de32a865256e2ced1df38 |
| SHA1 | 7b6943104c1c25ac29a7b5959397e1d2541978a6 |
| SHA256 | 4c0d92b32262a2bb0bc6c1d736a6c65e326b2b06e4ab0de3aedbe7474631c56d |
| SHA512 | e7a414bed0fd846c3dd0081f52a8e03a8f9a4e5f8f2526ccdf8c3efd5ab20c429bb9cc5d5bfec72fc34a1d1efd8eaa9ca19224f641000f4fb0e4fde228c88f16 |
C:\Users\Admin\AppData\Local\Temp\UEAA.exe
| MD5 | cdda64784f756306a418c3329503851e |
| SHA1 | 9aca4d9e3dc8518679b1e5b0cc70eb2d9def98ec |
| SHA256 | 8b7a99592af202b0820e0dbda8e52dce904f00d3c967723f5b42a6dc13aeeca9 |
| SHA512 | 4267f68bfac85602a9fa16077653c3a7851013bce369f43a9dbe2fddeec666d052238cde977e162246f25884e7b9db08e7cfc66bb295cbd02d9a6b4430c37758 |
C:\Users\Admin\AppData\Local\Temp\agUQ.exe
| MD5 | 86c31529170c8d831735ce937fa8b025 |
| SHA1 | 32d6fa5ee0e1c3ff3c8a7e8572778db13b15d113 |
| SHA256 | e3e8d2882678d4df79f8e7e069584d5e84e199a8de1ea439761f3c00c4690f32 |
| SHA512 | b52dc4681fd6efb0d740a7491fd4a50cc2f546a4f655758dc05be7ba2d336fd883a30eaf4cba2059de1644c078235a274a3c3b54d4e214c03ef83815c962cd03 |
C:\Users\Admin\AppData\Local\Temp\qoYU.exe
| MD5 | a8b2fb1c7f2435a4237c0f38a3e215dc |
| SHA1 | 0f62f058a24a5ab53ad309443cb142fc31ded3df |
| SHA256 | 03862ed8b6cd026a3108ff58d52befadafd4ba6dd9a427eb984ca82613c681c9 |
| SHA512 | 5266c36b585b9ffbce72478686e4cd11da2b534d51e19784b3e8b85ed342d996d23e6437963f91a8d96053cadb4762feeae6c9113cc22485487ab22a3aa3d6c6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png.exe
| MD5 | b8dc61cc6b6c40618494d970ed04c373 |
| SHA1 | 47d1dbdd7c208c5a2f489779615dea6bfac5726e |
| SHA256 | 5504522b25d47062d031b0ba94e84967f4760c8195c033101982b53031c298af |
| SHA512 | c6b719fb4be0be35cc6af57b0987b239e4b3de5bdb2debc4c90c515d852c105de36e1110b26b75e64e19304f41e8e29337026fddfe88b739c987b3d5e3eb7bfd |
C:\Users\Admin\AppData\Local\Temp\YMUu.exe
| MD5 | 06792a9a7b2c4ef8a4ef1b8e7d95cfd7 |
| SHA1 | 85b91c42fd914bf0b1f58268a50e4854158aa35d |
| SHA256 | 1540ecf7e6519877be80e0abdc079ff5013a6d8301da9b7c7fb96cd455270ff3 |
| SHA512 | da9860dd3dd464cafbdf6e33cc63d1328a9049411bba237061323ceeb507224b3d855ce1440a0e80afd9333aa4b3addffae3df217defaab6d68cdc8fe7af7863 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
| MD5 | 35c677c4a03bcb67a267d2dda3e4181a |
| SHA1 | 95232977208ec4efb6858c39df3aa561cd1c4b33 |
| SHA256 | 9ef5164f8f492f25df855485e845edbf3ede6aaf0c0d624b584b2301280f9974 |
| SHA512 | 63ee634d3989117f67f043f4bf73bbc84baa0bd38b43cd16471454a7503c1378e8f74ccf718b752f816de89ccb65d1bc9755bb6bcf340900aa8698f1422578eb |
C:\Users\Admin\AppData\Local\Temp\EYIE.exe
| MD5 | 5cf68fe237a00b0dae8588b6e8cb4a99 |
| SHA1 | 96d1c01561e8a07409c64c3e2469f9960f8af10f |
| SHA256 | 27128b3c61827952cc96e46267df60080e2de744a4fea27302afd8b179591ca9 |
| SHA512 | 78d739fd4cb7b5f6081aae2435e463f43e67e4fdc3ee519b05f41f4690c5ed62426f81037fd9e46c13517ba7a419c2d21bb098c2b944d40f04af814c7fc719e8 |
C:\Users\Admin\AppData\Local\Temp\UgUg.exe
| MD5 | a3ee9a27a87b8d7cf6acf73efc05a38a |
| SHA1 | 9be1ea5930fb3b849f25b1bfdccba4db6d1bca20 |
| SHA256 | 9c38f297e11f724cb7585012f1aa6304b5bc32afb2d0b30d29e6a97627cf88da |
| SHA512 | 52c9c220596774a39ca824cf6a063c003301b4cbde011c960e0413891117163a578ad5b8edc9f74b496efd7fdb6593f7ba776b368e25189d1d113d14cdf5a4d0 |
C:\Users\Admin\AppData\Local\Temp\AwUS.exe
| MD5 | 2b3dbcff66e86b4374adfa918a1b5175 |
| SHA1 | ece7b2932c2855d2f15ff22849cdc894715b3c07 |
| SHA256 | 3ec40cdcb121885e8dc7abd9866007b97bd3efbcd08b79821859c66df1881d2e |
| SHA512 | 6faebf1b1d6bd2b067bd4858e821b25293ec127e4a0e240df402d611526b71de14856635de97527f37800d93ba35803a13bb8af513c41fa924c1d3fcaa1037c3 |
C:\Users\Admin\AppData\Local\Temp\yAcS.exe
| MD5 | 39dd1a5b0fb01d2c5e5fc64a30c55240 |
| SHA1 | 0537078faf8e279abf51944487a038439d5fbc5e |
| SHA256 | 82f01ddf77088230a6595cdc3e9842d23dc421da81c0454b9766d5b845d0ef5b |
| SHA512 | 57269acb7a1ce10a90b16ec087ee99a1ca67b0a165acb14940033476e826ff23244d4c199b68fe281bfc47318e269f6ea1efc8b62600c177ffdac17c2c4fa9ad |
C:\Users\Admin\AppData\Local\Temp\CoIA.exe
| MD5 | d3698d5a44b4218f3101605368e4be45 |
| SHA1 | f20101483ed2ca0a08124ebd4f06d3c7cdc26822 |
| SHA256 | 0d3319542bf9f5be585a1f7c31e539af65cfa363961b7190a388afde52987c3b |
| SHA512 | dc4bc74dd3ca624d0b1eebc7a1b12c6a69be33cbad74e3d977c3c8f36e7a8be241fe65b1258280d2e464bcdde62ae9cb3c77da44aca115655b7c4b6994ac244d |
C:\Users\Admin\AppData\Local\Temp\Wowm.exe
| MD5 | 7366edd25c7c6bd522f48cdb094342da |
| SHA1 | c21973c0a262ef8206d0e7c4ae9380a4981f93e9 |
| SHA256 | bb9b92b661316517fa94b394456e1c27b145a7596e209538ca21dd040e8ec003 |
| SHA512 | 4728ae52d67da950764aedfbb7a2391d4b1cad27c6eeeff40d497a9f24fa6ea816113bf46872ae71c5446354b8203bf048f9ec43ece274d7c54794c71958838c |
C:\Users\Admin\AppData\Local\Temp\osMg.exe
| MD5 | a97e574881c56dad20a8cd0d22af2ffd |
| SHA1 | 1b0d698b89016c0ccb46b194b0545d32064d7a7b |
| SHA256 | 89eda20d06f4002e79acc79d05b53791b018ed22fe45d92b7582ed56dcb9c536 |
| SHA512 | 21de04a8a56b9d41e3ce7f049913715e7d4c73f4e59ca40915289beca088ddd7dc9de94a338ae678c7cbf83f6595a9eec2b573d52ef929ca4a396fba04cfb873 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.exe
| MD5 | dd53d301ea0d0ee3f332898a10cd8e90 |
| SHA1 | 404a91e24ef27a6baa560d32242a6c89bd9179fe |
| SHA256 | a7be829e5fd410ef47035f5f498313fe5e726e854c87f8413d4df9b2ca7bb9bd |
| SHA512 | 77cb5e3235fb401aee1b6e7c48a00890f4adcc2c7137bb5db27b9d0e0c0f947375c69167b229dbc6bf5986a366f20a810f63ecfa0a3faf2de62dd75e663b3cc5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe
| MD5 | 3bf62017f7ccf17ad6311312f2d2983a |
| SHA1 | 7f8fdcb82bda6e312d5208abdb487393858d02df |
| SHA256 | 478e84e0b9bf2bce7fb9ef53c6b072ed79c59a20b307b2ebdd6d06ff12d0902a |
| SHA512 | ecb0d23a316575ae8865ded3c4d69d5b04ee3ec316ccdf96e7ce9b31ef13af0743ad8930dd25878684a3462961aef37dd8496df459cacefc9d1a425b68340dac |
C:\Users\Admin\AppData\Local\Temp\uoME.exe
| MD5 | 36a5cd62a5ff9e6d5b9810ed6e08f74c |
| SHA1 | 74bb41299e45697673b907df663878de36eb7fa6 |
| SHA256 | 6de52737801dd5c8350e1e0053944db01ddd7e13dca06476afa9e3a8c56bfdfc |
| SHA512 | ce24ce558a2ef6391f50d1c0cdbb0c5860978d093a146ab705d6e42c641ccbad0f391582718c05568ad9b523b1891e7b09d593aee118bd455399d8bd15a22d9c |
C:\Users\Admin\AppData\Local\Temp\IQME.exe
| MD5 | a608f1578264488039c5f937dc254bbc |
| SHA1 | 730bb39609c4cd09218c61d4cef7902ad704222f |
| SHA256 | e83c0daa91bbc08f18e0ed68593d84307651757b66332050e9203537aed2f669 |
| SHA512 | 1f2147aa30a157b1a721799dfbd1436e71d9dd8ef49223598bc6ffb33af823dcd424ef90d90891c0c9a83b24544b1a8abdb94392d7aeae0e88efe4cc6cad9afd |
C:\Users\Admin\AppData\Local\Temp\CUAy.exe
| MD5 | 393cf3c83026835cee116e3b1b8f2952 |
| SHA1 | 4a26624e5a91fb833b33619865777febb6e26852 |
| SHA256 | 6c316d1cd302e245e8ee9560f856f8b75594eeab47dcf89e9fc9f832f8845ec3 |
| SHA512 | 0f3f8e62988293db2aa8af22aaacea085ba14f35efd262a0b997457e88f677927119ecbd77183389e78fd348db7343be0175d379f0842e53febe54548a0a18de |
C:\Users\Admin\AppData\Local\Temp\swYY.exe
| MD5 | b370e89937c259b99c594655ee490ae3 |
| SHA1 | b4246afe1a50c5b4f3e4c594cf1c5af64e8ae220 |
| SHA256 | a42199fae48d3a6e689574731833ecb78112ad793f6d11214650a6b782cceaba |
| SHA512 | 336cae441da64ef7e55a4f65978cf0909b50f71ef605ca3714b070475d3224ea50591e27f7072d1754fb728034328f78faa857f87d16516bbd3a3861f1024b0b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.exe
| MD5 | c71509cc88413bb1ede4d837e37d6319 |
| SHA1 | d5dd07f9fd3b796ba773f201fd880506cf8e5150 |
| SHA256 | 6f9eb9771ec6f493b4fd49d7d1cda6d4a96924989dc9c1d42eab82eb2d29754a |
| SHA512 | c4fdbe566e94148ef4da69f99fc3876964614426a6f57514e9aee6ac6f904c727ad7e754a9b734a1fad6e1428e46998a550c2b9453b32917329144337a76b0a5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | 257f452cb7619968dc0ba0848f1af7ae |
| SHA1 | 0c2892e89b79dd014d4fd94a6b85d0e2cb2a9e91 |
| SHA256 | 9bca977801af086d39d8c3cc6412dbe999c92e3030e7da25cb38340c98007294 |
| SHA512 | 10d861180bbbf895b01e89ae7ed3e89563a32071c1e940ee844ea13b122c862a07f56473a9649f453f2962c9d28e82b1a5b219b969b189576385e358590a128d |
C:\Users\Admin\AppData\Local\Temp\CQwm.exe
| MD5 | 5fcb3cab4255aff4cf9b9540d6a9a792 |
| SHA1 | dcfff747bc32acefb40c1e442fec805dc931a6d7 |
| SHA256 | e65833dbf7ac6b85a887f715b8ba0ff14aac1a296ec79c37cbce39181d1c8525 |
| SHA512 | 4a0b2f87954159ee3d23d46892bdc8258f7ebeab9b3e2d05750f9bf04c07c2ffd1274440806a519cca114d3c81e1070b52e56bf1df358d88ba12fef7e09dc0f3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 9385887870aec122d29992220f5223fc |
| SHA1 | 154d43590982e7031eb4ab0e5918e32eab400702 |
| SHA256 | edbbcff9c36e311d94a3d0b274fc4134c1ba20f17c6503adff52bcfef5359c2a |
| SHA512 | 1c37f56fcd6a7b3145e11a404dcbd752e8f6b7e8fb04cd50ff6ad51ee08b4305025ca08554f6b799b5a6d532af302f32cdcf2f682554daaedde7cd630c819e65 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | c302b2e4ad801c4cedc6fa87071ae9c2 |
| SHA1 | cd6ac23af173eac96fbba9228cb7e0d2ce03cb8d |
| SHA256 | 20aa540cf2e1953bb19b3a6e1a05908d5511a11714f1dbd7600e05b645b30d99 |
| SHA512 | 19f21da4fb6d669c1d05d0bfe7bc9c52e7833431c8893a0155d761d8cd69022953c17b89cb263b6b62997b6680b0b12c20c448cb4f9b87c0e1a198224fa56063 |
C:\Users\Admin\AppData\Local\Temp\EUIs.exe
| MD5 | 51077d7e9acd45b7f4130ddadbfebde1 |
| SHA1 | 80f56b578ab9a27cfe596310fc436aaa845d4e04 |
| SHA256 | 1fd78e20258d76ffe545659dd0f242056593c31432067da4e81bcfec1a5b7e59 |
| SHA512 | 87749698ecc3b734edadd43b39c681e01ed8c152802417480cbe24f5e626c95ecefc7b1206328bc5b4f658cc2948599fd5759507550d02b38066a77abafed936 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | 25830ec562cfc997d339a319c96a7a58 |
| SHA1 | 8ee59f4f787050a3bba0d9739b5b9e63a2122f6f |
| SHA256 | 3cc1a08aa618f50520ea0b2a11cb20cd5aa7fe52cac0e6bf73afcfddd86d59a8 |
| SHA512 | 214dd61a83ca6627ce17616ab86648532f788f165438a8b74b3a1a53916ce05fa93f8c040f24c757d0876959c0821df0a2120b4ade36cd16d8a28ef8a3cb41a4 |
C:\Users\Admin\AppData\Local\Temp\qoIs.exe
| MD5 | 86c2e3e357e6b201eabdff62cf0b606a |
| SHA1 | a0bfaabeb8e308fafa6b5fca666a16a1f5a41b2f |
| SHA256 | 9aa604ff113a5c8f705725026ba50a6aa4d452f5b9f8d5bc5fa0ab4d6bf0901a |
| SHA512 | 3a382cfe2fe03eaa50b18cf8f8ae925d434e792d5a4029e807347778507cd8f2cb9a7923454d2eeebfe28dd308c78535b0836fdb2b6b7e4e83d54a072255ff95 |
C:\Users\Admin\AppData\Local\Temp\GgIs.exe
| MD5 | acd4f974878768ca02e970b290e70731 |
| SHA1 | c17b450686115a8d8119dad50a9356433a859eb3 |
| SHA256 | 4b877c18474a41d57065cdeab2c107b517cffbe687bc4acb7994e810545848c1 |
| SHA512 | 48eb78602eb506452ec134762bc6a72ded4c0deb68d92f89a208911a9ee3aa6dc1aa3f361f28695c5f15a5cc30194ced0e6bc0fa0e951badc1a05a693c441aed |
C:\Users\Admin\AppData\Local\Temp\QYII.exe
| MD5 | 261b5f9a23fe19f41ea46bc045668bb5 |
| SHA1 | 9f9bdcd82261a0a790dee0beac29048eaad9c9f0 |
| SHA256 | 20a2d5d183d1f1b668aef6f85fc9a08e77b1179176a2d26177a043ad3dd0af06 |
| SHA512 | 76a41ba4b776d18935c47b0cb404c5b21f33059ca7d172884b257662da229b0f8439dc743fc95303d3938296e485267cd39a0c4f23631d44dc890b8e40fead76 |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | b2e97d8e47274972285c0181964c8ae4 |
| SHA1 | d9e12f48172a06b41e37cf0bda6486fea95b92ab |
| SHA256 | cbbe7b884611f080600a42b25a329b5151b1c04cd24fbd754b6b6983d6702912 |
| SHA512 | 70e74e1fd64f5fda44d80d38c9a6920ebb24288a20938dfa7e14da5fffa42c57cc81fa1af103cbb6622856bc131fa6ea6ff4636b8fbac53616b4403c6391f258 |
C:\Users\Admin\AppData\Local\Temp\sQAu.exe
| MD5 | 3d59ba6b551711db8baeab5b513bc250 |
| SHA1 | 59945df5124539a03fd4352c63cd3f19fbbcaa98 |
| SHA256 | 2cd3097884a0b8b336468e10150c2a11019daf7fc8a91b5e0cd49084c02e2292 |
| SHA512 | a3e3a3ee006f6ea015a7f914478b792869f48a03b01d5c1f5c2d9d1aa62ca327c5e9ec7ef69204bbe84a159174d033c53c1020ff071852e22f86193f5b82fe2d |
C:\Users\Admin\AppData\Local\Temp\wMkc.exe
| MD5 | 0b6b4a389a66ffe57d7cf61616d4724f |
| SHA1 | 9ec939100b88d1675acd86de6104f6befca3b288 |
| SHA256 | d9aa4e5bd32b944f882574ccffa2515169341d65d9532cc480761c290d5ed6db |
| SHA512 | c5b6850294bc62a2ed51ff461ad651de691a6f05c51663a727fa9cf75dba39a98866b86426d1ab03652ad194288a84ce6ee3eacd5cb4753acad3a28eca54dd5a |
C:\Users\Admin\Documents\PopUndo.xls.exe
| MD5 | 09ba797c0cc32463423e5f40e5742956 |
| SHA1 | 1ce47eb2badb0d4ea577bb98fcb864f22a8f8a49 |
| SHA256 | e3253e4f14267d088fa1ee010d7d58593b00747dfc5ddfaec5903d2fa4b096a9 |
| SHA512 | 2a609f49b6f811c4a5bdfd61a1c19a5874919be1e1256d9eebce203f4b5e8cb53bc0cfb6126072eb1074b2b198084dc77c1346b373118ffd40eb9a21e9ddad97 |
C:\Users\Admin\Documents\SyncResize.pdf.exe
| MD5 | 63d5b98da05d53cd42cd40e66571c9c9 |
| SHA1 | 7951e608558f995d1dc9b6c1fbbb433df4564039 |
| SHA256 | 8f47301111d2d24e082db61a0aa44fcbcaa2aca93d9f546c280318ca41d1c029 |
| SHA512 | b0a48b0128fe2db83e30d6d6bd779658e818b20ac8a0521163989edb907476446b3adb87979c263a54be73a8bcd1b5c006d47f41b119e5414220f7223fbb3cfc |
C:\Users\Admin\AppData\Local\Temp\oAcO.ico
| MD5 | 7c132d99dba688b1140f4fc32383b6f4 |
| SHA1 | 10e032edd1fdaf75133584bd874ab94f9e3708f4 |
| SHA256 | 991cf545088a00dd8a9710a6825444a4b045f3c1bf75822aeff058f2f37d9191 |
| SHA512 | 4d00fa636f0e8218a3b590180d33d71587b4683b0b26cd98600dcb39261e87946e2d7bdcfbcd5d2a5f4c50a4c05cd8cf8ac90071ecd80e5e0f3230674320d71c |
C:\Users\Admin\Documents\WaitUnlock.pdf.exe
| MD5 | 1d1fe24b84688da51db07110e9e1158e |
| SHA1 | 4386d1b29527853cf303bcbc1be6a0976f4058c8 |
| SHA256 | 5b774229eadb5c497f78af9bb32adb83964bd48f3347d023f5acfadb263d8654 |
| SHA512 | edf90c6a3932bd5eeacc21e4adca6884d5b076dd7ce7be72dcaba134a6e4ce5eaf8ce79dd1ebcbe8020c1b8ccb1b4798c152bb62feeb778a0a7ab1daf63890a2 |
C:\Users\Admin\Downloads\CheckpointFind.xls.exe
| MD5 | c3142f3a9d0e36009f73b098043573fc |
| SHA1 | 8375f7c5406dfd67bb80623f3cb1567adaf3e72f |
| SHA256 | e131ac478f07347bc82ca86e0b2f890f1e9db7eb7f6067ac5cdacbfd94f36ab6 |
| SHA512 | 97e0a4961f259f64d5d34225a415ba39aea9a8df86768112e31da4a6901cdcd6260a22ffcff468178f9d1d42c41b50508c95cf2e5113b9fd87970709cdde5eed |
C:\Users\Admin\AppData\Local\Temp\GIgS.exe
| MD5 | 5e3f75fe5fda5460a1fb1bd73de9a181 |
| SHA1 | 263f8ea667346202ad9d6ab883fd99ff2be40a44 |
| SHA256 | 7bcb7a5c8c2273b4228ce2f85b0c6389e63fa803792d5d95aa0642ef0932ae49 |
| SHA512 | a3bf874cd6ffcf6d07f9a125f159e182cb4c2d9b595e0a13ec0dbe431a80b78342760264241e53c45271ea554152c60929d65784967d2c50d565a1c80a7b04f4 |
C:\Users\Admin\Downloads\StartLock.ppt.exe
| MD5 | f61e7274f8c72e913e00e758f950478f |
| SHA1 | 65014dd0e2198db4ec3fd1b19c4eb4d33a531510 |
| SHA256 | 1f42ff2b26cbdf69ff6797783da06c1e297ae87a35e1f69fff7e4ed5bc9b104e |
| SHA512 | 4d2c853ece25440ddf6aae826579fdcb69560ab5f665236091e8a1a1e80e8d3870190e16a85e635e60944025145d2bd38729edadc7333a712a571db3cb98c349 |
C:\Users\Admin\Downloads\UseWait.mpg.exe
| MD5 | c90014e19490f8a8647700d939a130fa |
| SHA1 | 9eba67567f4b7f3906c616e5852fbcb1a9af9e41 |
| SHA256 | 9bdc7c8680e67a499d2f7b153c6886ea76a5a0c4bf326328f2015e145883266d |
| SHA512 | f67d79ff6e9abf297a7ae6d8cd6134d4fd8f7e6987a912da7abc53f4a651dc81f25fdf31443345b3f73677a26a7803c73754f668b4bbb99d0934b261658965cd |
C:\Users\Admin\AppData\Local\Temp\KIIm.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\oQUy.exe
| MD5 | 66ff244ac125325dc3aec4f5a65f592f |
| SHA1 | 9e28c20cf338d3e95b489d6aac46065176114bab |
| SHA256 | 28b48d753620bcea8114cfdcde2f7a5df40baa0b1bf6fe90bec4ef8850d72fda |
| SHA512 | 9d1a1f9b19f46ccb8e2c8d590cdbd011bdbc3cc43f3fc7601dc334f1120425ebfd824d22b6b4e5ab1999c938440c05d7bb284fed5a90752f5e128278a3950bc3 |
C:\Users\Admin\AppData\Local\Temp\IMcM.exe
| MD5 | eb57a84014a3eaa2e055ed1e1c43bfcf |
| SHA1 | b4a7b00125ffc1e1fa874c79c323f7c82fe2ce01 |
| SHA256 | 5dfaa99c458a6b351664a4f171d48d54f718c78fa747e34ccf53d180f78576b3 |
| SHA512 | bc1aa30123fdf3f9010c48f13818ddc298713c979a945e4b01ef11eaed72cd4147c3266f45f2561f36f9010b78fe6ddc73ac9b49cf4b47e0dc580a81072bfeef |
C:\Users\Admin\AppData\Local\Temp\egkI.exe
| MD5 | a872cbacf00791e36b4a3b53dceb3c8c |
| SHA1 | d4d20ec63b917246fca805635178166563bddece |
| SHA256 | 54cdac3a701543d24f87bf1b64f26f98043f93e6041d45a19afca6ef9a6e5e9c |
| SHA512 | 851df771ae9626d171b037d135539ed89890208953bac0f0498e07fec2f9451ed2cd086e590c247b4de8e5bc640eb5bb8f135a5621944bb720446ffae062a26b |
C:\Users\Admin\AppData\Local\Temp\Awgo.exe
| MD5 | 037922ec340f12c11a049ae9766a43f2 |
| SHA1 | b43c7303490a13e77746a067b1fa8092cb3400f6 |
| SHA256 | b382e1ae46a1736281b4a4ce180a334e2d6abf6a1878252a640274d8d01077c9 |
| SHA512 | 8b61188f8f6b797c966018ad15404c9f5f6f9498f638d739662c465b0fa0df38b5940fcddfd30f069bcf68e803c2b1c0a53f3a76749f2d8354b27d112fb36a47 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 2b179abc8e461ee313fdc4b6d3ef97b8 |
| SHA1 | 28c3008e4844a728550d4a7c1e0ea6f003aa4413 |
| SHA256 | 0154513387c9d0262c597b6e0efb3cf2448da2022b60e73fdb5a8b808c204c26 |
| SHA512 | 9c65fe6be42783e5bf552b546e661e348e711506dbce3f7f81dd2fea4d847f763ef8c2862d3c8b24c712d7c0531d5691add1799064130c889be294d400a8f5c9 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | f043e02239198921ba38d1d86bf1fafb |
| SHA1 | 5dde799e9922b81a5046572c7d2ff1c3131f4583 |
| SHA256 | 137e8fb8fe6cc38e0c68cb575dad89f7667c5a394efb534eac38b6ac60897c8b |
| SHA512 | a99bdde1fc1e83bcf317d96171df9394dcaeed1e2e8154c0857e9df69f9d7e7f879dfcab0f1ed39ed2f21c20f22ec76244ebfa9b4b3c9270161e577c9a6907cc |
C:\Users\Admin\AppData\Local\Temp\Qswy.exe
| MD5 | 5ba4322f24c581dbe0915479375b09e4 |
| SHA1 | d684f92fe355e642d915ffb0bbb80c2c4fbe4c2e |
| SHA256 | 640d73139fa28ee406a397834eb1b42e41e3280f4df03c377c525038a4126e04 |
| SHA512 | cba8d6c100d77fd0933abaf1bebab9984a9308a35a45900f7d2851ab407a67ca77747830bb9f6ba419e962aa7e747c6042053b32242b826bb980ea7e84a3e454 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 3bca57c7b45e630e8e0f603e7e4fa1af |
| SHA1 | 6cba8bf54429d9e15480cc980c462deeb1534611 |
| SHA256 | 07012c394747dc2798c947bd77dc6be73dd08a3a42dd6bd912137da7d3c35afe |
| SHA512 | 6284a0b3dd8f014bce7e85f79fe1404ef800b3d5a1a39cb54cd2da8456dd76057ab82bedff1bfd04c67e5d3d617ec14638a778cd3e4c2582e5a4aab5843a7dd3 |
C:\Users\Admin\AppData\Local\Temp\SwAQ.exe
| MD5 | 0712ff72a8e7aa979291835b7856a3fa |
| SHA1 | 1c313cfa6676362b22ffbc731530e82d3fcd3cb4 |
| SHA256 | 7e9d7248bab8084f1c8fb615cf0775a979bf315fc8933802f9791327d1188618 |
| SHA512 | f6aa17347b4649acaf3c8c8f8fa1ebc860a1f01cc2150065db8267b72536d6d52b00c669e2dfefb5ca8f61a7df128172dcf295e8e438328e4fe1c82b05312d61 |