Analysis Overview
SHA256
6d361226ae035f3b21c1cdbc55ddd68ae2eed78b9bcaaa3ab7373d670cfd70be
Threat Level: Known bad
The file 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (87) files with added filename extension
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:38
Reported
2024-04-03 18:40
Platform
win7-20240221-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\dgUgAskI\OKwckkcU.exe | N/A |
| N/A | N/A | C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\mcMEksoQ.exe = "C:\\Users\\Admin\\ZSEckcIY\\mcMEksoQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OKwckkcU.exe = "C:\\ProgramData\\dgUgAskI\\OKwckkcU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\mcMEksoQ.exe = "C:\\Users\\Admin\\ZSEckcIY\\mcMEksoQ.exe" | C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OKwckkcU.exe = "C:\\ProgramData\\dgUgAskI\\OKwckkcU.exe" | C:\ProgramData\dgUgAskI\OKwckkcU.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe"
C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe
"C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe"
C:\ProgramData\dgUgAskI\OKwckkcU.exe
"C:\ProgramData\dgUgAskI\OKwckkcU.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGwIEkck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bokUsIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yKEowQkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wKIMsQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SiYQQMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOUAwAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pggIcsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tcMIYUAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGccIsEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GookwoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oKkYgwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mcEokoAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KOMMwYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SEYsIEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bcUYMAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pSUYkYUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NsUwwwEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pKAYkkos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WgwwQsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wGEsIwwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SiQkkssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSckIIwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2142783471-8029253616043677342034622114-12658676011784358415533093181-1522564222"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GIwwosgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSkwgUcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TiwAYgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "95470153710204956984437390291881099195-925015797424519353-1964202276-1676088264"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\msckIkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\msUwkUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KIYkYEMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xEcQcsQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rsoAYAAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1990079325-44807779-403689826-1391752238-2071453337-1957928869411304374-82918045"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1186188339-261443222035859847-1430033247-733257158-15683554041314378633-340582281"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tEEQccgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOYYUEEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1227710879-169577033712768043171929914024596079538-6371855836504700062004212773"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AqkMEAoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "571829285-596523376-827352353713618456843033803-347485962-559871818440949765"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WOcckQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sAAIgsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1329160121-983843579-1815393333-12086417-20531523161897667108-1776724180120851639"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2085635697-1076151923-239156039823777981-13916322831837427447766148793-165713950"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XysssgAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bSUgAEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUMksIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZgkoMUwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1982822850-1539765124-2086494092810080450275316333366049266539523272-184173530"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOUIYAgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1639553927-539612453-1742829162-3316081521433949768-4609915451276137178667539250"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CaAcAAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wewMswAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGwsYcsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "459929360-17563251122054062451-1722790945-13516764126121405-432045236-132856433"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jugQQcIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1019235665-6303957851752513324545642846-3584164781979036703-33118046523766041"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rOUAUIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JkIcAQsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-116400677920856390291033031056-818726158-1384862811-2091435273-3330779391782315133"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\peUUIEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gKIwYkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ESoMAkMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-139884162348665513287203215-9219279584965711489495481925287614201230246026"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "832937951823891697108557128-687074236-1716892433-818567512-65537501684640005"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IMEkYAEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fggAMwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BGIQQwAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VCIwAgcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bOskkcQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UWUoUooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IQIswgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eeUUYgYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZYgEIYQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hMQEQAwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bSYMsEgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwgIscYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uEIEAogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qOQUocUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gYIYEEAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AecoAwoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qOEMQEgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bOwkcgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FmkYkMIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HWgsQMos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ryEEUMgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2696-0-0x0000000000400000-0x00000000004B4000-memory.dmp
\Users\Admin\ZSEckcIY\mcMEksoQ.exe
| MD5 | bbde6831dcf7bdb788ee1c74659848d4 |
| SHA1 | 6e6424cfc5d60dfaf98f90a4b9906696e06df918 |
| SHA256 | 26cbcea42210a3c347e6ba4a8bde02ca54c5d559b29934823c174119ca627bc9 |
| SHA512 | 584e332217dcfce1f25e02656970c8dc9396dc93f6e9baef0349a4ce2d8647d5a1df0698b59c7973f184134eb124ccd8d4ff82e228f41a269d04813648ed75ed |
memory/2696-5-0x0000000000320000-0x000000000033C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tCMMQAIM.bat
| MD5 | 7d00584a653c0b27fc8e6ad546c8ae2f |
| SHA1 | 7789df5a0a573193d673093b7e4b97403b6eb7d1 |
| SHA256 | decd0ac0c58be5ec3711da83880a6d25934f6bb1f86de0828f2d9af83bae51da |
| SHA512 | fa22b34b17585fea74fbc7ef9b9b23c3d5a6db8dc49306ebea2e76083894fbe074dc000f73a5ea4746511a57922f796b3e31f0dae03cd1325c9045ac1ecb57f0 |
memory/2696-12-0x0000000000320000-0x000000000033C000-memory.dmp
memory/2696-32-0x0000000000320000-0x000000000033D000-memory.dmp
memory/1768-31-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2828-30-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2696-29-0x0000000000320000-0x000000000033D000-memory.dmp
C:\ProgramData\dgUgAskI\OKwckkcU.exe
| MD5 | cc063e66f763f3d2a14cff635d3bc9b1 |
| SHA1 | da8eee94ab146b9f7d1d12398008b64978a42d47 |
| SHA256 | db1b715b9cf98b8d3f85fbed6a9dcb1427334843ca56500ba4605e3f602ac0bf |
| SHA512 | 3fe0e6ce4f2a70f5390b0647d230258844bcc2c653bdc2aac2e5e4b3ccf39e1e32f403da48ae584d67a7852f265d3c62d881b6f403176b0965c81fd20878a206 |
memory/2628-34-0x0000000000270000-0x0000000000324000-memory.dmp
memory/2556-36-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2628-35-0x0000000000270000-0x0000000000324000-memory.dmp
memory/2696-44-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jGwIEkck.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
| MD5 | f2271fe569c058dc724d9b9e53811e31 |
| SHA1 | ea276fc14127875413ac387f017bd2291a987f4b |
| SHA256 | bf0074851e2435a255b512e502b831ed2c456774971f8fc57004d597769364a6 |
| SHA512 | c324428534f64879aa17b190206e538066308486d95e9fa1b8b7238bc79067042717c232034ef8926376b72d3123be169852b05bfe58c7f69887245d91e5b53d |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\HewwUQUk.bat
| MD5 | 82e623342cb9bec3ab3c19b03d8f87c6 |
| SHA1 | 32d2e15cdb2451435b41e2885c3f4a4b0a21ce68 |
| SHA256 | ad8a4ac3323f1c7cbd39f7b0226803d984d3302d0cb497613229ff90ff4e260e |
| SHA512 | fb2ce31e1c291c37aa6d81b53ec0308dfc0db0083168ae2f777e8de19432591953ccd1abd92bed2ef5df8ec8a968e71df5d23c9d6b09f0af71d77120a720622d |
memory/2204-57-0x0000000000270000-0x0000000000324000-memory.dmp
memory/1596-58-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2556-67-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ScEwQsMc.bat
| MD5 | 6f6f8cb98961d6ee8cf89c54057d67af |
| SHA1 | 682c7a265b269b0cb77b187d709ed772959575ee |
| SHA256 | 74cd1383bd70d340e4112227a7f138a44aed3117071a45dd9e6b6e0d521d6c41 |
| SHA512 | 1bf6ac643fc2f9ad455fc1b8042a7998e4e645307230ff587d56f6798faf588da012d220e7bd06a0c2c154f4d2115d59f3b5fd945b2608f893757b4e5e0aad2b |
memory/1924-90-0x0000000002370000-0x0000000002424000-memory.dmp
memory/1596-89-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1896-91-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1924-81-0x0000000002370000-0x0000000002424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ogcgEQMo.bat
| MD5 | f413b5bf6977a23388b369abf5ad682d |
| SHA1 | a10607c8c5ffa7729d0fac6c0a1d511ea7f51437 |
| SHA256 | bdf9ff3303d36bb9e0a6cda15887d9a1f1e4f3956772cc59fd4c1db7de53d964 |
| SHA512 | c26a6a75b97c60fd6ae8f5b5234525a6044fc1b1485fb51bf25069c0221de924aeb7a8df46775226b966da4c43131fad556f33032e846ea6d95d39b2e07787ca |
memory/2256-105-0x00000000005C0000-0x0000000000674000-memory.dmp
memory/1896-113-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/540-114-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GGYgkcwA.bat
| MD5 | b024b4e936355540fb932bf645dd7171 |
| SHA1 | c803bec47a1fefda15c3f70463b5c24ab9dff97d |
| SHA256 | 4523dde900a4755b60e0e3469afe4cca9684d709db43b4cc00bf5421d785ee9c |
| SHA512 | f448fe80a381f83e2245ae91ce62f1627db7de2d65b483c6a59df3aa654bef71fbaca11e4c97b88b8c47ab4e8397528d19f3d1e698c558236a0bc2c9239ca169 |
memory/540-135-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1512-139-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1500-138-0x0000000002330000-0x00000000023E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uaIkswAU.bat
| MD5 | 5110814455ed1dbf566893dff7a43fbe |
| SHA1 | 20fecc148ae86a2d152353f2ddec551cd655ad10 |
| SHA256 | eb11d09b314326ff9e7436a9953f3cfed002c479955908d5463d55257e5c853f |
| SHA512 | dec19a83573fe4a6b39db497ae0664baa02add9ac76c23d651de621c6f2dd6838b347392f6f67dd31ae03952e5ff90fb0c9f34ec3489fb45b63370f9713a89f4 |
memory/1996-150-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1512-159-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LIkEkgAE.bat
| MD5 | e0d44cea511da95cfad829a4a483c6c5 |
| SHA1 | c9b14584d3f57a38ab496a616b06b51830960d17 |
| SHA256 | 73db35d29fb9395fabf3c71aa1d90f85c5d68baa40b0df08db54097c9683b27d |
| SHA512 | 0db82060827838cd5ead7befdefb054b76f5529491a566a13aaf7f89dec60cbe0a84f07457f03324eaac7378eeecbb649f1312af279b7eda5b86164951d81ced |
memory/2344-172-0x00000000022E0000-0x0000000002394000-memory.dmp
memory/1996-183-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2744-175-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2344-173-0x00000000022E0000-0x0000000002394000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RIUAIgoM.bat
| MD5 | e286d7d329e31a86a698024ec5dac302 |
| SHA1 | fc2b059d1f25156d1955036b53f32a641ad20374 |
| SHA256 | cd7e45a586582631b07395db9bf984a2576d16de86f8c146a16b82dafdfa0614 |
| SHA512 | cbe201caa1a36994acb4ed97d998ec6be2e39f2c19b11c5ea514d952317a35e6efbae49aeb91613da87cd8b1842f4edfa10f7a74aee40e5d5711faa691f723fe |
memory/2628-196-0x0000000000250000-0x0000000000304000-memory.dmp
memory/2744-206-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/556-198-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zOgcIAsg.bat
| MD5 | 9812c76d6089b5febc516945dd35bdb7 |
| SHA1 | 80e02e5ec18d8bbc2bf912c8d1d1546ba57e646c |
| SHA256 | 455876836d02a8ca0b0f4f2f7e5efd49f3ef6b88edce6c18c2f53d503729d86b |
| SHA512 | 610adf62e6c907acb2abaea5287af8f1f0abee079c6baad74b9fb3da499c9204e6584d0cec97f204750c76ee5998b039a4251757f1ea0b90b1b377b31cab40f7 |
memory/2708-228-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/556-227-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XiIMkUMc.bat
| MD5 | 69b5762b54a64d3d3ba7680f64fad72f |
| SHA1 | 4dbf2658caa41c41277edac621abc9aed2fa84b6 |
| SHA256 | d4c63e40381b59304a49a56e5e13dbcefea0b096f31bfa53959ae8971056d514 |
| SHA512 | a023c8df399a6b1df6a8c0387c5439187d89842e46f7627da15f1ccfce766209c551eb660f1bfdfce77fbae1e5f6562cc31fd3ed2234e726c2d62fad7efacef6 |
memory/2260-241-0x0000000000430000-0x00000000004E4000-memory.dmp
memory/2040-250-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2708-251-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WukkcocY.bat
| MD5 | 3654ee289114442ada43ab4281829024 |
| SHA1 | 6f98ba612bb5f393bd761e85e94e42a4bcc62c93 |
| SHA256 | 36b426414f3492c42645aba775983e9b3489f64168ed009405c14677d73241bc |
| SHA512 | 4af9e73f696e15eeff657fe541e0dd93a2c57e6f5207cb8dc7e0a92192d94894f83f1285f5f17ddcb7e9c430d7cbb8fb5e85e19a6d686178ffd652e126020eca |
memory/1256-264-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2040-273-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EukgIwkA.bat
| MD5 | f2060adc71159022bdd3161095e063bf |
| SHA1 | c3f8ff3a337fb6ebc3f09ae38dbcb39c24a9f021 |
| SHA256 | d08b8facabce5beea8f0825114ea758576617e1e80bf67b7adf04f43f94dc479 |
| SHA512 | 6df7e26ee1b09045201af57a31134710163ec5747f04a25b018d865ec94e02c0899535ac8f18c4f174058ac00601b382d6807d182ee7e39e1cac8d47a9a87039 |
memory/1060-286-0x00000000023A0000-0x0000000002454000-memory.dmp
memory/1256-296-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2856-288-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wsAcYEMY.bat
| MD5 | 65e2750acd707db26c3783524b4541e0 |
| SHA1 | c28f8ea7b7f6377b2e2e91a9ec4d9f6797c95f44 |
| SHA256 | 165606546d9420b2648e3e0043d196bcf662e4fc7698d9a27f70170d8b8f3a84 |
| SHA512 | a92e81d5a47bf7a277f8646aee5c0d390f6be5cfddd2435e80078381380544846a5da6bb9691af9a34343d364b84429c6002a7bd40d0ae0b950172d69b6201b6 |
memory/2856-320-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2632-310-0x00000000004D0000-0x0000000000584000-memory.dmp
memory/2696-312-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2632-309-0x00000000004D0000-0x0000000000584000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ykEoMIcM.bat
| MD5 | 06770877a3cc7febe18d7ac07d583ada |
| SHA1 | 2b1733d4844322524c11e039a7930dbd3dee075d |
| SHA256 | fe4af97ee271b1e2f7b3162df8fd6bae8710bdd27b4dd10ab58eff541910d9b3 |
| SHA512 | c32a97e4e2f394eeeaf05e61f966b506595be1afca1c5d6367c7bf5888d6174ead24f420ad6bd488792536634946bffca3bf4a3fa70ff8ea3113757110ca3fb8 |
memory/1548-333-0x0000000002330000-0x00000000023E4000-memory.dmp
memory/2696-343-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2616-334-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jGssAIEE.bat
| MD5 | d638b402ecb9ed48a5e5eef4279e9ddf |
| SHA1 | 82d8ac067888d5c4b4a14d8562477da2b0dc03b8 |
| SHA256 | 2c7345c2efa21c3c8d44446ff3a213c413c98428c1e7a6a37cbece6fbfd940c1 |
| SHA512 | 9cdd75ab4053fca689a4c6c4c436c49061202cca1773a1c5f7328f42711cfe05f11eae9ed3e769725d4221cccaaca645b2c0629f65497b3c46d9f072498dc6f3 |
memory/1360-367-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2616-366-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2352-357-0x0000000002320000-0x00000000023D4000-memory.dmp
memory/2352-356-0x0000000002320000-0x00000000023D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jmosYcYQ.bat
| MD5 | 41b78f82afc989ba07fed15892bf6bf4 |
| SHA1 | 93bbcc9f0bfffd2359b0d3c70c1bd037f0e1ba40 |
| SHA256 | d21fc66af6820477e10520a5ef4923bfc3619275c5ae069d93d5fcbf6f521fef |
| SHA512 | 7604a6c0db35bc5f3e0dc45b1008fe9510aaf074f58e9b8f74d8dcdd4f2b37631a0977ae0d5817a4dd6a12de14833da38435c99def3b036576eb490f0d39350a |
memory/1360-391-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1692-381-0x0000000000290000-0x0000000000344000-memory.dmp
memory/2708-383-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1692-380-0x0000000000290000-0x0000000000344000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lOMYMccc.bat
| MD5 | fe654711c668cf96ce9aad982e81d2cc |
| SHA1 | 389bb360bcc41d4437e553a01bdaab7346d99e51 |
| SHA256 | bf2a83c41d40ae6896377a28ba60b8a793d872866ab0f11b92a77bdc826d8ea6 |
| SHA512 | 9f84cbb60bc2018d22e3953de6a10f4622131293f4451aebb62bd72599107dd52581881bfed292e889339043e7b1192096f4b37d8bd5dc3e7bb92be127dc7b19 |
memory/1748-404-0x00000000004C0000-0x0000000000574000-memory.dmp
memory/772-406-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2708-414-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RYUQgMUo.bat
| MD5 | 2ce5cf52ffdf46637d2ec735a0c900e9 |
| SHA1 | a3c3d9c4160d82a9ae958821c89e007ca768152a |
| SHA256 | 2bee1be8288fda6d8f138d3e8843dddca63168bc8be4e4a6676f94aee4811218 |
| SHA512 | 060855cfe2d5354ef5aa7d8f086e88af8e3ce995100692244db36cc9580d4038cd76d4a0cd15eacefc35e5b91908589f60eae631d48fb1f3884b96c30023900f |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
memory/2760-428-0x0000000002350000-0x0000000002404000-memory.dmp
memory/772-441-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GwUe.exe
| MD5 | f0fcdbb01f483475b012853de70a721a |
| SHA1 | cd54b9ff62ed191728eda3e6aaba51504d19a3d9 |
| SHA256 | 48ebb905eca51309eb8c7decc4b510313f714e17f760db96a380394b2140d7d9 |
| SHA512 | e8e78f507b56009989d83b5a673a74d6a5c7a125212ac7575f0dfff1f1d4febe192cf67f3899c044c039c8655550ba36135ca0301c3210649a9b9a9265d7f9cb |
memory/1736-432-0x0000000000400000-0x00000000004B4000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
C:\Users\Admin\AppData\Local\Temp\NQAQkkgQ.bat
| MD5 | 3c9dd500d185959d5fe7b06ecd1074d5 |
| SHA1 | 6c16565655a4f66adca1a9fcf518154d71dba2a8 |
| SHA256 | ad0919aba91e1ae073db8c31a93631886bd8f93feb8159984def89187bba4a52 |
| SHA512 | 6bfdb09deefd88e1f1ffce43ed23a50f1cf853ddf920eb1057d10915bdda6baa3048dbd96a3fc7754a251ece785cfcd921852656a48f1ba75feb9f8d84c71be2 |
C:\Users\Admin\AppData\Local\Temp\WSgokcAU.bat
| MD5 | 65ec510ba79991b913b8af2fdf28533f |
| SHA1 | 125e30f800692759c3575e9e00951167a4e850c4 |
| SHA256 | 7fd4a1ae8eb4d2254dfd7a8bd632c09e427563923f83dbce618165991b238308 |
| SHA512 | 12a087490813155c4415b5a7095e1f97afdb84030e5cfd561b9017b8dd3274aea23bcd2d8b85a89bff76c00785849c51ddc78d51c96a0a045d2cece6e6651f5e |
C:\Users\Admin\AppData\Local\Temp\ywYI.exe
| MD5 | 038804a8f0197277fad1a556c8096b9e |
| SHA1 | 9a93bbfd4342e563415d9ac44e792885b316fafc |
| SHA256 | 8e0a37b3998668351764619bbb7eb28e7b895bedb5b49d8e063e2e34dc64ff77 |
| SHA512 | 716700112c00ea014fe24c77c1d74c8cfc1c4f94980242c53b446f08472cb9d8497c6764b3ce3a03ddb0d6fb65ba0346514fb8f545d6d2d936526f0593bf7b69 |
C:\Users\Admin\AppData\Local\Temp\uwUm.exe
| MD5 | 549c9a9fd4c9a96ee26f348d4430a912 |
| SHA1 | cae79ddba0f93ee189ec3b7dd0b9999b538568f3 |
| SHA256 | 297d4fcfccf7c921b558a6727835676c6e214dd57483eef4a38620cda2e81b05 |
| SHA512 | 5f22ef2ed143ab3048f3566e23ce662d2fb3fc3dd0742c92da5d5f186c27cd72199560c95b25ef647443c0e6e9ac67a1dbcc7051b47e126a33baf323c15ec623 |
C:\Users\Admin\AppData\Local\Temp\ewEG.exe
| MD5 | e0a787cbc0d2dc23187af22c47f4daeb |
| SHA1 | 968e80f079fea58516b2f61202e067bc7e59c05a |
| SHA256 | df964fd883ce87cb1c850d9dde0e89edfc3e3a842b943d0141ef6f50d15dd535 |
| SHA512 | 6dff9a63ab1a4c0fd3ae9fd69adfbda5bd8a3c79aae8e47be7318dfa4bde02eca38bb964b422e0b4369da7c8eeed987ceb054404364e549b4da4d2c60351305d |
C:\Users\Admin\AppData\Local\Temp\KgkA.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\ckwe.exe
| MD5 | c7f4f5e326cbda0cfdf8cd11d18056fc |
| SHA1 | 2a5d1b633d2c4312f119138ac979336a6000b03c |
| SHA256 | f39a3fd32a2a96179ad92d2f7a0b5d59c270633352d5744b1afd8144e2f17fbc |
| SHA512 | 3612f104cdecb9fda6157da0d6f54987f9f712b56eb8c44e2ed24aca17327b122f75df10422f49eac6cd6215aa6f1f17156360058a9c4ed367b8eade0c9ff663 |
C:\Users\Admin\AppData\Local\Temp\CssU.exe
| MD5 | 84e86fd002fbc97b606b7f8e1137f78d |
| SHA1 | 15522af41ce1bb8e7c2e13358dfa5129137d6f1f |
| SHA256 | f1fff772ce4d7ed3d50604bd28c6c640a2f0a2b8cfd71da232c32e58ce357642 |
| SHA512 | 9876d4b8bab2222ba95d4dc32b17ce6c244161b94716ec5a26d598e41b530603081d5242e5bd4fa6e3a9260b249221965f8a14573fd6391e8385b27c4396aba2 |
C:\Users\Admin\AppData\Local\Temp\gUsa.exe
| MD5 | b9892865c0491dd5398fbfc182efab00 |
| SHA1 | c145748355bf7aa887613d2b644e4feb7d7eb2e2 |
| SHA256 | 331e0b2be80374cd7b3e8f58ca342d0eb6d57aa0fd274191be8b0972599480f4 |
| SHA512 | 89a027d018c8257c9308293d3d04de34a12a4a57088b1d9e84efb47501598a1004adcdae14e4d1be37b88a28758037d0a8c0cd118dd3a73301113ad36247be6f |
C:\Users\Admin\AppData\Local\Temp\uIAS.exe
| MD5 | 749376809fd938ed4ec74bb5aa94e997 |
| SHA1 | 9ecad7c3c2bc803e9c6684fefe9ff5a31cd0976e |
| SHA256 | 11b84a35fb5200d92dbae917bddd0928538f9869feb3bc186212b62c259606cd |
| SHA512 | 19ce5e06a7f43e83e9062d14baf082dfe2212390ab708e7a91b65d39a2ac2e4e79a4ebb57ccb7adcea83f924fd3391f390fdcca2dc98411a92536235edd35782 |
C:\Users\Admin\AppData\Local\Temp\UyUIkAYo.bat
| MD5 | b24028f5298d1152ad82de6eecdc89ee |
| SHA1 | 33e7e8f26104f52e23cab05f7dc8516c02eab21e |
| SHA256 | 06b02cb18b6b2f39fc37b4d9d15f48b3fc362c51e528ab8caffd6a2b697d3b20 |
| SHA512 | bedf01be0a924f506466bf43d58babc732dc934a4d960a6bcd16291e108bcf39dd23337eeab899a090bed1b6c07dbf2897b37650a9aa49ee1afaa2fe8fbb95a0 |
C:\Users\Admin\AppData\Local\Temp\UQoy.exe
| MD5 | 849b979b5c4b1857341f9fa33fd4df37 |
| SHA1 | 63ca2176b439d094e449513e1b6e7b6d555f0f97 |
| SHA256 | 08ac1a8460a1e5ed607eac5f795114def0e8eafe01b585f8dfc82882ec77708f |
| SHA512 | df6699e8fe8b5214c22a2e5cbf44cbbce46b30f73d7f07b8d044c5fe13c33f3807e8cd510c6224b1b90e7d622ecf80a2465a108a8778421e6140d9752b85bae7 |
C:\Users\Admin\AppData\Local\Temp\ogQu.exe
| MD5 | 456e273cdbfae399e0bf7dd20257f9f7 |
| SHA1 | 008b0d50da76e03fe8bfe2e20404a5f3d6ce41ce |
| SHA256 | 1986f9b0bdbb0fdc974348cc48e949b422e685853a0c0ff4cdd8a67cb053711b |
| SHA512 | 734c4dd3c8edb073d94f53352cb81ca20e40916489e8f961e1e6590f45b9d88b66d06a2849d35e465fef0797bb01060ef040a299b5a412dc496c2eb0bf6eb6af |
C:\Users\Admin\AppData\Local\Temp\wIgU.exe
| MD5 | be47dc0146ced0fad52896d2f8639f23 |
| SHA1 | da76871851200e94e7363224c94159ba97611b93 |
| SHA256 | 5a65b3945dcc12a89c21a8e8710024d0a9d88ae35ae60d03c79a3a2eb8f0120c |
| SHA512 | a8f347c279918a6c0f3e71806c01c916012396646b2eef57619ed32d14d694a2188c3a69a94b696e61a0449f0ff34572a2771a392b53bdbfc7c7e3f7baaf192a |
C:\Users\Admin\AppData\Local\Temp\QwQk.exe
| MD5 | 57bf43e0a55f4c9bac84c68c8f16251d |
| SHA1 | d5d4575a6cc25c34bbed6a1f0f1af5990793fad3 |
| SHA256 | 061a0475039b83e52e9e95858d0d0be3a480a29497d361a7796f0700014247fb |
| SHA512 | ae4d29f17e83d20d34c41bcb2a0ae11d730170004ec8eb6fd5567565d42f1db798012877005a511288f784957f5d4e3e7d759a1806142e88d188b0ab360bf2fe |
C:\Users\Admin\AppData\Local\Temp\ggIM.exe
| MD5 | 8c16ea49b52a614760a242b8027e2ec5 |
| SHA1 | c47a4251faf20d3a54d6847da9c249fbd371d683 |
| SHA256 | 9ccfc62e289c92c547bf9e7f41c7977900cd5fad207756689b3527c3624f8283 |
| SHA512 | de9ba219e85effe6e574c4638d22613512ad20d6ced3b70623e3fcba4de985facd72932f17c8a8e97ea722a04a3fbad0d2244cde65c9deb4c964094adb9582e8 |
C:\Users\Admin\AppData\Local\Temp\wUMA.exe
| MD5 | d46bf94b091e1d2409bd235abb4cae91 |
| SHA1 | fd2edb993038b2460777ad2310fa0bd3ff2fbce3 |
| SHA256 | 68bf0c7acd5aad8eec293026d4cda151bb270e59729e06069bf50f0ab7778e98 |
| SHA512 | 4a359d8c66a96ff353c851cfef47a924ccaa98c01decfa35941c762f871347ef75c994800de5c266748270157b20679b0b93db7d011163e827559e6c663e0565 |
C:\Users\Admin\AppData\Local\Temp\UwIAEsgY.bat
| MD5 | 6e1f31cada95ecc8dcc967b899a1c5e5 |
| SHA1 | 7169010a91a42e8ab138be8934d7b968f472892a |
| SHA256 | 1619e70b2a7f2eb2f33c4c21b0566b6c74876e13ebced92a76b9ebcee57bbe4b |
| SHA512 | ef2ea106c9dc7b7eb7e282029f496ff00d63d67444c6a7814fbde26c154f19691e879bdf320bad974e30ca09375d345c4422df6ddc0430c64684f6015b1b9067 |
C:\Users\Admin\AppData\Local\Temp\cQYS.exe
| MD5 | 6d6ea91745c8146e2c759a586e26530e |
| SHA1 | 9a7cc871f5ed1feb796b0ea961d284fa20d0a1e9 |
| SHA256 | 3f51bb5e97594ee56605ff90f8dbf719720fb7b86ac6501c327917210eab8cdb |
| SHA512 | e86549ed9e1bd7f3146de5be0d8395aa6516a4629d6210504858f39a90a0a53cec5884de3ebf3b5a574d34385eae0ae84b2717969d354edfc13d6174d45ec8b6 |
C:\Users\Admin\AppData\Local\Temp\qMge.exe
| MD5 | e57c32ffe1f48e33e77c69c114452ba6 |
| SHA1 | a57f770f66a7246f7af0220e7df3e1bf36a55907 |
| SHA256 | c697f39270cbf8079e775aa8683f1def21d184e3fb9b07002ca4cb6802f2f3f6 |
| SHA512 | c56bedf662cfc6dae55103da73e11faaa56ceee8524900cbc245ee24f555633ccaf8f20aa0b5a2085e60b3050d8c7b10136c081ffc28f6c974fee67a058780c2 |
C:\Users\Admin\AppData\Local\Temp\jcYoEQwo.bat
| MD5 | 28dd392ff61cb53bfe62bc3942b76b67 |
| SHA1 | f8941661c0c448d29a5a8007d652112dec6d4a42 |
| SHA256 | 3a6a2501e921ad614dad26fcf4792331003e09b2e1b3e2b69ede81073de77837 |
| SHA512 | f6c37a966b5befadac6c70554f7c50e49dd46802de86439845b555bc2777b36dbc32e77a57cae446d26e43d2d8905cef80888893acde62431c72f5b7e4463f23 |
C:\Users\Admin\AppData\Local\Temp\woIo.exe
| MD5 | 0001cece4574965ba9acd3c1480f5dac |
| SHA1 | bd8d675599348f48f0d928ff8e88abe3045e3e5f |
| SHA256 | 2385e1b9b1c1d99ebb38dbe8188b07366fd13d0f6d01f28ba21394db774334c6 |
| SHA512 | 66bcfe86a2171e868756d32122bbc6dc3c1edc0251dcf5e08d3bdec515cffa7c27c18488d908134b130fbaef0e667c7b821767e9d515b000e877e69924f2e77e |
C:\Users\Admin\AppData\Local\Temp\uowE.exe
| MD5 | 6bdeca974c224f279a2304ff4a8a4d44 |
| SHA1 | 45a8766ffd5e78dd44ed502988f013527de435d5 |
| SHA256 | 593437ea4c0a9540a888b0fc79e6ab7c61fad5f109064741e810c1114e7dbe3d |
| SHA512 | 350b4ce81a101db137f13f55dbb05ecc8a9775c813e54c7e3d38b583ed64b2a4d5025b824eed91a8560cf8a0a738467802899e7d0892210e9f647afabcfee6e4 |
C:\Users\Admin\AppData\Local\Temp\IQce.exe
| MD5 | b2e7f3719cc026e7f32fb9b5a682bde1 |
| SHA1 | f6e8aa7ebfca1428740d2dba87f60bfc567bcab7 |
| SHA256 | bba9bb23516ef54c43d8f194fdf1ec6d4b5527660a6c54a8a405180971584e5f |
| SHA512 | 1eb46c41f708be295683910294dda7dc03852aa2e4df98153d177303e4cc13a52f3a71cdf31c0e8c76d24ae56cf10365101c5ee4e2615b8c787f657d648f1228 |
C:\Users\Admin\AppData\Local\Temp\yoMY.exe
| MD5 | 8f781127bacdeab7df8377cd7f763c40 |
| SHA1 | 79c218e5b5b6958366ff9c13cb359638fbf54e92 |
| SHA256 | 6c49faa762c29db607dbc6ed55ec7db818ddd976987440b1385c03acfb7b7add |
| SHA512 | 26105a0875b1f6cb60716ff23e2deefaae0ca8f8e633a8e908cf90c6291fb59d3e38397862a487b7b9860d32e74b4d6ce92082937a0262d09767d3610554cabb |
C:\Users\Admin\AppData\Local\Temp\eMYg.exe
| MD5 | 8656815cc2e29c62e636b1b7fe3f0e18 |
| SHA1 | 8e4376eacd790e19d3afe1fb68c5cea14bfb0599 |
| SHA256 | 494255181322048a326e8cf0e35ed327cf41295056f2e276088f512737a32954 |
| SHA512 | b35bfb2134bf0255cb15c56069998c0d40ae30fd10bb28d24092ce4cb832cf42e80aebdd5515d5f372b5043351c587922a64ea46ed51fc2f99a8022d5ce49337 |
C:\Users\Admin\AppData\Local\Temp\AAYK.exe
| MD5 | 6a4cbd9d0c1d89a7c67a6bf2909d43ac |
| SHA1 | 8842d1011aa485673c9aa93f16d7653c6d4dcf2c |
| SHA256 | 7bd6a787066d5ce8dbbda4715e276d49d2c01f2430c27f2ca11358d0a0d30add |
| SHA512 | 63090b33a9d1e07a5761c1747b8b3f0795810735e108375b506f58362cd48f4da2bb3f13b9b14bea77723601ed70ee63c386e98cb9431b0570a86c06e4c8f510 |
C:\Users\Admin\AppData\Local\Temp\eIoo.exe
| MD5 | a7a9996efb55d01985aa8092a237cc27 |
| SHA1 | 0df223986619f112f36f64e7d8a280323eb2d7c9 |
| SHA256 | cd6b1439d9691231f2d22a889b8dca09984cba241a7f5fcd9e4c1d715169f246 |
| SHA512 | 9d658829ff4416cdad6c87221d05ed05e184478a68c401f8b74b20196f9eaae0ccf4cd8b10dd1ec86f3c4008bce653fb38edb8f59918c678f1f337c61d056538 |
C:\Users\Admin\AppData\Local\Temp\cQwO.exe
| MD5 | e5798b92c29ebddd54552e9d90a2cede |
| SHA1 | 6f04b8003401cd6fb602de978cff7f95b2775c5d |
| SHA256 | b92406acd6373d376b49475f0f1728e9e16e2c560b312ff04f0175772defa762 |
| SHA512 | 676f2df7287032c638d47f112a5c74d2ac3cc68cc809a03760fc999772b684666e1701c35d4cb1ed4e545edc288d9edea1b15c2a8289c60d382a629112f1c8c6 |
C:\Users\Admin\AppData\Local\Temp\IAsK.exe
| MD5 | cf699efdc8d238b94f9f381aad892db4 |
| SHA1 | 6f574ced50aaaa8475c75ddf92dea67f9ddbebe0 |
| SHA256 | 83f9acf8da31bc9a2d6b166e3dea3a0d5f6ed335ff07827b8b9db934cc34c511 |
| SHA512 | 454f16f481f5176cc4cd0d1917e6ddcb12ccc108fcb99e56d30fc43ea8a9f7016849b63e0329c1f16f46c54bc062610ca4b4e3cdd1f0ce4737db3712265cc08b |
C:\Users\Admin\AppData\Local\Temp\AYMW.exe
| MD5 | fc282a09cf022efc37387f552db3b52f |
| SHA1 | a6e764c3c02ecd786c727d6bbada89a4f80e8cdc |
| SHA256 | b1059420cc73b7a406e935700d5481713e74556ef4020a4965fda7259088eec6 |
| SHA512 | 70d5f6c4f3db24f310333f95aa671cb500be5ac37bf38cf1c832f00c6378fdbd7fcdfe1b373b261c5d003b24abafa4b68c1b9b48577f97c2074ba5aced7d16c9 |
C:\Users\Admin\AppData\Local\Temp\Ggky.exe
| MD5 | 5bcf8ad723f0b049e7544d04c9226ee4 |
| SHA1 | e1d6f23aca899add3c3c5026862844391ec6e10a |
| SHA256 | a80bb22b87d5d12925f1f795007368060167eca3f22807114cd64c5b2c8b39cc |
| SHA512 | 092e4a023ebeb2f4a1ff6cbf75ed6b286c7989a5f1ec64f46d8777ee81c94571d74c1ebc9e78b1099769e07f7c1d3f452001d9e8f00ed08cb37fed0395a1b12a |
C:\Users\Admin\AppData\Local\Temp\QowW.exe
| MD5 | 54a245f8990c1ad059c355723b8bb928 |
| SHA1 | 031e82b02dfeeb71837a5561c7aa196565c4e859 |
| SHA256 | 3ae9234936583c367e934a0f78e10c0c1c9d58ede9f05408c8d4bd6ca1aba262 |
| SHA512 | 3207c4b1eb8cef84248e46bbad0f6a40755e5d38b591db354866672f2921e33990b9c58dfc4975d97d6090246cfc722fd0d15fd11d01b7cbfae874e1d0fd22df |
C:\Users\Admin\AppData\Local\Temp\BeYIAMcQ.bat
| MD5 | abb2853be7c05080f44baa9cd69d4440 |
| SHA1 | 8c8912f91624ff7823af4d70fc3fd4de2fe4d6c3 |
| SHA256 | 0878644661460d76fc009cf9adc0bc1821f5b4dc963f2e55e4002680f58c916a |
| SHA512 | 85347df5e6342b5929c481551ee35ce0d4cac2c488281de38623493b51945df1d9bd1c58ab0165797b0f38a78cca2d2bd4901af45d7a66efbf106843e4fbd666 |
C:\Users\Admin\AppData\Local\Temp\IMos.exe
| MD5 | 894cbfc348bb130ed16f16c5d3c674b2 |
| SHA1 | ca8d801fc21155a8dd799caef332e39126acfcaf |
| SHA256 | d4458dac4431a7627def87f9775d6b8a273aa160a9cd0add668a376225b797fd |
| SHA512 | e6c0b486b39d5049e455128e9804e4199d6328bca4addf349a5605dbb458937a1354c3226fea946875a964f2ddb19036ed9957eff2c5aed7725c1841cea76e2c |
C:\Users\Admin\AppData\Local\Temp\WkEi.exe
| MD5 | d3415d923e339e846d3a0d8fb9ca2e1c |
| SHA1 | 53519629a177ac19153c298edb5001b86dd5965b |
| SHA256 | a31eefccc11f94894ec854ec7d7c4d16afc2089e293ee8f252cb56a4271f461a |
| SHA512 | 37dd26214140c6853df9d890a051a22c850e59fc55e6d894328e8a937ab52996a643f857ef033b1935e9f2ce86aec464dff1b150f6a16a5aa53a62cd94ffc27f |
C:\Users\Admin\AppData\Local\Temp\GwgG.exe
| MD5 | ad4fbdd269ddc399a86d8b457ba70bf2 |
| SHA1 | aa85b6bac831914dacd427d57235b7e2d2ae9df3 |
| SHA256 | 01e2d666ea53f55dd2858193e9f2808355c7c8eb0174b52cfcce3abee4e42d72 |
| SHA512 | cf53112fa8b32b89b44f338066826fd67cc258cb2e355a7bfa9e6031c7fa723a998ff2e1dd12f7b456e1f82d2445b0a5a3612f714d13e1c02d06c296ca58d501 |
C:\Users\Admin\AppData\Local\Temp\AQYs.exe
| MD5 | 6e2f2aac1276b14ac0fe6d6ce3fcc84d |
| SHA1 | a42e3c747dd982ab387677831ebb0696f9230700 |
| SHA256 | 1dea646f3f461e96044238faa42ef441f5e890169fdfc524017b57d586f9d3ac |
| SHA512 | 783201fbdf1fda503408420ce3c4f304c5276909a1b9d2ed88c4395794b8a896bda141c1eaab0f35e458cf34f2b2db94dcb04338260457560d46089556544f5b |
C:\Users\Admin\AppData\Local\Temp\EUgi.exe
| MD5 | 980eb8796189f0486839625d3759684c |
| SHA1 | d7e7aa88c3b99d774557cf7b148387cb4b6563af |
| SHA256 | d1fdd5c7cb67e353e59bb1985855bf6cad3b8f0da1dcbff381e3f6a31cd768cb |
| SHA512 | b997ffe943108dddf57ff62684b8b7c067a569ca7780423dc07079400819fffdbaef2ea79c6625c230790e78ca3b6ce8fa635fff696f512d3085a8d6b017b5ed |
C:\Users\Admin\AppData\Local\Temp\oygIYsYs.bat
| MD5 | 4ca353d75cadaf489215eaa4a4cfa444 |
| SHA1 | 9c07455d083e13ac33dacfbd543e1fb94395ae2b |
| SHA256 | dac06955946a1b1642911188152fe843895caf2ec8424611339a65ca19199cac |
| SHA512 | f18994a05fcd0ec5a893273e96f784f57c5006c3b56242542f416d1fbbd4759e7ecccd78897b408ecee9fc4e199cb124cbf62b7492ca23f4884c97f806eb3827 |
C:\Users\Admin\AppData\Local\Temp\iwke.exe
| MD5 | 4e3868510d68a55c9c1fbbd9d01c9037 |
| SHA1 | 1330f49a44a51c97d2cfd9ba68498ced574864e1 |
| SHA256 | a14911f55590123d3300d00baeab4c88b46aa70416a400c795946fd9a2bbb695 |
| SHA512 | 682e65cd1973b48d34185cbd0ff9a622be445395b0dcd43a41315f116e6c1296ec3ca11fe9b5417e8dd4782b528a7011f55a62261e9e00a62d477c3f2fb912ff |
C:\Users\Admin\AppData\Local\Temp\UMow.exe
| MD5 | 428e2c5ee49f9a5e3a613b1348f1d39c |
| SHA1 | c3d3859420cd03f3dcc774a92c5d22141fb7de29 |
| SHA256 | c430e751db987bb3e3aea8c9f458a15961d383969c410cd691d0fc0f5d2f130b |
| SHA512 | afb4c9fddbcbd35fd01742bc00a6f8e612d06d58a3cf04167230f263fa1e1d9cb654b40d51ab7349ce122ab2489fb2826c278b936bae74bf9c743188f04ff823 |
C:\Users\Admin\AppData\Local\Temp\WwsEkMAc.bat
| MD5 | 29327325e66cce991da49fc6cba1a932 |
| SHA1 | 5ab0030f1b0f5f0191436138553c72e10848902e |
| SHA256 | 738bc00de5eacfa000da7dc8c9ac243be6b84731147b6bd560cddeaa7cbfa76a |
| SHA512 | 56f8c744d52565725a6a64bd44b74906eb2259194840c7708425f4c5fef0fa342d921508a2fb006ec553528b579867bdbd621aeeb2fb1728f5f2ad6b154e8321 |
C:\Users\Admin\AppData\Local\Temp\GUQO.exe
| MD5 | faa97dae8d42fbd85a2b4dfa6af3e6be |
| SHA1 | 623879355418c9d5e7db4cf27aceba1511614b06 |
| SHA256 | c468dffe2b6cf5bcd96fe5b11b531b29302e0bc09dc2d8cc9af764b65987e322 |
| SHA512 | 0cb5915539bbbe317df88b16ed9cc5f29bf31213221f1ee68f3e1a6300c5552a7e1a3eb468b362a1f189d5433920812c66f0ce523792a8f4d8d62ee2b23d6f7f |
C:\Users\Admin\AppData\Local\Temp\Ucsw.exe
| MD5 | 828f8c21439a7a38d70c652ed3280d8b |
| SHA1 | a9404b888bbebb8d38c5398d8018fd4eb315ae3c |
| SHA256 | 145cd59e719abafa1d44fd4ccae71eeee4f15cc53557494850a350acbb67aa52 |
| SHA512 | 320117741e080609cd5a528a4110eb05d5e4f9541ef8ebcb20d6997eed9124fad9a1bab487dad94d291e1469d90945085fd07b314cfad8116ccd73574808ff67 |
C:\Users\Admin\AppData\Local\Temp\gQwy.exe
| MD5 | 6c00d44200f0c60f28aa12156da4b4b1 |
| SHA1 | 29eadf84bb0ee319faccf0dec789a2ae7fe76147 |
| SHA256 | 372006f1103a2d43ffb1a23c252a5f25d56b464cc74a3df65704fa554f8a8870 |
| SHA512 | a591ae79dfd0a60b9bb307b1815f1f41b7d314872bfc14c3e8a934825258f8c6c03b6dc401a1de405937560f053506639b19318cf89667e241c59dff8a45841a |
C:\Users\Admin\AppData\Local\Temp\cMce.exe
| MD5 | f78bafb2bd8d0cad6020243a756fbdaa |
| SHA1 | 299b83dda9ab82950dd6976f7d4c1a2cd8766f07 |
| SHA256 | c745d9df3d9df11257555781e2c7e899a4ecc8da43b47ed15cd406024d381735 |
| SHA512 | 692399561b6f202322ed190506fc98c7fb84d89fa16a8f255aaad2a66132dc447eaf046aee81f898a38425a13d7952303af548f41b7529700e04c9e6faded377 |
C:\Users\Admin\AppData\Local\Temp\amYgosMI.bat
| MD5 | e294c41fe381b74db493d51e47b93f3d |
| SHA1 | e6f37f0bc55cc3e1603f27c3a882d35a9dc91fa7 |
| SHA256 | a7d150c38219bc9c78e238141bfdf65d21d389c7e558146c2c8d981fd1260989 |
| SHA512 | c06e1324015540610d521473dc38947b5ff057b57bd639cf166574ebdde707064dbe74478fbaadccbf9bce8469b547c85de694bc833d76cfd2530797a81a8418 |
C:\Users\Admin\AppData\Local\Temp\AAcW.exe
| MD5 | 4d64d372c8683344067ca27c164cee0f |
| SHA1 | 75d60ffaacd58d6a75d4624c27f42f8c001c9ddd |
| SHA256 | 741485478d2a36e835ae6d5f6e275076e00e97bf3cb002062616470cb52f002d |
| SHA512 | 9b95246a1287d015d3cb642e90a86aecf73acda7ebbbe3d7dab8594f11fb8792041835ed5b07263e5b4a8ae6e2c1953362e71b4d7f965e3337565fca88c11f2f |
C:\Users\Admin\AppData\Local\Temp\goAm.exe
| MD5 | fda447a09810e804b8cf9cc58706ccf8 |
| SHA1 | 77e02d14f012afd0035f7dc4619cb1f2763f7ca5 |
| SHA256 | 650157ff879a7be23e4d83909686796e96a8ea458afa5b62de616eecd9eb67f0 |
| SHA512 | 059d7799624bc4fd8310a25f17bc0319561889f5e81a7fcd3bb3f3e07f8231b5e72c4fa589837c4ef7f7bf822b8f114963a6784065a13bec64c5fe21b6b168a0 |
C:\Users\Admin\AppData\Local\Temp\UIEU.exe
| MD5 | f0595c08630eecd9f0eff8fc2d588871 |
| SHA1 | 4a95843f902d512b93f27455fde2586e09ad523e |
| SHA256 | efac3d585fe8361d3465715eccea0ee08ab5cbe772f5f6a9a22cbfb605fd31b3 |
| SHA512 | 707d705de5613184b3e61ab224df992a25adb2ac474243ee6933c881633b7b36d71f12149b34164ba52e4e4372d2209a561adb1ecf57824c14b39cdfdfb92e77 |
C:\Users\Admin\AppData\Local\Temp\sMYk.exe
| MD5 | aada44aff9aa969ae978a6341f157a67 |
| SHA1 | b3882fda4f67f772a07a1eb468b8c7c11a52daba |
| SHA256 | 99576e40b0c48d6979ad0060b0f3dbef5165095343193d50ed0d586c8dcbf3ae |
| SHA512 | b6f44a37d3ff5855dc53bbf5f9f86c44cd79f5f9f07f9f3f9b035d3346b4fd92d4d974811791bb4d77b844b888132347bd0f62adc56a7db9f76aa4ab6c93c2c0 |
C:\Users\Admin\AppData\Local\Temp\KsUk.exe
| MD5 | 29164d8ccf9b39c2128b70c7324af3a4 |
| SHA1 | 66109fd7c9b7d2638e9ab21ca741173d386e26b0 |
| SHA256 | 5b57e380a03a9107a8493e15e42b1c30d2bacf2e790322b63d5b756aa2333d42 |
| SHA512 | 946b7681e87c515aac5cdf858dda9adedd6c8c1a7d78d8eedb7ebc74170b9229c34e07f4cfa10df2b5e1432bbcfdeeb4045bd70d85b82d69bcb9dc7db5c66dce |
C:\Users\Admin\AppData\Local\Temp\WIEu.exe
| MD5 | 0c0e58a99d7c174d2627f72cabdd812c |
| SHA1 | 5d6eb1bfa5ffd167b24d54fc29816e7d4ad3f8f3 |
| SHA256 | e86048c8c2452d4a8315b2762eeef89b8c8bc32b55f6599d0ca1973cbb120488 |
| SHA512 | 9ce149036beb7b8a9e47648781f13bdd48fb8bb60b8a834cfd4797c4a540576f50a0caaf533a3d7ea97a2f0c97049118623fcfece09e9c70f2c692bbef845a55 |
C:\Users\Admin\AppData\Local\Temp\WYIk.exe
| MD5 | 4baef7ba8f0f1cbd3a25b4d96939a387 |
| SHA1 | 51f6a197268e47d01fc1d1396b23193f6db513f1 |
| SHA256 | 36cd3391b0b6e4c418fb6d62aa7e0b05a089fb70d1f83c02316304fcb7584dff |
| SHA512 | a05010a57d3482ab08ba254b766eec4dc6236be187cc3027451c25f30336551ce57c6834a0ed05cf5f58cedbfe26556a71f35f1a3f2d7f5864321a01220eda3d |
C:\Users\Admin\AppData\Local\Temp\UgIG.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\aYIY.exe
| MD5 | 27c455fc0b7e0a5bdd9a4ea4f2b36f19 |
| SHA1 | b85516b8f2706eab7e6623ce5daf051e7dcf375b |
| SHA256 | ca68264333e0d8ec8e508d1f93e21938ceb22637f1ff4e33f53e615f36b3d9c3 |
| SHA512 | 344b4e5c25129a9237420e23e8fc1e0db512499066918e184b382d8cdeef98905b7abff21eea7b6cbdcf30b76721548b427a989d3ab8634e5b204c09b7334290 |
C:\Users\Admin\AppData\Local\Temp\YoQEMIIg.bat
| MD5 | 80915ab95d7e5a89ed077b9fb0ae9e8c |
| SHA1 | 208b0ead0eb2797c879e34748fa315c86de32d7f |
| SHA256 | 3e72efd686fdc184a12fc8841751e28aa7d7d4ebaebe6ee42ed4178df22258cf |
| SHA512 | e64636a196ba73e25c059e3702d9b20316ff444af3d3e2777b9619d0899cecd68dfe3fe884ece037b8264fb3dcf8128accd21d14e54048ba1bf2e102e7684f1c |
C:\Users\Admin\AppData\Local\Temp\qEsK.exe
| MD5 | 982c2bae5cc0a239854eef67d45b0626 |
| SHA1 | 167bc065d1c2611fe00d5070fda7a142e75e1aa7 |
| SHA256 | ab63b6b6c312859ff169352a197cb981bb7c16256cbe04f61ee08e6a7d4fcc29 |
| SHA512 | 3432ce564eb680400d6ef3818d12e25025c4dc7aaa8ac1f3e41eeff186aa2a64e68dfc8d02fbc1a0d8cb5980bb4c84755e5e9d8ef62762a03f854f728034e81e |
C:\Users\Admin\AppData\Local\Temp\SQwG.exe
| MD5 | 51b2e5404314b888683a35d4037033ca |
| SHA1 | 32f60374015e1b866fd84d7a945f3546e0860e7c |
| SHA256 | c0e8e371d03f0096a012ca61dec1d9a81e10b570aa4bcc292a5a32fcc0422d75 |
| SHA512 | f5eb4bc659036f7056b7005b5789be8e283539f9eb516667afd244a21da78e63953047a2888701c0e74c3a75bcdd8d9405f4fb06de44c251e4e256d98ba0c70f |
C:\Users\Admin\AppData\Local\Temp\qgQS.exe
| MD5 | 52e32a564f72de0f49538d5b0f072a4e |
| SHA1 | 3169c43f0ac33191ad070c318f05fea0e60590f9 |
| SHA256 | 3048737b6dfac9967d6819cab88da0a7b5eb71d3d11485b6ef70880446927d98 |
| SHA512 | 9b0fcc51a5f4f0ea609f2567534dc3ea5fd10c1500f34f2dd3626eb8835e445ba50ccf7e0288349c8fabfd85deab28e0c7308a9909255bf51d4cfbe23b0d87b2 |
C:\Users\Admin\AppData\Local\Temp\socsMwII.bat
| MD5 | c9fa0de19e8c4c1cc273f5beef9dc9c1 |
| SHA1 | e9543883abf86c0982024a3e80dd5c0cdf9c894b |
| SHA256 | fda25f2254f36c5481f7418b6ba9a4b7a4016fc1a1d2050b079f9cd4a488b53c |
| SHA512 | ab34603388368a41cbee209f10ffc6055db53986a6b05dd88937572de1792b3cad9e274d22273e18f83fdd7ce20fb172ec10566231f1d889dd5f87c52d2e257b |
C:\Users\Admin\AppData\Local\Temp\KIQO.exe
| MD5 | 5cf0edae875e9c8eb45240287aa3641c |
| SHA1 | b984777a4038fcee04cccac2585b316248c22969 |
| SHA256 | 17cb3457795fcab2fe8782b4d68d6ac971c16d469bbfa14464417b6292cff025 |
| SHA512 | cb9bdf7c6f9ffe081a99998f00522bd06155bd2d04287eac2a6aea6bd4faf7491a4235f0e5d3f05f0ddbd764dbcc7fee739c01812ee9e41305dcc3b8cead3e1a |
C:\Users\Admin\AppData\Local\Temp\GEgk.exe
| MD5 | e100605d794ad3ca78339c3298f6265c |
| SHA1 | 687968b0445ac34585b8becb30c931caf962a28b |
| SHA256 | e0b872c08945132754d19fde238c9ab046ab964e0fa68ec1b2e8165c319f0fcc |
| SHA512 | b2088157199029df531daa467521e8e96ff7e8f36ac7e0df59255800decc03e5565334c7ef0db718d3519c19440a63deb86c74115c7b046ed7e11decbea3d2b0 |
C:\Users\Admin\AppData\Local\Temp\Sgsy.exe
| MD5 | b19667e11e3e0595eb3e997d56bbabce |
| SHA1 | d7e7e99bd09108da262a050287d5a5a51a734020 |
| SHA256 | b48700b35bade98670a09bfced35d5e7eb4ea1703910563ca25408ebce0c522f |
| SHA512 | 772672b1b54077fc25cf573f552ee0b40653af2b45fe85758930808a16abd356425e21cb6862e20f69d679e3554d71f9cd020d28cae8f3564c8e57dcea14eb03 |
C:\Users\Admin\AppData\Local\Temp\UEEy.exe
| MD5 | 5ceeaf3ac4d4caf211cdf81cb6e3e11c |
| SHA1 | e80cb9f996ae4a13c3e7d0a90e3a1410d80fdb68 |
| SHA256 | 7a015cfb2e4377b3b22b9a51ccb5091ab72642c4f9b814242eb8b590b6e3f67a |
| SHA512 | 0bf789f322cc98cb3ffd301d7fd4c413b397281b06533e71bf5e96c99612e5164f86b6ad92412e6014eb0821a01b0c6d082d19bd4caf2df433e458dd066b5842 |
C:\Users\Admin\AppData\Local\Temp\wIMa.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\QMUe.exe
| MD5 | b19c6fd24126f68d5efbd603a0da199c |
| SHA1 | 5dcb14e123a1b78178054b04fb989ab93aa006ed |
| SHA256 | df1def75e539eb4f63f72a328896fe0c701805f9dc2b13f2213d7b230199511c |
| SHA512 | e14a78632a5e49e4223ace2ef96cea8023a67b4c4ffde27f4d0daef789ad4915247c8aeadf13ad2e414e71d1895fe8606b98d034213eb4e5e695b1b72dca0f35 |
C:\Users\Admin\AppData\Local\Temp\JKEgoQsM.bat
| MD5 | c92b310436adfcaa05f3bc2e097e2941 |
| SHA1 | 41602fd6e7cd6eff75e55ed455f8318040ce319c |
| SHA256 | cf690f5009e44e8285cfd2b4a776797d065f985e7250e0d752a2b4a88cdb2529 |
| SHA512 | 375d598a662fa1c1a5b42e0af7d1b14d05b946d69973bda6229739fd80514b8e1033befba0099bd189480cf6cbec8a07460967b5bc85c30941e1ac77b91f1f4c |
C:\Users\Admin\AppData\Local\Temp\skoo.exe
| MD5 | d7eb6572095fc3567c4f85e27db04e1b |
| SHA1 | 736cf18c681640629b2555fab6bafe7f62afca28 |
| SHA256 | 4b7abc2c18bb22aae46179323004b3e8fead907ef723668a768c9d44e8fbfac9 |
| SHA512 | 2530b11cebc4e3295641ea84853e927cbb182b58579de94c32b1b754a76100c5da18599ab7ef7168429e78c1ab0ec0c5a7ec9a4b8204984cb36492ee7289ef7d |
C:\Users\Admin\AppData\Local\Temp\ksUi.exe
| MD5 | 9d709a5d87c5471f1a4abfe4457c62e3 |
| SHA1 | 26c9ed15166b317086b2d13587ba8db662ec346f |
| SHA256 | 0ebd203f7952f55ff0f33c67f99bdfdd63b8912ad7391d276be178a9beb5ff80 |
| SHA512 | 2aba70794f76005b7c53a6acd04af8817a01fd030720f4e436ffa9f0894eabfade6d59ec910ddb100a2ee2afeb9b5dd37908f02cfb12caa86f36508356d53b5d |
C:\Users\Admin\AppData\Local\Temp\mMQs.exe
| MD5 | 1fceda670dc437df1003cbe7ddb6d91e |
| SHA1 | e45e1d15483cb6307056645d07111a4a2c7dedcf |
| SHA256 | 91ab546012a686e09f02946e87a6e5f66d8de7bd544284bf17d49c834d0eee5c |
| SHA512 | e23c4e98df07210ad33df882fa6780e68762c6bccfe1c55e85770cce3d560fcc872c74e2b8e8082f9b0936cfd6fbd53b57efad7e8753ec59f4916def315762ad |
C:\Users\Admin\AppData\Local\Temp\VssMYAMY.bat
| MD5 | a64fb0af0c0885ae4e3df0fd97ce1935 |
| SHA1 | 916ba340302f9fff32b458864476572fc12841a2 |
| SHA256 | f2e3c17e81681c2ea32f180fa44208a99aea8a83ad6b85cf80acc6580d051590 |
| SHA512 | 466fed1fc54c6cb0316be5cbc33f40c38f626021854626b705aef66b4caae197132e60ab1158c8b46e02b386a0036c8ce844a3e0e7a30122dce69b9dacf62b9b |
C:\Users\Admin\AppData\Local\Temp\yUQi.exe
| MD5 | 6b27274cc8e999ab976f29c1ebd7d7df |
| SHA1 | 6f380ba1eb7f90087841ddec5bc23110427953c4 |
| SHA256 | de4a4e0bd9923d60c4f0e21d2f54dd5f3d950e43c3550d180f40433a1e977518 |
| SHA512 | cefb68edd0b54199030a6b23e6188491583d81fe27898492b3b7dc0de25b670c236bab00d6e801b885fcdcd2fcde2ce3dc128b9ca2d41c2419d8d8946b136e52 |
C:\Users\Admin\AppData\Local\Temp\Acwy.exe
| MD5 | 270f9797fb6b7871b0829834b37e6257 |
| SHA1 | e1ff5dffdbc8850f9d9afcb0e8a4577020145ed2 |
| SHA256 | b119bd68b90b8b01aee7f7501582882a3d9a4e1f860c5b60c5d65f9e3cc19b9c |
| SHA512 | d2e520b05e36b96e5a73c40f31431ecbd796304090393ae2bc9d86b4cbd37b4af55f9ddfc106113df4741fbf7acad5f53a35098c928774aa43d91bd9e5e077cf |
C:\Users\Admin\AppData\Local\Temp\YkYk.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\owkW.exe
| MD5 | 305372d87857453a38139298b55a1532 |
| SHA1 | ecfcd474f8510934d7ee3e7e6d9ec1e6a0f4a33c |
| SHA256 | 34ca87fd200790f7de329e90435e2404e928fb7ea555ff15bce78ca8bdb738c0 |
| SHA512 | 539aba3139b498a5a711b015a9911919961a43aed92800e58d38fe9101d6023f90a2208c61908b5aa851e59410f6407fbc367e27ab5f453f3715a850ffe4cc80 |
C:\Users\Admin\AppData\Local\Temp\ooAY.exe
| MD5 | f7b2af05fc44ce7a9f4785c024f3f10c |
| SHA1 | ff3651846fc5d951e1c4c89e7af6826b09bf9581 |
| SHA256 | be2dfce6ff21753f66b71ca7394c71b345fab56aafae3230d77e6560baa56d92 |
| SHA512 | 0a989effc3c94c312bfe86d1bb0cf8b1ef7ea4d80caab164ed9bc1887730bd527caf35267dcac3c331fc1f03742b7e219c45704fbada5c1764403c4b72411874 |
C:\Users\Admin\AppData\Local\Temp\SMcm.exe
| MD5 | 5cc31141fda8a8ad261366eba976ea08 |
| SHA1 | 58245c20f4dc2b560e28fab4a7b845b5d8c7f151 |
| SHA256 | fcf80098f8fbec5bea73c93f788dc409eeaf9c3df2a4150590a69c880f30a48f |
| SHA512 | d7f8b5dc86544ecd762b47fe36c10cb40959a75139a172adbea71c24ef527c18101b13290dcc7e6badd6847392b44a415391113bd6e685f13107446c85ee301b |
C:\Users\Admin\AppData\Local\Temp\Uwwo.exe
| MD5 | d1f63f050a614d1819f28a32a69b9227 |
| SHA1 | a45c87ec7367e94bffbc8d599c6ad7bb068293ab |
| SHA256 | cf77ecc3ceb278926d0ea71f22e0e80f419890e5ac93fed5fea3b94927235f36 |
| SHA512 | 258c2547b8283be3cc6b53b5d862af5fd8f7a94fd85134f221a521ed1094b9898cde79a3bfdac27ce2c9382b72e8b29da1b5555bb073dc2d37bf7403fd9de9f0 |
C:\Users\Admin\AppData\Local\Temp\oIYc.exe
| MD5 | a82fb3d85bb25e9f58a1667680c4f690 |
| SHA1 | efce68f7913dc22ee0287a4eb3969216e7e21a2c |
| SHA256 | 2e09022e71be6ecee03a7a28d003d2fc8f52c9fad8742f3ad49c70f6f0300cc2 |
| SHA512 | 8c563ef29083239a761e2f0f53f587d849481622cd85ccc94be50fea19a1a729d5e347c813b01ff17b68c42d70de2e2f9c0df44c67cefaae3cccc6383115dbf4 |
C:\Users\Admin\AppData\Local\Temp\oIwE.exe
| MD5 | 7934c65b0b18623476e873874f5dcc94 |
| SHA1 | 65dbf5f9f3bdeab62aff63d4faba651984b42a5f |
| SHA256 | d073c927e718694148e7f57ca1e28eb266e65d89799951e3414624b6419ebfee |
| SHA512 | 27e79652d6389c98d7ab9fcf07f43128639784dac36fa9fab7338a8cde0be89e2d85fc661b803d131f7b1b17b59c8835f1a00be5c5adef4187d213f54ca3c60d |
C:\Users\Admin\AppData\Local\Temp\JsQkgIgM.bat
| MD5 | f28fcd68ebad2cab6ee53f5b24a7f359 |
| SHA1 | 5b17adb71fd63b9f509f1ea80575cdd5d80f753a |
| SHA256 | f219902a559b68b00c802fe4b3b4ee3c65a7893074e8d8429ca5cb42277d5e9a |
| SHA512 | 80abd43bfe9a4d3a1eaabf3b741cbf9db22b9beb68a72aa621f0a1068172ba7a9156fd886254689124aea8378ec436d2636afacefdae1a28f252f60104f47363 |
C:\Users\Admin\AppData\Local\Temp\koUC.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\uEYs.exe
| MD5 | 9bbadded2446a2b6118f05ccdadd1e6e |
| SHA1 | ba3dd2e962f5500932da558d56a8b030ac6e8859 |
| SHA256 | 003376940602e371cd1250769d97ef88897e1760c4c2418fec06c0bed27e0ef5 |
| SHA512 | 33f76714bc92f0cbea0dacd83ba9747783697b962e3ae2b33d24908b057ea26520b446cd8ecaa8ef4673d6359b76c95c929448a5965ed15e2523de6be129e9dc |
C:\Users\Admin\AppData\Local\Temp\swgU.exe
| MD5 | f3de5562d144b8e1a4c3f11bb60f162a |
| SHA1 | 6e191ccf89f7ef6d9b2efbacfea3887e9e5dd4ce |
| SHA256 | ef465a1dd9acdf19d51c7f9ec9130ee00be3099c3facf227bfb4e63c839bad4f |
| SHA512 | b2e52488894ca4ee234db4aa9ef0b26747c8cc651d644dd1c5e0beaff0e7c008441243f61aa04fa94e0c73cff0e2ac126a3406fcadd37ad8b0c8b6fc03cf9919 |
C:\Users\Admin\AppData\Local\Temp\eYoo.exe
| MD5 | 5e1d28e10b5635566e47c2cce87e54f7 |
| SHA1 | bc44f3d2f22bf60bc9d6a5ef28681b7d2ae8aca1 |
| SHA256 | 4c3ccfcdaf90a4457168863b519347b596b2d8bec9b463f67724b7a44ff47ae3 |
| SHA512 | 89eed2ff85c7ba2970445aeceb9ffcd21d7aaf1e991408137493df74e257a02d89f1916c791ea48bddeec6496ef3d089e415d119fa9dc45ed9942e7fb2ac1e84 |
C:\Users\Admin\AppData\Local\Temp\SuAkswsY.bat
| MD5 | ec673628d59cca577ff9c29dce7c692f |
| SHA1 | 140197138612bff46f8ca17fa9637529caa3570f |
| SHA256 | e3c4fc83fce53304f1de1da7567e208662567de93aedb55ff9e08a317d48d339 |
| SHA512 | b92e3a63bed6758e8ccd42c5c58caba583fd361c9d1dcd8fa2f89a7fe62e3701eb72ae3046a2ff938409976400b360da69bfb9611de96f3b2673dfd9317fec74 |
C:\Users\Admin\AppData\Local\Temp\uQgM.exe
| MD5 | 2a62f30b6bcce2490b2d466296640378 |
| SHA1 | 33719b327f44c0bc15a19ff21d71a8ba5106b4aa |
| SHA256 | c8c8f1a76f4dd132610a92d0d54d170465c03c7e790b8a4f3e915b7f8c40766c |
| SHA512 | 8f656763000c4293670f7c35c2e70c7534cd291cfd6370fd827c9fc4b71633bfe9742d7d59274ca5945f2f3bd03f4baabbc1065119c4e133381e8e84130822e0 |
C:\Users\Admin\AppData\Local\Temp\QYoe.exe
| MD5 | bc9a87888d499cb5f45ea351b29eda15 |
| SHA1 | e2208c9352a0be3676f8128b55e1ffc92743fed7 |
| SHA256 | 4ed9f14ba6d9fb7cce342fd214fec3f12d60f6e9eba50fe94a9bfe8085f85936 |
| SHA512 | 598a4d665d5794be5a0d0e6f65d2fe30696ec8ef11c2c25baf4f73d696d3f495cfcaca7504e95b59b3746a650a9e3bc768817a358fcb0716b98e3f5a1bb87113 |
C:\Users\Admin\AppData\Local\Temp\QwEY.exe
| MD5 | f15435869321da3d650b3d837cc7f61b |
| SHA1 | c8fdb89deb59a3357a535c010fedb2a300b54751 |
| SHA256 | 8a18c1893fa83d0047e6bd77cdbbf00384ae00b180e5219a23da9159a486fc01 |
| SHA512 | a1b04dd3c015859d19e61cd29e34d48783fdf00b5dc2852ca0b86efc7a26468a5485ee6f4ff378e75dd25b6cbebffcf2d449e1dbfeda39ab3ff91a59cc0e1ea5 |
C:\Users\Admin\AppData\Local\Temp\EQQUkQIQ.bat
| MD5 | 903c0cbb79932c1cc64639b8060c4be1 |
| SHA1 | 4b7cf73fb4ad71e6b725f7e4bab1f10076389cef |
| SHA256 | 3eb7a32390dd185fa9ff173770dcccf9f71f61c7b96fab16855b3b7068dd4ecd |
| SHA512 | d46d928959688fe62830f03db1caec2b17f53653244b03963ce4316f2d04e44852393af45fa9f4ba25b7f7a23491124042cdfedb99084e8ad6a59b4411611621 |
C:\Users\Admin\AppData\Local\Temp\MwwE.exe
| MD5 | 4aa6887c4927bd65a7eae9a3f9cd3820 |
| SHA1 | ca46b58e979bfe2e47366f31534e19307cbcedd6 |
| SHA256 | 54be8c48ca0007c0717688c7d255e205462bf7d441fbcb49a7da2de49b49dea3 |
| SHA512 | 2a15926b5d0181ed1c0de2309a2c94c498a7de903ff2a8e68c6015f99b4b7aa638fdb7cf51ffe38b015b1390288e62f6c86d01e3485f7ba26caaee143d5fa888 |
C:\Users\Admin\AppData\Local\Temp\YMAk.exe
| MD5 | eaebdd61abf52778a1d614f291749a2c |
| SHA1 | 17a9f0f5469c59eaa07d498a98bcb30b6091c4ae |
| SHA256 | decd1e34a71565d7362f1c4a7e34eefa3dbd9bb4c03cc55f5726df15c4a80a40 |
| SHA512 | e3fdf1db65c547c934b8f77704e73fb98270d3a7f393cfcf98f76b8766df06b0b0e139281b32999e36c4eecc4e78e16673f7d33d1ef64a282bd06715d1a28436 |
C:\Users\Admin\AppData\Local\Temp\uCwQEQQA.bat
| MD5 | 9bf71543194a6e340cd9e65172637c40 |
| SHA1 | 9b75e7ef9a6ca49cb66573c6fa959ebc48217940 |
| SHA256 | c8e90637e6c0700fdacdeec3893a11374710bfd69dd652696eb52be0f81204ce |
| SHA512 | ae3957e6bcc7f0a49695acf34b8fc19a1d49169ddb95865c2c0629fe6c10399e70ff3dcc7497416821ed421e4b16de7e4f4cb978a9170c1d0f2bdb167299da0e |
C:\Users\Admin\AppData\Local\Temp\kscs.exe
| MD5 | 8f3c05712ad3ce7cf23f3b4bc8d85b00 |
| SHA1 | 6ff3057f6899460a19dac5f5d6084dc1aefd8fb3 |
| SHA256 | 385da0b170a33b00493d925ecaa29139a3cc3bd93cdd61eb7589e9f0bcc2bdc4 |
| SHA512 | 1eef3697fec165c3d8160035caa83c249439164061486630c812b5b30aaacd8d8ad311acdff6ac2599a45bd41457d0545544f3897a1dc0ddd460ba761d9ca254 |
C:\Users\Admin\AppData\Local\Temp\QCwYsUko.bat
| MD5 | 1e6a0fe760e34143ad5c688e3a55b9eb |
| SHA1 | e5ed469fc5d1ed34813163ab2b8f6924b70e1f0e |
| SHA256 | 57ba120eaae4a56c7217ba037436b3241db41adff539e5721bcb1f7106f4c744 |
| SHA512 | 7e3f02d50b187d09b51e7e874c1f266e5e219776888ebb933484e8dd28ba63e4572e2b5e5e2bc44f3ea3c124ea85a1c89058336aa0e0edb82588b6c194572904 |
C:\Users\Admin\AppData\Local\Temp\wooK.exe
| MD5 | 64ea315fa6c2026eb3a5b31f6ea197dd |
| SHA1 | 82e63a7e35683698d808fc3b2b30a9279ebe7ed3 |
| SHA256 | 3dd950c2a249c248db64607c631db104e9e5313352bd9622dbf091eb1df766bd |
| SHA512 | c1b6b3afc33db67f2bb9249aba570d467b957f93e1d32c487831ca46fb4e3a3c5601895309b8615a9b17de9f495a265fe8e1ce112fd21c3cdccdb29a100497d1 |
C:\Users\Admin\AppData\Local\Temp\wUca.exe
| MD5 | 9b0e4447a6823004a392f3a90e6da32b |
| SHA1 | 46421426ad138669b2773feaf42c7e39b6d431a3 |
| SHA256 | 9c5457aca4c11844a82973d7b4b0cfb89ee7b838a7980887c3aec934dee12837 |
| SHA512 | 512b721a888ca297abb63bdb65b4bf892191e80ec1487638cbded3fb8cb8ee463a2c315a9ea1421cccfdea43a5e8e3c5867c89353501d9d8ea91012a07269205 |
C:\Users\Admin\AppData\Local\Temp\aQYI.exe
| MD5 | db1b02b882994190142800740bfa9ad4 |
| SHA1 | edd2c7d909bcec9619846dc704b1f628a5e2e45a |
| SHA256 | ca47a651ce36ce4d643c48d0f3c519ed1e969110fb7761bd2a6bfe8da9ef65c8 |
| SHA512 | 0abeeb0f76ec70dcb0627c62b0202d5cee99954dee7891c3c96ec58711535a33564eaf34d20267c531a36792d23e5f343c4b7d1e6bb2056cdf4f977ebb4a0d19 |
C:\Users\Admin\AppData\Local\Temp\KwUY.exe
| MD5 | 178bf5be4aeec764d36340ff7189b2e0 |
| SHA1 | f836dc5b361d6ed700a8c19c7b0979f7da430395 |
| SHA256 | 10780211cef66d0f062fc351f6aec29ebb9ebd48137e9dbbef41621e3c8f953b |
| SHA512 | 42641ee24a220391469b4bf43249f99621837f6385052179b7a41dadee7dc8d8929df8a6cf60c6ae586c33a8fe8b49f947aeb365f73fe543ce2237b7997af38b |
C:\Users\Admin\AppData\Local\Temp\QQcK.exe
| MD5 | 5fbf77a77c2a79bb0031aaa0df9db303 |
| SHA1 | 3cd0e007f33ba1d04477dbd7e97c6243695e8894 |
| SHA256 | 5c5502ef96e3be24225143284c7deb32a110f71af2a55d555487787e9462d33a |
| SHA512 | 9887f8f07b78ed2eadcf14af323f8bb1bf5e68a3ce84c34eb1efe5bf61ef5dee8ec3862e0404a4ee88bdec8e3cbe99251949a552c4c66d2ec45d0aea60854940 |
C:\Users\Admin\AppData\Local\Temp\AEYC.exe
| MD5 | f765080d4e8a4cf3748ffd592208b7e5 |
| SHA1 | 895f601e74d1362830a3af6c73e7e1e2ddf64b0a |
| SHA256 | dcb0d0b6ff3d6916299783d8d00a0c9d4cd5bbcca24946b0efb41bd95a6f11e8 |
| SHA512 | 84b5ab4a91cbc37caeb7530cbddaeee364a7da1206f07e3ce22ff822de2e007d5b91aab48068ba66cadf735266c001797d3fe0f7f335b67694665063d90ba7c6 |
C:\Users\Admin\AppData\Local\Temp\BqYoggoo.bat
| MD5 | 242baa51ab40ea2f19ac3fc19e4e5d77 |
| SHA1 | 5b34beb980f2af3e828bec67bc70e71652439281 |
| SHA256 | 43a929abd55af0c0d661f5b9319d6176cf49906916e317e95a86e139af7ac18c |
| SHA512 | c5cda7cc840f862fe05c96236f42ffe961e38d7a822da8841d77e0392aa0129a91451606a0e728b356d27de634bf097624db57c46711e473e015ce01e1cddd68 |
C:\Users\Admin\AppData\Local\Temp\eQcK.exe
| MD5 | fb45a11cee1799c44139f53b5f789ff4 |
| SHA1 | e09ee907fb2da77aa86281c5ffc0dac3895b42ed |
| SHA256 | a8b2941a249c64704342d5191d08a4f390ee52727cf4fdbd6fa60a9fdfa1f707 |
| SHA512 | 0f6f61ad2a2cd0d698fac0ef09a4534ec6ebe1d4e07fa8aac6b9baa3a4bf0db4d036a43ba7874048c9ae1312e054a476ef2a43c26a6d5fe1d4f67498927ba2dc |
C:\Users\Admin\AppData\Local\Temp\AYAo.exe
| MD5 | 9c43d20b1c30b6c05261995551c26a98 |
| SHA1 | 73eebb2f3a7658185fb9cbd5306d747f744a1f84 |
| SHA256 | 9f74c60308fecd481b7700794fd00097393d37d599278a9bfa575451885dd611 |
| SHA512 | ffa5bc244c0f659201424704da50900933991b375eccf4fbaebb782411f78d28c12791f0a776e015a15fb8a79dcfb7f5ecf1f87d1f4495c867d710ac04b7d81e |
C:\Users\Admin\AppData\Local\Temp\IoAm.exe
| MD5 | ef076220928814f70e7572e0e68a4c20 |
| SHA1 | 311e8cc5497bfc6dbb80389db4eeb5981778d3fb |
| SHA256 | ca4a36b20cc6ff4a524547e37fd4ab8047c368d31fce35c6e1c1f0476d84942d |
| SHA512 | 565ba3d08a88e9565f927468ec80bebe8ba982d4f2326ecd0aa3edeca1674bac06578a66d50e739cf65715d717bd29a6a1413e8b6bd52546142af60339f5d2f6 |
C:\Users\Admin\AppData\Local\Temp\TMgYIgcQ.bat
| MD5 | 3ae691543b45bf1d577612284f3197fd |
| SHA1 | b63463acbb59f8e5aa0f441494ad6eb27c0eab92 |
| SHA256 | ae8ce2f90964a902aa48870b98dcfb0b0948baa9b77bf3dd3df59372c8e6b63d |
| SHA512 | ea6da3762f5c561c13462a11e8c68f4de659c720274f01c5708c096eb79ee00fad159fe921c6be89c2bed9feea3ee6538f354f01379316fe2e5998f461069790 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 1804322afd146f970dcf470bb4ea9e5b |
| SHA1 | 7a270b68702a2fb63c791831bec8cc5f198564c1 |
| SHA256 | 851114fd8af050117bab60bf6bc0dd5e992385d318c163a9aaffcbc2efaac7d6 |
| SHA512 | 34ab4f3bbc8223544b88a3564166ec5ca21a61354f1cdf52b248dd98215fcac433e9bf306679775bf4a02580fb2513a1727c2ecaa3e3a7ba342c0a80a6a62455 |
C:\Users\Admin\AppData\Local\Temp\uQYe.exe
| MD5 | 40b3447d502fe7e575cb47bffcdb9e9d |
| SHA1 | 7e47eecac0a311ee8996f5d825cf970763cde883 |
| SHA256 | f904a638cc114451b79efd19d1e8f3390165bfa3c210c78133e73b3e7d2d94fd |
| SHA512 | 90f8ec8959edcf8ba7babd60813823c37f1603f36bd356173df206eb26efb4dfb7015cae2fc021dd71a6ddcb0268685c93e6c1dc8227bf68b2fe82a69c929610 |
C:\Users\Admin\AppData\Local\Temp\OUoG.exe
| MD5 | 0c1342b93d8eeee0257bf3e39af0bb6a |
| SHA1 | 29c8653355a480642a44cd0d5e59420ea4ee960f |
| SHA256 | 9612815795f9c17f242626f07e706a89eeef889706544cd4c3ba65cf0e52062e |
| SHA512 | 30673903aa546eafb1affa7bcd0545912363bc1b3bcba5ccc0f891e288068d1528480f3360bd41860b7799d9767959a6f4045dea20d23b2516b671cae3c60640 |
C:\Users\Admin\AppData\Local\Temp\LggoAkks.bat
| MD5 | 7ac6fd31b014f97ca6fe5429b45fdd80 |
| SHA1 | f13ea9e9b50e187e8675675a17a4c12416395719 |
| SHA256 | 3b38c778a66ab9329e56d60376c9d7a4addb7e7d4e401139d869809886abac85 |
| SHA512 | 7e47250ab8624e6f402454ed8832360930ca39274ea28cca7ebf50552c51031bc5166a25a07efa97eaa9b3b684e18f7cbae74c943407bdbea20a733f2de94eea |
C:\Users\Admin\AppData\Local\Temp\ksoo.exe
| MD5 | ccf552fb6a0bf09d931bdb692cd8a8c6 |
| SHA1 | 3047bea06ab24c29582e302b4bd2ef8795c73661 |
| SHA256 | e5f05c9136da27d1cfbdbb2934ce51a7179e023a8969d392fdfb9e4c764bd8ce |
| SHA512 | 5ba4231b42c3ab06d2ad34feb441260933066b9d2677a68abc337e729ed3b42bee0a81c5989b448a2db91f79e21e99515113f8dfbd80818e2408c6b567e0d4db |
C:\Users\Admin\AppData\Local\Temp\Eoky.exe
| MD5 | 086be2a88ff8c698589497ee262af02d |
| SHA1 | 7bd1855b130bf485f726e9aa893dd857d1d237cb |
| SHA256 | 3f59b69391e52b633977abe46ea33f3832f6c67206a660d9b5251062ba165dcb |
| SHA512 | b945cf078f225e19c00da6dbceed7b6256e3d321a62d1ea8473f1a4ac7ada2dcf78f1ca8c90a3c57ae94416256d031bc09028d108479d3b950a08b9eba30be8c |
C:\Users\Admin\AppData\Local\Temp\eUcu.exe
| MD5 | 751abe48ca6fb386cc2b94c97bff999c |
| SHA1 | c23be48d5ca4eaf313838e2d04bc48ad301a64ff |
| SHA256 | f15dfefd1b0d5876bcd23069c2c2f55f118685f23c8e55d80304153099ad6791 |
| SHA512 | d1d1513ede20e7007032307a579ed8b4cbf10fd048aab6774f8defa0818c36014fe2862294d62b39cd91d84ba66a9829d06e3e35f0f8ecddeeba3a1fc57c628c |
C:\Users\Admin\AppData\Local\Temp\MEQG.exe
| MD5 | 42b9c0d424f6a429f1bc1a9c0da07ce7 |
| SHA1 | 668cd83a0d34aa276581fd2426c989aa80c74444 |
| SHA256 | 2d19da78ec17c0420bde1de427973eff94c6b99346a2317f0867d7f2768d4c82 |
| SHA512 | 2c951eab42e0d15b81493822723033b0a0d4fc68c94e1cf8c80d97507acb41650f03c8c5a0abd23f6b30fcb9b4bd1fbe86db48f1070fb4b83af87eb2eab9d869 |
C:\Users\Admin\AppData\Local\Temp\WkAQYwgk.bat
| MD5 | cf6acc94242a21b4064c67bb0ec70b4c |
| SHA1 | d4fe2359bff3011fa298c860d357ce0170fb53ad |
| SHA256 | 324d17caebdd8c79114fcac33b21ffb1d2fa7692c0870027d1d0aad127fca278 |
| SHA512 | af0b2c7d044e82d9b430e1542d0730f29364d2a6df02415efdc407ef3f12128f235699e01887278cd647811f9c5a5a7f36460397ca3dd02c0f2c5f233d4e6aa2 |
C:\Users\Admin\AppData\Local\Temp\mUsg.exe
| MD5 | 669d0924441f3b3dddf60a26defb103b |
| SHA1 | f01e2e1c7897e30d14c1d998d5f8fb458b10c93c |
| SHA256 | becd1e48d218ad7d91d8feaef1607065e3222275c0cb40cb76ac1ae0672ddd82 |
| SHA512 | 51fcba5274115b6da438c925f74f142d5754afffc5698ca3d0bdd715f5be2feedba6fad0b59a1d55c47887468f86c34e77e61ccd60f054d2f892cb0847dd1599 |
C:\Users\Admin\AppData\Local\Temp\SgAK.exe
| MD5 | 3f9d7c985faa88004dfad17808536b48 |
| SHA1 | 4de1ee3862b6ad900796223f7b62c2a1276904b0 |
| SHA256 | 1078098210545130d4df92f089b6a3cf41efb33a604a930648b1296656d1cd34 |
| SHA512 | beaba689ecab5db906e80dce10d4a67931d83463c968c629ed7189bc8ab5b0c3a74eec2278eda6ecd56271ff0dd0b9e9b42147936d99b3cd365250162abf490b |
C:\Users\Admin\AppData\Local\Temp\wmgcoUoI.bat
| MD5 | 23d8c6138554385907e842bbdaa60fd1 |
| SHA1 | ad1b94e9d4557ff1e2f6248f35453552fb5354d8 |
| SHA256 | 3b0ccfbb594b23fdb953b397ccb37af2243ef43d7b9ce8cb4706c101e92209bf |
| SHA512 | 018e742c7e21da86abd80652699e6097ed901039aa69c4fa79a9ad18c9d4bac8e0a46f8367d9e1a4415bd77333de36a5635e619969d4704a639364650f923045 |
C:\Users\Admin\AppData\Local\Temp\AMAU.exe
| MD5 | 5488cfba036b6ec1571e2901c86bdbd0 |
| SHA1 | 089cde12d9a8c77d52213726c3ad44a68948cd92 |
| SHA256 | da32f3dd681051bc430f21fd4c91a6e0e5c6338b4d1c2e7073fe8712dc547ab3 |
| SHA512 | d5b9acd1d57e7e585ed8e592fc82047d6f6ab2a707975337fe3ccfc0adf430146ce0faacc691413c161f214fa26774065ee6527f5ac355eabf52aeb5e7848811 |
C:\Users\Admin\AppData\Local\Temp\uEEe.exe
| MD5 | 642bbc3fda9a72533f730734a3c80574 |
| SHA1 | 368abe701fc0592aadc5baf5ec9bc46a7e8b1b3b |
| SHA256 | 0cee76989f1593d49812c0ef392b45b0bc10072835e50083fece31d6f2fdc307 |
| SHA512 | 52040acf99dbd6f5b43b75ac0267c396260a4eddd9cc8dfb21074f8a5bfeb68de982db449aeae0cfca317b974caa86a97a18db8303f5e8d04155999854c4eee1 |
C:\Users\Admin\AppData\Local\Temp\QYQc.exe
| MD5 | 7809cbdfb8fa6456017472c3ee1dc14a |
| SHA1 | 20578b5165c75d752edce1fd1778930e7f7a71a2 |
| SHA256 | 99a786b2d45d7f9a691a5584cf4569aa8288631723b0c2e18e2aa40660a5d819 |
| SHA512 | 4a70dda4f53f7d231bdfff2618a1b133d096b030761a1d3faaa8aa120314b47fa9cb2ad9dfabe66a5ea9a95869f35972e6710fe9663a80a56463e090c7e64ef5 |
C:\Users\Admin\AppData\Local\Temp\AIMMgQEw.bat
| MD5 | 76a68cb24d1f819f7b588bf3c608ff3c |
| SHA1 | feffc6c376afc60244163c2d9cd0ec2faad46d18 |
| SHA256 | 7b245db3ae1363f04c9238226442f3bb11985ea752df12b4d201da66fb0b5930 |
| SHA512 | d42b4ae2f81d54d5e9330ddcd957b283bb0cf96513373ec5db56a34cc8fe61d73efbfde9dfcabb0c6d9671958b1710b6b767d92bdac2258754be12168a387407 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | 0cb918eedfae41df73cc6321a162dd16 |
| SHA1 | f56208b46c44977d5d03d1af35ca90ada1510914 |
| SHA256 | cf15987bbc27c239ec38c457f88df43600abf7fe6f5341369816a5550a333d1e |
| SHA512 | 57659a7da3cbecfc8e1f4fe9c71dce0724ab441d7171e4ccff4da8126f42965e17319400621f662e64af34fe2b0db4ed6d7e6dcfb3c5c39f3d9c5938fadaee44 |
C:\Users\Admin\AppData\Local\Temp\oMgi.exe
| MD5 | 9ae56e474a4f7357b914ad603a981361 |
| SHA1 | 918b14559bb8c3c6af333d62784aaa946e730a37 |
| SHA256 | f4bf02bf94156a79ffcab8715191ddbc2e99351cd0f5abcaa7c0cdef286958a6 |
| SHA512 | 3d62c15b1bb1db087fe366492727a0790f508f5076037df1778a6d4ec8418b2e7f262b9bd2019486151b67cfdfc5aca25628fa5eb6d3c98f09ba2526d636b4bb |
C:\Users\Admin\AppData\Local\Temp\GwEMEYQk.bat
| MD5 | 2957e0101cb5a5edcf682ae8a6061d44 |
| SHA1 | 3ec039215ab709180d45bcf9c35fa27ffee9e2b6 |
| SHA256 | af97aefa83b3f099b05269c21717024139a624c9edabdd51ecf037377b1e0ff2 |
| SHA512 | 8c0b6392b549eb744982bf474db03d4280c12142d742fd13f2ef50252a7de1b6e3f80bf58b624c6aae76571be7520c2be685c24968161b3ddbb16edbb0e52273 |
C:\Users\Admin\AppData\Local\Temp\EIsQ.exe
| MD5 | 5931b845d7d3bfcc2a28874b0c5f7ba5 |
| SHA1 | 7ff316d4f1d3a7b2919085f7600cdf26980edf55 |
| SHA256 | 3f8a5524f38faf10c81d031f66e14672bc8a83082bb273a010a0da72ffbaeaac |
| SHA512 | bf6f21f46c0a6f0b98896e0cbed78f0559e241442bf9e8bf5a424bfe75e8e99379342f52d0751d4563ba306f2beacf383181f0f09c8c0399f56da35868b30039 |
C:\Users\Admin\AppData\Local\Temp\uwYs.exe
| MD5 | 2a1e9bb6a4fa159ebed35680c96b9d30 |
| SHA1 | 7f98b91a12d77df04093cf2c331851ea52c9a498 |
| SHA256 | e248986a6032b1b39ebc4f469d86040f7b76ec7bb89068aaf7fa230403e2a4f5 |
| SHA512 | eb82d799b5c36bdcee83c43b32d878a9fc883ad0f72ebad9c2edcbd84151cf202f4ec9bb9128402aef72722d17897727c1d7156d9143e071dfcff052cd6ac243 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | fa5d291a498d91ba02bfb472de91ec78 |
| SHA1 | 33ee140f2b88f807e0de2eb6bdbbd56f95ab41ef |
| SHA256 | 679f7331645d74344585e09262b7ebea52d197dcb0011d52a41618a308517bd2 |
| SHA512 | 22434bb9ea1d766054ec05bc046758c682385067ee6bf81c5d617f53247a272071faa8a486a37ddf0cf139b0adb96e5e78a5a70e56508da5846f007d98ba83d4 |
C:\Users\Admin\AppData\Local\Temp\dMEwsMYc.bat
| MD5 | d5bc01334867000fe8fc560a0749f2da |
| SHA1 | 30438388bed7662949daac8cf98ecb366d2335e6 |
| SHA256 | c40b89af56a1aa9992e7b7fad4d250ee6748cc4640e8d86a4018ff531e43f832 |
| SHA512 | 6b11db5ac8e4fa965b4e73e3d1f6b2323b4f6f3034b150c58d4b377a0419ee7c2b26013cbcf7a015595c4624ddc5e937a201d54f401b4ec738a1345449eca2bc |
C:\Users\Admin\AppData\Local\Temp\qocM.exe
| MD5 | 8c434c06beeef48e32765e06d5be26ce |
| SHA1 | 86bc2b61dcae5b47578dc9e7e4811272f373cf87 |
| SHA256 | d841f694e58c0ab4d7d1a763d311d269b2e787b68dc884a9014008d958fd2b26 |
| SHA512 | cc19618c2f950577a5433382f50b7eb31b855b9536f3af20e9a8ca6519a5904a7bf07f1178300a0f0e63f84c158cf7a57996a1d593c9d9764c4a06867fae57c1 |
C:\Users\Admin\AppData\Local\Temp\SEYM.exe
| MD5 | f694512930c4cfe453877e0ae3a84fbf |
| SHA1 | 17f447ace5025e5bfe5ef124076a18719593a08d |
| SHA256 | 2048fe92590954c19b568a6636c16d7842e38e2db16d06275aaca8f970bb0230 |
| SHA512 | b6466cb4dfa48db4105bf2f0e0564ae630c63cd6c02f4494af2e310d98758820e298e82001810a4a36748370ceb14b9825b825e14f94341b7a16c34090d4123a |
C:\Users\Admin\AppData\Local\Temp\QMcE.exe
| MD5 | b1c73bf49e4a41d6b69204082850cc0f |
| SHA1 | 1df467b43aaed292f735f134e6f74e8d9e791264 |
| SHA256 | a9489fffc18e23eadec71630229db7d8f1d7ef16bc6e8641e4bbb7e73321da60 |
| SHA512 | b17d9f462b516a173e53748c107ebeb4b1e53506cc01bad8b6ab59be059bd66fd0d4f33ed9325e65e9351dee025e6d609304136f99327f9bb64bae2503ca644f |
C:\Users\Admin\AppData\Local\Temp\nwAAgYQQ.bat
| MD5 | d3c725da2c345b4441f3830bf39b061a |
| SHA1 | a82fc91100bdd4a18c63da53dd5244a91825972a |
| SHA256 | f98ee2bdbe620b58eb26a16ca7ab38fc1a87c0e26eacfe9ddb79fed0bb42a761 |
| SHA512 | 15d67eae55168c6eac26d624ef15ea0344c010c732dbc9adbf411e3412f47c8f235400c1bece0bea0640fc4dd5e298253b5352e54de6ba35dba0f7a544be8157 |
C:\Users\Admin\AppData\Local\Temp\qYQG.exe
| MD5 | bf77948793f25063498655961516cfe2 |
| SHA1 | b51247d053a49dc87ec6718959e9e97b25e0ae25 |
| SHA256 | f4df8562ab5f60f95112f147204f7ca3bcd9959907162396f6d06d2c547aa902 |
| SHA512 | e89e75b6f306e40ef03f60ef31ffc82cf0142f630e5000dadc1d15bd42a84cd412c44bfee2f944e6feabe8ef74d18915f5286dadb2a21e832b36350f64bfc17f |
C:\Users\Admin\AppData\Local\Temp\CkAA.exe
| MD5 | e1a13291d3e294f3b288ae071b647ca4 |
| SHA1 | 9c86202548d20127ba314f4cb72fcff23c7973a5 |
| SHA256 | 0485f773a4c120b54546cfbe600fff0162dea4a50560a784bb58e8554450cde0 |
| SHA512 | 8e5210d437c5c2bef04d4cd22900ce02a93fe8b482a101323747d982b6de37fa3470d2eca0806988b15edf3f38acf7948e444849cfebe8690e840a48c03f7054 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 053b7db856818033d1f126a9a07c34df |
| SHA1 | f2d772746be4d6154b3570ba3cee0fbfbd838e04 |
| SHA256 | eac60d721514bb8533c427a76f7ce3d780840ce5b1addcfeaf2f88730be6bbec |
| SHA512 | cc760025eb2c5746e9a2ae738560ed22ca0780fff1e8e76eaa01deed2eea527ffadde9965117e4ea769919bb466e31d189f6e5e550931bdd00c8522bad358159 |
C:\Users\Admin\AppData\Local\Temp\LGAkIAgY.bat
| MD5 | 9ea1a9f592d3b604bfcb35f0d296e1e0 |
| SHA1 | cf7342c6469906c88b474456a3e0d2a4972f0075 |
| SHA256 | 9f26e052b6c550397e76884682ed667c81d02a7f6650c5c07d95be41e8c15ac9 |
| SHA512 | 77d9f83b39a03261b51f072c847ff6cbbbd407ecfe7fdd380b5432e6c49ab3324cb9bd64da3a604c59e06d3728d2bc5978434ba08812267d7b9b6f00bf4d9cd3 |
C:\Users\Admin\AppData\Local\Temp\UgkK.exe
| MD5 | a7328c82ae52f27611e1b464e5d33802 |
| SHA1 | cb9670c6261c2396e55023e81ba5d6eef22ee5f4 |
| SHA256 | 022bda53d73e497c5577f1522bf591a07e63fbfc2dfeca258e4c6f103614941f |
| SHA512 | a270257860023ea46ed06b872f471335b83045876de1610d47c3e7a639f40d09f3e80e7398e9b3d900a5b5b37e7628e13ae396e8adced34e32f52e93208e7891 |
C:\Users\Admin\AppData\Local\Temp\feowoUoQ.bat
| MD5 | a6717b31258e46f5bf8c9bfa7b2c6d56 |
| SHA1 | 2d4cbd8d16d198816d0745e7fd34901f6611d454 |
| SHA256 | a5064462e9c002b172a77b1b4627a6db0c95a59dab309980a513fda48d6f4b7f |
| SHA512 | a3b3c359d912f7c0098c2384ff14f9b037aab291e6cee923f05ccb1c2a9a1c09260ba1a92eb1cc285560cae57b312cdef4f0bef9b991b7c33366f2d9a7f2e1bf |
C:\Users\Admin\AppData\Local\Temp\IsES.exe
| MD5 | 89dcf4a98dd64ac9186d458ca4fec2cf |
| SHA1 | c3bf799fe3209038644da5e84148f3352a9f4846 |
| SHA256 | e0f3b9e577cf21a2fa1fd8d9dae34d91eb5afb2edc46f417b9ee086d399d741f |
| SHA512 | 853fc66def7e6f1ac46397770a2afe66fd904dd7d0d5c9e290f7894550054322873afd18bb20140088adef570ca7f0cb0c800b2e4a698c27b96806578253ac55 |
C:\Users\Admin\AppData\Local\Temp\uCAQkoAc.bat
| MD5 | 10349fe4a02c97ffd7195d7e042dc100 |
| SHA1 | 5cbe51bad4541e17dd7aab456cccd4867da17e8a |
| SHA256 | 12e9ffb5b46897509e292f01fbb36e186aad92f623d61c8d960d265c3fe54bd0 |
| SHA512 | 0a188e4c1f3bf1a5eae42e397170b1283e8f841000d29811497b2a91c9f137719bd31e56ab0175f23f0a0554234f7023dc09bafec8e15946acae8b085c7e03c3 |
C:\Users\Admin\AppData\Local\Temp\WUUU.exe
| MD5 | ce7bdfbbc4e581aa83c4d848e297bc1c |
| SHA1 | 2b8992cec99d91383ef0b25dcf97fa891ede90fe |
| SHA256 | 584efdf3887b4cc9803808a017c864a8a8128f854471b40d005e226de586f188 |
| SHA512 | b2fcf8001c7bbcb704e6b93efba07765d9aade8a39087d4d73134594846ab4c52193f0cd27865d6f24afc6b5ab354a35c4707712900d08536ef0b39c9d390ae9 |
C:\Users\Admin\AppData\Local\Temp\Wsce.exe
| MD5 | 8bea4cb046ac32848dfaffdb48f38e7d |
| SHA1 | 608f679a0509d46ec8777675edc817302c1cc8cb |
| SHA256 | 1f6762a52c8b95a45598abf89ec2362bfc7f1bdbd29746a9123f3851c10a768a |
| SHA512 | e8b9b7fb5d669c3997b7ad40afc44e9fcb47f9d7d20868d49989e668b474b360ac0aa74180aa4ffdf61a45cb683d63190cd16753944e476fe5e8e0cca3417763 |
C:\Users\Admin\AppData\Local\Temp\Occi.exe
| MD5 | b2a2ed38d343688457d2c58d5068ee0b |
| SHA1 | d4bf6d7f2bbe4d2d28120ed0de3938f00df17a94 |
| SHA256 | 6b6a5c769719951151b6bfc9022c61f6bbe7636c54e6d0cd573d485ea8335137 |
| SHA512 | 0c63fa058a70006af17b657571e293ad54ac82c0fc4ef3e768dfd3c5afcfd7452ce2b9b32f6d05e21059063ad382cbe07616bacc0823672eed0ebfde6b661791 |
C:\Users\Admin\AppData\Local\Temp\oEce.exe
| MD5 | 3c8c7a51a95f66455e1d22d4df871b16 |
| SHA1 | 469938f1f04b349483f388cb4ceb57c410911057 |
| SHA256 | 9faf1d76468f5f13e7ace86eb2d50cd4641d2793dac8329d2224032e437c7d52 |
| SHA512 | 024279344da7400f9a21dd41c5377aaba3b0bc161cd25fd3911b84fd61bf23033fb9e1232d63ab15bbcf8176ee1c6210df91b2dfa8ae127c5f6631783eaf32af |
C:\Users\Admin\AppData\Local\Temp\iUEU.exe
| MD5 | 3e249b509dd43db5e8b08ffbe3c76e5c |
| SHA1 | ec40a094a84f4d1a159ca6efebe3ffb16fa34388 |
| SHA256 | 6cfd54506108b657d16b47b5cd7f8db7ab2b64d2d87c98b74b2e426f061283c7 |
| SHA512 | 533df2f2f897e3279db08e92548b91283f8ded8e8ed207e5ff02f82bbf4414d6bb9c82189ab1665c75ccdfc3f311c8af182a66bfe66013ab64022c0f74e7f122 |
C:\Users\Admin\AppData\Local\Temp\ycwgsQMg.bat
| MD5 | d70442e8f32540d7dca95ef9d3b6150d |
| SHA1 | 4956304834730fae6c41b740fcd8b693fcd034bc |
| SHA256 | d5c6f3ae74f8bb39327c421ae6ec4731a8ce2185e3ffb182e4777166cec10547 |
| SHA512 | 9ac91662da85d06285cb98ab812b8f1f6a7b05020dc9f8fa09310e620955457e7246e6907085f8af81d24adb7150f83f0f0dceff3cf141744fef706cc56c6ab8 |
C:\Users\Admin\AppData\Local\Temp\gYUc.exe
| MD5 | 57a3044c5c973de33aa2e158a19bfe66 |
| SHA1 | 403dda8356b65205e09e9224945ba10fb8e22df1 |
| SHA256 | d53172595b78ef18052cd206a10f2f4e9869d78ff912a6f809374171e860e4b7 |
| SHA512 | 336adbee7f92da9161036d71f1ad71daf402c72407dfa38ac6c1585f87ac4057eac7ccb49da352d410751cf520b8433aab7e67da6e4964fcc2babd2ced3f9050 |
C:\Users\Admin\AppData\Local\Temp\YcIs.exe
| MD5 | 458f00b30e43d413260bfc37d9517fea |
| SHA1 | 182375f13f760677c9d7cab19e94e1ed1e86685b |
| SHA256 | 6e707f49b97b9b4ebf037ab2981509fe12bbfbc4302841afa255bc7e5bfccfd8 |
| SHA512 | a459f843b71d6d8e82fb9f7c93680201ee6787749a26923acbded10dfe98d274ed8990c9ee2df0f3123a68a094b8f8ba7a1dde610802226b245104187fe65780 |
C:\Users\Admin\AppData\Local\Temp\ckQu.exe
| MD5 | d6443258c1057b73a47c489b97e32583 |
| SHA1 | f974a36c3df8cab7e621d674335792a0b0088afa |
| SHA256 | 676175533d57f33d67025eec28c06debbb947845c3fe86475cdcab2fe4b591ee |
| SHA512 | bebbffcc4b6eb7ba1f85815d6244d10bcc1251663e8bd445dc51bf4bc1cd578e3a332fa694ae0eba1bb5b0ea6a9e54f45d4ca343385ebf61f85f1c882e6520ac |
C:\Users\Admin\AppData\Local\Temp\qIQo.exe
| MD5 | 74e6001df8bc02a8d4f63e96a8f65794 |
| SHA1 | 33c212daf120523149b6a296f6b94e1324500fde |
| SHA256 | fff97485f0625883de9e0855f4a958613adbe86718151fae8d263464e601be52 |
| SHA512 | 5735c398ac692b34c911d7be6b3c3f65554f1d36076d7d39b91156a91af4d071fb859e1bc3a352d2d9820c52f8545511257eb2c02fa01c42fa32511a9d61ff39 |
C:\Users\Admin\AppData\Local\Temp\moIe.exe
| MD5 | f042442e4dfa8ecbef5312f234bd722b |
| SHA1 | 6037ee4c40c3084cd39bbdd9c14cc09513368aed |
| SHA256 | e7400f61b0059a3db14ddfa796d60e5fbd9bea82aa2f1555bff26603fadb0d7c |
| SHA512 | f625cff1becc39a3f20e8205832e7e69d66ac3149145a821c6a5fde1f88cb65a6c3c62792897155d88319f0be56cb6f8f8414e1be268f4e1e6e5cb711c0b7195 |
C:\Users\Admin\AppData\Local\Temp\iSEocQEM.bat
| MD5 | fb2920de7be90ba948ae702bf9cb1433 |
| SHA1 | a5554788059ef61c9e4cdc473e8738e4686d010a |
| SHA256 | 729808c40f3838abae95575376b77e884eac2515dec3968002acec8ae0e566a6 |
| SHA512 | 666d7ec5fc4da015ca2fe10f85b6091f5642ac3472721879436722786423a83016d899dbbf5a64aa68b1e192356a3bf13a6336327aa611c6ea59ef5482370ffe |
C:\Users\Admin\AppData\Local\Temp\NSYUgsog.bat
| MD5 | 2232c8747cae11932621b6b438cc39b6 |
| SHA1 | 6e974c3ed2eaea4dd294116e1243cc075f0254e6 |
| SHA256 | 8bd8c286deef4e924438172166f824e19ae000afbb729fc13c2e293c121fdc96 |
| SHA512 | ccd7cd556f75312bb4ee8920c1df4a03394e1221c9a61bc8928949740260513798cbea0bc44f8a45b427612fdf6b8f1afbc536f380c1ba53f9b0cebf75e0160c |
C:\Users\Admin\AppData\Local\Temp\hEUYQMYA.bat
| MD5 | 91670f31fd7e90beccf26649099269de |
| SHA1 | fe0b1f57213d90f357efcc9942ab8d32af9c6e64 |
| SHA256 | 1b07c142ed42fe6a9087323711ddf524a18d725036fe388a10707f56d806bdd7 |
| SHA512 | 4f308ba954a25f8a52243ac89c9814dd4ef90962308f9a64f8ac191e91c41bc9b932e4872f37c3d1cb7dfbf0246290f9a5b0fb56948d3bb52a9abd08170234e4 |
C:\Users\Admin\AppData\Local\Temp\dSgokwkg.bat
| MD5 | c17bf0cb07beb462264e9f19743ee734 |
| SHA1 | 695d3a2f23be6fbdb03039d73d9357bda10a68cc |
| SHA256 | d800a4a7a15201ea88062ac07c8fabbcf26b978d8c8ec644c75cc6d051b5228d |
| SHA512 | 2c1c3dcc2e49cde0e73136fbfd466d3191fd54170160fdf539e365bb4c202e93f1576e0d46d05636b86de5f7f00633b1c17b5f161e68ffb6d6c156af97941563 |
C:\Users\Admin\AppData\Local\Temp\FoEgsMYs.bat
| MD5 | c0f073d5569fd3c02d6c3f3408d29312 |
| SHA1 | cf1d5e5f567cb530f93f991882a5a9869c35876f |
| SHA256 | ecac7094b20385f923f461d6d94bb71dee239f1f9368200a70543fab14401704 |
| SHA512 | 57b6ee9410431490591ab3f7d2e7f35ea8bbd5c2d49b4e859efbca5ddec46ce1fcedfefc1c7b6f99e38cc683451535808cc159b9b60dabcbe9a6058940e57173 |
C:\Users\Admin\AppData\Local\Temp\esUcEUUA.bat
| MD5 | 7b122660357b6c63081834911b5edec3 |
| SHA1 | ccc63c24d46d4b8da6bd5994d77d5ba61c0af578 |
| SHA256 | 4b12bc6e5bec9721e79873a3058bf828dd7a526e82158d90d4bb4fe698e8c419 |
| SHA512 | dcf73fd1e9d6ef036b861ffc969e16ee9827b5b7274268fb89ea4d7a3ca8df5b99dcb7c433e5280f2206ba2463346a7d8b4ace89a13c53fd2396aaa573581598 |
C:\Users\Admin\AppData\Local\Temp\yMQQsccw.bat
| MD5 | ac6ef23e771ed07b817ce284bd78ab77 |
| SHA1 | 31a7a63c709026d503e5aa9e6459272b267c68f0 |
| SHA256 | 24ad9ec7705382c7b3993b54e8b306409b868d6bb4e6f6f0321f33f21117a8a4 |
| SHA512 | 5abe3874ef182a58bc6e7d2bd967239c0edbd672159d51afd776d7c313da725fa8f7c6a8b0150551068053bbe7fb24ee9f83373f1be50e41d411dc087dd31df7 |
C:\Users\Admin\AppData\Local\Temp\IwwQIQwY.bat
| MD5 | 04b53e93e4f2cb89c3e531f8ee571ee1 |
| SHA1 | 83252750fdafb8461fccd0778d7f73c80c536d78 |
| SHA256 | d702a1fc3a5782ad31eed597ed82d10c662823ef5671549d05865e175e8648aa |
| SHA512 | 952f9dcac4a2acd16c6c5b54e8dbf74636f40acb8926d89a73e9d197c169ae5a95a96bbac342e2d887555540bac3d8927c2594bbb9b7712a03318609b6142095 |
C:\Users\Admin\AppData\Local\Temp\AKkcQMws.bat
| MD5 | 1f70bbf50c471cf097860aa77cfcdb2f |
| SHA1 | d7685629966f1c995eb3a12b6cc9c5ac830715f5 |
| SHA256 | ea9b3248b2c75c021d537dd724d29f6a42befa1ac4e210e7f889c46c094b82f9 |
| SHA512 | b58d66047beb9a418f5c193e835a415d35e02f5a2a5b1696dc966aed1caea33e99b55bad1cd67cbbd20d1ef3d654c22c92b6bd79525d10be7872012dea5e8334 |
C:\Users\Admin\AppData\Local\Temp\REkMksQo.bat
| MD5 | 01c0a19cc2ecda6c70c2a99efaa65cff |
| SHA1 | 6160d6eeffaa3583091490305e777808e4f6b2f2 |
| SHA256 | 46ae5d309a95457c61876826395da4aa9ddbb245528cd82305645d881ace5e2f |
| SHA512 | 770950d81acf7b730723c6eac6a0eecce7926aac82155ee265f8551e14817b29493b814f57c1155b3fac8378cbdd43ac0c7e776cc4188da4b442fc403d458d62 |
C:\Users\Admin\AppData\Local\Temp\dCQQUAQQ.bat
| MD5 | 1e023b312b6152549d8438fa7abf391c |
| SHA1 | 565df4941b8a1c512600d0de3e30b6c0ec8b3b96 |
| SHA256 | 2c4b78e61eca5ff59f77dca241890652ec50ade667a62e8c957fe8ba3b0984d5 |
| SHA512 | 4d30e806e7a4b1fbc98cddac3e1fe79466aaa1d8f6cc229972a9f787eebeac45cd9bc25bb8cefbb5b618c81e89cbcfecc885b7a8df822592eeb5acc61867f983 |
C:\Users\Admin\AppData\Local\Temp\RaUgIQsk.bat
| MD5 | 303c477522e1da68ade103de45df7f07 |
| SHA1 | 43f5d14d902f6b22c2acf40eb499fe9bbbd9a22a |
| SHA256 | a1260b9cbdfb375d5aa71eccbeb2f15f6a1bcd4a6aae3ff66e55ebc18a5ce051 |
| SHA512 | 0cd7115e227009742334d59329f2052ff52e6a4eba5938475cec3837914b2501702f3aeaacbbe7c042be01652c6fa739aa032646ed827c57fdcf1cee5ea35e60 |
C:\Users\Admin\AppData\Local\Temp\FugUMEkQ.bat
| MD5 | 537e3e3f6dcad46d0ed16da0c5b33762 |
| SHA1 | 83d737b314ab211e56822467d702061fe36e9cb0 |
| SHA256 | 08122cbe956d369cc9ad8957de498db9f80488a7a01b491f7eb911a007c2894d |
| SHA512 | 98e96046c334c6c28e53cd6699d031b519167785bcc32de74956838831cc4ac4e98326d125ff73b3d390043f1d8b0be11ec0593096141e2801e77337bbfd8f2a |
C:\Users\Admin\AppData\Local\Temp\QIgIsUQo.bat
| MD5 | 08586e9bfe8e07439c9ec211e23cb853 |
| SHA1 | 001c7e95f236002df25b10fedf773cb15555c6b8 |
| SHA256 | f95507878e2405ce600a6298b9d5d0f6d7e06b254095f6bb27a78473be21342d |
| SHA512 | 3b21244a00a0a4018e9d3f42d1bbdcaaac80a24e5ce675fa7c0b060302a721a32b2de49e1a994a600e9871246e52c0f1b25284e41e41cf2f6093a22289a06d3f |
C:\Users\Admin\AppData\Local\Temp\GQgkAscQ.bat
| MD5 | 5aa9f242c57920083fb717044373b54e |
| SHA1 | 0f4bd41e29b8f776ca298caa038dc6f08d0ae827 |
| SHA256 | 848e5eaef496440c27d88a386bee5898f734e7ed83a16c2b7152f1e1103b45b6 |
| SHA512 | 31141714056ede830fb4612ab16ad89df27f094873bcacb37d69e421871453472072406612a83f9c3be784d93aef6dba0c9250c6ec910cb1338fc66e6064ac13 |
C:\Users\Admin\AppData\Local\Temp\MKsIQMgU.bat
| MD5 | 14f713cc7affbf50a9de3da89766e1eb |
| SHA1 | 8052862440433365a698fffbfcb729059f0111a9 |
| SHA256 | e98366d0718180bc89d25fefa0de85be7405ef73694c25bcf2bf9cbc0ad79241 |
| SHA512 | 8383197aef65d3a58da6905682b5653ca04b61eb233d5594fab6916796bdefabc5fe588b3041df7bf1ce354c4c254045983582d1984c632b5787c67d52f5e91b |
C:\Users\Admin\AppData\Local\Temp\OeMgsgsE.bat
| MD5 | 70f7d2b89703edafbbf100aea139cfcc |
| SHA1 | 3f7cc5478eb53b4f8a63fa277adc9591489412c9 |
| SHA256 | ff83483003ac06cc4b51a59085e7f0a94ffdf70f7aab3f32c0ab41e4cff5954e |
| SHA512 | 4e0834213e59d892107838505d04f25c1dfc3e9bbc59702f7f07a5a0a5659131a4dcc32aa7206f569408921333f0e814b85296772fa4a807698069d5c5966ef9 |
C:\Users\Admin\AppData\Local\Temp\dOUEIsgk.bat
| MD5 | 28f8272f4799933cc6d75e37973abd2e |
| SHA1 | 0dbad0a3a724cbf4d9141a422be44946d8fdb5d6 |
| SHA256 | 3cf506a8eaf19ad8bfeb7945e167e76618d9dfa5613edc79f15716e726243f08 |
| SHA512 | 30adb5ae63173580629fdf20449e898257928a7310ab7ebe3d6575d4a5a751e5b28d39fb7238ee6a7ae51e8d70b2fe5a0abaea47152f04c1ee8c50f2e2521518 |
C:\Users\Admin\AppData\Local\Temp\tgUMEwos.bat
| MD5 | e2254c84f0e316c5ad550ba554e13cac |
| SHA1 | e2e45fc7c41b1141042f8eea73405570dc4f1b6c |
| SHA256 | c1e227771037e3594a20dbaf1e0a66b52a2a90773e351577efea0c8290e82fa4 |
| SHA512 | 94f8290933b06ab6811c2f1bf42edc87fde9dc97c3afd7f006bfd06c1e3580ad24b9acd885f303911bd6f68cadbdc47d1a3e32fafdf0b1ba218066bba0624ab4 |
C:\Users\Admin\AppData\Local\Temp\TskEEIQk.bat
| MD5 | f2396f34315bb00963eede18168ca749 |
| SHA1 | 69a8908dcb20216b1d125ca0da0c4569038c3f31 |
| SHA256 | 7c290fd8ecf73b943e1b7e0f126d1d8c2e4cf58d99f5aa681a47bb19d9611919 |
| SHA512 | 3a570e859f8bf57fec2066c668d285baf8ff1143a660c1ceecb76360906091cb8fbed2a19b683ab227783139ab9588fa5c58975a8272a554f6d611180a31e204 |
C:\Users\Admin\AppData\Local\Temp\XeckIYAU.bat
| MD5 | 5968eda94211ea849b9479681a4a0c54 |
| SHA1 | 56d364ef477b2b17c9f6bae158658377db23e4e8 |
| SHA256 | 3fbc0c90158cc166bbcec4b9fa99ec18b1c14492b8ed219801eaa0946bc73a80 |
| SHA512 | 65f80bac4ebd511724add0efe161c4c20ef9abac510686b4f0e36e2d12681829a23c2f60970643b788063396708ccc1a24352b069ceafbbdf3f1dee39318facf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:38
Reported
2024-04-03 18:40
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (87) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe | N/A |
| N/A | N/A | C:\ProgramData\FiscYoIc\QIQsoIUQ.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MoUkgMMM.exe = "C:\\Users\\Admin\\IEIwMEkw\\MoUkgMMM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QIQsoIUQ.exe = "C:\\ProgramData\\FiscYoIc\\QIQsoIUQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MoUkgMMM.exe = "C:\\Users\\Admin\\IEIwMEkw\\MoUkgMMM.exe" | C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QIQsoIUQ.exe = "C:\\ProgramData\\FiscYoIc\\QIQsoIUQ.exe" | C:\ProgramData\FiscYoIc\QIQsoIUQ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe"
C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe
"C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe"
C:\ProgramData\FiscYoIc\QIQsoIUQ.exe
"C:\ProgramData\FiscYoIc\QIQsoIUQ.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xoMAAcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EiYssEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iuoAIQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cWgkkYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cIQYQUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vqsoAUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgEMAsos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCgoAooU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BkYAkMco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cWEQEooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSIccwEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kYUAgQAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe ba1ef31068c579494c4332718ff9db2e StmLDFRCtE+K7Ag/ezBIAw.0.1.0.0.0
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iQgQEgMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dWIoUsQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VEcUUQQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VksUUQYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMwgQYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eugYkwEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MQoIwQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YyAMsYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aUkYEUIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYsgwkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JAcAEQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWAkYwoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSQoQskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AKAoQksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wukcggAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MooYkcUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ikgAYsQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\noMgQYMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\posQwEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RGkwkMAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aqAscgsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WckkcUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iQgskcIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zKQAIQEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAcYsUMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NggEgkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eAckUgko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wCIQcUMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACMIAoYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cwEcAwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqkoIgso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vyIYgwkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkkoUEoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JAQkIEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyMoIIQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sIcQoMoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQcAIQoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RgMggcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JawEIEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyMQMUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgwIoUUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IYoowQUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IggoMgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmEgckYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYcMIgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUsIYsMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgoIkocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAUwUcww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cqMEYsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YeYgkwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UUIwMMIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EeokkYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NaoIEkAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUkEsUIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DuYQoEcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fsoswkwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwokoEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UEQksskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McgIscUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAkggAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PaQscIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tYgwEkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zeUMAQoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYssgYcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEcAUsUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgksscQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmAcMMYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bmksQEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAoEYocQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DwIgIgYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EcogkQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOQIMIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aUsIcEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JEwMgEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAEsoMoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOQUIscA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jOwQYoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQEYkQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKogAwUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqMMMEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWwcsAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hCEMwwoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZEwYYEQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CwcoIIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOYcoAAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEYwossA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GQUwMkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| US | 8.8.8.8:53 | 38.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/4448-0-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\ProgramData\FiscYoIc\QIQsoIUQ.exe
| MD5 | 2b8bdd16752446b226fc6267f0bdc654 |
| SHA1 | fbfee0374a8df284a379e1ec6f62e09b5123fd2f |
| SHA256 | 6ca45e9595383ba6902e1d67e515837cbfb9b62a350bb2b9e266255587acd61c |
| SHA512 | a74d391b21a919c8a5ff34b7b9a2efc6c9ef5efeb8511b67afceaff16dc04231bc5a183b6040b06115b903bd42dd056f7f2f97a60f78ac3a7f10fb9e076c9df8 |
memory/1772-8-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe
| MD5 | 4c29c5561cca29d3cd95142c613d527d |
| SHA1 | 1be19f4f50fd7e2c8e9e1d53190e0c5e14cb96be |
| SHA256 | a2bbddd0a8d8a733b305fd88a692a77905ce42f0d0b525c78e55015cbce305a6 |
| SHA512 | da816890d4681923f44b2911491c86295077581502750bb98e4dc3698738cdbc48eec97be97c60618890468abc4f9253c3e154e2acbdf5460b10481d507c4666 |
memory/2156-15-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4448-20-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3340-19-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xoMAAcIA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock
| MD5 | f2271fe569c058dc724d9b9e53811e31 |
| SHA1 | ea276fc14127875413ac387f017bd2291a987f4b |
| SHA256 | bf0074851e2435a255b512e502b831ed2c456774971f8fc57004d597769364a6 |
| SHA512 | c324428534f64879aa17b190206e538066308486d95e9fa1b8b7238bc79067042717c232034ef8926376b72d3123be169852b05bfe58c7f69887245d91e5b53d |
memory/3340-31-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2740-28-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/2740-43-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4196-44-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/392-55-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4196-56-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1472-64-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/392-68-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4456-79-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1472-80-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2640-88-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4456-92-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2640-104-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3276-101-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3276-115-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3964-116-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5080-124-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3964-128-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4308-137-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5080-140-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4456-149-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4308-152-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3916-161-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4456-164-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3916-175-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4636-176-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4636-187-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1140-195-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3592-199-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1140-210-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1604-221-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1864-222-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4652-230-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1604-234-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1760-243-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4652-246-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1760-257-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2428-258-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5088-263-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2428-267-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5088-275-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4452-283-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5072-284-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4452-293-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1792-292-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3812-298-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1792-302-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3876-308-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3812-311-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2684-316-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3876-320-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2684-328-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/628-336-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4964-337-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4964-345-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1200-353-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4132-354-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2304-362-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4132-363-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WAsY.exe
| MD5 | 27e13b020ff55fd593f513651aa01d12 |
| SHA1 | 34193776e4f0d7d7befc5014a77ae651e21cfeef |
| SHA256 | b3799e1f43966120d9e25c9c43f9bb9d82d14f80727d8101ff190a8e07626363 |
| SHA512 | 3a7da31a32cb924188d4bd1313a33db5c4b247f94484a9ef360c01027db37010a57a8f2c6a3763fe316050c6938fd12eab8e7195ed516948a19a4816d4438c17 |
C:\Users\Admin\AppData\Local\Temp\SMUC.exe
| MD5 | 6e257f8dbbfc5013d88bdef33b2f031d |
| SHA1 | e376a63acaba3b3f41fe54548a985ed25ddc735e |
| SHA256 | ffd4032915ef383496f9d5e6d5e9d507a81097d6f675f83d0b9ec939836b4db7 |
| SHA512 | 200e2e6f38da9cfc38ad056281a1d7b47eb1ba4528e1b7bb69406f59c9d6d405875fc3a1872ec39a9dbcda42ff6501c14a9f9cd3de0745e394777722eede3bd5 |
C:\Users\Admin\AppData\Local\Temp\EAIy.exe
| MD5 | aaed4e911a23480d040d1ab1862af2b1 |
| SHA1 | d657df35db027ac65a080e6f9cf75d4fc9bbbca2 |
| SHA256 | 8d6226bb48f990c9d6282b8f7c4f9998aa5edffae0b7c7f05f3e152e0f133677 |
| SHA512 | 6acd28d2e708bed40479311bd21eaf7ce6ede8452a3a1120a3f7e2e7290998f6ae5c0ee707ad94e0776480ae74a1575f0d08e84da0fa0fd7bd210f22c345b345 |
C:\Users\Admin\AppData\Local\Temp\Cggo.exe
| MD5 | 9892fd9f738d96c64ddd9cdfbf3eac79 |
| SHA1 | d44fe9d5366dbf860f01bceb8eff8f39c41c0b3d |
| SHA256 | 6bcb9be45e570201c0398e26f321ecf8ebb03e26f54b8ba9b7a391fbee9c59f9 |
| SHA512 | 09b67ad6256e12bd049ada6b8886f5bee19734a75bc5dfbec4bb56d7c2dbcaf7e91be2896defb7070e25ae3438c16154b1d1a34e8671b7631739ba1287e06b41 |
C:\Users\Admin\AppData\Local\Temp\OssG.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\awEc.exe
| MD5 | 5e49f2d166c56de0d44f32dd1d0ffd8a |
| SHA1 | 67b77470f8f6ac87c19c6b5e14eb30cf57ceb36e |
| SHA256 | 5ccdcddc8658c69b635aee24aa2092bb965ac08c11214d2bf1e7ca8e108a2b21 |
| SHA512 | ef7430484311fd0c9c969a17b7bbfc5495b72d9e4b9aeb53aac05a2f4fb4a137fa992ea0b52830c8c853527a40f0cef5dd779f900f80afe0493d7186142fcab6 |
C:\Users\Admin\AppData\Local\Temp\yIIq.exe
| MD5 | 0cb36dfa7c9928f08ad130c199a245ba |
| SHA1 | df540be7557c40ec70f51e63294d17a731d0b978 |
| SHA256 | d7379ce3295926c15a40480cf7ac4f229ed27b686e245f852e9a7a1baeaf5e5d |
| SHA512 | f1ff5b9ad513256c4f34a3b2e3b0f9b5552604f34b9c0c98545ba5c4dc83b9b90d3b3e442e8a84c207826c378dbd2b643b66854d9004868dc7ae0d5aff385798 |
C:\Users\Admin\AppData\Local\Temp\IMkM.exe
| MD5 | 1031802572110dc962f21d87561b812d |
| SHA1 | e5e5e860a27b0b4335030f13b7942cc83a90b0ef |
| SHA256 | 1618145784b5640cfe1e81c9186cf869772345eb86f663f7ef5a1d7a1c35c5dc |
| SHA512 | 2a4f81d74c5021f5b3da43a6d741f57c2fa62bc2ff61b39a008137e1c4aaf43e1d23003a6315c273641d8b91680aa48971157b170339e5ced5a665b18005f87c |
C:\Users\Admin\AppData\Local\Temp\MMwk.exe
| MD5 | 75e09f0a792c13851d8dfe0a73a28f8e |
| SHA1 | baf105a1591ad022fcdac8f7a7e58e9fa26e504f |
| SHA256 | 706df0e78330a1f8867650ec58b72ea48bc5a869a286a797ffa57c5ba524f7fe |
| SHA512 | e69a8da2b6ccf7217e5d2c944976b0102060832e5a04f47f26b623b8246d431e47dbb7c3c8614fcea43fd22309bfb90ce318a8089fe0d5683f117ea9a915059c |
C:\Users\Admin\AppData\Local\Temp\OkME.exe
| MD5 | 623390d6836689c74e013eddf3fb3bac |
| SHA1 | bbb91397dcfae0ded91bf3d714675cbd1084ab3a |
| SHA256 | b1cf5c5b4a05bd62c3809195b60a9942fdeb4ee5a3d7fd28a7c783f868a84621 |
| SHA512 | 4337a936c41c9a45423dbe59fa720e44d35d18335ec4102d1d55c2543b600e7fa9044bc8c42bcb3d417403c44e5d3d6330df5de1722b6ebcdb332f1a2853749e |
C:\Users\Admin\AppData\Local\Temp\yowQ.exe
| MD5 | 38de82e0a549cc8e5eedb0df14f9ef4b |
| SHA1 | 1434a5406b7779ac50b226c92ecd6b129e4237f1 |
| SHA256 | 9855192349e5c61495ff97d81b87b280f72cf361c2ffb7e39e2a1d986d64850f |
| SHA512 | 92c57611826a31eb997f6c91d9b319c61fded9ec549e31cbe40145b07e3b35842fae2a0660ef3a16314b73e330b9e8b6fd00302e94f5cd48e963b4ba82ab3f38 |
C:\Users\Admin\AppData\Local\Temp\qMou.exe
| MD5 | 4de53c36d2be4902d9cb9a270b872e24 |
| SHA1 | 8bd0aafcadfcea47d45c65ad1d5610cdbf1417d6 |
| SHA256 | 0aab7a4ea28a36e42f8ad2892acf0da14111e40897b44141120a365525eb6677 |
| SHA512 | 225ce0289aee71bcfbeadce027bbdea392a37e5ea9f1de220aaadba6abbf68e7470b5fe5fb74a3eb30b515bb4bdb4e47b68fa615edc266fa126cd91d18b6f1e2 |
C:\Users\Admin\AppData\Local\Temp\msIa.exe
| MD5 | fb2087ccee9cc7beec13a72ff5f94c9d |
| SHA1 | 9c4dad6d134b392f5cd89318b7d19b25369e681b |
| SHA256 | 1f0d87388e8d5dbb9b836bd633015a7890883bf6150c658d51ce197392063002 |
| SHA512 | be7f297b3bcd7784cc2c2c7f64bcaa223032647c1f263b5d55d70b007cf6b4402ead5043652a2aafb26fe3f0ce280ed393749817c71073f6e43c0aaad320c574 |
C:\Users\Admin\AppData\Local\Temp\MMwK.exe
| MD5 | 477065def6e6ad02081d24b3c6428f14 |
| SHA1 | e5e27bb06765a06796507bf015216d86dd8ea5fb |
| SHA256 | beede4f923dcdb6fdbc761ee00ee027acc553578ffbb2d64e281a28d7934d88d |
| SHA512 | 35aa13fb158f886f71ec5b77e7f698fd83450ae91d5f1f49fc9aacb96c16606b65b3925836c76720b891a7410bd8be2a9b03d0c5ba75469bd7b6bd8193f57b9e |
C:\Users\Admin\AppData\Local\Temp\ogcc.exe
| MD5 | 31f5ebfa99ebb66c5c2f29b544832f8e |
| SHA1 | 94426d91fe51ce0633887c21a7e114a4678629ec |
| SHA256 | a30d0a78c89e2f5ab82baff79913e57f4f42d0f04d361ce1c0c826a6f3fa52f3 |
| SHA512 | 267c2317b31e36898614f985ecd37c1e2cbbf423fd6256935962becf9c60833a08ec5da17fdb7976aa6acb5764072ebdda05f345dc9e6f9ca980ade7b0879b67 |
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
| MD5 | 5418a8593a64f8ed851ebb1f5f0f4859 |
| SHA1 | 69148380a52d38295be3ee867ce876e9e6a294c9 |
| SHA256 | 666f32b16343944250ecb12f1f688f0f5cd7c542a4c773f38ae0ad7b1a211bee |
| SHA512 | 6b56cb83f8a547e650426f20f0aaf7cb6018173bdeadc4593c906ae39e4090b446ff8a420a3683e017dd98feb7cca43859250e496c28d95de278bc70554f7f2e |
C:\Users\Admin\AppData\Local\Temp\QMIW.exe
| MD5 | 737d44fa110497ac7fd632bb92d018de |
| SHA1 | a04c9b74c5ed071b06e402ef3c053ba4779fa13c |
| SHA256 | c26f53318ef5e3513c6ce0230426a5b78642dfa404635de0a840a1549724cc92 |
| SHA512 | a5fec6fc7c2b4a36ba97d5b7161bee6c715cae68a9f9e581b14af04909e6fa644840a93503aa9aac81a18f6c4df549dc0daf009246fd3a926d1ef32e7288b24f |
C:\Users\Admin\AppData\Local\Temp\sUAC.exe
| MD5 | d160e2064906d871b606c054fd2340eb |
| SHA1 | 43813e06f467478b76b6e50192fe94e4d5bede3b |
| SHA256 | 772e800c61821e572f309f7f70b1f186bd3114ed1cedcd2acd1e47adb3bb9cf5 |
| SHA512 | c1b5c1d8b1ab766cbdba5dcade59414f90ff30210c2a417e5cd60b96e6d501be096e250492e67728b4f374f17279b0f43f26cf4fd8742349401671fd24979fc7 |
C:\Users\Admin\AppData\Local\Temp\woEG.exe
| MD5 | 2c9a2bf5788a641f41df56062ce4b43e |
| SHA1 | d12d983874ff21f73acc004bee5a884f0298e61d |
| SHA256 | 5fd9755568370af72e894ebb2d11b2faf5d0af4ad1f8261afbe4baa237f8a11a |
| SHA512 | 801780ef6874ba5a97b900d16c5f080ac56089e28df9379108717ce16c9e8e5f61296f481d862ea1803c922681b68555a3c3917aadc867ff7fa983006a423a24 |
C:\Users\Admin\AppData\Local\Temp\QogA.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\cwUa.exe
| MD5 | d14582ba05d4201eda007ef8529dd377 |
| SHA1 | 9a61aa17328e36ca7d67ef17e1768e5f8ccc53b9 |
| SHA256 | 1aa0ea51bf88db5d75fc0e2134f872069eb24f8590428e5e1b56113eba0bdff2 |
| SHA512 | 5ae49a3e4de744693450d7cff72ae52ec7020e1ee43ea42239833828332935afeedd076321cb88b5afb5dea277ac1425771473470a4507773adc9a93f95d3152 |
C:\Users\Admin\AppData\Local\Temp\ckMa.exe
| MD5 | 2df52f520c6064f2b88091298747cf2b |
| SHA1 | 639de755250bb2ff6cf0c042b37a9edd18689285 |
| SHA256 | 1a847080904db9d4b0ec45f03e352fb089708f6c4b70144231b510d8b0a7b6a3 |
| SHA512 | a077ab1308e2fdca12e0962953a141cebbf9a2cd49cfde64dcef15775baffcc3ee242621d72bc65fb1e7b8108b49c27af01e9b6939db6d9277c608c0a695370b |
C:\Users\Admin\AppData\Local\Temp\wIcA.exe
| MD5 | f178e4759b3ac31d11cc7c6f76c50e71 |
| SHA1 | a20d068be8aafae13962223f5f95bc803ddec0e1 |
| SHA256 | c800d1a0cf2f797bbf4d57f4033eb584deaa8b64b1648344eecbd0b98e8fe9f0 |
| SHA512 | 9b94a2efe3a502d627295a7a13d19ef2193992a1cbeed7056a8fcd3d0b126b1b588f41d4e0680826c66faa835df97777aeac70c7097153a800ee13348fdc7cc6 |
C:\Users\Admin\AppData\Local\Temp\mkEo.exe
| MD5 | 43e7d8cf6cf27ed90485e23e08f2baf9 |
| SHA1 | f755343d9006d905a0ca003df2ca2519a2d96a40 |
| SHA256 | 6c048411e5d10fde4de7453f11dc26c87506149772a56e6aa9d7853b7cd23d80 |
| SHA512 | dc1b03f6ab7cc481283cabe732c80f12845393d32c5ef071c2ca67f137c5b2b32fbea5ab3543d1b6a6cf923fdc50801958026b10373d08cae8cfea02fe96c102 |
C:\Users\Admin\AppData\Local\Temp\wUsu.exe
| MD5 | 4969d0db0c919807aa20e66309396521 |
| SHA1 | 8a7ab84ed10887b0234f76e6fd59e0e92fe2b035 |
| SHA256 | e760a6dd660f184add15c190638cf23b8dd14902f5f1d454ad7e3f1a304d3d92 |
| SHA512 | feb187bb74f317fa8f21e4e0e48f5f917e77a7e6f97b6a44d8e2e0d1623043e2ccc06e998e9d13efe58d339c625623a5f0343427716d6caca75a916eae1a9188 |
C:\Users\Admin\AppData\Local\Temp\YksQ.exe
| MD5 | b9a5ff2563a25315dc0a5e8a4196775e |
| SHA1 | ad6bf8414b9ed9f4983ad43470e96bba5f413967 |
| SHA256 | b23567330cd67b5b4d2ea716f48e9229237b192c01e42893837ddb93a75d8ace |
| SHA512 | 718bbf96b21840ffdce0d7fcc9063b1bdbd8cefc89563c94be95c5ef63e0b7f60a3687ace08e11b0f21cdc375a2d8149f9c5e94eb4ca364aeb084c37aab1007f |
C:\Users\Admin\AppData\Local\Temp\okIm.exe
| MD5 | 0f18ec76d5463e54d24307ca6a92003d |
| SHA1 | b66935560d29af6081b2a9baa6c8f29406feb8b1 |
| SHA256 | f77cfff6912b5757d7bde75403e7e803ff5c14df496f21841244a7e736df057e |
| SHA512 | 198bcd764c8d96dad12fe1c9d9e0d4c5cc812dceaadc3c45893e82cf4a43b309a2fabeaa9e679e08525288b8e2ffa73f7fcf1ab56eeabb79d5bad34f3517bf58 |
C:\Users\Admin\AppData\Local\Temp\Usky.exe
| MD5 | f798904a602655e5e4890fd8b447c90f |
| SHA1 | 71b14db763ff68666b1e959c63ee028f61dbf349 |
| SHA256 | 5db0b04abe25a1a7fb7545d2467674728bcd761fa33e78100168f10e2412f8b7 |
| SHA512 | e2948dc1988cd860ed281e08b4925fb05b293b577541ffde0da6a7770f222f215529401fbc794eb7e0298222d42df22b352e87da2f220c9b11aa03b619c786ef |
C:\Users\Admin\AppData\Local\Temp\qEYS.exe
| MD5 | 6ceeefb085426806fe3b7b773dcb3655 |
| SHA1 | a7f55447313b4dc6f2b609122396ee3ef3511fa5 |
| SHA256 | fda3b5abe63f35aa0219a888d84aa55a432b3d5d637b2cf00af1b180836c2df5 |
| SHA512 | 81954c8151ab65b49bf9e430a584bf344b593640bd8dce461db73fe794b6faeeef926ec56bb7bd9ab72a4849dc36bbc06d165656d5ed44476ade8fdecdce8eee |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | 63a09d4510d6f9906e03d8f60ec0b6f6 |
| SHA1 | 0b44d38847ae2bbff209e627ce5c8349537b1779 |
| SHA256 | 7f211de7a82a2bc6f5add17bb84b3223d91baa77a0a15de07028d5c6bd2b3941 |
| SHA512 | df14a1402cca061c3781b6a11814fb73456217371ef8bb3b19d41d1a09f1aff4a7788cedb9be21e5a445ed208f7fc89b30ba0d8c0bcdee4311f847a451d7cf47 |
C:\Users\Admin\AppData\Local\Temp\CsQy.exe
| MD5 | a25c796a1f47a71c1337b56b41b30bd4 |
| SHA1 | 0968501a99b56497e713b8083b1c6751cf168222 |
| SHA256 | 16cf5ae224f3369c5541dbcc99e2e07f0459fecbecd38771700b14a3ea33fb29 |
| SHA512 | 35db81b2e1f97cd90a5acb98a070f3cb54c6815594f7ff34d62442ea542e5f1c823ad97cad1824450248c79f8b135c4b3850ccadc7fc4cb7ea42865033bb3904 |
C:\Users\Admin\AppData\Local\Temp\KAwA.exe
| MD5 | efdacd13bbd244249c9f74992169ed84 |
| SHA1 | 72af4e58b90d8987661b3fddd295894680ba367d |
| SHA256 | 93a5f340d734a8ecccce22b916ebfe56bb9e63076365e5d7315ad885d803a1c9 |
| SHA512 | 1d6512ea22c0c584931b830bf7aecb346eab1d52839093249b5300ca6d9abe7cbe69629ec1ba78b7d37e8f5a67fd8b4e734ca3bbb09cfab942837f6301bc8d96 |
C:\Users\Admin\AppData\Local\Temp\YUke.exe
| MD5 | f09c159852482e983b6fd261e824cadd |
| SHA1 | 462e147f1387c1688b32780829f887a93a8cf517 |
| SHA256 | 0cc4d0d0961c948996c2ca07dbc1582717b4de2ce2c901d80b88b7ee2fe84eac |
| SHA512 | f09e19fb2559ed9ae78c4706908ae8f57b82e6b804f7bb5785400846fe6cad67b29a3c4bfc008661c7836fe624289c4fee2d1c5b4ddb02171161e0e75877bfa4 |
C:\Users\Admin\AppData\Local\Temp\agkO.exe
| MD5 | 5f44588bcd26e57cc28b70d6ff616ec2 |
| SHA1 | 7818d82228aa1188d99c1c08a0d0fcc8446ca777 |
| SHA256 | fb6f7338ff1b997ff3096c75e790003e247648bc41057c831639f0116d4e96f9 |
| SHA512 | 541e8fba64360b3c3e50c6f96fa982ef9df79b75a9ee734e43482e252562236ddfdbe96ad83a54418e9a7fc25f0df9b9451331b2b77fbb6ce4bef2eb2cb54679 |
C:\Users\Admin\AppData\Local\Temp\WgMw.exe
| MD5 | 2bdcfe55091778628d70b4814f081706 |
| SHA1 | b3ccf9e824642c3a1dc0c5521e1ddaf9a9eb8598 |
| SHA256 | ea6ea39b06f6334eee4d7dfae2b0cbbbeaf328e0f8e895397a037743705860c5 |
| SHA512 | c7efdda0c3af3ff8c202f4eeded96e9f31a1f63448e7646b2220bf2d2cd3ec2523c90e611d70f6e643344a4e518ff75e42d68856b08091fe8f70850c67ed4dd9 |
C:\Users\Admin\AppData\Local\Temp\scQa.exe
| MD5 | 8f407bab3c816afb0f494bb7c06ef152 |
| SHA1 | 98b8b3596d9c3afd86e0d0003d985e68bc6d78ef |
| SHA256 | 122f8fd2ee25953ba90b049e839b0ad9dd653f1136927e51dac168fbe32bc68f |
| SHA512 | 6d6a5243105c9cd50a5f1a82d3d65a77abd3c960f789e4ca8b41de7e95ba4ed062b7720a2463491c6587d4629ce77e1ee6a999410badd0d03788e5b13db7dfc0 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | 24aae54109040a065f7cae6ab786d6cc |
| SHA1 | 4e418eeeef43a5ff97f5d10043ad7fe85aabaa81 |
| SHA256 | c5cf0a5cb2321b1c68b18fea4d3502c10ebfa78d61bfb396336ca86061dc6e96 |
| SHA512 | 29add759a93810432b4ec0f656a5b67b791be5c36bab91cece8634ede6b0a01708a10b6bd281c1df957fdd1dc5915824cfd3a5f58f64a824d7c0d3a9308994c2 |
C:\Users\Admin\AppData\Local\Temp\KkMY.exe
| MD5 | b72d9c61eff8f4c43bf132863d951420 |
| SHA1 | 3b9e98b39d88f920553a94b5d99319830db5312e |
| SHA256 | cf29b8da21eac66a31fd68640edcce49a775a09ec0ce9ad525a3419e47118b4a |
| SHA512 | 998d7d2e407e187633f7961370cc33a5470e26efc8ef7e3d142657c5949cff8bbc1b12145846209f4741d9ce8e0b2ee0d2126415aff882095a6905a4832beeb4 |
C:\Users\Admin\AppData\Local\Temp\EAgc.exe
| MD5 | e4c03ea2631500ab6fbd66ebaedf03fb |
| SHA1 | f7aa83dd8fe83322d8f548ce79198e0074657ffe |
| SHA256 | 8025bbc9db09aa88ee16912b2e4a238703de82a58e1bdfc365fc533a2380c0f2 |
| SHA512 | 9b52a37783a908aa5815499894243a6f07e55ef9017b12039c5aeeda548141305664896e9f1a87cad98040b0ae9e492349a9cd4cc621fd6443941bf899b8e384 |
C:\Users\Admin\AppData\Local\Temp\gcoO.exe
| MD5 | 4f1ff28b0e06f4f0f3f6de0006126366 |
| SHA1 | a687bc8e22490f1a9721ad0eeeeb8f8d232b74d3 |
| SHA256 | 2358ab469f8911afb1e88ccd992ffc99bdad64feb885d4a4e19622846cbcb225 |
| SHA512 | 35475183a32a203439d7b31efd1df23523b5a0bd54d7d561ce634d7c272e4ab5c37301671031ba59e1f71ffb568fcef669534a24fb0e66a24bfafe31fa148de6 |
C:\Users\Admin\AppData\Local\Temp\qoke.exe
| MD5 | a0b79c0d0d90473c8d082dfffe30d837 |
| SHA1 | a04aeb8f8c573e2d14d52fe16dbc2c50c7a16541 |
| SHA256 | c83049d8c45a21a3487b8c454ae8aec1aa894d8a17a5391dba307c8186ddcfcd |
| SHA512 | f83f370f397ae19084d0f250eacd4f1f7f3bf9ccb87bcfb2e30b173018dfa405bfa8a4cdb3b435e0a1a191cc6de147b5838fb220e860df2ae1de87d1006f1b1a |
C:\Users\Admin\AppData\Local\Temp\UIIq.exe
| MD5 | 807075706f1df16281471d2cf2a00650 |
| SHA1 | a08342235a02097984d882dd6cda0a95de20fc81 |
| SHA256 | 6e78ce9a0c1c08956fcd23bb47e224295c0e92f48bb7e6d9979bb1229fadceec |
| SHA512 | 5743aff7e350d5f2f47a9e9445466e41fc0f908ab123d0b762c561d5de0cd6bd8ad79e27029bcc152863cdaa26e81da3d9391633d089593dbc9ac2b6bf3be79d |
C:\Users\Admin\AppData\Local\Temp\KIkg.exe
| MD5 | a7b28a50a4751298e680effcc20d3b0d |
| SHA1 | 3b5939fc9668a015b5840d61d1c40c0d2a8962a9 |
| SHA256 | 117dec6d40b05f079d560346a698d789158a57b0ed3550a2a095222b58216b3a |
| SHA512 | 4444134892c9b6564164b89776d25821b95e279950a970237dfba160af6485f88c0e6d46088138deaa761773ffa988d913b7012d4bb57b357d8c82bedb7a7bfd |
C:\Users\Admin\AppData\Local\Temp\igcs.exe
| MD5 | eb2edabfb540c91b608c489d05710ada |
| SHA1 | 6e9e1a33560e55405ca0d634bf929a933abc2f21 |
| SHA256 | 65e40ce0f3dee5225a63722c5291ebd4385e4fbedfcde48bc028ade0d8d23b22 |
| SHA512 | 8f9d2359fb652edb787ed8f587ea2b7214fd931fd60bc0872e9d2412b8d201ec5f218e0acd71c14204fdfa0febdc04435e932a563a041c991d3a8d9e071a9817 |
C:\Users\Admin\AppData\Local\Temp\aswe.exe
| MD5 | 5950c7cfb05d72786acc205159ffae49 |
| SHA1 | a116979be769a364f7ccdbe2ad464b9fade88b7b |
| SHA256 | 3418fe9c37d6faad9a897f9ed2f514461d850f85eda954c8292ff926f46433b9 |
| SHA512 | 339ae00f1bd536b18fdd27c1356bf47ec84c142994384bd5f3572ca2e899669dbf46a2a9c4858f5c07f35746b5e72bea2273babe978661cde95132c3b15d4bc1 |
C:\Users\Admin\AppData\Local\Temp\iYEE.exe
| MD5 | c62b8faa52f5f3c8228066f589de53f3 |
| SHA1 | d237db1f96ada91add1bc76847229c1f2d0e39f3 |
| SHA256 | 728d5025237a051a0b1e0ef0056e0927019df32dbd651490eaaf41e8d16e94ca |
| SHA512 | 313c9094cf2b1a9d468f73336b9cd76edcedf2a3146b5050efdc319674cb3dc6ea1dd316fce3ebaa454ce8b03201f0e65d08fb0a01441d58bd705bc0e805842a |
C:\Users\Admin\AppData\Local\Temp\GIUU.exe
| MD5 | b0f28fb474b743a5d92baa2333565036 |
| SHA1 | 2854fc9ff31b0156e62f4f44a1ebbbf9500ffe7d |
| SHA256 | b134620a0c7e522c08ef965feb73273338b8f99357210637b224eda7aa9c2fd6 |
| SHA512 | 67471df4211c9a746c2c954bd0caf1da3bb962287b9f7f010d7e4e3bda3994e1d5d922f8b3f2b18142b01726f46e10c410fa183a0a4c4299bc639c2ed0cfd953 |
C:\Users\Admin\AppData\Local\Temp\oYUC.exe
| MD5 | 8c3e2d292c6a1515187dae10262c54b4 |
| SHA1 | d8f62a1088cbf31621757a85fac45e9facc8630d |
| SHA256 | d07f132a7237c9d2ad64e13debe86f079e72597ea535106d77bd42967993785f |
| SHA512 | 70ffcd1c76324981bf676fbe0e0d6eacb74a8aab8637e5f48ee114a5a04550b2d7fadcec71a714903319e11c158980bfbc9b528ab2eb60dbbe63ea11374bddf7 |
C:\Users\Admin\AppData\Local\Temp\Iowq.exe
| MD5 | 7bbae5b98e9796cb180a8f1479186545 |
| SHA1 | b21079dee8f1976db5b91bfbc843c27e2e0cad17 |
| SHA256 | f7c0043ffe4757f4418aee69aeaaa1ffb3c0b5238b34c133f28e478f8c9b2e72 |
| SHA512 | c0031137d28c999e57476d55da1bf551e1ac3b050e2259ca5a72f4dba2b122cea7d7daf8c53e1f8af6de41e9a67f75ca48417c7e17ad6c54ebd21570a9029caa |
C:\Users\Admin\AppData\Local\Temp\kkQs.exe
| MD5 | 1e22e8088dc55399473acfcf5a0eae4f |
| SHA1 | e84c56cd5c4ca0bd5fa021f5b85aac25a1969d60 |
| SHA256 | 863559c07f2fe42ea58e89710c85e980f23c150e2e24b6d5058b3fa51741be26 |
| SHA512 | 3ccaedd2fdf9202697fabeec91e3ca3d94df79782d3fd81c7a573f4dbc63b79a903e986f5dadeeaa2675880b04a1ef031bc2bd5c70dcd193efc7c7f3c9de35b6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png.exe
| MD5 | 97015f93ea16df13ff5fe8e7e68750dc |
| SHA1 | ab1b3d73f4d42e20933656ab86f8126b2df35fc7 |
| SHA256 | 6348cdc4409be2466f8e22e22c45b1e0165588a17e4177b5958630b38660b7cc |
| SHA512 | d86f4934e8a3a328f05c82813c19f33699b76569ae0bd15e7a16aecee88971250dabafa4075064b122323c666d6ad32461a8006413bd044a659afd508671435b |
C:\Users\Admin\AppData\Local\Temp\KAMG.exe
| MD5 | 17e8654e5c795f8be6893bb0730d7f70 |
| SHA1 | bfb72abf39199a13bb70e0a8034183671e230846 |
| SHA256 | cfaebfa68c597be7c27e56131c6350076fe8a25a761579dcbf65e32b923d421d |
| SHA512 | 745bc19a1ca59b3f5a1e1443a706b06be8c612596e7c483627a14920a515d15cf1ad60a43d97c7e34b5fe01873097a7af65038a09dec8db37c5fbf25ab4eaeee |
C:\Users\Admin\AppData\Local\Temp\MwUQ.exe
| MD5 | 3d15812d2d26db0620d7a4e13b671d21 |
| SHA1 | 8b49e6dccd267a09f94d2a08157bbede741f9818 |
| SHA256 | 0d1b35c04f35463370bdaf11b06dfb25d5a3bf495282ff2ce4df47a3880f41e4 |
| SHA512 | 9da3f7128f798a1cb403dc2de885dd42a2edab4a974f9b948c8b36d57906b6da6b53879e009f5b86187589cbba9f7e6c9b49873e991e4b80803d7e5be2e7d41c |
C:\Users\Admin\AppData\Local\Temp\wQwY.exe
| MD5 | f0399d01521aec5c1dd059a8c101c9c1 |
| SHA1 | 374647f701d99c58334de471d4e7e3a931c3ea71 |
| SHA256 | c01df007ae7d6f3190bc01dc4150e2cb93d34ef03208b13c82cbc0b16ce940c7 |
| SHA512 | 787c15be234eb50b93b6ec70c266712948f0f59d4856a00990137351a7f13d6d743da94a20423de6f01e693f2fc362204d685dd79cd70abaf0e95017e58361a6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png.exe
| MD5 | 862c7e59991fa7e919c8f9681bc89e4e |
| SHA1 | 4517c7c96042f43e6cb7bdcaf291826b7b519d32 |
| SHA256 | 9ee0f18e794664a8436a94dd4d297596d06f980c76d8e3ae2e18f2aaf2e9bbf1 |
| SHA512 | 014b5300c8f44484d4ed90932a967704e3bca9d1f3798420472afb4271d603da88ed72c640a6e31074df608c374065a198c337296fdfdaad9031e7257d969963 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.exe
| MD5 | 9409de132906c2d591f5839d7e232262 |
| SHA1 | 52a883dcc3f2e6fabedec8a432946f4703fcd603 |
| SHA256 | 3208ad407e54ca73d3a49170067fc9fa66ccea97d9a24b7c5e24cb7c9ca7d5e2 |
| SHA512 | 5a57e4bd8b7ed5369d78c9b57c9c7afeb7a2d5f62047e53fc9922572dd9c75dc4b08e5ba844557a7d9e6df089de694d231e72b8685bbd5782b1d6459e03d6fb0 |
C:\Users\Admin\AppData\Local\Temp\EowU.exe
| MD5 | 7b9baae58a67ae43cb23425799928426 |
| SHA1 | 870d12b2484e3ece859d5021c61c186a8f1cce4d |
| SHA256 | a03f56f538a319bba621bfed3d914a16c3dcfb0ee3a5cd5a9359f80bec44e5f6 |
| SHA512 | 77508fc096b38530b4b66d9a82a3cd2a553346033ae270e76c80d52f6136f77686440707c568d99de08880f0b6494bc9090965dd4c1148744736064ea652930f |
C:\Users\Admin\AppData\Local\Temp\SQUC.exe
| MD5 | a41cdf801661de7ae5502be57dc4f343 |
| SHA1 | dd2d0796ed51778525337b8e5da86d02ada8810d |
| SHA256 | ecd7df569233ab96b0a7311fb2dbcaff18e475e31c17950882cd0d7acd26f980 |
| SHA512 | 1d7a471acbda3085bdd5c8ce7bcc0bb16d0feb40b202baddfedf765353b2f0fa9583b54b527edcf2e5e4e886f8a9df92920ea5980709d84c01c98e1432b3be39 |
C:\Users\Admin\AppData\Local\Temp\KkAA.exe
| MD5 | d1a6f49cb7d3dbf49228a2b9e2021e24 |
| SHA1 | f881e2fd434309995f5f63b13b69cf495f619a9f |
| SHA256 | 9306f91be9867c6bad92d53d4d73534a641653292912d6fb273c8df8c153fb92 |
| SHA512 | 47455a76bfc8dd695e512017b9873fa817df691213db59a9ec71907437b575e20c965a6d531c5a2ae8b678ca5f0ed89a0ed25502376f5a009ff4131e4b2f7c87 |
C:\Users\Admin\AppData\Local\Temp\AMoc.exe
| MD5 | c5b00ad4408e24be05365d041cfaaab8 |
| SHA1 | 6186d8646d62acf9f0a4dc7d493bff11a4ac6c1e |
| SHA256 | 9a6bc3fe74e1ec6eec87247c11d2b06b6abb8465c60c4a2d0fcd79aad35eaba7 |
| SHA512 | 03a47015ef39dccb02bfe33bf58a9b5c76b0771667d006f622d3277be0c86dbfa77cf27cb6904ef456ef1b88f8a86009fecf4c5ad43cd7be92c7be68ed0edf1b |
C:\Users\Admin\AppData\Local\Temp\mUsA.exe
| MD5 | 1465daf462d50bf5a046bd6ceaf61767 |
| SHA1 | d85d072b4e07cec0bc305e22f671fbf3605a633a |
| SHA256 | 0a8d04f9d0082f840d7ae5e0db4f891102d5b7e16440478f7d8658466a38a09a |
| SHA512 | 157854ad72c74af291a3b87ee5ef0d11419d9a7d006872e8a25c75afee29ddbd072185bd795990ea793be58f17bbd5c65a870db9e30abcf1cddb588ca9322026 |
C:\Users\Admin\AppData\Local\Temp\qAQy.exe
| MD5 | 5187eab2e0eb8da4ceaff14b73833f38 |
| SHA1 | 3171444612ce2f000ebded1dc609311baf1517cf |
| SHA256 | 6d4c4521360c7351ac627aceb59e690ba7a565b504fbb9ac729dea25f2ce71f7 |
| SHA512 | 9a51202a0a3309562a46a31305a4f6ec6902cb8c8360b7a08a1b0a1a540c47644ffc2ecb470b811a052b1ea481f53c6b49134ec7aca22eb7fcfe5d542462928e |
C:\Users\Admin\AppData\Local\Temp\IksK.exe
| MD5 | 3524d565c4d00122ffca150d79649779 |
| SHA1 | 13d46087d3138e74cbafa2c333becb5a817fffac |
| SHA256 | 7d89c1d186137f5e33731d815f0ab82fbcec774e47717192099b26de6dafa081 |
| SHA512 | 2b60542ee494a03c86a0443b0e75b1451b51356592d2aa838ad631a2c8728abd6bb171ea1d47b51d88c7d1b4990caaf893b1127937554526370b67477cb35050 |
C:\Users\Admin\AppData\Local\Temp\kcse.exe
| MD5 | 6bf427cebd2e93cc42f5383c4ec9f03e |
| SHA1 | ae0834bf102fc68b33147476628faad103a02c7c |
| SHA256 | 14b2b046542e9afa78351692527555c72a04fe96b6291de4a5907391a4e9dee0 |
| SHA512 | 85f80ed3a20bc652218362f767052eaebf2bad49cd316e44b3158c55a47f245a3ac98e6e38906362786b47d81dac8764d2dec5308e738ca6768980a6f4b6905d |
C:\Users\Admin\AppData\Local\Temp\ygwK.exe
| MD5 | ad990643deb354c076c8c8e3755cd0e1 |
| SHA1 | 1d7954d35969e3aa3fbfea5dce699fcc125e59e8 |
| SHA256 | 9870c9ee89348bff8894b8905077a6e0eefbf7f81d4226974c10f6d3d1139dff |
| SHA512 | fff7aeadfeb2c8f699da42daec1d9354268e6bc1111bf662cca839fe028b2d65f33cfce5c79659c585f2868e8d81e49c0c267b1131878648fef683d158505daa |
C:\Users\Admin\AppData\Local\Temp\aoIK.exe
| MD5 | f02e1cae37f542f319fa1beab69f9da1 |
| SHA1 | d033bdfc22eb767fa484cc25cca4af822f003a5e |
| SHA256 | 3ec9a3a993fdbf8202f4e46ca5dd807e7c1dd427f7ac30279ccb3bde8d868fa6 |
| SHA512 | 5d64dc3841c4bb792af3815a0083821c662d6c113b137f0e117d93d4abab9642f7349ed745b5a4001aeaa5b1886b365a31f08c3ee8383a8a256ba09c5abcbf3d |
C:\Users\Admin\AppData\Local\Temp\cQUO.exe
| MD5 | e75713fa966c37899ae67067ee2ac9df |
| SHA1 | 95c9fc216c1cff67fa0bebfd2db3a27e6620f8c9 |
| SHA256 | 22840271183f21b23249a0274de77a73e4e3a0b9e4bc6da5454fd9b2ac0a7a62 |
| SHA512 | d5b160736b63451ba29797f165f65fb7cbd483680d2b69bf9b9d0c745a028823e5c0764c313b46e8af1f114a7a23724a72c89ab0cb6716b98328a7bcc658ff13 |
C:\Users\Admin\AppData\Local\Temp\OEAO.exe
| MD5 | d2c8a8330741e38192af1bd6a252fac5 |
| SHA1 | 6096d5bfd0bfcc7ba58d410a5fdb7ba180c4d30d |
| SHA256 | 431811bd048542c563e2e2bb061e4c16eb24f327718dab2e43b047099fd42756 |
| SHA512 | 9365551ada9d55af44ead24294e59cba2d01874f6506efdbe190e17ff3b96a3d5662766c8d9200d2cdccb6a5d190966cbca7b7655bad692b5133c6480dabfa93 |
C:\Users\Admin\AppData\Local\Temp\mIYe.exe
| MD5 | 38b3408e436ec3ba9ddaa3d9094e9ab5 |
| SHA1 | 4d2771cede1986707de31602ca4dfa7946bd5fd8 |
| SHA256 | b95d44c3249dac25ad2fc863fcf92188b36cd1fba2838ccbca15dc6c738f2b7b |
| SHA512 | 797680f3bb74c96e157baaa2e33434130b46e4e7b957f65ffb71ef6307ea6ecb4e6035ce9d5d6a1dd627a13e67df5407ddd5727b8280d9cb6e4669bdb8342f0f |
C:\Users\Admin\AppData\Local\Temp\gEww.exe
| MD5 | c3096ba92eca5889c822348a1bfc8b5e |
| SHA1 | cf1c2b4f3ddb601c60ca66e01c420fb29f618298 |
| SHA256 | 78393dee39b89dda645f158097dbdaa904a4fd92696c65f70395a1b837b99efe |
| SHA512 | 6c8a805baa1681787af3f0f6fbe2a98a54701dc90a5a2a784998bebe9d527edb48fd64c98a234130cb8c0852f6aaa4ec0ec194e12a856326f801cc130de841ae |
C:\Users\Admin\AppData\Local\Temp\GcEe.exe
| MD5 | fd7b06eb5bb1cdeb6a56f32cabccec4e |
| SHA1 | 4f5d5b8886646df2a35974de83ab0d2b2970603f |
| SHA256 | 8a493d4691a5e73d1245b1cef3500cdd8a425606cbd6bc0a076e3c2e77c8e0ab |
| SHA512 | 56feb30d5c27ffef5e34074a52bcf7e75673ef6a36ceb7e213e1adf987692975b4cd1dc09e13b7aa65c804e1634de947ffe7496142ed15f1894f1d9e74c19f3b |
C:\Users\Admin\AppData\Local\Temp\qYUg.exe
| MD5 | bd664cd97769a7285983cfe7a9062de4 |
| SHA1 | e0aa3c702a4ae8fa8c053bb9ef2286fcba4738ce |
| SHA256 | 177637e3379cc667b357e0968bc4aea0cd62a24d6a87e882fb21b8914a11b978 |
| SHA512 | 551d336695a107bea86dc30c7a4941c37ca65eb3e0758da999a65582dd2ddeb9c38f357bce3fd99ac671dc292d1c0dbc82a1295f5020a1248180a6f42a8e5f86 |
C:\Users\Admin\AppData\Local\Temp\MwUK.exe
| MD5 | 5e2a5529e0a07ea02ed065ab76e4a1df |
| SHA1 | 5ba846c0b46c24c3d02e3739af36c559b592e86c |
| SHA256 | 68b3a37d939aff7b162dc9c962317ab0b842a6374cb2ae28d78cd2797cecb7e8 |
| SHA512 | 651693bb072186cf36d08aad9d42b7de59d6154a17ab1a8feaad1329f439c48959cf1a37824822782787646fde98bc659db76613221284bcc73a27d82ba1d10e |
C:\Users\Admin\AppData\Local\Temp\egEI.exe
| MD5 | f4b7d707ac454fcd804d94a09a3d917b |
| SHA1 | a8a26c191439096984ef10f343fd54a6266e269e |
| SHA256 | f9e18cce14b0e6b7aaa8ee9c659b1434226b1cb69a27e5f30d85225df147b656 |
| SHA512 | 377e0d61968b2d4980e1cd24d1472674093a808275ff0043dd88c5fbc27a268d7ccaa22af5dc60aec9791438e050cbcf9e78671822fc00ad18439d3684d978e7 |
C:\Users\Admin\AppData\Local\Temp\WssS.exe
| MD5 | e00d532151052e59e2d0d3631687cf95 |
| SHA1 | f4e5fd96229280c824084a329329ef85119e54cc |
| SHA256 | 6c1283bd5409ae0093d9c7ff360fdd8ffeae47b6905a8df38d8e82ba45cef18f |
| SHA512 | 17c8959b357b09b9d7a6fe37401ad94dae8eca17d1a5a2413b2125c2384dd9cbf1237c10f711e1a69da583b1f568cf1fb3298a25c36bd8f0da38bdb41ad867a6 |
C:\Users\Admin\AppData\Local\Temp\kskU.exe
| MD5 | fe48f1dd028cc49fcf517477ef441db6 |
| SHA1 | a82e43926808cf398c0c4d64413ec5edbb2fcb28 |
| SHA256 | 2c5926e5dade9d403952233659ecc6327eb52fcb06db437bd459c7b507dae233 |
| SHA512 | ad8be013ec33b21b0845dcd1672047b3348b280ca285e7ead3ca36de8c0ce01b6309d2d66f8e4a44ca27fa0669b6b999b90a53de5068f942e3be9971afd920d1 |
C:\Users\Admin\AppData\Local\Temp\oMQC.exe
| MD5 | 47c57bf5e9aef980dffc8191181f355b |
| SHA1 | bcd2e8f423a08cccf7e0cb60404104a7ee20b5bf |
| SHA256 | dceb5a7e7fdf27b56fa8259cf6bcae30c6b7033bfb7c3f22611e4179e2e4f862 |
| SHA512 | a422591e2f21ff3976d35d86fe70839da4afabce8b960f82f8ed000007ab9822342134572e3389f96f5ea26c92cd0e8a96382bd3390621830c43c30f4cc9c9ef |
C:\Users\Admin\AppData\Local\Temp\gQoA.exe
| MD5 | b78cf6ae97b2caeeb384ed5ac7206192 |
| SHA1 | 312310f2570a710df29f00c5c5127afdef0ef8ad |
| SHA256 | a55bc6138075cf1e920f7931b7e02b7f04abe364b2ba99de0415e2c4f43ba5ee |
| SHA512 | b4cc8d1ef4be6db0a7e3d7565fdccd1e8735bc8039f03f0ce43a31aec14fe2c795f9f10141bf5e0dfd344bc9aea659e8afb92daf1006a272108095d8e6d76414 |
C:\Users\Admin\AppData\Local\Temp\iIEi.exe
| MD5 | 821370f67af07f5d1c8faecca4a977d5 |
| SHA1 | 7879977cd529dcb9e7a14f504fd188bdd49b4664 |
| SHA256 | c56aa6b90db76392995b30b9e6d1e3a697599b790716b7f055f40ba30a62d745 |
| SHA512 | c6d641526d893a66d0b5c29b3fc89dc7c5e385cfb648d7f1828418018597a434af027cdb2221ca1709d5e72eca0ada22071c01316a16cb800e32524b995edbf7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 87d18442a683847bd40ead8ed74ebb04 |
| SHA1 | dbcde7742f24dfe117adf275519434aabea3e636 |
| SHA256 | ca48d091864baa73751c463e09f5cb10595477b5fb99fefa2e378a661ac50270 |
| SHA512 | aa861d4aaf0e6f0663fea61c19fe9e9599f7dcb1d6ef2507548978f31fd0ca4e611148093199874bd22542008d0b2249f6a0dfb9cf871a956a820a4256836625 |
C:\Users\Admin\AppData\Local\Temp\CMQY.exe
| MD5 | b86eeb0685fccb9becedf8a840288cc5 |
| SHA1 | e055e26b52cd9e09543ef8fefa3f1dce01ef2f9e |
| SHA256 | 6a5402e6d75d661bcfb80829e494dbfaef5622df8bcb2f7c9078d932aeb33068 |
| SHA512 | af6175ee883798cabcfe365e603018aa5026c8455336ca191ef8addfcb22aa7f36fa1f0e091ecd86426ac142366a827fee7397bd284680a7d30814176dbc5f78 |
C:\Users\Admin\AppData\Local\Temp\GUsU.exe
| MD5 | 0730a784a1f32618819016a635785b92 |
| SHA1 | 936d48810843d19f809bd0fcdd93503a608c0566 |
| SHA256 | 336d0d568763fcac95c8446c18b2d1b117f1c5e42e712db914e3d91251fc40c2 |
| SHA512 | 29a24486fdd0ed06b9bf9de7604f946883b53508e41111161d7c4e9921c70c903e86f1f14b6d2e3477f2ee1c340797004f6176723de0f65bd26deae31b58e0fe |
C:\Users\Admin\AppData\Local\Temp\wEMM.exe
| MD5 | 1c044f78ea3a0f8e2944f19a97b0d945 |
| SHA1 | 31aec1372265b74a67c36156d9c1a9a48774e913 |
| SHA256 | 11af46f1da555fa31f93b713c8494054b0b3ac867d1ff9e5fd2b9801b557ea45 |
| SHA512 | 037db5a8bb65fd15e4e15f9274ac3ca766d682e43a95c079bd5b4e9cf9297f6f2373a812fee638e7574cd69c6d8b314e71ea2c9192de6bbfff3206759d980cf8 |
C:\Users\Admin\AppData\Local\Temp\EYIm.exe
| MD5 | 18160b17fb7bb6f15e055590ce8f4b74 |
| SHA1 | 1f3011ccdbb0996abd4bc9afba0c7dec1266185f |
| SHA256 | 23022de4f75ab049338b1788e7342e55c87616505281dbc626d1b2584a73d746 |
| SHA512 | 853bc4986d35e2aa2ecf2a692b87f3593c3050fde0f4db1938f6ebabf881cb91e115c6af786ec0952cc94ddc965376132246651fbdcb293f042ce849edf5dff3 |
C:\Users\Admin\AppData\Local\Temp\QIQm.exe
| MD5 | b72b8a8d3de634da0b5ac3b9b2fe747f |
| SHA1 | 2a26c5bf09b71396ba0676f9abd0bf5bfb68877c |
| SHA256 | 1b9ea1a4d455789df522fe26b36eea78af8345095a73811f04acbb81640fa500 |
| SHA512 | c688a9849bf7c0b37336f22c7ff7c07bfcea764bce09a496c78861b8b8d87527658bcafbcf93d0e0b794c6f32f5b332877850a9358422029fedce55170ea6c42 |
C:\Users\Admin\AppData\Local\Temp\uoIA.exe
| MD5 | e18f2d29eaddb6744d1a43b2a5bb2785 |
| SHA1 | bfaab33128a60ae5ff160aea5d666c7b4fa5654e |
| SHA256 | 8cccb775dfd821029914bcc8192b308d16b6c11c8f5baf632017507e80a47504 |
| SHA512 | 756d4967d25af67049c0dfc79c655dc5004f8f3a85ad46339ef35e7e15be3d041863094becb70d52515096c6e6c2810eb42a70b486ad1d0740c29af09da6dedb |
C:\Users\Admin\AppData\Local\Temp\ocUk.exe
| MD5 | 71682cebf304e1cdb22e5f77cfabb114 |
| SHA1 | 29976429d61e9c3e9d2788f87bfd900d9006299d |
| SHA256 | 9d64fa2c210c47d4d7fd1c87a60fbabc3c566b40a3dbfd1cf7c6ff84a6785acb |
| SHA512 | 7faf6ecb6ef576ca3a22fa1d004180ee575a8e4bd92d27907ca1dbc268ebc87169d5f130e4d00e1679ba8b47b4a3c24c2f33e94426fbdeb23f9eadb4930b97f5 |
C:\Users\Admin\AppData\Local\Temp\KcwS.exe
| MD5 | 41eefc0959cbbf82c70bbfb6d962a3e6 |
| SHA1 | e6ca2cd30ee194ff5dcd16633490ec4e35c2b4ea |
| SHA256 | 27706f2da05513e7e901e5e2bb4dc314da7f3f7f4f467e583f76b31edc81c985 |
| SHA512 | 8f06602470cd8984726733d869692d9f8b51e2f254eb016ee42500193186bc3e69b1564206b275bba4a1653be8924faca4cfa72be20dda82ac25f44e460ee741 |
C:\Users\Admin\AppData\Local\Temp\QAoQ.exe
| MD5 | 82c13869515f1c49dff283eafb5a1ec8 |
| SHA1 | 989fe54ead4dc6c2fc0efeba238621af8b1f8927 |
| SHA256 | d3b70b67696696722040de3e4b421284ce2996c3beb5416df6ca3b3f29763ffc |
| SHA512 | e72f3b0b69a7ec7d6908df4b6fc974a0d6c7518447f8dce98e356c4629b1b75bc570cce3fd8c987946fc02eb4e71f8b632970d2ac24a8dc0d245efc266058d4b |
C:\Users\Admin\AppData\Local\Temp\scUE.exe
| MD5 | 1ed57797c754351750503652b782a76d |
| SHA1 | c26c2c6796b61f9aa3ab2ec11b75c17ccd5a580a |
| SHA256 | 31bcb726f27b6c9a175f00fa1fe00d6a2d51eb33e791cf83145a3515fd3730e4 |
| SHA512 | c58d26c459967de26e267d89a3ee381088bde4e4c4c11cce2e2040aabf5cee081e91782dedc5911f166e4d50b50a4b313baf1d824bcf81506144666fb84fd235 |
C:\Users\Admin\AppData\Local\Temp\OMMk.exe
| MD5 | b4dc13469bf0e889e662638e278abede |
| SHA1 | 2615b34bd26ab3a7be16417e1aaab35d50381e83 |
| SHA256 | e0507870869202f4db95768f6a9bf1687f105b66afbb413a38a8e6d2bd45e141 |
| SHA512 | bf727f0d9b37555023dd9c98f6c38d82ffddf30c1f0da341d76b23b04642a33ec740c024658a10d90bd84442b6f12ec3375869c43906dec8e81d584ca1cd961a |
C:\Users\Admin\AppData\Local\Temp\sMkO.exe
| MD5 | 0ec8956df7589570ca52111d6fe20dd8 |
| SHA1 | 1fc9cf5f09f908324760178734f029217e6fd954 |
| SHA256 | b3b37e2a644c0c45333ef8cb5785e569ab3ff22b76e7b8fb7169c1d3b15a192a |
| SHA512 | 2f483825aa912a1c7061bf78394bf8cbc9154eae31f8020fbc679787e5eeb44082b1556a5f5d2248f056fae2940b8c7e90e953bd35383d8166a965c5da0b0092 |
C:\Users\Admin\AppData\Local\Temp\ogcI.exe
| MD5 | 5c117f9eb3aadba45f2b3cc00d7b2e5f |
| SHA1 | f657517ada52ee46724c56f6386f70f19d85bf60 |
| SHA256 | 40218e94f13b136abdba195d87e2fcbc1e1846a71b09a2fce7415b0df699ddaa |
| SHA512 | e4bb056f0956991b488ebca6b6f011cd9da4ca58b0a34c84f6693e31578fd247b294b35d0f48959310ea7d002b9b2c7d9a6a621c08add7cb0bcc5d93394fd7a7 |
C:\Users\Admin\AppData\Local\Temp\Gsck.exe
| MD5 | 43916b97605e86fd0adf7ed6ecd56d7b |
| SHA1 | 2d5c337765aae88c3fc4313da80f29b90eaa37ce |
| SHA256 | f12e87e715603c474bc5e9bded14b9be3d24e1545cd21654e5164c8ed929b321 |
| SHA512 | df042035342cf37299191b6c353a6cbd048ac8fdcab0a0db6feebc6fb78d964c6f6ee1c269fd5e1342317c1a76079ff49d4531fcf6500a3727d4729c2d62a894 |
C:\Users\Admin\AppData\Local\Temp\wMUc.exe
| MD5 | 682b229d24fe003753785003681627f7 |
| SHA1 | cfa04da20d6511a94b244dfbf351fe13309d3244 |
| SHA256 | 4278b700fc26ea44e7b5401b8aed8a89f0080f60d7878ba0c023982aa478f787 |
| SHA512 | 98a457b113803ef5bec377563c4fd65b3df2619410029e429491ebaeac0e095890146f49a8075ed5ee68d9d71f1f955c7a33e1f2ab97ad9aa5ba42e804f82247 |
C:\Users\Admin\AppData\Local\Temp\cAgc.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\gMcC.exe
| MD5 | 897e5dd6fa9bec1f8fc38d4e9962ed80 |
| SHA1 | ba1b541819eca4cf370bc9d4559bd9cfd124507d |
| SHA256 | 123ff836b603d434ae2ce50d58872d2c0c9319f2a88645f9fe0908d100957f81 |
| SHA512 | 647430806c92813262f0a1a420fb7ecafa4db12f45a79b57fa9ca66a701da0839190011a7ee0ff8b09a13f13b21b6d1689ad322417b6b812a0062c4435fb9191 |
C:\Users\Admin\AppData\Local\Temp\EcEI.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\Music\ApproveProtect.mp3.exe
| MD5 | 1b7891441bd29c32ae3f5c2d2e8281f1 |
| SHA1 | 700f36255fe9f20c7131be98df4feb87fbbd4046 |
| SHA256 | 35d0563778fd2e58d7455ec7f74a0349c531239104ae821b9b424491d578e103 |
| SHA512 | a17e51eeca61e9cdcdd07d3cd510e339ad84a3efbc316a40e6025614a11e7c625b4df2a6a980215583c7119b1510d00bd2eea67478314a7445ca61791ed440f2 |
C:\Users\Admin\Music\RemoveConvert.mp3.exe
| MD5 | b1e069ace7f2efbb636ad1bd561c26ab |
| SHA1 | 0d9cf9eb773c22528ea592b446c122b54f438471 |
| SHA256 | 8fbbc78288c7903defd025ade7330c1d6a521d1b97559193119a04bead326c63 |
| SHA512 | 039abf702cc22532424c171a6c70f04936d98b4e9a1e3dfd4000987793aa956c2531c8a2e3f50fecc417bee1092f3ad34f8039e9c4db7b53f28d3fa075665349 |
C:\Users\Admin\AppData\Local\Temp\cccK.exe
| MD5 | 7d4273d410458cab0fbd21f95625c7bf |
| SHA1 | 82254c7a40c366ff52e8ffc686d5af571d254ef3 |
| SHA256 | 2ff3ba1696e5b0ffeff0f1905e179b2e909e952b107ffed29d73e7f7e8bca62e |
| SHA512 | 5420bd96b56198abf3864c15406f3f9c560cebab330559e3ead9491042068b9aa9dee41efc0cdf106df2b8709f1e80cc6628eb49821660b93e135bebe8dd34b5 |
C:\Users\Admin\AppData\Local\Temp\gkQU.exe
| MD5 | 9f128c50ed8d1fc42fa48e12b1577e06 |
| SHA1 | fa7f136c8f970163d98fbebaf0e91f5ced27f67e |
| SHA256 | 445fdecb325a3ea24431f5ec748506f8d6e722a3d3b3f197096e1fec847b7c7b |
| SHA512 | d2a479c843add3ceb5fd408efa2f9ff9f81ebead6c4f76babecf478dd658edf881d75e96215821ac99054f4ec4b6e0cbe36adb8b63fb98dfc8bfd382a6ae0bae |
C:\Users\Admin\AppData\Local\Temp\SAcO.exe
| MD5 | cb32f140097e007a6a39914985c13c33 |
| SHA1 | 891841e3d6a9cd4f33e2732a24d5453ce171cc5b |
| SHA256 | c69ba38e6b0c5c32d88993cd1cd1cbb13c086cfb883f44c64253773d09edd509 |
| SHA512 | 921b5266c4b5b4ecbbf5cb6d7eecf5fc11e91460c01537ccf103dd04fb6a273d77025a3855e3bb8a04f26cc264bebfe58a7212a03bb5624071da260560cbe836 |
C:\Users\Admin\AppData\Local\Temp\kIAw.exe
| MD5 | e28f7a49f16751d4a2b3c871935cdf31 |
| SHA1 | a9f809142945019ebad6fdfe030117f58cda401d |
| SHA256 | 4e0e25f30eaf8391c41e5614e0bde829ccfbe11fde7fc43764db2b21b620456f |
| SHA512 | 33021958b7aecfb9696640f1c6b2d64cba3c63ac02f7e8a6e09372327ce398f150828258081c25b628f16e3d247fb524281b68a976734fe2f367778d1c9b8cc8 |
C:\Users\Admin\AppData\Local\Temp\eQks.exe
| MD5 | 4bd4b38aa7b28287b3f758533aa8d26e |
| SHA1 | 384d9468739d27b64a81a6be09c3189f2d762b35 |
| SHA256 | 958064a5dd8d486f095f47743c791f18d5e39a7ad4258839d5bd4fba18e4b0d8 |
| SHA512 | db1b1fd4344fbe51906a55608f1cfff1fd4a0f1b3af857e3fd56cc58e190e9fcbcf631284a77f48e0e5244a0f5b4c95bc9c7a53c93d7a7d26d1f079c4092a5e4 |
C:\Users\Admin\AppData\Local\Temp\mgkg.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\mcMI.exe
| MD5 | 908b90e3afe45ac4441c814750e373cf |
| SHA1 | e727c895677344e1a74d77df91e56f39f81706bf |
| SHA256 | e1a66fc80003f8a098fbf94406d0e3e93536eced24bece9b879d9367d09b5754 |
| SHA512 | 881bfa22ac4687e80aef8b52894bb7dab0ab29aceb00b1c6adab9db47f415861ec5e6aec06548fb2f8077fd3544895f9ae20569e6880c458a6283a5f980349ab |
C:\Users\Admin\AppData\Local\Temp\cwMK.exe
| MD5 | 3b7e5acbcbf008af3373f6541a08b4ce |
| SHA1 | 2b68d18a5f9200d40f12063e6a501122ad06de22 |
| SHA256 | 9c6d2385c856e3563cb5d8838b59c104be883c8a0f963a0896ab134c0f8e2a5b |
| SHA512 | 1967e8dbb89a3748ea885419e3961fbeac91d4da8411e875fba3f9bfce6f73055418b894154ce18d2d77f7f6dcf17507fa46e9540e92086bc713b29f1bca4a3f |
C:\Users\Admin\AppData\Local\Temp\oAgs.exe
| MD5 | 1e171b18e8d147e19e0b1b1ae638281a |
| SHA1 | 9ce013607704718fd2fc3644aa6f303ba8f978b3 |
| SHA256 | 850f6075c043642d750113523f0201bea0c9ec6f3d868fea48a8fa37ce7ddba5 |
| SHA512 | 63ac5eece269d77467b7dbb15cad9211a6c22569aa0658caac704fa26b8239fc6d50bcc7760ced2afba469799240f43799207b32cc90f556062d14fc4e2d2a98 |
C:\Users\Admin\AppData\Local\Temp\yIAE.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\qkUA.exe
| MD5 | 1149b9d9198925de95ce292d958aee8b |
| SHA1 | e434fd8929fa2969a39ce7f03f36d6078ca74681 |
| SHA256 | 6bcdf03f1ddffe95e8e95b5c7fbade43a60f7bd5ddad13f4d263d21bd48c411b |
| SHA512 | 91bcf5c3aaf7c082f637ad578339988408117c58829259b6553e83d00e15138203f582eafe37aae9a0f52adb89eebcd58983b0e0131c8047ea24a821f7f00dd9 |
C:\Users\Admin\AppData\Local\Temp\eQIu.exe
| MD5 | 8adf2d10be13711c318543737152879d |
| SHA1 | e1cd2ec6c15fbc4aa662d5de606475e299df9799 |
| SHA256 | 6149c5d26ebde26c7f81246dbc5204a2763d5057c23d1b0d4316b692f032981f |
| SHA512 | 059ff785d79db5e68d8976e581b7041481292553be94387128997aaa43375aabf9b334e9f8d6b6e51abcb250553028dc41253506916a3f8d73282a963dc62a83 |
C:\Users\Admin\AppData\Local\Temp\OoEC.exe
| MD5 | 115a3c7c58a79658b4d6bf6838f8f3e8 |
| SHA1 | 2824a8bd4ed527a8d8adc9df4bd9c1b5e88a0dc6 |
| SHA256 | 6ab2cd4000d60089da5de61e94eacb241f412aa9860f5bc56f7bd7ca1fc67caf |
| SHA512 | 10d768f3495e000dd6b1020973b66c00f291a045f79482e76dd5ed62586ea030758af66835a901309f4c684744ac230fd0a61f4b92ecb5308650df0be436ace8 |
C:\Users\Admin\AppData\Local\Temp\kMEy.exe
| MD5 | c406e777fa88f46270498ff867743f92 |
| SHA1 | ed712737a04db45e2b9451355be7e668451cb5ac |
| SHA256 | ccc88c974e62930626d37373752a1363fe8f40dc11b0430db580e46a721aaa80 |
| SHA512 | 1ce03ca6a46418020ab7e73743b53c83c01551c79b574fec30793f44455035b9c9f804e8895a8a7068e5de42c59f382cecca02fb6ae35c2853019b8677c4db2f |
C:\Users\Admin\AppData\Local\Temp\MosG.exe
| MD5 | f25201f2e387df1a052e1eed2db8e9db |
| SHA1 | 68186d833195f20173efd9df595bac57ba97bd55 |
| SHA256 | 328022078185251e6e5a2d3e6c1b2caab73ba19597dcd2e5512e4784cf5b9ef3 |
| SHA512 | 2ea6ad42080b0d0a1217e66f4e001a149aabdd9abb880f00fcdb01b33d129ffa76dbd7d34740de792fd45442be12454d8b037af85db2b3472283dd9fc8ebe0ff |
C:\Users\Admin\AppData\Local\Temp\SYYy.exe
| MD5 | 8c33598bea73e00e99829d1b461a50db |
| SHA1 | 1429b8c816ca830254e3b22a9d1335a592f25f46 |
| SHA256 | d73fe1f99a1875e3398e3b508ae6d7ac81643147cef399aba1d0572456e70a4c |
| SHA512 | 7df3fb5030aca000fc939999666cd1c3404bfe85a28c6e488dc3e289f5be36e9536078d60f69df0365e6594b61c7453971c28dc59fdd9ba0fd78641a9445a2b8 |
C:\Users\Admin\AppData\Local\Temp\ysgg.exe
| MD5 | f4dd573694b1ee4bf0ca5165c4eae29b |
| SHA1 | 73c8ea55abf8bb5027bf4c5d842f4ed4a57764c2 |
| SHA256 | fa96893b4e138dae73961c7ca9070fba117a225249684d41f9be278af17bd328 |
| SHA512 | 528b8402651ecd726e63adedd882760de663b0e681c2963696a09b5dbe4e8e40481e991b8beddb3ac8dae692ade9b52d2501781187214a80e326547b6924dd45 |