Analysis Overview
SHA256
53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43
Threat Level: Known bad
The file 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (82) files with added filename extension
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:26
Reported
2024-04-03 19:28
Platform
win7-20240221-en
Max time kernel
6s
Max time network
131s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\QiIwcQkA\aekEosgQ.exe | N/A |
| N/A | N/A | C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QsgMUMgw.exe = "C:\\ProgramData\\ZEIUEQgo\\QsgMUMgw.exe" | C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\aekEosgQ.exe = "C:\\Users\\Admin\\QiIwcQkA\\aekEosgQ.exe" | C:\Users\Admin\QiIwcQkA\aekEosgQ.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\aekEosgQ.exe = "C:\\Users\\Admin\\QiIwcQkA\\aekEosgQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QsgMUMgw.exe = "C:\\ProgramData\\ZEIUEQgo\\QsgMUMgw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"
C:\Users\Admin\QiIwcQkA\aekEosgQ.exe
"C:\Users\Admin\QiIwcQkA\aekEosgQ.exe"
C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe
"C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aMYwYAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tGAIQgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vAUggwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCAYUokk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BGkYQEcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XeEYcwcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zsMMkkcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fesEUIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5829871071551739783104642589281465247569695458-19637496721172085892749779192"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "27146986-1990471806-1631554147-1443749733416778536-3689779371132570974305143643"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMQIkkEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1074445762-19924474352129440762-2039040797-1274900501320530491-1265563391-1992338674"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYMIowwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMYkcoAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCIwcoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\keMQwAwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FQgsocIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FcwcwUIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4087583741239557104-170989119011149950303084487444361243279252075-2034173784"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JUMQAocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2009236979-700451934724470318238711371793783219-819352684-5308228351808419300"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-332725593-2777766311812288265146321060-7927014539790636122136272957-2100325901"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NYoYwwYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xOUAYMcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-416261563179795344513607683781104499161-1784654862-1449391185546003681123045130"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NkMwQIMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eokwgcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "466885224-1272106234602749194-45590484216485309451154625857-1772450041-562870897"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5999490961135781984-1740714195-9923712941905696885-18607116381550948237-536022290"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCoMIcow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sckAsoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16178277281900283943-1930662394-504365660-2053860418-1751252194-16195430201472312291"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YwcwQQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAMYgIok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13584088011697149065434014290159403813-13700509901275193209560372262-699179371"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "463688800625935610926226192-102207803918134144675219956921422914553179470821"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nkQwwsUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dcYgMMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1517518364900692748633067938-13252377822064764305-839609930-1693167781-526272546"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\piMsUccE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1611049917-1346022845111863333618110126014303598161252851805-716756035-1413492310"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-840608240799683905-64272757-310725618184528699148011299615815633061087080929"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FoYwIUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEgMYwYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IigsMMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkcYAgkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QocAoEgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yOEEosIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aeYEsEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JwEkEkMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-123441641112774524361794584263667354209-1350562288-965901285-14506358791079808499"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOIwoAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ReMUgEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QQwAkgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\weAEUAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eIYQskUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YuQYwEYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fIYIAocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1131902801-1798177206-214133547819966338105152742501136056594575617079-1908190216"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tywwsYoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WOEQMAMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uMsoAckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-70244859984700234759624327419904099851271373866-8979381141649869222803273888"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DOUccUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2011168474-484307585-13434423481489665979-2012097930-5542062231432563390-96343185"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiAswIMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OiQogoAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iuYIAEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\umIoIIEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOoIgckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUYQwEQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XOssosgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12091912701163803384-1635260754-150697108112110396861755606697-1535199182486143945"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qIEYsIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EUYIoMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NEswwYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uosUwYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SkwIUwQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uasUoIQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BEEAEsIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCYEQcAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "154860848616699963598247709332777692461521155981-1959949907-416445727-856029562"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmQAIAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10939549831775744015486422394-2131438365578487918-1936310823-21447267891448190607"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dKQgEIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gyIgAEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14191271601672147867-2069354883-21297832331711024399144409490216103394331912373677"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yMAQMoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWEAkYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LeIogkMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMMMgwkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BKgIIcAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KIMQsUAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HQsgMAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12407222881777036175211271562821239074541894995858-1796856784-1962876231980487568"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sgsYMMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PiocIAEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1149884794-11065664561407067602-7064118961852349389-1134656814-1703281749-1498176480"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKkQYIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LOAsoYQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TesEAcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tSwcEEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZMAcEIQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyswIAMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wGowgEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XeMYckUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSYkcYUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vUwYMIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HyMIgUcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycUwAUwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1917752197-378372062-42467010245584635-53826425-87041184310215674351178880975"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DEQIkkUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wOcUgQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yEIUIQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\faQMcUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NSEMUwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\daEoYAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SIIocMkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2460-0-0x0000000000400000-0x0000000000434000-memory.dmp
\Users\Admin\QiIwcQkA\aekEosgQ.exe
| MD5 | e7a1d55340905b25fa63ab1e407e64b9 |
| SHA1 | ec4e26a0923fb168636893b651c20b0fb74f8714 |
| SHA256 | a1a9ed94f683a3525be9caf1ec7388e73776d2fa10c36499dd81227de3d1ed0b |
| SHA512 | 2e649f506e83dfce6fd23af14c4a553bb6b40e30ada62029aa8ca046adc20f143a1d71c0a64544476e5451b03b0f5afae487a5633583fd33b73924eed278ede0 |
memory/2460-11-0x0000000003DD0000-0x0000000003E04000-memory.dmp
memory/2460-27-0x0000000001C90000-0x0000000001CBF000-memory.dmp
C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe
| MD5 | 3b4d1771df9ccf48c011695fc9023959 |
| SHA1 | 91f8f206596a9d365311c70b26364b5882089291 |
| SHA256 | 3b063617337cbc67425c8af28e7144d185cb6f7ad039004d0053a7ac9b43247b |
| SHA512 | f2eeed23e58f172b24155120ae78b4600476d9046555195b293f1a8d4093985a6559da104e7fc4cb82980d57b1c5cb1acbc28ba400eaa60380d79e0959baf5cb |
C:\Users\Admin\AppData\Local\Temp\YgAQwgwE.bat
| MD5 | 90ffd9695c7fe27eb9b102d07cb8c370 |
| SHA1 | 0f3dbf4b9d4914baccfbf0786748843bd870f73e |
| SHA256 | 5a0e47eac52a3afb6607588f22a4739895202e38b118afb8d358f9d02d546ff1 |
| SHA512 | 9deca393038fc45abf0f1d336431e4d0eb0aadb10cca3ed4beb90b36986fc08f120125f8069f8f9a848361c1423d3f1ac5efa978e79b362c1bfabf58ae940c60 |
memory/2616-29-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2460-31-0x0000000003DD0000-0x0000000003E04000-memory.dmp
memory/2484-32-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2532-35-0x0000000000280000-0x00000000002B4000-memory.dmp
memory/2396-36-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aMYwYAgQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2460-44-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
| MD5 | 7853d07ec1ec8d612c25e3a7733a2142 |
| SHA1 | 88438849bc048dbd0a9875508082630c3ba0d924 |
| SHA256 | 38d399a8fac9a3326370dcdfaad5c0de203883557f82d8373f0ce4ef7137a859 |
| SHA512 | df288e8a8aaa30f8d26f90901ece904c22543f1ee25d31b6d1485c8a0e3121ba3cd7c16edb91c019e85d50ac627151585fcde3b6abbca3980dbfe8c72159779d |
C:\Users\Admin\AppData\Local\Temp\oaQkcsgc.bat
| MD5 | 20365a733ade94567bf334ca503e541f |
| SHA1 | 6451ab1bc9028b6427e0a2381a1771f1045b7e69 |
| SHA256 | d80dc4ffea8f1a60c867e862d53da60c8fb21c5c5d73c09ce9843f195df63c6f |
| SHA512 | 964bdcc460251324a2fc0d06f5302cbe0f7da19f8e62f9256fc5b714c942f762b63095408ddf865926f6f2a38382a38bbd1f0b17c30349801e1735ddd4015453 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/1072-57-0x0000000000120000-0x0000000000154000-memory.dmp
memory/2396-66-0x0000000000400000-0x0000000000434000-memory.dmp
memory/764-67-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RokwUkMA.bat
| MD5 | 2a0497db6b88663e326db621e1bfbced |
| SHA1 | a7e3a4601f89a41eccb15d7872a557f2682a1841 |
| SHA256 | 6746f5cb2f5930fd11a2909bd9b28fef099ff06a69d8363177272ffe82537e75 |
| SHA512 | ec92bbff8345efd11d1893221fee1cae795ac973cb7bca789d58ee1e476dde98cf7d0aa9cc82fd0fbdbd7d88b4f50c5e4969cc14303dd69755fe6d396a8fd289 |
memory/764-88-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1592-89-0x0000000000390000-0x00000000003C4000-memory.dmp
memory/2272-90-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\viksYgkM.bat
| MD5 | c251f1b2fc4e2e36d73e6635d0d0baf4 |
| SHA1 | 94f961749987b39847b931816aac58956c0ea73d |
| SHA256 | 222f3f19c60203f81d59137986010bd9679468dd3f05f77e72fc0f0e0b5409f9 |
| SHA512 | 7722c5c2c929eeab543db0196d4e141c2ed2f9c021d2c2d2f8af6e98d75e4465416a7abea3ace9cb9c035f9b8f56e3f3fa3d5638d19d9e265b458e513050a007 |
memory/2000-112-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2272-111-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vscQEIQU.bat
| MD5 | ddfd93c206abe9a1f42ceead9e2be765 |
| SHA1 | e9086f05cfe696c3e3c01afc6d31e749b269ad13 |
| SHA256 | fa2891e89853cce4df8674d982c40330847bebebf8ca6915102a1cda819ef7fa |
| SHA512 | f5565191991294611819d5f5b50cf8eadf900c807f7777fba63a7af3981b04b942f0bc1cdd387a45ba3cc76c6e0f5ee0bac96fe9a6e3f986c78a427956481b3a |
memory/1944-136-0x0000000000110000-0x0000000000144000-memory.dmp
memory/1944-137-0x0000000000110000-0x0000000000144000-memory.dmp
memory/2044-138-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2000-135-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zyQQwook.bat
| MD5 | 4b5174cf34c7b3d1fddf33caf0feb7a4 |
| SHA1 | 0d4c5cd311809367e0c3786e9ffe2d0a0b10c4b0 |
| SHA256 | 0ce70657c62a7ccd10c6f1e55424605b3394c95fe2b6b7bf88743688cc2b8b04 |
| SHA512 | 2072092def25b615933fd3feff3238a86b9387c964943e0d207fb89e6e423da752ebdfa915c6eb0257ed6fb2758cf63fd836d31130caac07f86126eeaee83b58 |
memory/2744-159-0x0000000000320000-0x0000000000354000-memory.dmp
memory/2744-160-0x0000000000320000-0x0000000000354000-memory.dmp
memory/2268-161-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HsEQMAYY.bat
| MD5 | 67ecbaf8d2393c3401a273306a58bdff |
| SHA1 | 97d94ecb0c1830c81330a628fe589090fdb6b032 |
| SHA256 | 227e84b92b6782297c6e13aea6885ba610dd2f987b9e14bb4e0066881098c34c |
| SHA512 | ce162505db3030c453b54b4522706a5559a30ec46c6f01324e7d7773aa9a6f754fe432f462cdb91a67e7b2da5febd42b5958608d57765e67162b67c34fd0f775 |
memory/2536-175-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2268-184-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2764-174-0x0000000000160000-0x0000000000194000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fMMsAkoc.bat
| MD5 | 3d37af0fe12ed136d038cdf08c003b03 |
| SHA1 | 7d77e22bfbdb92c606e71363ea6664976bc95da6 |
| SHA256 | 8a336d2773072ade149127ed5c7ad51ba10eb4ac6b80afc92cd697858e63359f |
| SHA512 | 7e89d0f71e6947c1e2a19f09e78aa293b9719b84f6211d6ec60ed966f3917d840cdb482cc1813b020c3ce7caa9acf7ce7d008b7a95ddda4c7c7fdb40c59399b9 |
memory/1544-199-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2536-209-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2672-200-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cUgssMQE.bat
| MD5 | 260d3a247af8bd959d3a2f6aa653e6af |
| SHA1 | 608882f1460742abd7c1c4e27dab153a5d31a11c |
| SHA256 | d15f2607ee5abd1aa314f4e0f81803b223fa25d84c5682eb6f2b842254e1eb89 |
| SHA512 | 01562e505be8039d9c01f920bc6f3154dab9de7a081076a3c00e9679a7ddfa637692b29fd62c0db3d4dc5017595baad422025d91383c7abdc7c60002808f1f39 |
memory/1712-230-0x0000000000340000-0x0000000000374000-memory.dmp
memory/2672-232-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1712-231-0x0000000000340000-0x0000000000374000-memory.dmp
memory/1612-233-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yQUwsgEg.bat
| MD5 | 2901f8261ffc9e3adcb14195dd46ffef |
| SHA1 | 66dab82a5992673d24a3dd25427e3e999e28975c |
| SHA256 | b82870803be5059c80ffa08ff4627a408f4f718427b2cc6600c71b2369b7c91b |
| SHA512 | cd34cf5141ff11826a5a79c1c81a822f32dcb21a97832536c392f7b35400130dc5333d74e4ba2fd0d65af868780a58e8cf04a33379261673239ec875bc855071 |
memory/1932-247-0x00000000002F0000-0x0000000000324000-memory.dmp
memory/1612-255-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1932-256-0x00000000002F0000-0x0000000000324000-memory.dmp
memory/2556-257-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kwUEYwwI.bat
| MD5 | 6435795a50ad5a16392e2c0e9a9e4cfc |
| SHA1 | 76137887fbb4087b931b5f40cc50ab1c190f8653 |
| SHA256 | 01edc54859aed0375cb53ce2130083136dc6757eaea7888e02b63d71e4d6cdea |
| SHA512 | 1c6fd42cdd28594c0fb8662f454b57fc55f372b71456e32fe3b7f9f66b2a0e365a8886018a046feccbe96497d14d575bafe1ff0fd9a8b5a8b53b30d62224b03e |
memory/1904-280-0x0000000000160000-0x0000000000194000-memory.dmp
memory/2556-281-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1404-282-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KEIUoEsA.bat
| MD5 | 7506ef7cf8c135d9f02cca84a0885120 |
| SHA1 | 9a05a9c058e16d2af86b19960276805be6f38f9a |
| SHA256 | 25213050224051faa650fafc7d0ffdfc2dbb9ddb552756969c186e89e48d2f3c |
| SHA512 | 02f6f17b8def1c899bd4911734ff61d64c324fe319108f1e2c7c10f1f0937e9c65d2745941a634e2ba491b66518daa26f5a4f3217e542426e708115c15387fae |
memory/1248-304-0x0000000000450000-0x0000000000484000-memory.dmp
memory/1628-305-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1404-303-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YkUcsgMc.bat
| MD5 | 7c80f5729474c018b2c56d4b63403ba2 |
| SHA1 | ba63331ed00498c57ebbf2303deab0ad539c0425 |
| SHA256 | a6307335619b0fdc6bce5b1465270815a161e642520aa52e6cf76bbabac3f074 |
| SHA512 | e25d9fc7047693bed62409281e68129e76e8d6f0a238ab03c31e859b8cbf78206f6c5cb33357d2515014a31ad8caee83cadbe32ff6be31e2e45e96e6e8533772 |
memory/2436-319-0x0000000000320000-0x0000000000354000-memory.dmp
memory/2436-320-0x0000000000320000-0x0000000000354000-memory.dmp
memory/1148-321-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1628-329-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OMcMAgEw.bat
| MD5 | 03b56b0788b95545805c79c334495f1c |
| SHA1 | b204a07ec580fd775c703c8cd2f31d146047330e |
| SHA256 | 83af8170d1c11151c468ec9cf49336e81e9ead579e07a0bc33d7cb73e057e182 |
| SHA512 | efd5fa82c4f909f506cc9500a99c4d03648c10ab8881ae974881720dc80b3544ff3141d43bd1e63bf18a49dbf084f23b2e70738ecc895cc05bfa52b5a5f14b0a |
memory/1280-344-0x0000000000160000-0x0000000000194000-memory.dmp
memory/1280-353-0x0000000000160000-0x0000000000194000-memory.dmp
memory/1148-352-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1420-354-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xqswsooA.bat
| MD5 | 791d95b388232b4f7e1ebb821e288371 |
| SHA1 | 4280ed526782ca1e405ece7827a9b9fbed98d462 |
| SHA256 | e92dd80a4b4455ebe8829df007588fd85debb3a27fd909a3d371996ec67a373f |
| SHA512 | 2b95bbaa1cce2db9f24de6300830adbe675ffd54e4f047420fbfc5d34961379ef142677a976a1adc38f88686b579f74012c287f467ca81f1e1e8c9bd07784f3a |
memory/2672-378-0x0000000000120000-0x0000000000154000-memory.dmp
memory/2652-379-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1420-377-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2672-370-0x0000000000120000-0x0000000000154000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BcYoAEQI.bat
| MD5 | 6162b09f10785ac5e5a04ce8d62535e1 |
| SHA1 | ba1a9fbd19cf26552fc1e9927c5d13c21031faa9 |
| SHA256 | 13fd0f6ec4658f0869a99e3a365286779aeb1248106eb01ac5728e84eeb87e87 |
| SHA512 | 9c9731d9feced9a5ab6f71915bf033b59f493eaffad4b8bcc8c75fc483a8b30913fbb4238b6b8595e41cc20adcb71c237583759f4642fac9ca9144d4bec5fc03 |
memory/2652-400-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2244-404-0x0000000000120000-0x0000000000154000-memory.dmp
memory/1700-405-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\ZEIUEQgo\QsgMUMgw.inf
| MD5 | daf42bdda0c32b3ff741271b0bf78406 |
| SHA1 | bfb355eb62092ea7228746fef51e4ee81a948987 |
| SHA256 | 9af033aae1662704b36da0ab8e3d162d628dede0cb65e98ad577d5dadde7c54b |
| SHA512 | 2155382f40df52f8d9bc46eeda61b4c7b9b37dc56b5d9dca573828f7ed7391c369f36c8114fdde797306f84064603b1946895fbe28bd72b761534f9f93036df4 |
memory/2244-401-0x0000000000120000-0x0000000000154000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PEokcssg.bat
| MD5 | 3b7b91669fc4a355f7bd8648120041c6 |
| SHA1 | 7de01aa5d4984bbc0337ea0c58f6d8e7d42f3ab6 |
| SHA256 | 315b75de91acc2348832f672cc3a6a3a50b77a16c77ad8d52cb23d28e239255a |
| SHA512 | 93e54a8408988ac9c5aba0b97ee0895f99a395c3b835c0e7feabaee7c731345369c1b7bb22f1c1ca57727f02ed2276fe70280cb26468bc57c70b7f01193c3d0e |
memory/1700-428-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2032-430-0x0000000000400000-0x0000000000434000-memory.dmp
memory/636-429-0x00000000001B0000-0x00000000001E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmowggkM.bat
| MD5 | 63fc2954d1e4a56c7325fa07a79826b4 |
| SHA1 | 1d3815fe9b03abfaceab5595301cbf2a9f33e9f9 |
| SHA256 | ca250ee10912a3c06dffdafd16992c8ce95990ff8e546670084c869a6873741d |
| SHA512 | 93ef3556670156d84e980ce9b44a0b6b0edcde474b385c571a125094de830da3b4484f40770625eadfc9688ceb2a9adef32034cd8aaf2d7ca7c3d757ab6cccd8 |
memory/2768-443-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\ZEIUEQgo\QsgMUMgw.inf
| MD5 | dd0cf141592aa7388708fb4969f5baa8 |
| SHA1 | a545235fd854c8f1cfe3e6cc536849df2f2bfe51 |
| SHA256 | 90dd312b0ce08242d123ea923ec6f63f0a6804a13a79dc335309c4667c29160a |
| SHA512 | aae80e240b318f536650fa05b91fa09ff4b04ba701c0243e921212fa91490be0477035f38497a8fa8b52ac6d4d735a11c142b18454f059c7bc6e7cfc0102a2a4 |
C:\Users\Admin\AppData\Local\Temp\LUksoYQw.bat
| MD5 | 0c15e96786d4118d282059495dc23fee |
| SHA1 | ed7f4b4a889b554c6529e0019acf56b3f3540ade |
| SHA256 | 4e6c728db4ac92e1c8c7487eed6525db163b175f3d78748a84e27177c23a0033 |
| SHA512 | ceee5a0edef23dd71f2ac998910709e612b48aaa2a40caa8bd679728bbe2f8d3140b2b88e1c0f0077d3f62a7d4540353d7b829d8d2e5a2bf4c4f739129c798d2 |
C:\Users\Admin\AppData\Local\Temp\mGcgwokM.bat
| MD5 | 4021a175d339fe8647eecb5f4b7985f5 |
| SHA1 | e3475bbaf7bfddf3683aafa168be32d7fdce35c4 |
| SHA256 | ffc86d9e6f0d67cd73635e3b14c72cc68da1cebf7fa1baf1d6a17123bdf7fce6 |
| SHA512 | b9ded489b39cc4b13672bdd82df75f64d95a3fe0bcf99dd3d333ecc0b47e88fda512a46fab5c3f0bbeb663d6d3230ebe56f4f2bb63411bdfb3b757c65ff02bee |
C:\Users\Admin\AppData\Local\Temp\qAwoMIkQ.bat
| MD5 | 9d2a717cfba5f879aa19c1785f4fb017 |
| SHA1 | f77de12416f074e9154dec9596be891c040275a7 |
| SHA256 | 5827701ce9887763f5bda701ec60ff4bb07138e046c4693f7e581774586430e9 |
| SHA512 | 6f1ac2d5338be94ce229ba253900cfd7ed0c210e73665715f0a3b36b985c211f973117cb2f8060bfc4b9acbf47e8deeb3daa58f023e38634b561ade67ffbfcbd |
C:\Users\Admin\AppData\Local\Temp\QOAkYYos.bat
| MD5 | 1ede280d7e66502639e049b358e79bfd |
| SHA1 | 681604733dcfe25921b13d0d935c9b195df3c14b |
| SHA256 | a046efb91fa3923b88ba84823e0eb5891c38b9e522913b0d89ea8b6bf3ea4d59 |
| SHA512 | 03a7aca18348c041f3505dbcc58ff9dec43c5714ba857e87426ace686e08c7a98862b1d7e26a19f3a09b9fc6b155bdc2aca45a7c022a33c0105a2b76701d0ce2 |
C:\Users\Admin\AppData\Local\Temp\UysUcQsk.bat
| MD5 | 17e23752b1b681d2700c522c2bdd6181 |
| SHA1 | 4f224385f31a1f62f87f2625a99ef8166124a2f4 |
| SHA256 | 5ada15cadf7c6c40c3866aebceac984f74bdeb43c48fa5c8de3f1406164599f7 |
| SHA512 | 64c87590f970930a26a22a559494fce34ff3d75acdfb142cfc958f0189e4d460678fd3f3a5888547a617e843deb0a348e1da69c517635f7b073219b90391e24e |
C:\Users\Admin\AppData\Local\Temp\QkMC.exe
| MD5 | ba291f2d3bddf509ce8b1489b5c83551 |
| SHA1 | f9a625e18207f7b0d676f792fa9d704e22d98e04 |
| SHA256 | ad0ec2e64ebe506c7a385fb79e49d9dc1df78325931a04e87545ca70e78b7145 |
| SHA512 | 47f16913f78e504629289c8e0c6c520f79b5aba5260fc7f588c259b231a35bc54bf481a1a6abb615ef3e257015a3af8ec82015d396d9d44f64ee72b94128ad95 |
C:\Users\Admin\AppData\Local\Temp\MKAEUgUI.bat
| MD5 | b6ccc1784ce30f255f428442e1f75e71 |
| SHA1 | 587c67961f148c363fc227d1d2d3b87c15a69655 |
| SHA256 | bf711ef964b18e6417764691632eee81c7fad8ed9221884718280e07f3daab5a |
| SHA512 | d0481e76d02d64e5a0e82e1b8de5da9e75fc2890bb0e640b44eb2f78f001127235f761ca38390061ea6ea04b79128ee02a2dd9517b3e982f9a3d376ce456966a |
C:\Users\Admin\AppData\Local\Temp\HoEQoMIU.bat
| MD5 | 5b29380b12b0c4093bd15e912e1b5de3 |
| SHA1 | 4a1b3f6efa8abee57392f4f795da78324989fcda |
| SHA256 | 1c401d08d7bc3070c920978a8c882c0657892f0740c52702f046af06ce1b68b0 |
| SHA512 | 96ab99cdf31f4d675748daa8896423da1c4bd52125d91d6deb2da2e88ff9f939d6f0620ab1966a362de7bed84fbee58aa8fe3776c8c1c9e2517f65ff89266312 |
C:\Users\Admin\AppData\Local\Temp\VCEMUgMw.bat
| MD5 | a1674cbfb9ba23f5a1df6c6573c0459e |
| SHA1 | ff3c89727fd1e05619538cbfeebc66f95641ddde |
| SHA256 | 3e83d95f2a5a8d2c91adfb21219535b8531d2d7d99543e891f01ddc263275d54 |
| SHA512 | a5acb9ddf3c3357a24bdc5a34103c27151f4af4117b9231f222ac991f2052d80efb3afddf370c959fcfe392393924aa21900ba821d812cbe9f6bc65c6a56c00d |
C:\Users\Admin\AppData\Local\Temp\XIockgIY.bat
| MD5 | bc044ba6e9f5be84bac6aa5b63f0bdbc |
| SHA1 | 1ce219faa856fd7eb9746ac832e08b6756c3ac80 |
| SHA256 | ea88564a59610cd9fc3aaea6444bf067409d45625f3962f1bda2dfe900b88e06 |
| SHA512 | 885655053432f9d93f25a471b180a1df2467bc7ad20756f20b1f63c7d82d1b8cf7a03a390e55f594d89a67867bd4982623f03d8db6b33414b580d4d3eac5e7b2 |
C:\Users\Admin\AppData\Local\Temp\JkIwcQEA.bat
| MD5 | 9db662cbd77f23542d45f3ea2cf290fc |
| SHA1 | ad7cf5cbab920dc933bfe564aab5efbb92120492 |
| SHA256 | 4a57044ddf4b660f48a16e37373f5ec6c89e0d30eccf30fb4f2b77d6e9f4b6e8 |
| SHA512 | 362666dd9eae636758ee16bdc2b90710eb0924bed56f588b426da10dd70856ea9ccb92cfbbc1b3e3227ffef3efa5adb18f808fea090c6bda07285f61b535ebfd |
C:\Users\Admin\AppData\Local\Temp\zEUgoEoc.bat
| MD5 | b9facd86a47a76e0f4b47160d87e5853 |
| SHA1 | 0c9193d68deecfcbb42fee040ee4749f552a47c8 |
| SHA256 | c77229de5f524e37a429905f70c4ec621318c05da6d2c9d7446a033a919be473 |
| SHA512 | 8553b09e134aab2dbd7db09ee88da43dd73a21686d173a85b57cf1c3d4585fd4439cc145027ab8ca04d4a075266f17f09cf5f00e7d894df1e888e8b71f4049fe |
C:\Users\Admin\AppData\Local\Temp\WwEYYEUs.bat
| MD5 | 8ea4cd52a685de3923b3e974c579c85e |
| SHA1 | 8fbec34df7d2f8aa4c5367a8fe0fa5fb80a80d93 |
| SHA256 | 311aabf020d4adc74818299b4f55a1bd0db20cf16db2460b5df19bfc8ea8c2d6 |
| SHA512 | b7b9276225c1a66fc63d28c5ebdf3c291f8fe1a000ca3a1c47ba748acefe5517b90777d46e40b4d85794f9a5407ff733f4b2f177e3bbed6d23065bf3d048854d |
C:\Users\Admin\AppData\Local\Temp\ISQkEUco.bat
| MD5 | 1ef575fb6133407f3552e6bd19d9e98a |
| SHA1 | 02443d56c3511d6d4b6e42caf08518c3cac5de09 |
| SHA256 | d195b1ca4254208cf18b7a33a703a4cb398cfd07a1c7757c32d136d15c81baf9 |
| SHA512 | cd27a8e63223f82bbc0aa2d4e258449cbb077d4774ad3e7f09c6ddea5ff54ee261b219c039033b641b845860d7b6557072078b111fe8c02bb9097c256ca8d2ad |
C:\Users\Admin\AppData\Local\Temp\GoUcsowQ.bat
| MD5 | ff1c5fa13bcdb2b818023d6a5ff56259 |
| SHA1 | 5280262a2dfe5906c02c94e267091f1ca07d16c0 |
| SHA256 | 1f8587ae36c25234f58a0e5c35b6be2a58567273c4092943d2770e770954e6fc |
| SHA512 | 7e159e020444dc37510cb66bc2d241d9e8c3d2b5081c5ad9e67d4541b53b24559582cf653c107ab69f8dad848cbaf498554c0ce4c7d7a94ac44c2e63e57cf716 |
C:\Users\Admin\AppData\Local\Temp\KwIswUcQ.bat
| MD5 | 74f23f00d90d3d34be16061265b23ad0 |
| SHA1 | 5532a1647c3f24d08c91383f35fadce29a3a53b4 |
| SHA256 | f63cc95123017f90e5cd8e8c8e955321d4bad3b0545f6b492b7bfeb60514108c |
| SHA512 | 2d876e4d03649ea51d350a33cbf4d490a6728f5b06a13d6ca9ed5dbfd8e6c7ad4ff855a1d787f97b731d32b5eb5618016e255b6d5efe7f8a05d815f508f38dc3 |
C:\Users\Admin\AppData\Local\Temp\MIAAkMkc.bat
| MD5 | 5dd920695bd570ef1592135b4961dfda |
| SHA1 | cd85ef46d94f997aabee533b790a01c215b64cad |
| SHA256 | a787bb562d661621c904a558ebd3bc55c97a07609c52fad37259481ac55fb74e |
| SHA512 | 90643650848c4dc8669350d4a3aa107c79d4da07bb1610e57975bb0698b4db47546e33d824d966f2137fadfcd284d2573b7048cca1c5009b92b0ab42e9788300 |
C:\Users\Admin\AppData\Local\Temp\fWIwoYgs.bat
| MD5 | 457e552189646e2e3341b003c5e727d5 |
| SHA1 | 239c2b2f0cec9e4e6d7dc88151afd5aedb4e29e7 |
| SHA256 | d12734006ea519b872d1c7dc66e69fd0b826ebc0cd5cf5e12abbf1ad8e7c5bda |
| SHA512 | a5c0e3f9822f32f3c7e1f6158fdc9b87075e86fdec438ed5265030be6b285e37bfa4c1652105c0c82b9ee3dc98866425cace8c770343dc09eec038fc7c0031c8 |
C:\Users\Admin\AppData\Local\Temp\DcQEQMUQ.bat
| MD5 | 260b950b2e0fa658bb8edfec198a71c1 |
| SHA1 | 9bab291a6fce049486f956c118d2d943ba19d209 |
| SHA256 | b648c076d3b622b6788ea2c6fbcb24954d7e00b1ba0db7b87caf77d4acf3e3ef |
| SHA512 | e7ce0d0d1ac9806278abd1e240a6278a2b6c6ed571ac87028f2735ec7ee40b7c069ed49e0fdea088deb5e52eae483bd40879b3021b4ab055fa82510b6e299ebc |
C:\Users\Admin\AppData\Local\Temp\gYAI.exe
| MD5 | 33f6d2384feaed94da5dfc63961fb2c7 |
| SHA1 | 7cd14a1d7d00aef891c5e3239155445e427db4bf |
| SHA256 | 4ab81b64e468db08d9287e840e7698b366979d807999b154bdb3250d48f8747e |
| SHA512 | 8a3a05c35c7c92fd10b0432ba481b7b2a661d2f1de89cb1acc33898256d0d0aca657ed383e257829208aa8cec63da94b0bca03d25167df02c3c5ccbc855307b9 |
C:\Users\Admin\AppData\Local\Temp\TOIYwckI.bat
| MD5 | 85f06b90c789938d4da58df9343a3cc9 |
| SHA1 | 7a6a8d241fe967f8b7647390166f7e4318c85bc9 |
| SHA256 | 69f1982e867d0429c169f8de77a64343e4758d91a31fe2df149df7a385381b83 |
| SHA512 | 0a2f06685cb595000c6af0ddabef4a94bf2c3cd16ad0a3bf73f81fabd47bdb5c671f77d6ad8e928129284119c8a20a6cd6b6b37a2ca6535a65e5fbbef0a368f6 |
C:\Users\Admin\AppData\Local\Temp\IAUi.exe
| MD5 | 476ef358478d9d8eeb7bc98ec8876afb |
| SHA1 | f05a958cefec397e5cb8c29e92676d980666e905 |
| SHA256 | 6e0cea6c14d109363e069f23ef36a2bf16b0c04dc352457520a57096c0f02991 |
| SHA512 | 236a175d807b082a18ee2268a9e383b6b9d64badc45d4c9b35a9009f86567ba00ac723d8146a13b1edea1812b31f266da0032d42bdadc35e2d3aa93a337bd729 |
C:\Users\Admin\AppData\Local\Temp\BsUAIoog.bat
| MD5 | f193a1d03b09c16e777a35949d6bbe12 |
| SHA1 | f27b2aa3e370cbfe18eaf5936433809443022cbf |
| SHA256 | 10eaee96255c97a3b641e073b5124a53ce895cfe162e578c6be72f1577190837 |
| SHA512 | 27e64d9db4b627279be0613d2d724e3d751a73b84d595fa46c76cc78826855dc2c4589021502e6e67903917bec1f2df895fa54c4fc8db6be9e089be7ded0640e |
C:\Users\Admin\AppData\Local\Temp\WcMS.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\ogIQ.exe
| MD5 | ae74a27a6328a5aaf90d927498c3d372 |
| SHA1 | 6bc3372d4ca643f666b243067035dc9b2a1adf37 |
| SHA256 | 97f0696ba25e3cf4bff4a4785dfb421c8fd7455e91038394bdd0aedbc178c37d |
| SHA512 | 8867b59f002b16ebfe1aafca1d531b5a869de463bd6e911aafa073c31e76d1730e50bfd08e020fc0e8c4921b2b115fd61ad6a0c922eeb2f451a1244e11e74648 |
C:\Users\Admin\AppData\Local\Temp\mYYC.exe
| MD5 | 21299ba1b7318c86d749b34ed7510d8f |
| SHA1 | f56683f2bfd1765d627d62218381f706025c1cb1 |
| SHA256 | bbfe7b2994b42d072907565211cb4faef809361aa99abefc0aca2431db509dd6 |
| SHA512 | e24fa0482959f0c0c7c8cb197181f0981d646dcea187177e3258a1faa732bfe6384d70dd694ea406a1e97a3e08cfe995091ccaac4f286e7c6764b7d1aadf9514 |
C:\Users\Admin\AppData\Local\Temp\ocgY.exe
| MD5 | 7ef0a61cee302468c2608f36044a7199 |
| SHA1 | 977cf6e659eca6fde16f700265a34f0149bf9d5a |
| SHA256 | 0bbe8454faca788f64075e9358627a29408c42bac336ad474510392f0852de57 |
| SHA512 | 40cd7305085e357f9fd5819bf6aaa0d2e486c5bed61a68326eeb1a74d244287f7d34c752ecd755f85862998a1001b87c21f13e9692c0e3ac5f619ede275df962 |
C:\Users\Admin\AppData\Local\Temp\qYgUMcsc.bat
| MD5 | dbeb279cd935ead5692d54015e67c5bb |
| SHA1 | 262a41589328998ee3791edec3446a98f1cf9a45 |
| SHA256 | e5a7446d10c51c8116e884217ac83c9aa037e65a92418cd7b347ce60356301c7 |
| SHA512 | b334db56f9a0e9b1f80a7fe66e3816467220ab14a4da55aed2200d1d0477c5995e774aeb4ba2b709f6b9cd2a3f88908ad25666f0ae6da3eda9f259fbe634e0a4 |
C:\Users\Admin\AppData\Local\Temp\IYMs.exe
| MD5 | b58ce1fd15f0fe974c7a3feb2d8df3bb |
| SHA1 | 247c39ebdba53f1991287c16f755be54b3779a82 |
| SHA256 | 99aac83a2e3168d86fd3630e707ca25cb0ebb75cd8921d7cd3fc3208d82cafe9 |
| SHA512 | 249f7e9cbaaee53feaa9be6ce7b968a6a5ba05e175f927156b34d8c3ad3c975dce8607c479d8b81b7e489f052396bf13e001ba0aff11567546134f682ce9dd35 |
C:\Users\Admin\AppData\Local\Temp\WcMUIgUY.bat
| MD5 | 4d0d57ba43102b559f440d7a0ffc05a3 |
| SHA1 | 149b919e6115ffc49ccf79a03dabfaaa00ac9d2f |
| SHA256 | ee69801691691f354dcf1344bbcd66f72b4b782fcf8043984db9aafbcccb2fac |
| SHA512 | acc7e418950d9455c86d3a4d5cd9c567b78a9712232b35af7b9a7735e007b73c9b49830f0d100c738c4e9975813c9bb4ca93f9ae954eb3a9707cd25d7fcd39b6 |
C:\Users\Admin\AppData\Local\Temp\QaUUEgww.bat
| MD5 | 55bd27b6409298a9fe04591cca097f61 |
| SHA1 | 9028524843b10aaa6c2b0ac69603c5ceea664cbc |
| SHA256 | 5364e24b1c8119d40931959780a9c0c2f1a1ee6eb5af60887bda62999eb1f854 |
| SHA512 | b07132b9e3e4d06f82dabe0a5fdf8b9003bf1f2c20c5dc9e024493c863b213a284fa8152cf466791e0bfed6bc221576fd2fddde032c9195f02fee392571dfcdb |
C:\Users\Admin\AppData\Local\Temp\UwQk.exe
| MD5 | c246346312ec6060a39aca4a84476428 |
| SHA1 | 972d756c89a7a14faa3b7933f228bfff1b3758d4 |
| SHA256 | 69705739b012c952d626364841d1600db06fc3efd45d8d14a05a5220a36a0634 |
| SHA512 | 2f5b99dba38edd90ffbbddc53d5208fa0dcdb5684ee68f6ef393fa870377e7dbda95005ca7411bdae565105461c18d3eb065a6c664bc5f77156871deabce36cc |
C:\Users\Admin\AppData\Local\Temp\MQwI.exe
| MD5 | 43fdfc600290ea6b06a2820475ce8177 |
| SHA1 | 1866598a288620137ed8750cfc6613116f8c8c27 |
| SHA256 | c8225c514833ad7bf4f5fc1d8e3fac9a3515af7053c8de6d02c9d7861d9819dd |
| SHA512 | 0fcfeab44bb9e081d8a17f228ac57e8b7a0fc224daf8a4f5a669ab721d6d23cb1826c765a08167542390cee2b7ebce3071f52eaa4210f9d7991b2b4a48a1d3d8 |
C:\Users\Admin\AppData\Local\Temp\UYUg.exe
| MD5 | 3109f74d07b430511cac94dac37b6d82 |
| SHA1 | 593d511ca69de2f16618a515426a89ed5e811f9c |
| SHA256 | a6df0b690bec21ee14bc572949bd56382f614453f641a347b565bd4b875c5430 |
| SHA512 | 7ba564abdecd32f4f2ba33922616a7c2ba9c4868b3188c0691d333068edba675a3625c7169dea974c8c632134ecb76bd1193d751e2cd06aa3d09e3cb475a1d1f |
C:\Users\Admin\AppData\Local\Temp\EUUI.exe
| MD5 | 7b00246eb27a7d3c41f7a67df3c8c510 |
| SHA1 | dd78bcbb716e351c2dc4c69c24606e21238b036f |
| SHA256 | 5f02ffecfe4be1b38f4d3670175d7a26bfb2f6177b344de63c0219d7902d114c |
| SHA512 | b57f7c19b1cd5bb680f14606d3f4e0a5ea0b1712e86f73a0cc11bdb70e742dc89b59f836a68bffa2db62c4b9302805017dede5fc87317cda0d719615716013a5 |
C:\Users\Admin\AppData\Local\Temp\yEYm.exe
| MD5 | f8c35e9d54a4892d5aa1a0d9a2abe664 |
| SHA1 | b7bdf836b27b6ff111e8193385a58efe761003d3 |
| SHA256 | 23264c47e695536cd974df9fe88edac9c17d358954e9014e9231f8f73d0bd863 |
| SHA512 | dbab6b25fdc67a5aedc67b61a32c3102f2a67a859b9dea7cdc57e0ba7716f171950546b7bbbfe0950ade228a604840c85aa556cd68f7e6dbe131b5a1b4c5864b |
C:\Users\Admin\AppData\Local\Temp\qEgW.exe
| MD5 | 2b8844714fee723cf45d4d7ebc8354d3 |
| SHA1 | 383760373640ea7ccfe343c01ab52086fe032c44 |
| SHA256 | 941f5443fe67ccb655ab7575b0a90a855af754204b571a53dbb4bd9dcf720870 |
| SHA512 | 870fdc79182d607267ef9daa45b3218bd7b5562ae73c57e295cb5d37e53cadc916758b6a01544325171f58d88b4cdf921c594bb65ee53510dfc95ce6f62b8be0 |
C:\Users\Admin\AppData\Local\Temp\ogEe.exe
| MD5 | b502e7787cc7be7bd024403156638ab2 |
| SHA1 | c44a8d366e03452648d274f8c7e3acd20f7993c0 |
| SHA256 | 03ca1c0531047130442af58d334a9c8c352a36782140b05a1c1a809ab7a92311 |
| SHA512 | 3fe597b3093b6bccc8d9e9e8ca563492e40278fd1cc32b7a29ce2dc16d0800d062f8dbf53d7018be626331fa618424a825ff4ecd2e324a5f2bc2db61d879b599 |
C:\Users\Admin\AppData\Local\Temp\oMgQ.exe
| MD5 | 48e0fbaa8c611af4509766a6a910d492 |
| SHA1 | e71cc1bec8fb7eadff8137d548b8fd4942f1a8fb |
| SHA256 | 4044b8516bcb756f6a990678b1cc418babbb757fcda95943ced333fd1cfc334c |
| SHA512 | 67d37c0f0781e6470a9c7262ca2086b1f26dbc4cb7e92ffc7ba68e8c6cb2f5da4acab2633cc74f3948b4fa77ddf4f27049a7127c92e67a737ef1be75ce0cecd2 |
C:\Users\Admin\AppData\Local\Temp\kIwI.exe
| MD5 | 9b0f97c9e1cc92632cb40994ac60b62c |
| SHA1 | b57ba48a46f4a67201ebfafac98c5623c6a76d26 |
| SHA256 | 4ec85b36698187046d31bb59905e172b32f6a9eb59aed96d024717dcfaa23f51 |
| SHA512 | 0975b2a7388616bff92a13208ad28f21a94c373f5aac0e07503998dea30b9bc1c235acd0bfb6d6362bbe9514b1d4cba45340672a3587735cae53d5834126f9dd |
C:\Users\Admin\AppData\Local\Temp\PkooUIAM.bat
| MD5 | a442305b28ac2d7776ce0579e6cd2af5 |
| SHA1 | 41ce9aaa581985cbbd007643f5d830cdf1f2687a |
| SHA256 | bd003602e16ec690cb85bd718a8ae57fcc0450d2e6e85ee72e6d39f0e72a7439 |
| SHA512 | 51472c6d9d18ab4599851fe3212170dc64d597f00d0f6cbcc8c55a4b889a92335b8e4a2217dc5ea390abd50df60d3a33813c890e0f434c7f7ab31b9aeb2fc397 |
C:\Users\Admin\AppData\Local\Temp\IwUK.exe
| MD5 | 8852fe0ca8e7c5828298d8578a4e1c5b |
| SHA1 | 708a46b0e241580d82474a9ef0f0d7c5470585e2 |
| SHA256 | a87cbe10d4619111dbe14d445bd87aa05e866be12dfb6c1c73aa68113c9869d2 |
| SHA512 | e83a17f3764f450878bc11d519f464a187c8dfb4fdc3422f502f8e3e2f6d3f6a71fa709c6141a1d3562b2f9ec6d821b69144a00d32d818b8f1064dc13f233acc |
C:\Users\Admin\AppData\Local\Temp\IOcYIgUQ.bat
| MD5 | 94a2a160f8b58849055d0241ac7bc086 |
| SHA1 | 56f3aaf0b5ec8fb59c42a79fa3d414d0681418db |
| SHA256 | df92ea3d174d97df56fdc41de52733798a25fffee089f5d9370287b8bb098fac |
| SHA512 | 9b46bd536d278014af78fbe9347aeefea7d9382bc3de2b2b8c52cf9966e09109aeb89f0074562ab70b37d96fcd1a8bfe583083e946deea1471b1858a9fc0535a |
C:\Users\Admin\AppData\Local\Temp\WwMM.exe
| MD5 | 276f4e988e7e692c9a13fc9e5fa387cf |
| SHA1 | 17b0fc070e46387fcd5d7a84ceeaf784a6807826 |
| SHA256 | a50199c3e0c63f0f200cfabf86daf451062cf42c1412560889ba8fb1c2728d5a |
| SHA512 | 50f2b72d948affd98dcc759f27e31a0b6ff2753e9bbecb9cf3564b9f247fc37842339e984f7b1243941b6be5532d3f93055eb6e9a68e498521a1b42ebe9af60f |
C:\Users\Admin\AppData\Local\Temp\igge.exe
| MD5 | 826fb1c29f0ff75c95459f25567c5b30 |
| SHA1 | a6b3afc32e040e506e1e0821ff28bd8b90e49a87 |
| SHA256 | 23c59cec24eddad8e57f4d6122f0247d576e8b4e95917a1c15c935af73ebecb8 |
| SHA512 | 13b00a5c5f27a32fb48b11a5ba3ca001af35acc3dbc73d0cf9fd82804eaf90f167f95a06c2fab44dc4fc46ca1487043b5249a4e59cc2e02b1aa2c5ea4a865800 |
C:\Users\Admin\AppData\Local\Temp\oYwA.exe
| MD5 | 0e65d859fb66cd10b580f9a8eb5949d2 |
| SHA1 | 36d3167181b0109b146d9d3f6e9aa823aaf4a98c |
| SHA256 | 1f3c1f2fe5c5c57c78958b8ca6f5a383fa3ac7123035a2b434383287047facce |
| SHA512 | e697b5c6c5c373d89657736b89f3babf84920ed70ecf5040acf909943a83d93ab424044564a7fcc0db89a77a3be3faf696a4aaca06fc4c28a79ae41854729ba2 |
C:\Users\Admin\AppData\Local\Temp\qAgq.exe
| MD5 | 7da3e6bf6033592561fa1b4a0d9ee69a |
| SHA1 | 919de896bf8a99553ff0cc60630dc8ea976f24c3 |
| SHA256 | 65121a155ff7ee1ce8e919e175a05d23ac868061eec991ec98ea4e16e34d695d |
| SHA512 | 68301a46ecdb3c8cf5e4de6a3cdcc53013963e45af5aed71fb6f4f3acca91cde1890c7dc91fa6a6bf997a8fed94d42ccef63d293120ddac49a3ce3d47f3053ef |
C:\Users\Admin\AppData\Local\Temp\Mcwe.exe
| MD5 | c37b1e7777c90134af039fbf96a22d21 |
| SHA1 | 00db27c8701964efb461fe58e04a2313e4930d1e |
| SHA256 | c55af98d755cc418bd5736944f67e7ad76c3c9e3328273b1deee5c98746626ad |
| SHA512 | aabbcca582713e2d415f2310034c19487e4130f2d7c8277a5963ede8f9a36ddbaeb5ec081e759d165e28c1ce8c2615723e842c2534528c99b3b3fb10974b72b6 |
C:\Users\Admin\AppData\Local\Temp\Iwca.exe
| MD5 | 2651e2988a282c5dd628cfc17b21fd10 |
| SHA1 | b048f967d3b6eb02abe166380e56b113ba6c8440 |
| SHA256 | f946883dff0e05ca4e7ff0ad65124d23a85c599df98692c12ca4d61c43fa9dcd |
| SHA512 | e7e9223529655df0987d194f42e5cfc392030fab3dc7a882e3a56488d2a059b405400fc7cdcf953e66e6ec13ea7d565ea9d8e56fc1ab6c1affd9ada35bd930bb |
C:\Users\Admin\AppData\Local\Temp\iwQu.exe
| MD5 | 8ec5c9480e1d3a5af85e8b348c6d6ef7 |
| SHA1 | 53da1dd8fe39e53e27ea3cb025ca842284c3e3c0 |
| SHA256 | 0968ab713fc8ca264c5038a5ceff4d20d47a2c10bc171887907878f427c8c720 |
| SHA512 | aba45ad5f500ff4e71faeffaf5ecd580de609d7ec0cce45ed94026b02e01804275dfe4de5c0bc53255e852f8993509742682c2fc0079ef80ee44017fa4728d11 |
C:\Users\Admin\AppData\Local\Temp\RKscMwsw.bat
| MD5 | 09a329640bd3fabd77c42779cb0df1c2 |
| SHA1 | d0969281725c41143a1c30cf57026f80d0496921 |
| SHA256 | 48587b9e33ac10c5b6a61eacb71914c64ddcafec3986af580fde768c64aef193 |
| SHA512 | ea98a636a5d5c1247fb5b95d19de39d0f241de3734808a6e816c52361e8d507afbf77525ef50ffb07db6f90c526abad82f937ebeef85e143ca40ccd1258c7f15 |
C:\Users\Admin\AppData\Local\Temp\mYss.exe
| MD5 | 639308cbcbe7f1c98a61a7873fa4043f |
| SHA1 | 6a65f591b6ec53e8a85b2ca733e7c34e3cebbb91 |
| SHA256 | ef6f4752966e842aeef0c2f4084d1a5e32c03ec876d407cedc46920069a6c562 |
| SHA512 | 9afba60084d0c4025a6e8124b1b68b0f6648ceb1a5f99af67db426312a18139a3717fb6d51f1cdd272e6e505ae2249aedf270c6535ae1d3ff4cd3f42cc261d47 |
C:\Users\Admin\AppData\Local\Temp\xSoMYAws.bat
| MD5 | f0a9c3d14fd6c44bef96237ad17e9b36 |
| SHA1 | 213479fe32a46d045100816badf657961a1a1156 |
| SHA256 | e2d8873e85be4202f5422d1281c5f976e7cbae1093d8aa858098cc0b4bca67f3 |
| SHA512 | 3230ea0c42f8dc82e8a97b3579a49a9b1cc739772f53eae212165755bd336c52466e62e27d0173187d36f262872d1810635dcda28c896c91f990e7f2e9075440 |
C:\Users\Admin\AppData\Local\Temp\KoQE.exe
| MD5 | df1b3e76322ed72ad99b28a804684c28 |
| SHA1 | 0982287e459fcbe6e174f9ad6b1e9b67d96373b6 |
| SHA256 | baa4c14dc56d45566fb1947addfade2c9ed8f504aea8b1c1a37bf7be95109ad1 |
| SHA512 | 79b154c89040e9ad5053d6c37ebb85deb6bcab646da90bab75d863bc6dc0bfc5ca3ebe8649b5698c0bac0d4c20f56b634ac253e7aed20d63ec7248da5d3a66a7 |
C:\Users\Admin\AppData\Local\Temp\OIQg.exe
| MD5 | d5f4441d508db358ac26891859c8232e |
| SHA1 | ecaa931e028647bb2f62621718e2bf5e83631d7f |
| SHA256 | 58096b9a5f7de2627c5f758f89d8018e17bb0d748853a5847a08e336b173275f |
| SHA512 | 810a06cde2af4a8163822c3976e3cc0b148d6595407a37169f5f05ace025fbd40796945fa670c13b29aa08086a71fa9c990eb5edebb88b49179429f54054ec39 |
C:\Users\Admin\AppData\Local\Temp\wgoq.exe
| MD5 | eacb31deb614ddb485d3fddcfddb8e7e |
| SHA1 | d0d39d357139f3055dcabc8d2ecaecebec64fec0 |
| SHA256 | 6e3592e7b8e896d04338528078795de1ba664b2aec9a1337a1baed6f4aa300fb |
| SHA512 | 1cc1ca188536f63c9072be86dbe7f6d1c1abadbcd13016987a48b7ad8283cd1d50f652cb75cef9ab1ca41aa4b1f5ab7e4bc0af70206d100c21b9435e34d13ec0 |
C:\Users\Admin\AppData\Local\Temp\isYC.exe
| MD5 | 6f69ed697e65d8edbd60fbd0f5c703e6 |
| SHA1 | c60824ad10bd9d1f2182c768c591f798208f6134 |
| SHA256 | d91be31eade87a4c14c49460cabb07bb7be5e7f6cf668d3c43b2bbc8d6fe0278 |
| SHA512 | 137c0ff1da6bb49a1bae2111e5cbc99a26d6564a55c960d4cb87d6f4a30c745c9f919ecddc294c8c26a19255f092121d7c674867610998f207d93022c8234847 |
C:\Users\Admin\AppData\Local\Temp\IoIU.exe
| MD5 | 3a589e3fc999fdc685560a31d6666cbb |
| SHA1 | f28a3241b65405a246f73b2b89c1318020e078a2 |
| SHA256 | 779e3fd699f23bae351a2e71160c2fc95be4e65094b01a694f8675fe972c15bb |
| SHA512 | c1f7dd57dbf0d0a81884c68a403db2373569db511bb0a63cf87614655ecc31515e2b9ec4c4950073e46ef4693893c5fadc32f6f5b4f3fcc57ea6f4752497606f |
C:\Users\Admin\AppData\Local\Temp\WUUq.exe
| MD5 | 7e99e7d74caa402676518ecc5c62981c |
| SHA1 | a76645fc9a739aa5c7dbbb2d9c2c918001463987 |
| SHA256 | 2bbf1be8923a80858009831e63382f43797566c0bb008125dfd96dd1ec66bc0d |
| SHA512 | deece7d866e90c5ea1442ccaaefbfaf648e27532162139d83f84bd52feef740daa52aeb71809336be9b4b549500b87dfeacc6b3fb5fbfed5f93235ad9ff1e21f |
C:\Users\Admin\AppData\Local\Temp\Cwcs.exe
| MD5 | 7d6df82c58868f870b82e1a63e204304 |
| SHA1 | 62a2ef5b77cd7deb2c68f0fae8c149a9b4a09057 |
| SHA256 | db3bbf82d594b9601ad742a1272eec1b334923886144b7a7f4991766e1849f22 |
| SHA512 | 1514a376085fa7b47fdd7c6e6232bfe495b0749042c98276a7a6ec10f0df63321217ea790f6920556a2ad7e321f9ab5e6d631561113890e8b8ed4ed8585657ec |
C:\Users\Admin\AppData\Local\Temp\EccM.exe
| MD5 | a7944cc47d258199271c430e0e3d0deb |
| SHA1 | 93750dab19cd894f26dffad848bf35f220e8cc86 |
| SHA256 | 78375b4fc334dfafb0e8f19c59750f4db7563c0dacd60ccc6fcc5e823fcc972e |
| SHA512 | 3e1e60e312d45dfd39d77517d6298be2ab3ddc2bc5874500b5009d5a6c056266352c01064e009291c05942f6533f617165d67a1b80ed5f5b34baf6817031ac71 |
C:\Users\Admin\AppData\Local\Temp\CsYq.exe
| MD5 | 708e6d0a43e365ea524254bd19c15012 |
| SHA1 | 9a1816e29177db460b22d17c9c70ae052350f121 |
| SHA256 | 5407674d203a572a2801c2b08b779fcd58920eb0821b48ff5fa62fceef78c6b7 |
| SHA512 | 0a24b193e3a6d4cff751e498cefdc58ad15d8937a2ce027a50220ae5c0fb8c2aafb0c16c2fc7da464f24974eaaf41c4560218637edc6fc9e06db3c4ad3ca8282 |
C:\Users\Admin\AppData\Local\Temp\MkkA.exe
| MD5 | 1de96ddd246286223e9a18355843bb4c |
| SHA1 | 72129acceac71bde882144a43ed26db9b3c9df0f |
| SHA256 | c81ff8d610362c34ba57604add7828f36869f4b88f9fbf44312ddda625420d51 |
| SHA512 | a2224854b106a1886bf8714eb223bad2df4c26cacf4767104aa6d45f6f62b6cf804913b3ad4a032142b29ed3da76f496235f5a6a7c0c557bab239feb8687a78c |
C:\Users\Admin\AppData\Local\Temp\cwEo.exe
| MD5 | 88f024a123ad582133e43b430117dde1 |
| SHA1 | f22f187a39152f9221d0d4b06fdcf5737040cfb3 |
| SHA256 | 7bb5415e6a6d48d8e6ea0b52fffb2648fde35542167ec855c3607e01354d642c |
| SHA512 | 0cb531ff184c6a532f4a3de6ff445e0fc9594c2f081e172352867a4c52868ac73a0cc01a7c7e22be2f8bf3d76b209c83fd0d7b7718fa6b8b7d702e54f01bde65 |
C:\Users\Admin\AppData\Local\Temp\qkkQ.exe
| MD5 | 207bfab0b9da182dcf838166cd6bb155 |
| SHA1 | 4f1a70474f654ed9e181331c72106ec21099f2c0 |
| SHA256 | 8cb63abb13115c52e8a3817c82aaa65ee55cfd7c85b0855d7326eff64991458c |
| SHA512 | 4f0dfc31ad9a1de9f4e0b03651c4ebde3dc5e99866c10e91e5822590e9d4ced926df40b9c63f080dc92956688c70d150a3e78de3808fae7c8902fd3887735f4c |
C:\Users\Admin\AppData\Local\Temp\OMcu.exe
| MD5 | 0ae8054ae58c0b6f5ed5353ecc83ca4e |
| SHA1 | 213217944f602595c63308418c08ca60fa215e1e |
| SHA256 | 133318ef0e27fb1337b9c73a57727f8100fb619c6a25b099c221263a5686cba3 |
| SHA512 | 7a1e7f5206b0f64cb9d46f6b3daa3ff70be753cc4ba0f67bdcf2eaf9b5293fdf62b53b47f32c2e8b647abd8e27feee98c925c0049b759a30e4a2b19d3773e46d |
C:\Users\Admin\AppData\Local\Temp\QgEo.exe
| MD5 | 1ac7e71c925a9dff1c0999860376c2d7 |
| SHA1 | 2f8f8aebad0af8ee7f36f6d2915053d646900d52 |
| SHA256 | e478696f6f22b294174f77c0b3a1a02bbef257da3d7d1aa5e1b6346300d44b8b |
| SHA512 | 628b4e600bff547f1109a44fdd1f893eac3b34c035235c67e65f9ee3e3b79d014c58934c7df093731d5aa833734979175b0227927a31a9dfa59886a2243e5ced |
C:\Users\Admin\AppData\Local\Temp\xQYAooQI.bat
| MD5 | e59f22909fd1a5fd23aca017094c704d |
| SHA1 | 512c7529c22638c09f42274905cb34d46b12e72a |
| SHA256 | 5c585f734e0e5318984f095650b5bcf78f4a625f933da6ada7d907a8dce02a9a |
| SHA512 | 482d45622bc2020ae8ad55c5fceeed5ca0ff25848d6e3b559dcea1ea2666fcfe7c10904fc05d37fbbc75be723cc22a02046b1018ca094e36f9fed2faa37f155b |
C:\Users\Admin\AppData\Local\Temp\QYYa.exe
| MD5 | 38cbf4e0eb1330b680f083f40123efa5 |
| SHA1 | 6004e13c9c1efeb9c4aac859647309157335d591 |
| SHA256 | c46508d759778212b26ca3f8a0c773bd54d08af810216b15db25a3ab1c830d95 |
| SHA512 | 6844b73a05cd5eb01e2fb98a727d93d78d652aa26d8c2bd8194607c5db4f851be3350c79659a15088df59ec0c528199b4f0720317103915b97038050cdc4f2d1 |
C:\Users\Admin\AppData\Local\Temp\AMoc.exe
| MD5 | f24a37dfd074ed327cda960070372bd0 |
| SHA1 | 8608d289b7bc0bc4bab803c5462284f49f9cd3fc |
| SHA256 | 0a1ce879c644614d7438744798e30cf3ed023bc905dcf6cfd87f326a2439d30e |
| SHA512 | 1ac863d75226bebbf99ccfa3e5c5ac6755f68682d2367ec8a04ffd3529a14cf1d250e61e570a51eb71a903e5a896fae787eabe26de1f601a62fdb419a4dd2dd7 |
C:\Users\Admin\AppData\Local\Temp\swQg.exe
| MD5 | e2ead6a9bf9bd33a26db1ebafb1b4765 |
| SHA1 | 5f72cba9c99df1162f36f1974213e593b81f786a |
| SHA256 | e75c846bf0ffb7ecdd7779158b54a049952180e157ea5e5295a6b5bd3c8b3d8d |
| SHA512 | c65c857db1c3cbaa4d9aef7ee852f3aa66aeacf1488b536a95e2bb5b45a1827e1f8c6e7346c2d6e823f527f9291df8f4e79b1e9f9a43dca389849d6eced0ca16 |
C:\Users\Admin\AppData\Local\Temp\QQIU.exe
| MD5 | f739009ef548672df25d18d414951c29 |
| SHA1 | f458f56d4a9bac1cbefb707c44f2fd8a3a01dc15 |
| SHA256 | 80aa03ce15b716bb4541512ec626a57f22db2945796ec783a2b671afffdcebcb |
| SHA512 | 9ef438122ce945b3d045f7470a30b8de0725e23134af85e5f47d0ba9602bfba9c573f8ab2414ee1c008312d61f004856f83213e38ef661f7c8109454865673c0 |
C:\Users\Admin\AppData\Local\Temp\tGEgAAIE.bat
| MD5 | f6a99179fda092d1052c1029ef364f41 |
| SHA1 | 4305bb583bae6c457a8e3d444256fe886bae8822 |
| SHA256 | 2d7f9266abc56e4fffbc14fb9e7feaaf60d3f36eb8534e739a60a3de67bf0f5c |
| SHA512 | 1aa621705f4652fbc60095ffc844870dc6664dcf0282459218450726f3424fde3278606f17d3235bfbf5e0f1e6914a5dc6110d96c06410f8a41b825eda91b238 |
C:\Users\Admin\AppData\Local\Temp\GkUm.exe
| MD5 | 2dc8781334770ab3d980a1ca553abefe |
| SHA1 | 02ef119fe1e94d60def5db97d2bac376fc787674 |
| SHA256 | 45ab54c93fc193e210f129e7e5560dcb8219ea44b43f75463e7207457468aa36 |
| SHA512 | ea9ec7e4aa07a6a100aedc1cd0c4b6ffc26bb7eb9bbc979b236465c1fedc6cf14186ad123a1158cc9783a54c2a696fa97647220d03e82dd955e7a9ba056322c8 |
C:\Users\Admin\AppData\Local\Temp\EMsM.exe
| MD5 | e3ff46be70523444734cadf7e3025908 |
| SHA1 | ee2ad39d10b2b0d00425996d316937a20fe6c22c |
| SHA256 | 45ae256da94d07d9e7bd7ab142ed372af6394f4d540f92f7dc04c7444998f696 |
| SHA512 | 943bf10e5259af1f6184644a96eb10850b444c030231cba97bcf577008099eabfb5deebb0625efc26e04a6d3d4c983c61953b9297483dd3fb5d6e499a1413fd6 |
C:\Users\Admin\AppData\Local\Temp\cgMEcAwY.bat
| MD5 | 00a02f5576c80fefcee695dd79ac6296 |
| SHA1 | db428cf86a9fef8c1e1b18ad15ca7f3e95911e8b |
| SHA256 | 78f2a5d730dce0f6144c0b80f2016025cb9f3b362956a7d0d1da5cec1a39cbba |
| SHA512 | 1100b4c22745ef03231c2618cd1085b7a59913005903a490b8e122c20824fd90df67e8a35fad5c90fdefc2bfb49e145a49362bd162e0276042124357b44ac6aa |
C:\Users\Admin\AppData\Local\Temp\UQYu.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\ogsY.exe
| MD5 | d333858d4596486812ab1ff9f20e3c32 |
| SHA1 | 3952cfb9cb1420d92d7244b953ff9d60599c0fb6 |
| SHA256 | a74d3b09fe262fc32111c59f90339c5b810d21eeb3b84428389f0d0aeda740dd |
| SHA512 | 9083987cb1f639808c6f4570fb7943aa787bcb31b0371fbcb49161ca54ac14143c6e45159389e4d6fca237585999483127398da2241cafb216e1a84868872860 |
C:\Users\Admin\AppData\Local\Temp\CYgc.exe
| MD5 | 34c618677a17747e186a8271bbafc302 |
| SHA1 | abc96f0d4f86ea9176895c060df3b846dc276f95 |
| SHA256 | a070f06cf3c0039e17fa045d22c526f09557eb88b05ebca26a183440e77f0911 |
| SHA512 | a445b33da64d3617e25aab97051fa4b4059c0a3571e42f66ba5588bd5923ceeb9a68e94317be925d57026d145e693158eadacb632b6db3cd13a26a687db11fb6 |
C:\Users\Admin\AppData\Local\Temp\pSEwEsEw.bat
| MD5 | b6ad11256c566e64c91f60f05ee359ca |
| SHA1 | d6f4177eaf437fb01adcfdef2e4d96bc4f742206 |
| SHA256 | ed0389918115484858fd2234e3c76445087b2cf8bba7967ed1cefb5ad4b21cfb |
| SHA512 | 66af009a8144934739ef736f67e6b16bdd4bccd6c6a8592f44fc1241466a0130682c9870d79d8c9024d70b91568ced6455c3f1b3ef8f3a700fcfa1870412fabb |
C:\Users\Admin\AppData\Local\Temp\UMYksMAY.bat
| MD5 | 089a1158884098d5d8042efae174426a |
| SHA1 | bac7c273849e33efd63bf4e357d61a42492be456 |
| SHA256 | 2fc2ca3c7d2c2371099d28bd9a3ecfc09e2ac9e3ce0ac21804491e16cdf3385c |
| SHA512 | 7610c18c2f802dbb2dff2bd379377e50e843f745bc341b206845535b6955c94dfaee3a099feb0fa7c0b301fa592a3f31ba6bfa1e830d679b65b47c07d81b424e |
C:\Users\Admin\AppData\Local\Temp\JsMMEIkU.bat
| MD5 | bf31f00b16ffbb5752749221bd0fb217 |
| SHA1 | b89f5c1b70e7e576d257d93d8b7885b057091bbd |
| SHA256 | 0e9339bd66a8ac22b29deb1b918827f3abfe86387380f9e18e210911c9bbac1c |
| SHA512 | 45dd1eda32216b64c589e4e6808f52b760fe081676cee9a939989c8a6cd24d9ea2a6b591c29e20bb317fb4396c39e9f5d38ed89904875b91f6991b2840ecc729 |
C:\Users\Admin\AppData\Local\Temp\QIcw.exe
| MD5 | 30a94bbe2c48e30fbf1d44ba91aa8bf1 |
| SHA1 | 9f4480a9e893b932aa25556acb4c757ec6e35db6 |
| SHA256 | ee40fce6b41e49c399c48e40500b9f46e92c19a4d2d84f69121697c5d297c1f0 |
| SHA512 | 91a367d917ba7177b82c9a6daeee079d773bb19f7a77b54014a2eafc4f3c7e0295c8da8d104daf85d9f34c0aa54bd2d47a2bdf97ac8f0aeafda61cdbd0f6bbb6 |
C:\Users\Admin\AppData\Local\Temp\cEgwIgMU.bat
| MD5 | b23156a6e32b86dcc1a6f457a007835c |
| SHA1 | 23d4303854b9f0bbf54ed1cf61e1d066e8688b09 |
| SHA256 | 29882562e3dc887a19cbe82e87f0925fe8f3017c4e2899915e7adbd8e49106bc |
| SHA512 | 822b1915e3ac254e3fa5e4c00f0458f4957372b95f0dc4abf69bfb30df279924d66ca9bd09847149304231efbe6d138ec64bb22a1dc8b64fb7cb166b87df8514 |
C:\Users\Admin\AppData\Local\Temp\yYIw.exe
| MD5 | a7f372440bd432dbd93a99b5ab78ca4c |
| SHA1 | 478efed7a173c00602300330f47deddce0719079 |
| SHA256 | dc4114cf2f25f19293f3b2a8f55ab6453cd998b77f521190b3432d1b04a899b9 |
| SHA512 | d66ea7887fcd4799ebeea1b4f98991b0cd6a6345942f3aa6698bc4d4f88a6e1dde49ac72ffd29a4d218b718d37c70afaeba8a53a0553b07e9a0955f77fc76e05 |
C:\Users\Admin\AppData\Local\Temp\PuogAoIo.bat
| MD5 | f85bc22f0e6d7d142e7424bab2879bb2 |
| SHA1 | c6c3ecdfe1a92e2dadfe034a24c2316a5eeff120 |
| SHA256 | 42fd98ae6df7285cf2bd2de32680f8147aae81e95259cf590797fb41cff0f44a |
| SHA512 | 15bd758848a0df9c2c416db9d3e0ef0fe83cb11be29239ed70b8960b6092585fcea030209bc9c3fbc0c9f7f07f9639eed6e58bb8e96576d8bfcf3ade91f3149e |
C:\Users\Admin\AppData\Local\Temp\GmEUoQsw.bat
| MD5 | 10daa9905111e96fd2e4b8432f4dd89b |
| SHA1 | 89f4f56a9360ab47c10a669a1f53480dcb3b4c0c |
| SHA256 | 13bf452bd4e2b12ea40f71ed1a7dc6f4a2de3e11cbabb8d050ba70642eb51483 |
| SHA512 | 779a7fdefd417e3943c208864b12937130d9840a2087bd73c656521433297e5b980db9a721a09c68bf977b703ba750b97dc02c6c3339f5b7854a0a89d13e5106 |
C:\Users\Admin\AppData\Local\Temp\aUAwYowQ.bat
| MD5 | 2b0870762bdde9cc20945aedf34d7954 |
| SHA1 | 2b0d6ccde6900c7eedb10fd161a0aa99fa9cc445 |
| SHA256 | f95f084ca8df42e4ee3c6af75d75d19e53b0a6a4052ecd784f0926f4d783d2a6 |
| SHA512 | f0ec4e8a807c8d4d0de793769ef043b34e4b5df146440116592a236b03513cb693fe589b688e543c35875aae7e79f643ef9c999e16924643e4a1c5b877b2fcaa |
C:\Users\Admin\AppData\Local\Temp\boowUosM.bat
| MD5 | 2dc0a77cabc23996964538c30c686d21 |
| SHA1 | 6973dbdf5e2eb2713f9eaf516d01aa243ffe860a |
| SHA256 | caf8ff9f03e8392753b966f9a2016ea175a276381566c4d27b1a54b40086a9a0 |
| SHA512 | 8f5a98be3bc0b70bf40edaf4464a1859e1fbbcae32d0d16aef25828b75bff8d85ecca6b8715aa486a7880e5e32bf5cabf55a45ef2b1697d9a8f4f8ee33502261 |
C:\Users\Admin\AppData\Local\Temp\EQQs.exe
| MD5 | e3be95e1096c13c2d6e805676eb34e88 |
| SHA1 | 62acc12babe6d7903a1f231966cf4cb34e455256 |
| SHA256 | a21a6af993609da4638a84356c533ec94d6e718b088cdf9153684456780262a9 |
| SHA512 | b190481eb386362ad07af89978244a99ea73caa914a2839d08632beca0e19bcc011bb4a4edb56d6deac95ee4a1aebd17cfe9227a53697e20bb0fff2898495c64 |
C:\Users\Admin\AppData\Local\Temp\UyIUkkkE.bat
| MD5 | 0b3fce8bc1d373fdf604fbf5d226b90e |
| SHA1 | 2b7f6d7b1c53baac5a6a741e16f9a5e36263a9a3 |
| SHA256 | bb84acd17eec39acae6dff86d2e781315b197fc01346ddd49134f2010af440ba |
| SHA512 | a2ddb65e5987063caab4e917e9408b018efe4a601af44007dc5e8984fb504638c44d3daf258cd8643c68f565da735b5777f330f92963f444e172c2246011292e |
C:\Users\Admin\AppData\Local\Temp\aUYa.exe
| MD5 | f567c517e8970906e2944098aca5c1b5 |
| SHA1 | 83d57bce4c0e61723497ed6ebdf368c0b934e551 |
| SHA256 | c6ae7b6303f9ea508945f8f0546edfe4c59b2a9ec7aea81d269a313c98a8075e |
| SHA512 | d71f507de213b4e8a4298f8756b8cc82dd34df1b6c1804cca29457e62bff8ebafec6171e58470a2700e171f136a10363c1a82d93919f1222cca32a73b9723fb6 |
C:\Users\Admin\AppData\Local\Temp\kgQe.exe
| MD5 | 51bbc191fd82ce66fc291bcaa6331158 |
| SHA1 | d8bfd1cb9136e6e32ab306f437eef4d3678ad176 |
| SHA256 | 4892848e5a6c55dd4c7f2bda87ca708ee835d3a5d7dfb7c8abe7a4f9f40593b9 |
| SHA512 | 2311925ac0efe8f287a21c6c5944e463ec93d8668580fb916270ff3295272f413155cfaa8984371f9a65703c2644d7e6c12546f82446f3565d13f2a9458cb914 |
C:\Users\Admin\AppData\Local\Temp\OkcYIwAA.bat
| MD5 | d131f4dc7be1070427466db5062c2ee0 |
| SHA1 | 2013b47306c91d95e2077f531a7675078ec731fe |
| SHA256 | 1e0e40f529fb211d9719cf044c725f3df139817fb755a23943578a2c1f5aebb6 |
| SHA512 | a49ac7a3e98cf41aec0a4068c7ece11f5f6e92c579303911611145a12136f66ca8feb77496dcd1b2e904a4b57d494ed60f1ebf66f6bb03038eccf454b9e15534 |
C:\Users\Admin\AppData\Local\Temp\AYQS.exe
| MD5 | ec3c0015291b209a70ff7827eced252f |
| SHA1 | b5fbf7ac67ecde30a5af3b431c1572eb97f7291b |
| SHA256 | c22664365234dc769a28dcfdb851533758637c0d4cd6278d8d7aa7f1985bd4fb |
| SHA512 | 35e647c73228e7210747504c9fe50388cfe3bc2cb29cc41238404fdce28139d23e9b8fb7928353a5882d9891650157df594bcbf9bc4a85ba00100ebb67a6e5dc |
C:\Users\Admin\AppData\Local\Temp\WOEQwEMc.bat
| MD5 | 3a98283be682f61892b6587f6513f9bc |
| SHA1 | 7fecc1ba3cf1f9d68563572dd6802b146e8061fe |
| SHA256 | 2dd582336df571b7032ac4f0c4727d2d8cb63345dd43f01ff66a9e164fbd462a |
| SHA512 | 45dbf85eafbbc75194b9a0132f26922b5c1931e5c6bd2a6d044b167c13e16f91e90d679927eb246fa7151d9cd9167569bde09764444437e2d8fe44989c0b6946 |
C:\Users\Admin\AppData\Local\Temp\cQkc.exe
| MD5 | 7f319035b288bd232190fd7d21a2f1c5 |
| SHA1 | 9ddf6219250fbd92f6a2b11f955577cd553af3d9 |
| SHA256 | 4cb640afc1d89213ca6b7635d6ad5a48334f922b2d309202d01387aa741c0b89 |
| SHA512 | d5412fecdd61fef73677df26d7bd4153dad88277a01c28282a4a6d8c659d321ed99f552e95a4c4cae578e11142cf7f2a12df600dcc0a346b9b8196fb92445730 |
C:\Users\Admin\AppData\Local\Temp\YoYI.exe
| MD5 | 4fd9ea77fc9a98aee80d546e3f0b68b6 |
| SHA1 | c553fed23ed3c88d43d3d4bc28b4e7f6b0cfe650 |
| SHA256 | f8741532cf8d97e663f50bc71d37fc5ea7db7e088dcb2a544bc66b6f9954adbd |
| SHA512 | a5e23f36596cea03d9d7c9c26638350f0aec4ccc7f1ef68a108dbeb62e250da8a9fd95238bcb8176d03ac5da69b1fb01a6af760b76ff9266bdcb9bf3f78d8e81 |
C:\Users\Admin\AppData\Local\Temp\rwcwcgIE.bat
| MD5 | 404b77f4952147f3cd5ab63c199894e2 |
| SHA1 | 94f4750c8d7ddaf9acc6efa0ff10237dc257fe11 |
| SHA256 | 8f26c02a0f402e19eb32feea5e2ba65e695c3d1c2c2cedcfa897670e496d1bd1 |
| SHA512 | 97355c030b9a1fac7440b7279833705d0b84866c2df053d598a6b35447aa5135c81d621fec53005aa58e51ee27fc52c652541cb7fe8825365182d3c77d6f5a6c |
C:\Users\Admin\AppData\Local\Temp\cwgm.exe
| MD5 | 1754c7ebe3283adef2efd1d8d17911fd |
| SHA1 | ebe51807c149c42362de35cf9815830d0f111bde |
| SHA256 | cb792d76f1cd8a6eef1a5a0f02c313409b586bade738c9431b741fd52d40f470 |
| SHA512 | 6d008d3add513dd6574a128a6d326528a5de63b7dcae09329bc14d8e883c0a21ac5267e433f3d21dc87413a036cbe0b7672eec966a6272c72bfed909841ddb2e |
C:\Users\Admin\AppData\Local\Temp\yIEY.exe
| MD5 | 7269b97cd49d94cbe193b958e9fd1f2c |
| SHA1 | 06c5a2e60dfde8dd8c9d48d954021a888b0343f3 |
| SHA256 | a01e902cd10267890da5ec980a10393b6f3362724c32f9d66f00b8df3230ab6e |
| SHA512 | a6a018d045d605b90624f0502dec24f0ce6288b1c55aeb29958026e2d258b66b7de66553846ec897aebc5199ffdd0096c880f3ce15ddf448def5a04a005300fa |
C:\Users\Admin\AppData\Local\Temp\gEkM.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\qsMIIAgI.bat
| MD5 | 530e901457bc6647550445b7994107d0 |
| SHA1 | 17366a588fabb46e76d314b2c928d861f67d5b09 |
| SHA256 | bed3b421c0b58f61bd3f6e79ea852f88efd4b9ad00c8a00d57bdd49c3188dd32 |
| SHA512 | 1e3d863cdac7b7420c0138db830e836319a5084642e4ee6b8846d3207ab0de4330780e09a773989f761fd7d76e2d4e54b0591b2b9e9ee3f2fe332cae8514898f |
C:\Users\Admin\AppData\Local\Temp\qogq.exe
| MD5 | b26cf2f755a6dd8cf64caeafc4a5d3cc |
| SHA1 | e5df8ce80380ed86ad24aa6762e93a8eac1b0c3d |
| SHA256 | 57833d3ea2d5d2f74130c202b57db29d7f238abeed0cd7b219c274c84dd9307b |
| SHA512 | 173d095ecc1d427e589edc0564e1d8e4ec590185c8c5a7f479a1af876d4bba312e785ac924a2be28a67f9764387997e247434770d610b559c920d2e0c4e84569 |
C:\Users\Admin\AppData\Local\Temp\oQwy.exe
| MD5 | 2f677332f194386f13c6e636221d6649 |
| SHA1 | cc3cbcdcf8e12a66d566518f33203bad2eb051b6 |
| SHA256 | 0bd17f906e866a41ec0a882956733936c23dfbae39ebac577db68ad4bbe0954f |
| SHA512 | b89fe67ceed5a27fbd3a3542111b196fc0a79ada9dc66e9ab78aebd761044324d09c596bba2cec1be7ce6f5bdf50127a35adb8775dd2f6e52d5a9d33e0eb8d07 |
C:\Users\Admin\AppData\Local\Temp\ooEC.exe
| MD5 | ee6c9512431989ee31d9197871e44297 |
| SHA1 | 3c05cbb6aa78887baaceb669e8e1fb8f1dbaf203 |
| SHA256 | 459e5c998f4f797a07bcfd8e4ab999df7ad6b5e3ee0a10e9ae3b654b2759569b |
| SHA512 | 45ffe1f5edf000c33ad3fb70f70158dcc59347d6a5337bddbffae17969b49a89fb8e058c022a004f6d7ff47039f7d88b98767e100f15159780fa5b78ca6cb096 |
C:\Users\Admin\AppData\Local\Temp\gMUIgQsY.bat
| MD5 | 745365ef448dc64f4f69a85192767ce4 |
| SHA1 | 2818d84f7a1d54972a8dcba0d31d055a778420ea |
| SHA256 | ee9cb92e8db67cfaa336e9ff8687c0cef11220c2d659bcf000c9705773eb338c |
| SHA512 | e72571e1eecac031a58cecbe70485d83f96571db8c8137a1dcefc4187235ee973158e52f9f625fbc4e3a389cc99b5c580eebd1d49aeb504a0b4b91b85d8fce04 |
C:\Users\Admin\AppData\Local\Temp\iAgK.exe
| MD5 | a8ff821de5449b0f96fcdd0ae63d14d1 |
| SHA1 | a7b29531e2537c80bf7794899cdcd7679e4ac26d |
| SHA256 | afbf07a9345a10c130af51d17efcb3ae25e0e352e84cdb438b36a19e0bd8b4e0 |
| SHA512 | 66cc803d7fa19c7bd8a932c74eaea5845e730927afd4777a5016b6d6bb912065886aaec06a31a52b160e983a0b649849b9b3cd5aff32e1f8473fb6c04e51fb11 |
C:\Users\Admin\AppData\Local\Temp\IQQE.exe
| MD5 | a3397f3e3fed5c774aefdc847e8d69d8 |
| SHA1 | d9f2cd79720a46f8060e189db66f36fa8cf9a05f |
| SHA256 | 4bcfe0ff09b5383b4171ef51a4982c0edd58b5d5fcbbb4424f98fda50bc48d09 |
| SHA512 | 94c4380b83d64b883d24e07db650b5e7972ea069885d81f02b257b025ef4927320634b36b061eef8910d1c1d89f648e2af38655754f7698233e6880583f89fba |
C:\Users\Admin\AppData\Local\Temp\pqIUYQUo.bat
| MD5 | 6b23910dc1713231734da43af17b9c68 |
| SHA1 | c5b45d5d9ed151c866d96d7f5b64f259530c1a19 |
| SHA256 | 34672abbfa3ce1adf7fe81bbac238b0c2a06e9c5459568659319d6d8ddfff6bf |
| SHA512 | c03b1d256f8cb032adac2c08385ed35c0b1669a7af0135fe96e20feeb1c9333723cb786cd7eca351b289c857d3bc1c35680bb0f56f8b4540cd73864ca36aa8d5 |
C:\Users\Admin\AppData\Local\Temp\SkIi.exe
| MD5 | c7c0ed2e8dc213a784f69cf0b7f51f9d |
| SHA1 | 0956fabf78e30e14675a37e11170703583f63c3b |
| SHA256 | da57a0323cd6c4c12e5cd8695aa255dc61b554e9a111e1bc774c3d4ce4cb68a5 |
| SHA512 | 9dc36a2fdf72e2b42a037f33be24bb110602d4b67265a24ba804b7ac6d39eab28f375516ec092aae0b773a1a52ef4fdf7e66629c587f0904296c68d20ddef497 |
C:\Users\Admin\AppData\Local\Temp\EIwQ.exe
| MD5 | 5dd72459e12af5fce9716660d2c3efe8 |
| SHA1 | 3d94ab01241e1e04ab681d15f6e211178e5f6b75 |
| SHA256 | 94f2a096f9813e7c03b5c80b602590ac502cedf31a15e91d36b32727d52a194d |
| SHA512 | 859dd473d815c4e5aa43748fd3c82b32888ec7fa4e7ec36f61adefbe295cf4dd2a5e7c633ab4f3fb7c24166f4477c3de07e6090acc0223bf9169f22ad5ada426 |
C:\Users\Admin\AppData\Local\Temp\EQMK.exe
| MD5 | 5044d134e6387e180fea543afbbcdd48 |
| SHA1 | 1fafe47ed6657baf45ea6241799edfbad3650511 |
| SHA256 | e42262aaac62519d10a3a6174f0f4f87776a0d678cdbf9d7b84ffe7c4ffa075c |
| SHA512 | 540d9a971f7f72465f9a761a220fd27c9e8abebc308561bf969ff2b0764dc1d928faaebdcec3a8ffe24954fbb9eeaf0a755903eabfc5c6f2315d759f84e2b141 |
C:\Users\Admin\AppData\Local\Temp\UEQAwogs.bat
| MD5 | a537c064a97628f2ca30a5b5e7f366a3 |
| SHA1 | 5ee7ddc572b4af96a015661b45cf6038d789ac81 |
| SHA256 | 1b3d920798d9adde1505013b0f1cf7c44ecb3b073ac02cf40e9142b3463f819b |
| SHA512 | 91956d602035e435cde821c7c7f57e878465ce5cc141aebfd7054026f4c69e25ad85ab31293c685b16460ee3902f98fa5b7f7bf007ef55064e014895019cc281 |
C:\Users\Admin\AppData\Local\Temp\YIEe.exe
| MD5 | bb43fc210d99372a0f1738f8655cb6d0 |
| SHA1 | a8673178efaab9ae8696dc7a37145844b372086e |
| SHA256 | d6a5b948dc7529e14a4916828dd2836502903f7eba2c81e156b8b44b3a05be8a |
| SHA512 | c0f5dd99c70d1b5003a68881714bf617effc9ffc0ad189ce7911f267a72fb1a1128cef819fe1ce3c134b9b041ab1339e8b37404888051ad3f2aa19e55df4d3f3 |
C:\Users\Admin\AppData\Local\Temp\MMIO.exe
| MD5 | 5eb9c3f2c5cef0983aeccfbe97cf4b5d |
| SHA1 | c2b564a6ca9830fb5197b0a1011d1527c5b51488 |
| SHA256 | f090ad71f720f6acfbc4f0164848a4cbe42d31884871040786efbe5af5f7fc44 |
| SHA512 | 225332de652174f348104160d860cd01cbe61b50b134353f7cee5c706487764b554140a494109509172eaeae7daa3b667715646ee986c85863bb6adf9a5d96a1 |
C:\Users\Admin\AppData\Local\Temp\OQYO.exe
| MD5 | 17591334989afe2b7fdb8f9c84d10d12 |
| SHA1 | c79e6818521792c5fa51da0e27f4bd381ffdf484 |
| SHA256 | d7ceeb731df69f9ef1a64037eae1d15c8fb80fce5c0ebc2a5347db83212de375 |
| SHA512 | be2af7bea2e356b397afdbaa9fb356de46387905b98f69ffab57240a0526f26537603a4d7d9cd8f72c0fdb3d1d23ad5b80db082ded2718bee7b7d3265481920d |
C:\Users\Admin\AppData\Local\Temp\WGcUgAoU.bat
| MD5 | f93edf46f218e5d05d66f2eb914ee559 |
| SHA1 | 684d65cc45e9c618adea5f5103c91e28ab20ec5f |
| SHA256 | 0a1923671606104a16a6f754acdb47c77ea60667d1b1a64ce0ea67c43a5269b2 |
| SHA512 | 85e23b296a9d804198af400316b6c924f9ff766dfe51f449705a73fd868cfb91375c8c352a395e2ce515fc7acbae80f4b6af9034738ef90c6ec6560cc7a6f38d |
C:\Users\Admin\AppData\Local\Temp\cQUI.exe
| MD5 | 6afe208fd4391de16d6904f347806c5a |
| SHA1 | f1026425ca44147caf52efd00245f354826304c2 |
| SHA256 | e338918795b8f54f57b05f80ff3394cfb646db54419b232ba54d651092340d6e |
| SHA512 | 7f2ec4b6d049339b38c5345f8765dad68c3c5d711e8d1461cf985cf2b6507b4caa42023b2f62deee1b71b1cf2e68f626eab6ba29312136a45a5a785cad910283 |
C:\Users\Admin\AppData\Local\Temp\mYIE.exe
| MD5 | a9b67e7c80b04c5167d58730c6f84bad |
| SHA1 | 8a520f5bb1eb7c978826cddd476f4ebfb003e4be |
| SHA256 | 2311dc091eb0d5d64ddd0f72b0846ecc7b5424c4d0fefacbd1de9946bbd132bb |
| SHA512 | e34507831ed5143d2cdbac0d2255a595d7d94926736de29ff41faa328ac3c7e2449c0887f2a07c97124370576a91450c8c2e83964312677cfa48d8987d76399a |
C:\Users\Admin\AppData\Local\Temp\nocEwIUw.bat
| MD5 | 11b3027bdb20b889ade086c53c70126d |
| SHA1 | 3250d7a214f812cfe4ba1f4a6f5656368a455971 |
| SHA256 | a04a00cdbbe236f99ac357a3dfb22e8704756f005190fe481d2d3caac3aa3031 |
| SHA512 | e6134e8a1deccca7429a9bf854daf129536f2fd138b2da477f431623f457bb7ba27276e91b61e975b6f6c2bdb99f2585d74844d4fc40bf46a2483d08527085e4 |
C:\Users\Admin\AppData\Local\Temp\Wwog.exe
| MD5 | 540d77a6085f612b08158cd7f0953688 |
| SHA1 | 0960fa610c7f2f922f441e8cf2ce1aa8ec839a48 |
| SHA256 | f0b8b5bff9d4fc38d06535d92b28343b2a614fb9d51a436d1cefc7008edd77a1 |
| SHA512 | 12e3f9345e6d4b43f230c0adb64438c75baa81801c2694d052df07f2de2ecbc056261ba284522bc46f1ae2510f99db1f61d3deae8a319ba9f8bdf48881e8d15e |
C:\Users\Admin\AppData\Local\Temp\oAUm.exe
| MD5 | 0c03159a7749f640524c99e304e96b90 |
| SHA1 | 7053322c44de1fc86a0155f57c06335b3d890778 |
| SHA256 | 3c8f47b24663543675852430728dcbd5dc874fbc6e01eb75ea89976f03a42a94 |
| SHA512 | 29c6d2513733059fae9da00a27d78d24a837dd11094c24f503de9fbd2d80751e4865dcccadc9c9058ca4d24047bb8a07c88a094e3943a54da7fd7dde5df0e05d |
C:\Users\Admin\AppData\Local\Temp\TUIQgwII.bat
| MD5 | 5777138bcdabdcf750621d659348187b |
| SHA1 | f144faf07761dc1fd66de43e8bd5fff94d8f87e1 |
| SHA256 | 8592217a9503b96991486cc449a3ea03d0a1598b7294121060fe403849615c39 |
| SHA512 | df8053c453aebfe1b723a91794f8183b7798b8fcee6f49b3b6cf15587ffe507e27cfcb2be6dc72a50f09808c6b9a3d61317b90989f960d4d3405578e9044c829 |
C:\Users\Admin\AppData\Local\Temp\KMMI.exe
| MD5 | bcb10cf71273ada54d1557cd01b5831d |
| SHA1 | 440be933cd0da2f17b5bc9ece056f544518eb6b5 |
| SHA256 | ed138a06f88b90084af908b394d9a0afd79572fa34f780499716efe976a78281 |
| SHA512 | a42f14cc9fcad94f0584b5d391b16428dcdc169011cdbcb84bc34915f514e669834827e428a6e0fc799174b7c5b8c29ef0dc2fe93b7af2c6cee471e65d9355dd |
C:\Users\Admin\AppData\Local\Temp\WMAA.exe
| MD5 | 3e37dbba9e56bdfa6de3e63d5fc4720c |
| SHA1 | 5ae07282275478c0342b48039f416a6367da6888 |
| SHA256 | 8104ed12569a582ae7e17a14e6914ea5849f58850cf69ad10e086c1a2be8403e |
| SHA512 | bb097ae8180f561e7d7d8bae41fb560056e60c51cfeb3dbfec1474c73593a40985ef4b0b894ee85077bfcf9b58260694783b600993d360fa2622f70ca0807647 |
C:\Users\Admin\AppData\Local\Temp\wIsg.exe
| MD5 | 8892c6a7da00d2f32e4381ef54051b6a |
| SHA1 | 84d0c4fbc9378d2f459b8490ed0c7605ec840989 |
| SHA256 | 7c4ceccd083c871fa417d526d0079cf097189ab4410dd884f146258e98e9a51d |
| SHA512 | 255fb5d46694724e12c50abd9ca72d55ae45e46a21bdb8d2e5a6fe3fd0e1cfb41c6c1c626cdad65927f816e858fd0b0e0ea63f2ae8db9d7e8f61794313372abb |
C:\Users\Admin\AppData\Local\Temp\GUcQUAgg.bat
| MD5 | d22c1b42b4602149b7a9ee83a13eca42 |
| SHA1 | b32f6e07aad1999c6d5f55d162edb21fa95211cf |
| SHA256 | 6a56b67b69d8b1f469360265c1855abcf7d956c3999d858382b43806e18e6e01 |
| SHA512 | ebf6932e4b0694a210403f017fe0c960932e8873cc4737884ccfe6f89370ccde5da33bd598433b3ef97755b7563931717ac8cb59a43ce07d60a31edeba786e52 |
C:\Users\Admin\AppData\Local\Temp\CccY.exe
| MD5 | 26ef0727f83e0ff5757bc18edb3b0bd3 |
| SHA1 | bc38a97d456ed2730c7f34f769b7f99754ba4cfd |
| SHA256 | a3116f3a574310c11b609da7578261d121cdecc0328412bca0f323247ce799e5 |
| SHA512 | e33453ebb11c18dac8e2d35573ecdbdbc819561ed0057fa9929558edafb6263594baf4c7263afee55e43641f4c374c3368c01c3b6ecdd5595bb1e37388cda5fd |
C:\Users\Admin\AppData\Local\Temp\cAQs.exe
| MD5 | c2816c46de268ce870aefb119d5794fb |
| SHA1 | a748f3880c9647d55abae2455ac26b97e3e021bf |
| SHA256 | 1ec1d55a6278182cbd057b68f3a79c3cd408befb0f244869c3a381335c878e63 |
| SHA512 | 1d00fd70b972f97d38ac97e80c929671d2de4fb6c83e3a84f113f99f54307f4480aeb02c4b9f7b7b2020176185d38717424b95b4dd34a240ba1ec5e666fb8442 |
C:\Users\Admin\AppData\Local\Temp\RwAAgEAA.bat
| MD5 | 041b56039003626cd869c193df544095 |
| SHA1 | 19cfdf5aad774b33ded556361ef540e09e219b60 |
| SHA256 | 77851e8d80dc13114367e87cd3c44d810c6e5efdd247d2152dbe19e9bfe92d5f |
| SHA512 | 3e144f3468c7516a09df75e392c91e4503fc934ae4e49da95e3fa9a293e3625f53cff6a25713c2c189b57088a1359ea46f95b8a80e664bacdba3de1046e53d63 |
C:\Users\Admin\AppData\Local\Temp\gYMu.exe
| MD5 | 934514e937a38d56548f371e06e850c9 |
| SHA1 | aac7568067384b35619576a76345f8accbb87f12 |
| SHA256 | 44389515f54ad90c39d9374d8241f11c8383df23b45866c4b6dba78262f6dc8b |
| SHA512 | 61706c2aafacba0ab273b8491192e60dda37fba90183ac4b0f86c93af38681864d8bee4cea57460b0f6d6a798e9dbfac6fc0d17e77af3a7fcea19ba47a3abac8 |
C:\Users\Admin\AppData\Local\Temp\GIIW.exe
| MD5 | e90f5823298b268fbec1def4ab7ba1d5 |
| SHA1 | bf085a2a14d2e17fea10e480997d1f9b79810d4f |
| SHA256 | cd221ca34fd59fccc884cacae1ba140db386515d5278e3e662bba455c1601b59 |
| SHA512 | 1d67b55e7d31512bebc5e28d7eec7da4a938868b7b2d30abe40ed1297f7a98923a5bc1f5f2316278a196345760749aca7bf5630da4dce5e328606252a10ce0b3 |
C:\Users\Admin\AppData\Local\Temp\LQgwIwos.bat
| MD5 | 2d71fdd48d453082670e7c4800caa592 |
| SHA1 | 7d1b3a5f0540090db7e9a1763e14d8063078970f |
| SHA256 | 3048789d30d37e7c3e50e0843b6f20376d643cf4a09b54f6e2f6b701ae4e99fe |
| SHA512 | ffcee66d776c95fe9048b22052231302a08cef967e1eb32bd2fd200bf225b9d9d6028610257fd9ab6add63f8e3506d7f400bf4d915f7f1b63cb690ec4e477c0f |
C:\Users\Admin\AppData\Local\Temp\mgYa.exe
| MD5 | c5431f7d125254b519553c85c987066c |
| SHA1 | 4a85335f52440678812ebef65def8898e88c0a9d |
| SHA256 | 6b803471f2695902dfea5d68cb34fec3f94d172a74328fe20b37379edc0f5906 |
| SHA512 | 2d44bd380149f552f35f180b3a45d904241aab608e42638d9fc89b4eeaff523a22a3e4ee9538a90c9085217e6108a47a28cd50c7be5fde384edbea6d7a813c84 |
C:\Users\Admin\AppData\Local\Temp\ygAU.exe
| MD5 | 9933e184f36981217c1026a5fb44ad38 |
| SHA1 | 82b2dbce0135811220cbf551a39bfca1a6229265 |
| SHA256 | bfee9e948131fd43d56bd330713eb2a7b72766df3f69b5a28690f7f07a9ee0b5 |
| SHA512 | c326225519975f9ec77e0a6f800b0783af413af0c45c0fb2248d0cf7aa8ad3d359fb4d783bbdbf7547b8e8768039e5cef33438bc16b7de08699a288aa0206adf |
C:\Users\Admin\AppData\Local\Temp\jUgEokEs.bat
| MD5 | 1efb551998dfb26bf6cc78e5429da50f |
| SHA1 | 00e0ef7e0d0c6a3052829ae1c82780d817dc0925 |
| SHA256 | 1751ae2bf6f7ee30fdce218a444e0e2c245f2be1d2c64e6525371a2c6119a92f |
| SHA512 | f8763a070a6bbd28e161488fe6da062799daa5c581163543664338af24cbad4612a643cec65bdd187768042fe4a08284697c10bc8a6b9b16a29a3d996b2aa85c |
C:\Users\Admin\AppData\Local\Temp\EcwO.exe
| MD5 | 11d4808d1fd19d8ccdaf06e34f8d9a54 |
| SHA1 | 041f83258e13f93a42b819222506c698f0245cb8 |
| SHA256 | 9796f28815945665dc548d78d1591f9b0e5dba4de32d1d7222bfac6c02892c5c |
| SHA512 | b1005299e2c2741f5fd6e2fc31baa32076a789ff9951a0563a791a844d2173b53651213cc8a8d55c0f1865a5849e657a7ae24296cccaa2be4040bfbdc2ff67d9 |
C:\Users\Admin\AppData\Local\Temp\acca.exe
| MD5 | 314d855941ec2027937be3af3eddbce3 |
| SHA1 | 7d4a7d88db9fc89c63ceb788d4b6405c31519bae |
| SHA256 | 694d10499144912653ed5c06721ae35ebcc60f777952fe2b90a88e8c8d932641 |
| SHA512 | fe6f04bce6119d46df01f01b11c1b875d45f4a54f8e1d6e0800bb86dd7c7dedeee53b5c96a23e17cbc6c3570bc3caededce8255b71375b033cae20b9d8e46bbd |
C:\Users\Admin\AppData\Local\Temp\fUQoUYwI.bat
| MD5 | 8bad9b9cf32d2796443fff76aac5ad6f |
| SHA1 | c1ed95de24b4feab84cf5646cecbe885d7e85cf8 |
| SHA256 | bf614c24447f9beb86d288ca72921d0c362f54a93d55dca6cf0c1622d5540c52 |
| SHA512 | 51729f72062b9b156e9b2a2904c71c862ec64c4252e1c5b5264e132c748de73754ebe0023adee193641987823013292ce28489df461b889950dac9f96bfa4a5b |
C:\Users\Admin\AppData\Local\Temp\CcAI.exe
| MD5 | b898061b3dcdc8df3a8ea5c49a860406 |
| SHA1 | a5e87976970b5deb96c5e741fa18eb198dbc2afa |
| SHA256 | e6671e04d335a0eeadb2304523c79b5d72f50067cf26a15120081c9ccd135e85 |
| SHA512 | 5d47fc63770032545683eb3808fa2de0deb66d7d765222a3d82dbfdcaf0bd6a3389d39a034710887f15481d7f7b715497c63c5983234f7def9bca341ea515ed6 |
C:\Users\Admin\AppData\Local\Temp\mCsgkMcU.bat
| MD5 | 8809c7f53baf284ea59573a13efa62c9 |
| SHA1 | d17fd2be7693ca507bb5b4dc865af2989e106dc0 |
| SHA256 | 1e1a8d72ee58cd61630f7b6f7795036e239f4e1fa71afd49348f4f3e9a41864f |
| SHA512 | 1313f33421fe7b8666b2bae0c14edabb91731622fac0780fa7385848fcfd425f8ef41023347a9e86da6de4951b0aad15561b316e27d3d4cf145edbca8289b151 |
C:\Users\Admin\AppData\Local\Temp\SosK.exe
| MD5 | cd6569584e5339d4dc9eaf87c7fd44df |
| SHA1 | 672d8a4f4b4e86d125530253ebf9f980570ca9e7 |
| SHA256 | 595bd933c2c02f3e9b1b70bc5d52be719163b26fdbc5e6928b33d197beb11105 |
| SHA512 | 6283ed680117b9ca1c4417d0b945b53d94b8c773ee2dea2e0641a6c7a62a07a3d5a646917b245b0d89615e81aea3b30ba37eaba320cd72f76d9340313c8aaa3b |
C:\Users\Admin\AppData\Local\Temp\uIIc.exe
| MD5 | 2420040cb01ddaba7fe7fa5560f9482b |
| SHA1 | 851c10563121e215e4fc1b1dac4d57993fb976da |
| SHA256 | 4470dfa1d3ce16568c0707adcef163fe8d8adc68c52cb3e201a9529ff745115b |
| SHA512 | 77ee46854e5a37137a8717531df17799b1e94a003e30d1fbf7cd6283136a5a65417b655e1474c6d3330914b2d6058e601672922c70a5c2ae1a5a0ab8f4116d97 |
C:\Users\Admin\AppData\Local\Temp\qkUG.exe
| MD5 | 8c8715a539da92c2da3cf9d11268ca9a |
| SHA1 | 5d85be2d4d809f1d0eb78e8581e079c6a64815f4 |
| SHA256 | 9d1a1cd0aea1e63096c457818f1173419bad421a0980e3f5b4962fcd163e5865 |
| SHA512 | 5010a1cd4a4831f63a1076d376aec0e3168982dca3260950dcc9681b588f69285869b7630c083efcdfedfebf40d81207c0828b057c724f3b22746244a7b3d3f9 |
C:\Users\Admin\AppData\Local\Temp\IiYIAYUY.bat
| MD5 | 5feabea07deed49087e3abd140f0f5a1 |
| SHA1 | a02306e11350cecea7cad10009df3a440786a4b1 |
| SHA256 | b10ae3e6226406b9dbab16297b4cf25f19ae1a514547428bd5705d4911900106 |
| SHA512 | a4bea57fa58fe7f973dccb57e59a47bfd9c8aa13ced368d78aa02bb3301fa9da6ab6cba7e270609aa4b04bc1a18b961d4c8c3eba6fd08eca519c549c879fb1ee |
C:\Users\Admin\AppData\Local\Temp\cgoc.exe
| MD5 | eacf723d9af6359c17e4097de7409bf7 |
| SHA1 | 32c7bcb7ed8d2d0d496195160e57eef73353011b |
| SHA256 | f24571afef80a30317498af2f5a250c2711c92025245cbed9303b3eba6057ed4 |
| SHA512 | 466f73ddeb8bd70200a94123ffbcc67a209c7a4e45e17f26541a26864e9a69012ccd591608473de7adf3001a0be132e561bfe33941357bd92b5393c82e3bc104 |
C:\Users\Admin\AppData\Local\Temp\CkUU.exe
| MD5 | ccfc7c00f96bd5fa9144fbc030d80325 |
| SHA1 | 481b8af31e386e1aa8216527f667e4e083553c01 |
| SHA256 | aaa2438dbd39d5f425afecd82e6bf8ce785ab7a3a3d12eb0b18135e4a6a43206 |
| SHA512 | dcab8926e610dc86df6d4aa7c32b94878d3edf4489ffe80e528e4629c9e23fb0ad75db3a678c886740d6f03eb4d1f7d9d5cd0b5f3b67027ca1c7cfe8007db928 |
C:\Users\Admin\AppData\Local\Temp\kwYe.exe
| MD5 | 81b02418794eee411210cb6304229c1b |
| SHA1 | b75a819fbfbd3b923e0ce6bff4749c284c10656a |
| SHA256 | 35e08ff1ceae0e86cf507d68f2c05775e21bde2d8d1635e33b7a357556ddf79d |
| SHA512 | de20d837a749f9bb501bca2342e210373406a68010b7cc8d1f47dfb8e01eb7e4de182a58e3e70b70f10dfd25496fe0252f69f94d6cd561651c5894c769a4d5b2 |
C:\Users\Admin\AppData\Local\Temp\BsAckkUg.bat
| MD5 | 5ac87995eb5ab918a0e29ee37c184c24 |
| SHA1 | 218cfc1ed5f1a6c8c7fe9bba9c32fb358ce60faa |
| SHA256 | 854df3c8e760dc530e5b1429c3ef8e39509614b895a5f826a5238eb883099447 |
| SHA512 | 3acf180754b51a851e37d4b104f6f67cf471cdfc4ee50b7377efc004b45acee56b471ca9b8f654ae3cc80e8ac37deaf0d8c12ada4d098949640509a2ae7cced5 |
C:\Users\Admin\AppData\Local\Temp\cYAK.exe
| MD5 | b4b776a19821ae98cacd856f71c4417d |
| SHA1 | 168c42e0f9996e70da4ff3fbc2474a598fa29c63 |
| SHA256 | 87d8c2006dac4d75a3b39f24721feca50427abefca49b0e569550bd0c7c7f50c |
| SHA512 | 1b3d159c74db28ca2f4ed8565cdb24f6bd91821cb75175d783b65a4fbc9a97d80c7ef0fac9c76790a263a18c294e63e2490406a2fe61b7ac9663ef08598c3c43 |
C:\Users\Admin\AppData\Local\Temp\woQAccQc.bat
| MD5 | 6ce0d9a846f6a68472c6da8048b7a4c6 |
| SHA1 | 348e55a5173daac2e22a0fbed943a1317771e2b4 |
| SHA256 | 6356a31a528c75d9af5d21093de3375fd9b608c1ecded1f424045d832712555f |
| SHA512 | 1c2aeb8056abde2eac3385f409fbb77fc3ac6c26f353fe2c5f8076d8aaed0608396e8bf27e5e3b9de578d6c7d276cc870a560403a835d58bcf9cd6666e301186 |
C:\Users\Admin\AppData\Local\Temp\wYcA.exe
| MD5 | 603135944fe198f65ca101197396260c |
| SHA1 | b382e59f22dfcbab50fe5cf6814dc1f0d5760b77 |
| SHA256 | 6e649fdb31d6a160f84a11bf4a76712fc8ab093750890e0f98c1385edb126101 |
| SHA512 | 509ada46ac56f7079fa936a08ec658bd9051d601d9713ba10695201b5a71fc354883a4ad67a4dfbf03802291e2e9af9ea3430ee00f8a06f5aff2322661a705a0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 5d2f9d36e0488d8d21a0d7d1bc36a2b9 |
| SHA1 | 25feebec9da66f43d8cb27e8c1b6b8833d922beb |
| SHA256 | d39429ca820ca7ec1bd7507cfa7ff4cd312092cce3cbd9ce60b09e97beb9dbca |
| SHA512 | 5859a531c6f715124be013aadc87537d39de38ad6cb219920b655c87bf350559864119097694c84127c4d113266725b680d2cc6702f214c8b7dee6c5a96f3938 |
C:\Users\Admin\AppData\Local\Temp\eCcswMQA.bat
| MD5 | 11787110a17857acb0f8925d28c7ef65 |
| SHA1 | ba1f8b0616a679fd5301a8ab56079a760ef7bfe9 |
| SHA256 | 5f99acdc3e5c286f1291071f779be6aa501f466d61fa0bf8df468cdc26567faa |
| SHA512 | a62cb3a436cbfff2a4f6920243ac6b65bdf5085fae974083fd3f3cf5f635bd7a498adf0067c81b13587e21a374c1f8c648d72b5679740bab8a23a6300c0c2f5a |
C:\Users\Admin\AppData\Local\Temp\ussW.exe
| MD5 | fa759d8b9cfd8b6a8cfa0d6dbd3db993 |
| SHA1 | e5e6a9249ef06d7f86b8b3cdbc09b1cef7bc44a7 |
| SHA256 | ab7ac14c1b352852dabfddc3f3d32d474aad0233b99b18f95220b6c15cb2ebbe |
| SHA512 | 2be98d711df06b8eacbe496bcc45980baba1387f09eead6f67a35b74530a55a9b73ebd5ee1515f81a2d2bcc93b4ad98f36ab8d44972b4449c9d5c44d023f3a2d |
C:\Users\Admin\AppData\Local\Temp\Sgos.exe
| MD5 | c54ef577fca61da1e78ef85dd3dbdad6 |
| SHA1 | 0223e27a74016126df80dff30f736618a6ed9381 |
| SHA256 | d2a59c2b7e6fdf0442d35e5218adf658f5148f704cf3186c5919f86ef87b7512 |
| SHA512 | 7c201f70cf6e4962cc09d804318ef0429a6978c0eb624a9b00d94c4dfe0703c12b356f4c3df5337ce6bb4b89e2f8fc8e91e6de07dd211f99b3a6d73970c5c16e |
C:\Users\Admin\AppData\Local\Temp\gskYIEYU.bat
| MD5 | 1886a3cacd18221348ebe57e7fe7af80 |
| SHA1 | d4fefdaa1007c96a8034bb0a9e3e60a7721bcf04 |
| SHA256 | 23a660799c2577ac6b2d91868a7f69fc22fadf7766508bcd3fb5313e33bc09ea |
| SHA512 | 8955f8c07786d736ee2dedd0f833f40c1d7f39573c05389e52441f7da4fdc620592775131d40e3da02023406447144e2546715c3877701d248cdc4fb929658d1 |
C:\Users\Admin\AppData\Local\Temp\Ywkg.exe
| MD5 | f325ad9e294f47428665d3fa5e490095 |
| SHA1 | 5b52d9486209d5fa9a0df6417f857983352aa9a7 |
| SHA256 | ea2f50c7d508621345c77dd18472c42f35f0cc0e493f9c2aa088551eb24d2a98 |
| SHA512 | 7c3bcfe698cb74ac409564e54805f65563b115109718519fced0822549c2824829788ce17a194a7520be64686a2df3e1cfeba0d150b39ddbeffd7064950e3985 |
C:\Users\Admin\AppData\Local\Temp\eccc.exe
| MD5 | 04494a30808c08cca9d563d62f92d447 |
| SHA1 | c52693385eea6ed8794754b632020e4e94656467 |
| SHA256 | 03a6122ef355475f9b457479ec42d51598aff9c2b06eb3de548adb8d61f15df4 |
| SHA512 | d15934e032c6368b3431708ee3d5bdc3e8d44838967607ada766b0397a12636f07918ddac4e4c1990b6395eef23927cb0b973fb24f1e72e141d96b81344ac2e3 |
C:\Users\Admin\AppData\Local\Temp\wUgG.exe
| MD5 | 57f70bb41798ed072e88d028dd3b84db |
| SHA1 | d2fb43df1098c4b89057d91d75543730ef40a9b8 |
| SHA256 | 2cdd4cae21cb3c3bdb503ea4459627b75bf99e37746a14c2eac85b7500da5cad |
| SHA512 | bc51d19cd370fad11802dbc920dbcd477f5cd59d76447ebeb67322558797763df3dc1e6b65051c848bf27151d0c8dabc3e7df63e82e88c9103f5078ac2971017 |
C:\Users\Admin\AppData\Local\Temp\mYQc.exe
| MD5 | 1cabb9b652132da61af4d4d03e020787 |
| SHA1 | 744293e9c1afb9e112a723b798242cda68943ef9 |
| SHA256 | d7b97fa0cf9786b18e975f74f9ab38d707b3db1a1351a692e0002805a20e5eba |
| SHA512 | b3404df625f60a52b52bd1b537b8b6ca156924f03c4bb5e9405e41776ab77470025e46fc77769f38359f0a17fda60432d9633fa67af4acfce72a32a54d07d3a7 |
C:\Users\Admin\AppData\Local\Temp\eows.exe
| MD5 | 38936c04980cc7a6a325dd72fc44163c |
| SHA1 | 065d894329bc137708a6c512d81794a4092eba47 |
| SHA256 | 4f671377a342b8e5bda4964b0676ad127811c42565201bbd458744f0c5dab9cb |
| SHA512 | a517a9c45469ab76a0c5c361bcfc550ebd4ba49294313b7be215eeba1324889fd82adddc53836b82ce3b7312f35ace49f834d405cbc9794d2b352466d77d2fd7 |
C:\Users\Admin\AppData\Local\Temp\IagQYQgg.bat
| MD5 | 4980fed8b3bfed0d13a73c945f2f145a |
| SHA1 | d6f7ba7af174a516aed13c24f7018b86bd20d3ae |
| SHA256 | b0f1a69fc9a791c8ddb808fb749905b5d65e6372a1f8fbda75891c294d0a354c |
| SHA512 | bdd9a4251f54bd535d6b2266cfab5b9f92627a966f52ec6ce6149acdcc42664f20c2d9a7239db06f8e07936976647e9e4f0cf85218cfac5e28326b8fa965c255 |
C:\Users\Admin\AppData\Local\Temp\YwYm.exe
| MD5 | 2d5bdec5fa25353584659beace3c7588 |
| SHA1 | 7b392a9d5fa06a8e484c637af3f756d1b58f51fc |
| SHA256 | ed25dccda3954e5b0a5e3492d5395034a785654f4332842fad8394922cc3a6f6 |
| SHA512 | 5b929fbeb65d38b79f1d4934a48162462d69a175f148efab771496446b7f361e47d166663719a4839944ff7b9ad6c005fc7f2f1d221946baac1eedb35b52b630 |
C:\Users\Admin\AppData\Local\Temp\Usgm.exe
| MD5 | c78f7236e79b77474deb2546b5c321ee |
| SHA1 | 708ccc01eb30e3f0ac6dd3ae4c87bcc44db5b06a |
| SHA256 | 20b740800e4f8e79c402fd569f87950957e87f7d00381f971606913a1c7205c5 |
| SHA512 | d7b077bff46dbadfd43f85368bae2568ef59b89eecc346e14e9d91b27199c9bd686a7425f91077c675dd3f19ccc756562dec011939521b5ddc789b6506fd44df |
C:\Users\Admin\AppData\Local\Temp\VsEMYEoc.bat
| MD5 | e328b22f17495dc2353891fdd860492b |
| SHA1 | 79fdf28bba63c2cb15032d6810afb84a06692939 |
| SHA256 | 8220ab52cf6e51a2d88e0edf35d8007aca995612d18b1a3f963a3fcc95efe5d6 |
| SHA512 | af80e532651a13956fd44fc11230463f897110213683ce0e07973d675539ffbe7bdf3f427efdeb14f46d8436ca8c4141919393b473c865334ac7fcfa72cc7248 |
C:\Users\Admin\AppData\Local\Temp\FecEEwQo.bat
| MD5 | 5ad07219d2fbabec5da1d1c929f7981d |
| SHA1 | 50ee5a6dc536fcc5096c2903fa1425e2ae8fa469 |
| SHA256 | de0b1f54e2e3ad981dd0f7e030d791963fa53714d329dfefc5bff026903faf1e |
| SHA512 | f85a088fa743e2fb28c411b972fca4690d42a43ff1082d80b96df364600fe18e0004ef10febc9708bed74c188e37802f58932aa39fe64f6435c7add87a90950e |
C:\Users\Admin\AppData\Local\Temp\ckMI.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\jKIYoIQo.bat
| MD5 | 5f6b43aea8c77efb7bc50ed7357176d6 |
| SHA1 | 591817c292ba22ffcdc3a5df222c8aea5a56e71a |
| SHA256 | 5dfe83eaa802d0b2c2062128d262279a3bd62dc2d6aea647c717458620e306cb |
| SHA512 | efc34bfbedfef4737171edcb86e42f2b7ac6e7d7b35871e4960765e808ec7ffed1f8e8769560e430844c59870b108bd57060e609d7603304640d78150365d5ba |
C:\Users\Admin\AppData\Local\Temp\AYQq.exe
| MD5 | 35eb8c48a19456a83f5a154bf26b7eee |
| SHA1 | 96455e81daf9a797669dba47e350253b211f6e25 |
| SHA256 | 7d0bfb6a19610faa7de2e9d42e6575d88d0400743770d7a7aab9e33c55af89ab |
| SHA512 | c45748d2c304952a41503f340810654ef9f09b184127007894bdd20fe3497520ece29d3df6383521d461b1b964e667e71b9487e2f9cde0f92acc120e614d11a3 |
C:\Users\Admin\AppData\Local\Temp\DYgYYQMk.bat
| MD5 | 3ec9ae4b0fd85fc28b037b188b6adf8f |
| SHA1 | 94e379979ad3f3667edf4e5ab15738c3c35125ae |
| SHA256 | 02d3160c34b47625b38b99d606b51e6211675932c8ebe692f8cb6ccd4054f3be |
| SHA512 | 28b2602c875703a2def123c67944b61cb7f445816b468d988ebd8644a06102a8c712a1548e5e6f8b9609f726f6d3e916b8d4583052b0f16ba4e6de3f76f5a3db |
C:\Users\Admin\AppData\Local\Temp\uIgy.exe
| MD5 | 693fa36511185b261e42f80d761c1643 |
| SHA1 | a616c8d64e35a59d500bd82c24e9686b47ac9be3 |
| SHA256 | 1191db535cf89a4f12df9fdb0914e5afd0aa6efbe8a7e33b8fe63e8d506017d1 |
| SHA512 | b95189fd806cd22ef9e063258d36ec733bc0f1aeffde5de62340628cd3c78904b25465880de3fb375547c3295c92ceeba94570dd3622507bcd1bd0192c005bf2 |
C:\Users\Admin\AppData\Local\Temp\RaYggwYU.bat
| MD5 | b74962e8384dfd3995a03d86a9a9d54d |
| SHA1 | 67f98c3e4b58bf33fefed77bf1fbe5ab7b4663dc |
| SHA256 | c5890d293ce77f7a43891c562dbadebb122c983a7f9614d856988e7a7bdc1549 |
| SHA512 | 8c145280048a65cea0f0bd63259457bb39f49cfaa7f279cf132feedab9580cde3f3b3ae37073787ceb9d9aaeeed75a96e1df30e48748a7ace7ee3241c6795be1 |
C:\Users\Admin\AppData\Local\Temp\akQUwMgk.bat
| MD5 | 1b41b6facefedde85d78df8bdeadc899 |
| SHA1 | bb14b115bf3db7d0e88665a4afbe63f2779384f0 |
| SHA256 | 49b2033490c04a9186f081aa6bb4f4b449d9170a8e7199b5668ac89635ea735c |
| SHA512 | 70c95753aaa3aa606bf4caefe3c0b2a06b5ad8b965dba6ad65a1e36e8fc37cd77abdb89c85bad8a8aac2807284c5f1ddaec9ff21e7f07c65b04c80c5f69baaf8 |
C:\Users\Admin\AppData\Local\Temp\EMQM.exe
| MD5 | 7d8d799387c94db9deaca737920dd171 |
| SHA1 | 39a3e26b2ddc0b957b2b32268168d489a88715cf |
| SHA256 | bbc82a2012c1a63f58eeba049fb167e8226eda9d210b74dfde4168b88c0926b1 |
| SHA512 | c03a53976733dfdd2598963f877fc280fc21504c6822ad70ba572debfc3a60f61ac103dcf9242a82a53ff493856accbdef1be971efe81245890fc1cce8a15f3a |
C:\Users\Admin\AppData\Local\Temp\qsYu.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\jWgYoQQU.bat
| MD5 | 94441080768fdbee1fb2564702af5915 |
| SHA1 | 290aa787fff9199d0ea069a2ec0e1cd4fde0a59a |
| SHA256 | dbdbc9b753ae6982de6b362c46a399ca1b6ee58a283d6effcc06a48f6070b905 |
| SHA512 | d062b3b0a9b72cae5b789a8544755c8b38e2101e002c9a39bd5c50598ca807e335a4b67b6ed690fea5c248b9c9624995d04ad42989a71e3cd731692fbab915d8 |
C:\Users\Admin\AppData\Local\Temp\qogQ.exe
| MD5 | e9d1d68efd981dda0cbf4e81816e7357 |
| SHA1 | c18e7c2967f654f62fb421a28fc88a4a23775d09 |
| SHA256 | d45f14242a8f3f1abf1157fad53ff570802c85d07ad221cf6a53cce946fac88f |
| SHA512 | 855e12af8ebb9ab43304a068b7f58f8f05c8e6d0dd906c4fca0c7ef7435fb634f29f6f3bdf1ac399fd890a69351f7bc30d8c3556c138f35143e2ab418e7b5b66 |
C:\Users\Admin\AppData\Local\Temp\EiMYIYcw.bat
| MD5 | c90a54b0f2ef45f157a1f977d475be39 |
| SHA1 | af7b5a3a66ba7568c58b4ea023c49d5a22af50cf |
| SHA256 | eb16b8ed176ea940f034fd5f1c4a090557e32b8823cd80fdb95e87bf214672ab |
| SHA512 | a1ebeb67919b795bb4b4c7e667968f06d56e64aace8661004b0cd69eb5e436333395ddf3ef60f70bb6ea2570b0fb8710bb26e41b7e408b244050c734819bb091 |
C:\Users\Admin\AppData\Local\Temp\AcUK.exe
| MD5 | da660f65904289afad8bae0bbb5a8c2e |
| SHA1 | 2c4f66e6c71ddba9651e159cee43ef17a19ac7f2 |
| SHA256 | 042a5ccb8700cdfc26b3b9cf60fef5ea07c12f8ca91de1f32b2e71f529f308da |
| SHA512 | 5c3ae76f99a486f4d33b4038280a4d78a34c59eaadf0373cf7beb8b393c6a2fcc4faaeb5f338e1413657b499b42013024fe09e1069987d8324e91595cb6a1920 |
C:\Users\Admin\AppData\Local\Temp\Ikww.exe
| MD5 | 94a96927614c9b26cfb8d702e1d598e4 |
| SHA1 | 5edf8e3d90a93e74383cbf3dac9aab4a7e765045 |
| SHA256 | a68819881f42d30acf96b3efd094982c435442b6eaeb98aa03ad079dccdda61d |
| SHA512 | 07267620db91e0f56f5a5742e5f79b67608ea153bf02588c3ac7724bb6a79931cd8fbb66ecccc02376f6fe2490279c711a5f7bddd9110951585b1dafec4f9b85 |
C:\Users\Admin\AppData\Local\Temp\WsQq.exe
| MD5 | 52aa348199bcaa9d1a411d52c35a2bb0 |
| SHA1 | 05dcdb737153ebc12d59b33bba6c634601f80c46 |
| SHA256 | 4bb5aa45b7e7f546672d0e448006a80c99319fc9333c351ec6b2475ce82cdf93 |
| SHA512 | ce71ca1988c0122a3fdc68e00585bff2ed7dbfb9b8e510e605c23f7753cda3a249fa0503f87d899c10633da7b0bcbf13ba6d65d58eaef0fd2226c0daf1c1dcea |
C:\Users\Admin\AppData\Local\Temp\YIEcMskQ.bat
| MD5 | 83cf665300bcbc363890fba4a4160304 |
| SHA1 | 8905eac08c14d9d866a530a3a22e8b9b3b97710e |
| SHA256 | b737d9683778a744f145e64c054c0a734033fe027d8da63534302d463f4011f0 |
| SHA512 | 61c0d03af2dd4b6b25cc69c03a8bf7af3e5f59b56ee6e18220b2384d01e0ae090295b87cda426d0eeaa1f69ee70c92fe98195b4d5155a7ea80b607a4ef797273 |
C:\Users\Admin\AppData\Local\Temp\YUcC.exe
| MD5 | 52f095a192ae555942ca534a39eba781 |
| SHA1 | 184598daca8c0a1244e56f0c19a26ba4316f877c |
| SHA256 | 6ca765836710479a2ea6307a28402721f0256205065dd1c7aee893efe30a0d21 |
| SHA512 | 44a446d4e7ceb140a78699cb81b78be0eed152498d0ce858c5cb78e406a62096b9409a3e07facf86d7ab5ee71b3cdbb43ef9e85b4dc3d1868bd111c82898c464 |
C:\Users\Admin\AppData\Local\Temp\wgMm.exe
| MD5 | 3d0d29c2f1ff67afff6f9c7f50946bca |
| SHA1 | 0274c18f504ab34ad21720a4d3832226ac4586fe |
| SHA256 | 974b1aab45e4b6cefa71a5fbcf4b186bb3d0df7eed1cc03f142f596d6c90c367 |
| SHA512 | 6677e53c8a00802f44c3e073a0931f336e35e5a27d360405db118c0f03b7ab22cf9cd77218b15f43bd9638e3ccd602946b1e06d7e4c344ef642d7d5892be950b |
C:\Users\Admin\AppData\Local\Temp\tqQUowkc.bat
| MD5 | ffdb521e1dd5a431ce2864114fbd21bc |
| SHA1 | 5e0ed5620ea411a1d4a756718a946c8783f720c3 |
| SHA256 | c0379b73da3c73b714c3d8e397cffec5a124872bdd974012107db40383c0fc7f |
| SHA512 | dffcb3bc914dfe7606c856bc6b30ca8cd3e41891d9c3bb65b538bd02cd79c7d5e4dafd7e26567ab9d7e9594a9b77d5d8703674df7c0f0d9bde8944f5d4758249 |
C:\Users\Admin\AppData\Local\Temp\Swow.exe
| MD5 | f5440653dad4d7669b708f4a2b5bd451 |
| SHA1 | 4148aaab07d79887aebc5583dc3beff31e7fc3f4 |
| SHA256 | 8bc750e5d5f2a143e7141344d5520fbe4beae10fe431b4b51464b5d0bb8c11be |
| SHA512 | a3c0072b731678f2d8fc0fafe774646af32c21e61e93688346c6c88a925a4b6b22250b33f3aa7fbb797907501c939f8d209438b37570f1bbc7f27216ad01e48e |
C:\Users\Admin\AppData\Local\Temp\bqEoEgUQ.bat
| MD5 | a7443a8d6bf722701641bac0055f8beb |
| SHA1 | 1225eaa68d06bb48ed74cd6f43ad19383af9c21a |
| SHA256 | 6614bf9e2da29fcf720b5e3611cb0497fb056004ccd8f07fce52966a9690b522 |
| SHA512 | b99e199293d79e6fc875fac67eab77ae7b6167191f8d9e10624c1e375914c0530a4cbf751193e787534b022be4bca5f2e51f55e9ef67f7fea185ebecc232ba1f |
C:\Users\Admin\AppData\Local\Temp\cSQoMcgo.bat
| MD5 | a1217a15b279c21f35767b6fed00722f |
| SHA1 | 97691462c0c883c19ac7fbd73122bdae2db8548a |
| SHA256 | 34c2f04779c0c193d6f69b807112bcb7427739e24343f80eb8966a44bd088d04 |
| SHA512 | ba7ca560a54f304ab3720467c23e7c06fa8d015dc379aba63c3f5630a6e661c78848e45b5dd80783e795b3e2122ff77ddaa27ea5b53b3439f9289690e92fbb0e |
C:\Users\Admin\AppData\Local\Temp\WSEwcEYk.bat
| MD5 | 48f601bcf2654e7e999c3cdb48fed9b7 |
| SHA1 | c72e45d3e1c3e37ea748f2d8d540af0f91539ae7 |
| SHA256 | bedea33982c42d7bc0968723a4c14c594277cffc3f49eeee7036578f5161fdb1 |
| SHA512 | b3702e6265b5166a4cd3daebce91a9d03b08e3d0884d61d0c9bff7ca7d9eaa99222ea2d6fdf55e65cde8a4f93544e0567dd135b19d39ee1fa6bd98d6a3c5eb36 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:26
Reported
2024-04-03 19:28
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
Renames multiple (82) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\ProgramData\jqIcwkYs\fmwkAMIw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe | N/A |
| N/A | N/A | C:\ProgramData\jqIcwkYs\fmwkAMIw.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UacUgoEQ.exe = "C:\\Users\\Admin\\pMkIsUoc\\UacUgoEQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fmwkAMIw.exe = "C:\\ProgramData\\jqIcwkYs\\fmwkAMIw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fmwkAMIw.exe = "C:\\ProgramData\\jqIcwkYs\\fmwkAMIw.exe" | C:\ProgramData\jqIcwkYs\fmwkAMIw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UacUgoEQ.exe = "C:\\Users\\Admin\\pMkIsUoc\\UacUgoEQ.exe" | C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\jqIcwkYs\fmwkAMIw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\jqIcwkYs\fmwkAMIw.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\jqIcwkYs\fmwkAMIw.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"
C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe
"C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe"
C:\ProgramData\jqIcwkYs\fmwkAMIw.exe
"C:\ProgramData\jqIcwkYs\fmwkAMIw.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqAQAAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcUosMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jQEQUAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQIgkYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAgsUQgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYogMIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scwosMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAwgQMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIgkUggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dKEcAQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bGQEYkIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JcAoUsQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RiMIcIMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoQgYsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qIwQcggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aoUMosoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZCkgscIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tAMMsQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwswYUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EEUwswYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwwsEAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IEYEkoIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UqEUYQIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMEUQwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RYMQUgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reAckQoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sSQkQoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oCkUMogI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oswgsEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GSAEgwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIcooIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIwwMAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RcYYMIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIkQskUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SucEEEYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKUYoQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIcIEQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQQMswYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkwcIIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vaYMkAwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VeYMkEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAwEAQss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YyskskUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoAIUccA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueggwYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIEAQIYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tygsYckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsskoQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HSQQskgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEYkAwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MSIsEYEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAQIUYsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWogMwws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fAIgsUQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JicoIIsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RwskYgoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\daUwAsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcUQgwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qAsQgIgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CiYkMsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOUkkYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWUkscIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JmEIoUgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jiIMEMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FucgAYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKMoksUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQMUIcMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmsoAAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAIgQgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\biAwUowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hkQQccIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmEYgEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeUUgcsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\auIsoggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yocoAMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QosgEsoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XewUQgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiIEgwIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkgEQsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HGsQEMMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAQUsowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQEkQcQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQIoEAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aMgIccMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\duQMwkQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSoEIQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgUUUEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dUMsMcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAggokQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YskMwAYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LgIYssgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcMwocgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TusYQAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAYcAAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaEMEIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UykIsAYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AsckoMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMwUgcAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HMwcwIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwUQsUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uEMoccUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iCgoQcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYMEYIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EaIgwMoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rYsAcooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQAAcUoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkkcUAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FSkwQAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SygcgQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CkMkYYIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocYIQsss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaAcIAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkksEggk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vigkUcEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYoMQsgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOQwIgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwAEAowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueMAgcAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSEQwIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NsUYQkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIAwcYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XYkkEMso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JQkkQQgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaosYskA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UesgwwAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eyEYAoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcsMUYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xsEEYIkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAkwMoEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yMUMYEIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AmQwocMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEUQkIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAsIEQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rScQYUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XewsMkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCocoYAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUUkkAkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyYUAAcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAcAIQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\doEQoYsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dswMgMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyEYUwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
memory/1764-0-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe
| MD5 | f40d5c3f5bfcfa66de902bb520bf6773 |
| SHA1 | 93190778bc2099be8a7a15afae52b40c7404dbda |
| SHA256 | daa8be74476e15d7ab6129536cc3c92a987e00176c8cab304adb80c075406c0c |
| SHA512 | 43d3048464cd754d4738ca3b0682f2af78dc5903a135e18709dc3fcebc819725616a85f2defbedf26b8c7f269d6af37e84ea06f4a7a7f53af1db25013c000956 |
C:\ProgramData\jqIcwkYs\fmwkAMIw.exe
| MD5 | 33e652ee8e6e9ad4f01bb7b9942fe37c |
| SHA1 | 64b9c2a0c66bd503f4eb5c5259de2d020770662e |
| SHA256 | 39c593262e95016bc42913cc66003abc62f309b99c43f8587a8b23f41d73807a |
| SHA512 | 41e4ee5fa190b20483536d47f3a66ed1575684dfe554d496ed6c9fc96834eeb856d833d7d8c86b7cba24ff154fe8f869d34da965fcd57a7e2714573191bd8ad8 |
memory/4544-14-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3800-12-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1764-19-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2608-20-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KqAQAAYU.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
| MD5 | 7853d07ec1ec8d612c25e3a7733a2142 |
| SHA1 | 88438849bc048dbd0a9875508082630c3ba0d924 |
| SHA256 | 38d399a8fac9a3326370dcdfaad5c0de203883557f82d8373f0ce4ef7137a859 |
| SHA512 | df288e8a8aaa30f8d26f90901ece904c22543f1ee25d31b6d1485c8a0e3121ba3cd7c16edb91c019e85d50ac627151585fcde3b6abbca3980dbfe8c72159779d |
memory/4476-30-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2608-34-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4476-45-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2780-53-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3868-57-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4072-66-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2780-71-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4072-83-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1500-80-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1500-94-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4792-102-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3520-106-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4288-114-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4792-119-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3156-128-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4288-132-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4212-140-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3156-144-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4212-155-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5044-164-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3224-168-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5044-180-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2976-181-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2976-192-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3140-193-0x0000000000400000-0x0000000000434000-memory.dmp
memory/540-202-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3140-207-0x0000000000400000-0x0000000000434000-memory.dmp
memory/540-218-0x0000000000400000-0x0000000000434000-memory.dmp
memory/992-219-0x0000000000400000-0x0000000000434000-memory.dmp
memory/992-230-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3320-241-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\pMkIsUoc\UacUgoEQ.inf
| MD5 | 2f2582c6000a7c8c9ab9655eb5ff41b7 |
| SHA1 | 13c5b3eb5f3a930c7553238351bb40aa96d38523 |
| SHA256 | 00df9723ea6f33892c1d9654e26705f7a020a7d7f36f38791c84d0dbae5d16ad |
| SHA512 | 66fedaafe9523b0d0473fe66238b3e4505b39d2a12e822c6e6f02d7ecbce99aeca05235d384a2edb09f7c48ab15b72a286eb4c821c77b68d9e5a79499c326aa5 |
memory/3240-246-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4932-258-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3240-257-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4932-267-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-269-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2432-273-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3060-277-0x0000000000400000-0x0000000000434000-memory.dmp
memory/972-287-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2432-288-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4144-293-0x0000000000400000-0x0000000000434000-memory.dmp
memory/972-297-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4996-302-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4144-306-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4996-314-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3400-316-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2096-323-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3400-326-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2096-334-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1508-335-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4024-343-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1508-344-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4024-352-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1140-362-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3780-368-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4992-371-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4500-376-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3780-380-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1208-388-0x0000000000400000-0x0000000000434000-memory.dmp
C:\odt\office2016setup.exe
| MD5 | 0bf2547230e2d5d4faf5d06c91181470 |
| SHA1 | cfa8d515b1b3353442bf450a7c77d17230697e59 |
| SHA256 | 8cdf20adce5acd08140eb7eb9f99ec7984dbccafd393b9ff56ab34ba3c8e3815 |
| SHA512 | c8c5b29f11d3716320d03545d50a89d79b2983bab501ed3e1961e084ff71a6e28e77dca1eb0fd0fe2587e89fc1b3d2c78b4c183da213667e27c6e8bd0447ab52 |
C:\Users\Admin\AppData\Local\Temp\UAAg.exe
| MD5 | 1aec4487ba78d45150d4097ef9e4f7ec |
| SHA1 | 564c6e4ca6a79d2b1f5e9b429339d71e43d1f52e |
| SHA256 | d5f9293815aedbacda956f290e0aeb9261b194f314ae07517e2ee606b55799eb |
| SHA512 | 7d6a64fbc12e10901c7e87ed3c1a40ecf6bf980e0936a6f2149a1984f65ecbb6fb5cba5cdbe8435edfa04e0488e1ee210cc851434a422f44488d3a954eabea32 |
C:\Users\Admin\AppData\Local\Temp\eUoU.exe
| MD5 | 80265a2454453801c214332f84f78920 |
| SHA1 | 0c73d5115f4a87395535b6b303aa04618b42f001 |
| SHA256 | 39bb9861ccc999b35ff75e4db8445ad2ff0352dadc0441e85aa3633bda048bce |
| SHA512 | 85b03ff6aa4595819605e6c1736d432b7b4f7883b10f55f76e13f442e8c379b8888077ca241d148fd7336baa5f0983925730b85da2217fa8bdab6d6abebb9d75 |
C:\Users\Admin\AppData\Local\Temp\acAS.exe
| MD5 | 3d76ffffe3ec444c0d9db78b6de98a82 |
| SHA1 | 19207f36eb51393538e9f8ddd8803e4e560b2ad2 |
| SHA256 | 8f03650f2c2f9a33d01daa5ede69cf9a688161cdc7da929a770e5e6771ab69cb |
| SHA512 | 022382960c9ffa2cc47a311f8d132830880505e4a916f80b37fbe720a692d5f7ee73b04d3368f7533a5f4456453498711340298ddd1b245a6bfb94d81c290a54 |
C:\Users\Admin\AppData\Local\Temp\mgsU.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\gIoo.exe
| MD5 | 2c9aeed903eeeb650cc54cf984835c0e |
| SHA1 | 227396641e61227255f76520e2b1629728bd17e2 |
| SHA256 | 4df0af81592d08ab4cc2104eb4fdd57355d7153de4e04c6ca5caa30b01333b12 |
| SHA512 | c3b67ea32dcb3139d2eacaf35938a74c987c821a2a4b30a03c95a74c2d4b0179098acd480f358552db83f52205dc3b7f2ee6fa3ee8cfaec40ba310e586d731a2 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 6988e520bda6878af63245d4cba32b61 |
| SHA1 | f5cc11e2f57e4d2d32f923d5379eace32bc8cfe6 |
| SHA256 | bc019d66ced9447a9e364e18366e6d6f303a900b442b3641b6168ecbbc021209 |
| SHA512 | 507e9eeacc3e4d6427dc6762cc8950295589e643648c28fe5426c92faeab41804da19a2cfca47a2f38545fa75e82e160369ac3ab4e79836759976f2f9c6cf05b |
C:\Users\Admin\AppData\Local\Temp\soIe.exe
| MD5 | 81f0348a0682aeb858d04c00a00fcfd9 |
| SHA1 | 7d178ca5d7f722e06d60f5f8b56ea527a3e40acc |
| SHA256 | 865205837bf1ca68def3831547b521b36534b3bd61f377f6ec850f7a14c74002 |
| SHA512 | 1188ff0efa24077b34104bfe82e17cd0dbaddb6b70757acaea1ba30eb424632010827002da3c6c10a69a2f18c9d38f8852ca3281bb8e486910bfa7d3c3e713b6 |
C:\Users\Admin\AppData\Local\Temp\mAkC.exe
| MD5 | f1851f85e9ed6c9e3d3c42bc5d41c51f |
| SHA1 | 964d093d003b77867248cb004edb916447f25fe5 |
| SHA256 | 520919187f285bd035774301708c6e9fb4caa511c869168542ba6e87647b6e3f |
| SHA512 | 5712199baae251e2c78c9421d81ef65e133352ffef569f817859bc2fd01fb6c4e4be894e2dd03904d00383aee7732bba92789248e7e2ba44e3f103b66dd40832 |
C:\Users\Admin\AppData\Local\Temp\awcU.exe
| MD5 | 2966fb515b9ec2ea99b3ed525d17947f |
| SHA1 | 8ba5ec6943506e706f447f36d2a8097f66e3cf2f |
| SHA256 | 52e063b92485fc14d41817dbe1cfde433cd8ef30fa5c37734c82605165b246c9 |
| SHA512 | 9112f9bcdae4326a2492fd764679bba81d154b8a46c359d43e658c638bb0eecbce14766f169b33e681e2b17ef13881808a7133433527efdb74a5c2eecde8fc27 |
C:\ProgramData\Microsoft\User Account Pictures\guest.png.exe
| MD5 | 346cff7d715d7f658ffb084b3817e79d |
| SHA1 | a7bf8d65c33bde5e151cb163b93aef41b9259364 |
| SHA256 | da78703525327dbe2b0ef386cf74fd4de593bf20d525b95825aa9cef383c2c23 |
| SHA512 | 43f3050b4d8a3417e0cdf00a8b77327d84f6eba85db4968c6d00139255d5b03b14efb574e3289c01784366186a9ec7dd882b544b1c4b69e9825559130caf049a |
C:\Users\Admin\AppData\Local\Temp\MoES.exe
| MD5 | 569f6c6d0e3b9ca514f5d9d8a588c6dd |
| SHA1 | a1cee577b380d3a9b3b4933eb696baa4f0360a2f |
| SHA256 | e2c4e27d0929c1bc19cf77e54d02f4137e40a79be27a878986d9441fd9afa992 |
| SHA512 | 72be24f7517942f7fc2bd5e46fdc41f2beb20a56a07a4c043384c9c3101320ff467c151634b1f946bebb8565d04b05416b67e62b1de96750ca8ce62051457f2d |
C:\Users\Admin\AppData\Local\Temp\EwMs.exe
| MD5 | bafa7ae676af1a77a621a4799b4f6d87 |
| SHA1 | d9e93d3fd477d5480592cf8c5309646b83f9b015 |
| SHA256 | 38698cecdf78784722f72f7c362841c09ada4abf738427fce3a512b55522bf7b |
| SHA512 | 76a02b7b197da3846be0e92d37251ec2b803c3e71c36589504745b00ac0ffbdc6bb15a3df0f093d13e8827726755c9a8902765d4fcbe3992cc67b23420d5511c |
C:\Users\Admin\AppData\Local\Temp\UMwu.exe
| MD5 | 3cb54a61936dbab5e6687a0ddbfc7be9 |
| SHA1 | 2ee261e3f0ebd71959689eafe610750ba104b194 |
| SHA256 | bcb6d6f6896c99e4ada67e68829222038782fa54c895a389feda9f2e8d752d30 |
| SHA512 | cc74b6c4dd866dc9fbddf4f173a458968c46555571f271236117110e69ea895609d2c5bd6bb4d22a94df35b6d26342b124246c265f660ab1e4f9d631f856f75d |
C:\Users\Admin\AppData\Local\Temp\CEci.exe
| MD5 | 4cd9364ada6cc4f22d09cf3fa389f513 |
| SHA1 | 76ff70fc51638383e22ae0671d312e4849074017 |
| SHA256 | 0c25ea9a90729c587e9776328d106be69b288c2cc1ab5fde0ce0e7b356e5e91f |
| SHA512 | 1c888a7eda98a4709c8b2f725f10d902bee000f05754fc61c8048ff21f07785af08f115933a58331b76ba841154390ec3e24b225efe7eff03299082870afcf40 |
C:\Users\Admin\AppData\Local\Temp\gcAq.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\YYUM.exe
| MD5 | cc4e60c3a8feb6245ed5a82c1a06d783 |
| SHA1 | bfcf0984747160d56a27c9ae8c0b6d09d6fff421 |
| SHA256 | 44b9e4e3734c9ef21dfcd1855871cb909866a9131ee6ab9dbc633ccd7a9ffc5a |
| SHA512 | 8ec58a79794545db26c230300b1c51594bfdbbe294cf632a771165a7dad02f68ad2c6ee17aa9979abdb61154f965d74f593f0e2d88b4d0a28c969404b11c7be5 |
C:\Users\Admin\AppData\Local\Temp\OAEO.exe
| MD5 | 15ffd89f728da6dfb3bdae997e73fbef |
| SHA1 | bb44145737ed0e60548f18f416bd286752fb5279 |
| SHA256 | 20cb21e0caf0762a9c3251f467bf4048da727f8a7211ef80ace6db896996cca7 |
| SHA512 | 4ccd36c52590697eae1b72d48f7dc4e86d17f22cdff65321c151211a0d2c3dda4033eeca6ce8bd06acd8204b99c21874e3f0fa1de39e445ebe179e6fa436c908 |
C:\Users\Admin\AppData\Local\Temp\OgQs.exe
| MD5 | 7a4bf4601fcd9a03dcc600a633e3e3c3 |
| SHA1 | 11a868b21de0109098e0db659f19526893a85bc5 |
| SHA256 | 0339dc9f961f2528e3325dbff62a3969a8b9788a7681d21bee7b64347623e03a |
| SHA512 | d489f14618e890183adce2e3fbc72144077559e9d02b558a88734c4f62d775ebe46079b621ae3e18a5fdfcac062f10bf9543a67ff92be1e8119390129cee6a66 |
C:\Users\Admin\AppData\Local\Temp\SkgU.exe
| MD5 | e7e33a5366cbf56360d774bf91370c80 |
| SHA1 | 5b9c9a6a23e612847a20072216b5d67fb42813ed |
| SHA256 | b05fcdea5eb72c7d4218ce063ee5c69afabdfc64104ddfc6ce5ff68bee1d90e8 |
| SHA512 | 5b5f6084d9b7b6026cba5bd02655ea0611932bdf284bd33a3f4e1d44818c2bc502bf6d20be15264676cefffa8bcc765c27c73d4b688beb36427fa2dd5a6112cd |
C:\Users\Admin\AppData\Local\Temp\QIIe.exe
| MD5 | 4cdb07892a6ac1e7a9853463d0a72613 |
| SHA1 | 6b9c2db7fa3d6c17a4a9b0b995ac74e920f20977 |
| SHA256 | 881cceac009b4aaf75f928cd9266a5767eaec58c65aeb680e6b39e7adc8cbd7c |
| SHA512 | 2ed339b1b03b25d902491653dd629cdbb534117f70001e71c0dc9a9648665feed93fefcd246842c52db61565b1de428ce37d9560dec1078e134b890d56f04a42 |
C:\Users\Admin\AppData\Local\Temp\kUEY.exe
| MD5 | 1158f1b792723ab9cad6c6fa0e47a079 |
| SHA1 | 2f91740f75928aac5210aa54dd79db40ef03777e |
| SHA256 | 49b719a1715a9397a36011425349f573ebb8e98f86a4928eb540aa200ed1eb57 |
| SHA512 | c4de24db8ae70940a256fb8ec1f8c24b17b3b1e62a33fdf7f707de0c9db6c857038e96a96b873d6b880bed5ee8a4e55ea8f97fd151047324afe7113edb3ada2e |
C:\ProgramData\Package Cache\{fb0500c1-f968-4621-a48b-985b52884c49}\windowsdesktop-runtime-6.0.25-win-x64.exe
| MD5 | 165e2369299b7bac3fe18dbb13ed999a |
| SHA1 | 61f4e028c449e7c428684731495bd1f991c20151 |
| SHA256 | e9ec75f6b14d01d5224a8bb309efcb93336df4597f7e3bacd94823253790dc6b |
| SHA512 | 2c1bb7933e8f36ec5ecc316d72e71b246c785b409b9a20af4b8f25b9c427c8ff4644ad7922060954540b5202d5b0db75c3ef4824b2a8ef0f8e674b0ae2e65c73 |
C:\Users\Admin\AppData\Local\Temp\aMUQ.exe
| MD5 | 7b06b1fd8f5835e1416935a52872c351 |
| SHA1 | 944ece75b220bf3e267dd75bdeb08c0f42330ca9 |
| SHA256 | 223afe8bc8a422a02803aeedd287e4a88d98200f87ff6f1350c5e60968352e36 |
| SHA512 | 401ab9995c3745a52be4cd2c08340966a0df7ed77f52831b97a9d14c2c6eb0ffbc7ee8a20e7f34f74f93e1025697ea2532380e3242b2e2ea5d77ad1a4b2b4b64 |
C:\Users\Admin\AppData\Local\Temp\IkIu.exe
| MD5 | 3786744e3d98a196ff5320e15e7dd8c1 |
| SHA1 | e3eb2ff80807402ff04ba5d291930d7c14cb3a62 |
| SHA256 | d9b8df88ad303080970bfbb8ad13af726910e7c26af6e51fcaa67fe4f333c5aa |
| SHA512 | de25cf1f6ea75c61736dcf65fb897a0cb7c307af80d428f88bd7bacccff49c4758eb98903fc1c14be1a6b25bc1e1e0efd93be55b79921f0ac0d5ac710c24205d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe
| MD5 | bbd31503e7449be8ddf2d4cdf8179d0e |
| SHA1 | fe9f415d2834e86416b4c703c6ca30bc6349271f |
| SHA256 | 30b6ba7e25f53b698d0a4210fc4b93668d92bc498822b4026cf6ee637f32b7b3 |
| SHA512 | af790daf7bcb38f07f04e8815cf97365f813df5e8f895e4faaa0fa6528211180db9cac87534022f4b98fc42a2c3403e5d25bf8a2a1c6d172f4402c902e0a822a |
C:\Users\Admin\AppData\Local\Temp\kYUm.exe
| MD5 | 8d34c0e2821dcef1c1f882ab5e551102 |
| SHA1 | 966012e6d69110e7e34c8d00bd212f00aae19154 |
| SHA256 | 4df58bad82d8c2e00db516e3227ed9b0da64bea527988190504769b6546608b5 |
| SHA512 | ce644ad8d6757e1dadd7d1cd015778291dba3c2a77a2f083400098a1ff2a5022926f61572177134391130e3c068d2859472102c228a2d18d8c6075c82049bddf |
C:\Users\Admin\AppData\Local\Temp\sssQ.exe
| MD5 | fcfb001f478a2a4fb6a76bee7de33be8 |
| SHA1 | 05be57b1b6408e6e9847adbcc6856217bf028f03 |
| SHA256 | 0169add30bb5ac1c4c9be8f1a1265ce825e96564d92c1d3ae52d605b8d239784 |
| SHA512 | c98c45f11bc16c198c802f04fe41cb12b5a289c3ee79d024a61e66a7d039e1d03a7a7b8c036d93ab817197cc6067abfb4402b5274d99f033f0972c53a6a680b9 |
C:\Users\Admin\AppData\Local\Temp\MQcS.exe
| MD5 | 8829ebe2f27a2104a95e410567cc0062 |
| SHA1 | 1b6e990ac78d8176ba7519b8ee979735af79abb4 |
| SHA256 | 41d6a72793afdafd0f3b4ab2c143eb03a0cdbd1d3f8411191e33755882a221ad |
| SHA512 | f263e15a8c9dcd2a9ed9e1f9e56eb341b386646debf88961aee15f78c9eb295f93e16ea992b3c32bcf22f5cc190e2c4f177b8a8523e693e5eeab2045e3f8d383 |
C:\Users\Admin\AppData\Local\Temp\KkgU.exe
| MD5 | 3cf89d1ec3071b778aa6bfddc03dd2fa |
| SHA1 | bff08489b554327adeafdb270cce19415a7b2db2 |
| SHA256 | be922bc53482276c82266e0341b9c22a057708351e8071b3c66e1d0c2caf70ee |
| SHA512 | f9419f2d017b1874c06d260d715b836f545e49cccfebb49c3037c9fad8efccecd16a76fbe6a36507a80ad40ffa049bcdf52113b4cb6c061330e58096c1fb5841 |
C:\Users\Admin\AppData\Local\Temp\MoEM.exe
| MD5 | a52401a6832f0b600909b58d51654d16 |
| SHA1 | 4863b244995b608079fb995158ebb7d9c75670d0 |
| SHA256 | fa846915dcc7ddc0de993d8db40d4b4cbdf9f06615d02ef5050a95b760d608ba |
| SHA512 | aaafa143d1e257e8d5fe3c00a145afcfaa60dc9c12f0d7baa3f8165d45b1a3b135db21a88021e83a2794562b524e1846e8a718ecc7834353e3dd391dee9a5e5b |
C:\Users\Admin\AppData\Local\Temp\swAs.exe
| MD5 | 0bbaab0b63df29fc3199afc377e7027d |
| SHA1 | 9cd30c59129f39bbe49f73387f2662e08f9b163e |
| SHA256 | 4dc2ef63a8f1bfdd3e1728dc2b88b01c5ad59ae1b38a593201367567e443d25a |
| SHA512 | cbd2d98ba6da4db38a8b920f0d58fecb0de3911c02314256aed3e36c3c57b773c9975ed64125bf249ab0cccb8ed873743d5eedc1708c6f9bba0b747c766a7e1d |
C:\Users\Admin\AppData\Local\Temp\cIkq.exe
| MD5 | bae1776055fbfbe30f4a104d18e8e313 |
| SHA1 | eff2842477f04852e8101f48b1099bc061c0e33c |
| SHA256 | 276b94278e8df2520ef4f176a73b3767b362c9b8a40f320cfb17c3c326e102d8 |
| SHA512 | 9cbf5985ef588953033140aa1eabb2a9df7a85e8645748df5730d39e0a1f17154908229d2b2cdd4d9876d3eaf38a64bc46caa4b0411c14d1310896b4a30a348a |
C:\Users\Admin\AppData\Local\Temp\kAkm.exe
| MD5 | 38d2eff5a5f2c466cf39a79e53668554 |
| SHA1 | ccaa48397a3d036e005bbb247e7b902aa20e599a |
| SHA256 | 0de04163c2b00559d0659a5ee4c01b0d70249afd26e2fc62b3f752dd27c9fb3d |
| SHA512 | e76ef242350c429e477c6eb1f00e7fa606df5b29bc23f858d740d1dd4ee193f20b5628e9b47df8aa70c7ea4e9aecc2a6a68b2d91b7a8dedbf20ee7d136dcc602 |
C:\Users\Admin\AppData\Local\Temp\OYUY.exe
| MD5 | a73808b55cde2088335ef14ed975e7a2 |
| SHA1 | f9d943db8dd1427fed8c2fbaf85f0fd9b830a2d4 |
| SHA256 | f7604cc9610c683273ce91925480d58cc54be0ab2151f0cfcf2d9109d13efacc |
| SHA512 | 7ae72ec4392611010c0616729db4baf91a9c3b5d0a4d65646bab7011a5036dc8f26e8e7fee79c8cbd2cbbdb2e5488eacc0bbe9f0315371f5d0be11c948bf1381 |
C:\Users\Admin\AppData\Local\Temp\cQsU.exe
| MD5 | 0299a05ad44cb5ce51f7a6d70942b018 |
| SHA1 | cf198fc365057de8cf7299b37672394f47cdc1e4 |
| SHA256 | ab74294b6ac2572d4e3d8276d66d3748630c15d53ae4aa5931d3cf4c4caf8351 |
| SHA512 | b0ebc1057aa317a45473ee193b8b5ed5e2c3a6c70d2524a7024b1f65b0723d4c6ad598f0e8c4248c28b8fe43193241bf6ede15c5bfaf9be3b1cea7a8a29796f7 |
C:\Users\Admin\AppData\Local\Temp\ckAS.exe
| MD5 | 527689389e73d20772f50306024298b1 |
| SHA1 | 722021996a925c3f70f0c6cee1f8540d2160a8e0 |
| SHA256 | ba56db1839325dfbc09fc3940e902883556386dcdca16da31dcb31bb96a5f709 |
| SHA512 | 671785ecb449f107391af500fcb3c4c5a376c28abbf4728b372be7f007e286073c5a99e26e4855a5e00b9b9522831def936412997dec7eaf475fbe6ffeb88138 |
C:\Users\Admin\AppData\Local\Temp\SIoY.exe
| MD5 | d0b71f3b9e9344582da3a35f576210d7 |
| SHA1 | b2c4cfecb64e83138c717ec3f3078344fc17a296 |
| SHA256 | dcc6710545d46b6309927502ec1d0027077d53d3f1f1dfc5e1d7806d9e9e5622 |
| SHA512 | f08c090cdf5a0483aa51adde1318358b4006f5a80e8ca0b6942371b85a4f503244b5d4f2ce6992fe735c5ac16294d498a964bab96d047841fb1b6c407f4b5d51 |
C:\Users\Admin\AppData\Local\Temp\ywwK.exe
| MD5 | 6cb141352b171d85ef9814bf351fa21a |
| SHA1 | e30bd5000ea09b73fe2257bde5d30a1e9379fe94 |
| SHA256 | 5d1d130d7117a4dc48c532cfa4fcb5ced8220e679e5ab01cc2cec4b0da4b9209 |
| SHA512 | 0aa845385683bf82181881ada39c21e14eeb4559c96e50c6568593d7eb9a231ee7d350335049b12734ea9741e8d021b611aa6cfadf33b73634ee67706c09fd4e |
C:\Users\Admin\AppData\Local\Temp\eIge.exe
| MD5 | b2ceab15d1adafedb4961aea1e15f790 |
| SHA1 | f17bf9eb6522a9f639603a1a328e28fe8733bfeb |
| SHA256 | d4cc71d8451f9d1cc5607a99a563ef24dc2b29a9d4d1106c38b8c774ffb27a5f |
| SHA512 | 90a79d272b137eea970b6e487d0ddfe05471ad65a26009b82b08de8c65b2c62de8f1c009742f183e9aa2d24796cd855daceb145f41b1c167e29e31f72022e0a8 |
C:\Users\Admin\AppData\Local\Temp\QQYo.exe
| MD5 | db394fcf3d99157393151e98efc5eb6e |
| SHA1 | 9d4a3ae68c920bcead8651af0e127c7d0db52915 |
| SHA256 | 27d01f74d2c69e916ab6dc72059931f148d24835f60d0b1361143aeb1eb5a2c5 |
| SHA512 | a6532b1ea0c2945b94094f5c554e859b539cc59c4038bca7a8446b5b0e3ba5a76fc02768d4939f24cb067043763c0967a341e5b9d9e95b6406b29ef294a2904f |
C:\Users\Admin\AppData\Local\Temp\AAAE.exe
| MD5 | d0beaf882b6e774832fc73b1b0e25dcc |
| SHA1 | 15addca5d074ea2513af8adcb34e601758355c68 |
| SHA256 | 3d66c2b2e300fdc88ab1bbf06c646cd9e9380b9e35e3cdc103910aa3d4b95c0d |
| SHA512 | 9843e49f2aca5764b4abb54a686f3060fb986e58230015760dd9124496f0935de79dc85d9841d9a2752e1c35b0d2d5e33089cb3aa69df8516360554508bc4c3a |
C:\Users\Admin\AppData\Local\Temp\ksgi.exe
| MD5 | 7195138aa0bdf21e7da954a8c421b7fb |
| SHA1 | fd0b7b6eab5bdc0c9781d128f5b1df26854e8313 |
| SHA256 | 8a8658528504d930a4325ebe544bd2186cc3b7a31dda0b2b02c7e4946530a000 |
| SHA512 | 857b3aa8b1d6b4937cc5649409aa31a3b45db9967bb176e4cb334b097770bfa4b6596a5daac9f09eade19063fbe4cf8c81763b834b3788ca70140f375f7740a8 |
C:\Users\Admin\AppData\Local\Temp\oUwq.exe
| MD5 | 231d8adff5dcaf80997dbed8dadeb57e |
| SHA1 | 0af65cc30f38378ef6992476782ce869ef3ffa93 |
| SHA256 | ef76e8b39f06dceeb2772afa239f6d8d6341fa43cbfe2c1115dd4869e0f8376d |
| SHA512 | e4b10884c1f79b01052044927baf1d03a1877d768411dd1ce8b404ca723eaf0d2781711a820dd485f7085aa24455be007cb6eae3eb2b6503af5b3ba3a65e25bf |
C:\Users\Admin\AppData\Local\Temp\IQcc.exe
| MD5 | b0b2dec492d27f1611d9db2c97fef3ee |
| SHA1 | 671bd309c26e31afba8ff0bb2e08910843683f43 |
| SHA256 | 5405316f86ac8a689d3111236d8621d1f915c57c8ef4013357a38ff397b28e68 |
| SHA512 | 9b7939777e8071f0b2fa6dd24f7a1ab3521f33fd922c546e7a506acb659697ef257c8e8f2e6e4a4f0e673fb0975bff12d7310dbb3e036b581c888ec9be9bbd8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe
| MD5 | 8e94b908263bec4a7529ab058e41d89f |
| SHA1 | 1b10d281d4031c6dc9406191e082cf69003786cc |
| SHA256 | 10bb4392188bf89ad62f958086d563251bb5228267ae4d21267e1f9317cb4495 |
| SHA512 | 221bbc76b0bd39112d1aa9c06484daf2ef1ef6ec44ad8eeb00ddeedd8c89e5873b0759f3df06724483f44a1b58764d0c974aef9eabe49e771c4fa6accab857a3 |
C:\Users\Admin\AppData\Local\Temp\kgoc.exe
| MD5 | c6a93bf4ab42ed2e0263ae0ecab4c494 |
| SHA1 | 5a440d05288c58c610cce3dd527661e4a2db1bf1 |
| SHA256 | 2a9dc4c3f6f1bdc91084c9c2df6dbd9dab5c45a49a439dbc6d53d2e9d0e12130 |
| SHA512 | 7ba47d40c5103d11e9fc2cbe24fd1f1e3c05df536228421ed8576c2b444795be8c1c917b968c53c8d9eed0cef646267aa1ba3dc838307aa8b27aff894c0f5a88 |
C:\Users\Admin\AppData\Local\Temp\mEAm.exe
| MD5 | 4c475bc5562f2e40c885f71a70984407 |
| SHA1 | a4071c616bda7e2fced36af63d2b1d42c77da5b7 |
| SHA256 | e9cecc4b30347be9108b93edbe97a7a7fd1cd91909cba12aa4168b446446ed81 |
| SHA512 | 482d8b352752b3182d85ebc804dc16d7e7e81ca3f314d352ee4111309a00deb6be5fb6e710270cd5eba690c34df7a27b63970f9c0a991e4df0112a28eb05f9ba |
C:\Users\Admin\AppData\Local\Temp\YQso.exe
| MD5 | 4e6a7208b5576741b0982d52bda72018 |
| SHA1 | 6fd15631ef01ab108da8a962f900b421fc6c2490 |
| SHA256 | 2ea4d1d94b0ff798d86a1ab6485c73babc7739571204c7809123199b62a9c833 |
| SHA512 | ba52985a2be792099d6141c3fcc94e8d3798b313e04b865b82fd324d1e2b6ca3c3ef1e661311b30f0f3ac0f52fc717c46393c317f3d8304e9e95ed04275fc149 |
C:\Users\Admin\AppData\Local\Temp\eQQS.exe
| MD5 | 5d229bea739d3900db3e0b39f8fed147 |
| SHA1 | 108b31e2cfd3ac70fc9dd3cbed24c95020da76ff |
| SHA256 | 64da723207810ed808294c16e8159e62d4c6e6af5a2dd4fbd506d89f70950e22 |
| SHA512 | 7c37ea928ab94ba5e791689d5ef0c841bedaf5ca25a120b8b9436dac2006e39ec6123551e91144236fbc46e7e58ce5c0655759fe8476819757ca45e48ef68620 |
C:\Users\Admin\AppData\Local\Temp\SYsu.exe
| MD5 | 1f02297fb665a2bf6274ae03c33004d7 |
| SHA1 | ac73676cbefccefcde8e501ec2114bf16f72f102 |
| SHA256 | e128700814b2b1e1da9da072e7bcb619c8bdee9ed0ce53123f8f7329510a7d30 |
| SHA512 | f3583267c2bf8f21c599f0277f2ec84cb8c8c235a9d74e33a277cc8d9f345475266a5e2c4d7c97e45f11f51c43291bf653f4a596eae4af8c05e0391869043fc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\128.png.exe
| MD5 | 79f5e9bc233bc657266c9b148e8c5407 |
| SHA1 | 220a27ddd9957d0f6df9a16653a79c67ddb22216 |
| SHA256 | 78eb333ec5f9ac1050428341c98a05bf60e1f0d1748b2aa183e2063c657c5a44 |
| SHA512 | c9f36f88f12fa68e819776f50ed2b15d339b52b6622f270539d6b6c66ea16373d24c8392e7f129b9c3995cf270067afade08c37ae5b3c086e6cded7a7c49cfa7 |
C:\Users\Admin\AppData\Local\Temp\AsMW.exe
| MD5 | 28ccb831052798ee444fa965f4a62992 |
| SHA1 | c428d02dc6db6f7309e7dad5f9f01cdeeb3111a4 |
| SHA256 | ba828a741093eb32a92236698ded21b86aa37cf9daea4cd75478b3f077225083 |
| SHA512 | 4e66fd45c3ab15b98e37524aab987ea13e48812098210f194404ed0b62d091e80cadcd23e263307c5538dbd09941d91d4f643a12d88ce09945ac6c79e9408ecd |
C:\Users\Admin\AppData\Local\Temp\cEUo.exe
| MD5 | 8f6eddbfd1318cda22b4ba6fbac05af5 |
| SHA1 | 8c73aad676bc14ba64a114fc84abaa1f280138bc |
| SHA256 | 1c3860f201c0a51c48194fc62c9dddfe15f271d6583d80d9ba73087a2716ab65 |
| SHA512 | ab4711e39ae5d18c0b8201c68e895d954e120e96da428e89b16df62fe9fb2763220059f89e9972e1673da0f2ac5a42e42102b928430b944db44a921bb714cee6 |
C:\Users\Admin\AppData\Local\Temp\sAAE.exe
| MD5 | 25bf36c2fbed92406a0891f66258a1e8 |
| SHA1 | e61aba14c0464dcf926d314d8d7b62ccae85568d |
| SHA256 | 2e385e119e054b8ba98e375340e70ebc7abb35db9dbde61b332c73e1850502cb |
| SHA512 | a2c24b2c97ef082eba88dba34f59d5b30cdfb8417d24d20fbfc31c7a959cc36450e03fc1129d750dbb7ec81e8725e884f8c2d5725c591a81a79539a4de2f3324 |
C:\Users\Admin\AppData\Local\Temp\wUky.exe
| MD5 | 2dd4e291d1405826a24a094f0fa3cd5f |
| SHA1 | 69e0fad16c55e96be5a1ba272d5b5b6b0ace0158 |
| SHA256 | 37996c2df15fdda4e214ac1aa37a6df768feca64d2fb41f2935d6aabd9328851 |
| SHA512 | ee37ebf600db5f75b0ddc31771493ee973d9774c67e398b534c959cf9db1b5bb85ab806fbb8941b9f38e72cfaafb75638e1c9dc8c811453851136001aa3d4469 |
C:\Users\Admin\AppData\Local\Temp\UEAU.exe
| MD5 | 516f7ce24bca7d0ffb4d6be9d5b54f6a |
| SHA1 | cd5ae1bb9856f176f9d1ef45c597bdd405eae581 |
| SHA256 | 5074a3dcac723f71454ad201e323c1b0228a699aa85cd2e9e9ab7a15a5883f9e |
| SHA512 | d60e065c7eab83067ce1e9595376f664fe04a4e31e6f0952006c866bb06fbf579b4d796d2c787996abd8b7a842b0bd0c20d2431e0d7c98adf9103dfac716b959 |
C:\Users\Admin\AppData\Local\Temp\EMsY.exe
| MD5 | ee95c2a7465429c72fac7c20f9c6b467 |
| SHA1 | 91a29e70f483dfc3969877fe133861a028014b69 |
| SHA256 | 568faa1244309f1eb954b77aeb72a6e2e8ebd2a3f825a1d8095d35dc97a81638 |
| SHA512 | f54086b6d460b8e7a38f8c1a068eba64bca63fe58c823e0cbf14ef3dd80e60e8e5212e8ddb2f3880c19c2fd4f4d11aa94767b2e9fa600b04bcc2f1b919345708 |
C:\Users\Admin\AppData\Local\Temp\OkEK.exe
| MD5 | dd8632b878ec598e202dc3e43572a6e2 |
| SHA1 | 6499db2c1d4a4e0f0aee1dd48e837af71e58ee3e |
| SHA256 | 17be99ca7e66f4cc7c849d9280bb7b85c0d91d3d878fbca3b0f53ba3eb6ec25d |
| SHA512 | 105e17fa8af70843fa5aadc6388c2f71a9e2d884c302da4fd0a157eb8bb4f331f533b2fcc763f3f3b29e5ac25b04a2a714d89cc56b7a733d7707b48e333e1952 |
C:\Users\Admin\AppData\Local\Temp\yUgC.exe
| MD5 | 6cffc8a7b2e30bbab4c03e6f59e49c1b |
| SHA1 | 08ac2b63d164761847af253f36bc60cb9f5d916d |
| SHA256 | 0dffad552fe45f3638b23c22beafbbfe7c5722af1c2bd2f9480af42821252424 |
| SHA512 | 150b7c186becacc92bbe12c81ac89ec3415ac4c729c6d6c86aad55444e7340ef8db0e434df70e57714b41a79c87370cdaa1b18a6afb3abc9f3c66e48a0af80e5 |
C:\Users\Admin\AppData\Local\Temp\yUMq.exe
| MD5 | a006a0e61ab6fc289486d93d5368b6eb |
| SHA1 | fccee77fe24fed20882b5d7d284a0f1c54d2861a |
| SHA256 | 2660dd440aef79c17560a7d1583d3765dfbd81d2688a4fc9c1cf4dc6f7fa6d52 |
| SHA512 | 660d328b801f264b324da3abe5fe4eddd60ed403869e56479aef88e119571050af9bab053dc74856c18d73a8c7929a283cd3df80e5fed084a760c1e3b03488ad |
C:\Users\Admin\AppData\Local\Temp\MYYg.exe
| MD5 | 1fb9cfb15637effdcdab9273518cab7a |
| SHA1 | cdc9b0d3459ce9fbfebad0e4a008de37ee35d307 |
| SHA256 | 6c43e6b7036f720f3eebde6b839e06ad84275d93249810ceeeb1d82fe6952fac |
| SHA512 | e2be8494e83c8d00a0902a4c46ec9f2365b56fe0d6070af65eeeb01389be3e58f9f47058af2bb73f0ffb45afcd2ea8d650718933d2a58079dba00c4dfabdfe40 |
C:\Users\Admin\AppData\Local\Temp\GIUs.exe
| MD5 | 331eeed5cf7c978161cc335d38557590 |
| SHA1 | 5164d6daa68d1b207f84a35ce3d44f4eed8c5a94 |
| SHA256 | 4566429e594bdc0c90b4016c23e2df05abfd0293f9c8e2144766e0268f79ed1b |
| SHA512 | 7c9e8436a3b9439b25d8505a36608b62e988c30efe9039f042482b3c97c46a0477002ad77f44f9db2531cb29cdea8a7abbae6640bad8e15258e4c71d2ab061af |
C:\Users\Admin\AppData\Local\Temp\mYMG.exe
| MD5 | b1e7fb41ec3b74a5e8693fc4eef3181e |
| SHA1 | 5e2e80f6d024f0dee26a1c8a331571882e567f1b |
| SHA256 | b66d5f59807b33a5c6004bb84ba835dee277e14d9e602f7a835424da5d5281d8 |
| SHA512 | 7998f57912f58a8e2542e9cf4f92613a9b64f2ee0f57480ea2b5b557887574050512a6563bd863c8c49e6bad3f047dfee010167fd6292c06c3f9a465e9814e41 |
C:\Users\Admin\AppData\Local\Temp\GIwu.exe
| MD5 | 145191f2a80a6ae392b16f7e19849624 |
| SHA1 | a1ebd03ea85845829e05ef42224f97c875ac07df |
| SHA256 | 8d85821e6bd90dabad25bbb5a001343d7b2cffd84a26bafe10c8ebd4356835d2 |
| SHA512 | b8442bb1e3416a94e039bed59632b3047e95a9423834796e1b5cc08caf04c29250927cfde6c1464e109ae6396c43552901831dc6fd1f2c5bd60d05c5baa3f3e4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | 2039174b537051c755e6bff1ad8ee76d |
| SHA1 | 881baa972c2dc83402af88952af310dd82f68c1d |
| SHA256 | 3d399faa47258875499b7238b6b8d471c7c955068919ea0e3c930d4e41937588 |
| SHA512 | c9dcf1a4ece2716c16ddecb143dd5e14f84fc6ca039233d518f98e02f542aee63bcfe1f0ed4ca9c3a4cd2c1b80dd026cf9ee7ae4f9e11b9ddc0ef6758a4c9e4d |
C:\Users\Admin\AppData\Local\Temp\mYkm.exe
| MD5 | f774594a3ea9bba8f609f1a5f8a23838 |
| SHA1 | 5fee00f8fdec7fbbdbbc7a1bbf7c5de4a5ca6d9c |
| SHA256 | f2f7315c9c697db6a2fc30ff7ff56f3c39ff9d8002f56a15d3b378da724570c6 |
| SHA512 | 013ae5b6b9ae1e661903c0e97b603fc2bd778f7eed5c27eb55a23a2a24190e2ebc466cb887f9a8283ef3dac75f5cd8c9e30ce9d881b02b4f71c6de5be0403e86 |
C:\Users\Admin\AppData\Local\Temp\cwwi.exe
| MD5 | e9098e00c223a7bd4cf14fb87c32b08e |
| SHA1 | 1d30f52ab923594dc61aed80e7c60f72c1d52e41 |
| SHA256 | 8428ee8a9c4c54a9e1e8fd4e839261f9543f90c96ec20f330e5b8c9a9a0ec6a9 |
| SHA512 | b8fcd311403d52d566e1314e41075f12ace63ac642f28450b5653d51e3384e2a4f1b0cdf26fa1e6c4f01bba60701949720569e1b5bf8f4b2fa2107fffccbbbae |
C:\Users\Admin\AppData\Local\Temp\GAQi.exe
| MD5 | 2c84f60658bf033907d77dee4061ddc7 |
| SHA1 | 57cf1257857c9150e15e709499a871cf12283d2e |
| SHA256 | 5147164b8ea344374ac1d1162decf46edbee207afac1f97c47019b481601fba1 |
| SHA512 | a035d856779e5a440b903b971b5b5819019f956e74e47145517a4932d71db55bc2ce28c1dc4c6fb26cd6bae35d4b8dee6b17404b675b810abfc59676fa68c554 |
C:\Users\Admin\AppData\Local\Temp\wEQU.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\CMkk.exe
| MD5 | 6dee416212506eb2513e8fdd45efcc25 |
| SHA1 | 9d9769d159e499b02785e34352bae01e700061c4 |
| SHA256 | f2694347f03e359c99008179202fea0bb28c39644622be292b7a17df351178d1 |
| SHA512 | ec1a97e85224969548b895658dc72deca5e4058b2915361a7edb33a1792749ab6621d7a48fdcea0390eb19ad7dfd4f98ade87e289fbd02b2a9866bba3f50ffcc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | 5746bb593b6c7b8b0b16953eaa3c8f96 |
| SHA1 | 578e157c49e8485c5a82de87560fad11f3337cce |
| SHA256 | c317a1b6aa033553b58bf7817fcb27329d120c8ce63e909684475a0e4cc79f3d |
| SHA512 | cae4d73d8426163a386f3d5b9345ea0d74036e6ae1d000701622bc10919eb734b7476f712491aac7b1ceb2ee14071a7caa6fc04b10a498faf1dc86320c41e470 |
C:\Users\Admin\AppData\Local\Temp\kEQI.exe
| MD5 | de85a22d0b258629108e9458036dd6a2 |
| SHA1 | 2bef6ea0b7ee2de09e69eb431450eff67060e04b |
| SHA256 | 1fc577a66049bc0d641f2f949edbce580b10e18b71e4b273775da1b56a6da6e1 |
| SHA512 | d3671f65978230c5e82c6454bef029ad0b9e640801ed73f113913b578b5d7bdf650e28fbcd56a05b9fc94b507d0ab4f8a9841a52028e0fdd5097044553ad7360 |
C:\Users\Admin\AppData\Local\Temp\gAgy.exe
| MD5 | d1b90bdbf3d1ccd134cc251a2bbb005d |
| SHA1 | cfbe5c6415095b80bcb46dfaaa3f0d786703369c |
| SHA256 | aa9a4e6a4423e81782ffc2b4dec840b329fdab0c2da012819e9739d45c45d0ce |
| SHA512 | 66f5f24019f151724b0fca2e78417a7f8957d3412fefca47922e385513fd224d6b0b3752d7654791fa1b4040b2d2d2fd54be9194ef5b383e3a848ea908cc31dd |
C:\Users\Admin\AppData\Local\Temp\wMQQ.exe
| MD5 | 7d3ea5c480733a0b2a3345378022d9e9 |
| SHA1 | 62d526ba1c4e8467bc1a982043e83056ee69765b |
| SHA256 | 8823f902e5a95beebc496908ac09708fee529082d7224f2bc00faa6e3a703b18 |
| SHA512 | 41aa8522026c8bd4c244d8489274f67421431ce3454d51fb037c08afcc84da606156f02cfcf8d9cb4f947b395f996f6d06a559eb644ea458d7ab9c056edf190f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe
| MD5 | a610b8d17e14c7b8fd310624dd497401 |
| SHA1 | 929642320b28c6f88b36cb61c36ebb277fa3b270 |
| SHA256 | 8c98b367f41d8676ab9a7edebf96c3279d67402e7ebdc6466e11df872430ac00 |
| SHA512 | e044ded69b7aa80a4d40ba2b700c08930d6cb49692fe0e4125bc3644649790910662cda8af6781a1a95a9833fb776108c91117e35111662b2b81a910294c88b9 |
C:\Users\Admin\AppData\Local\Temp\QUwS.exe
| MD5 | e79db19e3cb6e244e92091aa0e090247 |
| SHA1 | 851237f89f8ad1cbbf114706eed425aef5dbb63f |
| SHA256 | 9a1b6049b9d2b4cf98dbcd242a7c6621180a1e0879900f0151b4d736b3d7ed6e |
| SHA512 | a0e7a28e9ec8354caae8b4b430b94a89d001315a4745686b3b7a9493251ff0fcc9ebf2cec3d655233ecfe6bcfb3c780e87e756975faa13991901cc9f7aaa69e3 |
C:\Users\Admin\AppData\Local\Temp\uYkA.exe
| MD5 | 2a7136c1ff123b42992375dcb8a7c1fa |
| SHA1 | d5527edd1e4873779eb90dd1e40c84f2518ee1fe |
| SHA256 | 610f33002fa4756ef2f8f81e1db6fb463bc142783663a8c4157f2cebdc5faffd |
| SHA512 | d90f21476d7f9cc418b17c781a47aa5e99a36397c0d480c352dc4545399f04dcb2d88b430112d4c84a2a8a0c4665c877b051e5f69723cbe33980534923e4ea56 |
C:\Users\Admin\AppData\Local\Temp\GcIs.exe
| MD5 | bc61caa8a8d8d4294fe068df5ed1c613 |
| SHA1 | c6ca5d316e890ddd7009d2c1d5f59c1539fa97d6 |
| SHA256 | 8e7af9364235ef55c84fb0f6860430991a19dd750c8d0408d5202c5fe86f4322 |
| SHA512 | f2af171e49e6506e7e7c87952fc8465247ab609477a44a6e2a1d003cc129a50768fd2730fcc3768c71ff85732d6eeb1f2ee53f1d41e964400acb13c6ce0e8ee5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png.exe
| MD5 | f54c477b71839e6c125e94c67c6b49fd |
| SHA1 | cfa8b745626aa360305b96a58cd21911afbe3fdc |
| SHA256 | 339d8a7227b2c91133b84a798420cf2a2eb29c75e0f4e8ceefa0f119e845b10d |
| SHA512 | 67b2ec0877c9d04dbc009538f1899144b52050d77f791b12d0198579a8fb68a9058f10d00afb9b878f44df772c9cacf257500693bf194c11301f36a8dfe967d8 |
C:\Users\Admin\AppData\Local\Temp\sEkg.exe
| MD5 | 01cda77da3d0ad66503510e8f09742dd |
| SHA1 | 6932cec394dbee9a784b9bc5e22c6e7bb38787d7 |
| SHA256 | 8316198075680cc1b8db77e338608ab1758b653666a1330dc10b3666b1d889bf |
| SHA512 | 48ffab651088e37aaed2c09334155ac344fd3789ad203858d3980043cb2b1e043ec697db129728ef5e6544dab6a66b3fa526cb01a3592a8043054ae96702e807 |
C:\Users\Admin\AppData\Local\Temp\OoUk.exe
| MD5 | d0b9a96f996007665e2314e424047c96 |
| SHA1 | af8c5e11e42e46ff5e862fa17579a923c14007a7 |
| SHA256 | eda8f6473da2cb53c8bbf5091800c428a95602fd68edc70880573946a68a5585 |
| SHA512 | cf8e18aedb5591b2bbdd8a0a2d51a5d9362646edcb8c67081c9db3b44eecc8048f6b5b7c9b1f29300fa6f7e92b4f9bf9e0b97de31d5009e1044d1083e8c7c5fb |
C:\Users\Admin\AppData\Local\Temp\wgAo.exe
| MD5 | 180f47cc00a5464c3c10db30d91d0ec9 |
| SHA1 | 6efff297b80a83e3b50404d2e3d68b71c05608a8 |
| SHA256 | aa5816198fae0463a56695f27752aef91fd598a6c95043d6cdc5bf3c71febe30 |
| SHA512 | 0dff2287e015ce62cb66e96ddbb7ab3c4b11498453f26587980571c838c87d64af77fc55591d0ea1ef905966a78488b290f8bb8869b6268e99a29c3e1e610cc9 |
C:\Users\Admin\AppData\Local\Temp\KYcK.exe
| MD5 | 04bf926f4adc8a156c4f2113ebb0b3a1 |
| SHA1 | 3966abe326bceeb36841b34e8fe544dfa2928756 |
| SHA256 | c994a5806b7c1f97a5ce352cd9c7dafa3f41b0269aa531e1a6b40e13a5bdc6ae |
| SHA512 | b0e49a2d341f75fcbfa9f756f078ebc0ab8712c66b5436b9def6b163792b134be9d1705bc56d3a96396c9a5bc4dc919751ca8a17ac012d5c0dad6ef27f3a3d5a |
C:\Users\Admin\AppData\Local\Temp\MUIO.exe
| MD5 | 55436358d788355a11df3caa1921d6e3 |
| SHA1 | b3fdfc8ffe094259eb8c3e4d469bfd38ff2bbe9f |
| SHA256 | a4060402b4624b8599941fdc3477afde35504c8258935a848f46b2d6a346ac8d |
| SHA512 | 8d969c69072f5fbe4a8d61444db8f2d149e781406fc1b48976c547e641cd8e568dc49106fe5b9de5c17d491e6f305cc8cc9d3fae6dfb1cd95ea6e664013f9e10 |
C:\Users\Admin\AppData\Local\Temp\UEAC.exe
| MD5 | 8e65dc8b8ff901d0a7d8b9da8f15c416 |
| SHA1 | 1cf054346475017b2983b291caab9a2259ff29ab |
| SHA256 | ea29af5cc0f5fc16052c2484639ab5ce84abb96fb733e76a4a71f253b4a612d9 |
| SHA512 | d09b0a0748699bcaa7121304e24b7e8c43023a34996c438b54b7773948af9120fb13d7db9844e827f8f35c7acc51aa9016eb70d985a2ebdb783671e7733740d0 |
C:\Users\Admin\AppData\Local\Temp\yAgq.exe
| MD5 | 3ff31c54a2fca8ca4e8ee32c848ea461 |
| SHA1 | b229b99843bbbfc170f87e5a396e10f3eb41005f |
| SHA256 | f0f2d0a89ab2a17cf015ea735eadbf5a7c6d8ed108210ad2ddf555f3e0217695 |
| SHA512 | e0ab5d58e73583fe95de463d0f3d9c48e5642f1105014cdae0e344c37b11b43e82df61d44bf140a655711150a419377dedc81647bee637d9590bfc9d2c4fc486 |
C:\Users\Admin\AppData\Local\Temp\gUMe.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\CUYO.exe
| MD5 | bb9200d87cdf1502bd7444efab29cc53 |
| SHA1 | 487b25cab6210249f21eb02586ee35aa8a254bf9 |
| SHA256 | 2f32a7f1d1f20bdf2f8bb1fb7210f918c73bb2e09c3bcf58be9dec23ddbc2ae2 |
| SHA512 | fe0c6dfecad69c760edcfb567aa62fe615216bc36353c8aec049afbe8ed863c4d584ea762823560d243ec4ec7d75bacf943aa7f36e2b99a34cbef179af6877f6 |
C:\Users\Admin\AppData\Local\Temp\ckUg.exe
| MD5 | 08aadfd192d60a34216528ebaa1f3ee1 |
| SHA1 | 43a013b393ab6762852352c99101b356ed85e768 |
| SHA256 | 16f72fc533b34e101ec2112c4dbbd7b1c8877e381bdc6f48cd2acd67bbb03ca5 |
| SHA512 | 5b95edc62d079f1df2d2c725e3ea7cf9a9f9d9bc7244ac13eb1834384b761c9a75f980e8d05ee2bcc0b57a848d8eea152bd0e96b3f0ea9aac149edf68547b886 |
C:\Users\Admin\AppData\Local\Temp\CgIm.exe
| MD5 | fd0d3fa347c931eb7ca874da463b44e8 |
| SHA1 | 2f38570be9316426e4671b6ac169fa2f5f00a503 |
| SHA256 | 95bca1733a67749bcb6774a64b53e5d246962bee0cbcb2d8aaf78b42186d69ea |
| SHA512 | b0fde67a0eea36f2b18ce33757b46dde69da2afd931bf69b9378d145a24d33167f72ec476b9652bc58b749b3e8ded6ed0aaf78e6e71cbcce20d9f358d399e184 |
C:\Users\Admin\AppData\Local\Temp\QkAG.exe
| MD5 | 66d217f0c0a7be7f118217c74f986d45 |
| SHA1 | 04d139d5ec163d16430e89ee5bda3e17722c36d7 |
| SHA256 | d48ae54af3f6ff1656bf3b0198efe5bb19e1f1a30b508935293c5d1186f6a1b0 |
| SHA512 | 62523f3444ea87bc8b5223653010265bb65dab977732cd9a21d0205a31e324255901da33fede637838bb1f2f7603ba764ee6f4a00fbcba0fd05ccc47c9bc7bb1 |
C:\Users\Admin\AppData\Local\Temp\Eswi.exe
| MD5 | 85c6638830c6d57b00a2d319ecbecd89 |
| SHA1 | 3d282a029ee8c32ed66a102b1f80fd6e1194467e |
| SHA256 | e8b0d6f282984a7e3b9002da13143a4c908048dce2d49d0719cb89c52b38ba88 |
| SHA512 | 1bc1788021b84960d00576ea2b1e31a635a31e1144f74ec9b45e5d4ebfa3df56bfa8ffd0fa0a04ae2b5d7e8cfd0e698d1d38deeac9f9a92ed169145e9f8e5878 |
C:\Users\Admin\AppData\Local\Temp\KIoM.exe
| MD5 | 08bb6aeb12334be1a23619f91242c201 |
| SHA1 | 9d771d8395577eb2d8585242b16b97d77cd97aa6 |
| SHA256 | 97e42980621e7fbe716efb517deb1ad8c59a94e0cb5b61b4ffee785c46d0df66 |
| SHA512 | bbf52208e9faaa5c41bbaa092e6e1f2f10754b4f966f5eb0d7d8883075eb7a53d49865821ca6a93f0ed01ddb92bf392757dc9cb0c1761dd2662fab26efea1247 |
C:\Users\Admin\Downloads\DismountMeasure.png.exe
| MD5 | f82aaa43d366cf7e92909de7cc4d2471 |
| SHA1 | 87ca4bce18a88cc4ab964faf44441ecd0d0687c6 |
| SHA256 | f1d59f233d53f651cf647df275aa887a0b02e979cf1ec49617247126f2d412b0 |
| SHA512 | d467b3a5db80cd1f1ad88e41e4fab33e43f546ff18206fd28d1e8dbf6d5db2fb78c390dcb1ec4d65b7ad9f73f54081f707ffeb51466c528d206fd7fcbe0d7bb1 |
C:\Users\Admin\Downloads\SendStep.doc.exe
| MD5 | 7b84b9835abf71518fb76d6193166c87 |
| SHA1 | edad9b6289b556d09ed461af4e38bab3120eeb3f |
| SHA256 | f4db1bb11150fb416e2c6566771dadaa8fbbd6adc81af34618dda5499526c638 |
| SHA512 | 74afdbc7a77324f550b3168943d355fb9849e41890d8308f3b170e7014b59a42d1fb4c2ab235036504f1a34a07cb78e430df6e86cafe0d39cdd8fcf4e2f81ad0 |
C:\Users\Admin\AppData\Local\Temp\CEQC.exe
| MD5 | 510def6c8a7a01c75bdfec5b7bf81745 |
| SHA1 | 7eeab4992609efbf848d982d51becd8fda61d0cd |
| SHA256 | c7b9400e11782144dd11a98f0a02bd15336979226175973dcbcdd66f4fa300f7 |
| SHA512 | 34f30d06f414b28bc7cb1dcaf7b9655200b8292f47904890719dd463a820946559506d7ad4d14e6ac31003c0c8e615ffbd50f957acdda2ac2ea0b10b1d2a50ec |
C:\Users\Admin\AppData\Local\Temp\GQUm.exe
| MD5 | 7c76f10d7ef0e29bfe84383af673471f |
| SHA1 | c53b371fde837d19bc3711b112495cd017f4c3a2 |
| SHA256 | 39e65974b2004f82d4fc1ad6eca2535a61fe967e48f595f6520cdbdb4eb87e3e |
| SHA512 | d2176b31062de9a21bc324942b4410cfefec4c0c4c3a89c94dcb62e7d49aa94810e1185b80adaf52ab80cb9f4ccd54de486288dbf1f3b5f0f182f0a2b9b64c31 |
C:\Users\Admin\AppData\Local\Temp\Yoci.exe
| MD5 | 23a251bccb7f25e71db80b80ca0e1af0 |
| SHA1 | 10ca70cbb8c001746f1e28e648b1c8ea7b2c7ed0 |
| SHA256 | 742d382d85f3dffbf0fe367aeb5037feaa00fb335eb6a6b779d6929987cd75c7 |
| SHA512 | 59f957e88f06a5874d635ec8fc1045cbb595f667f9b3f5f5dc97ecb494fac31c0edf33b60302bd05baff4b95099fa314f27707df1d48230fd76e1aeafc43a4c8 |
C:\Users\Admin\Music\SearchApprove.jpg.exe
| MD5 | f6c85812dfa43791e307c43b9723e859 |
| SHA1 | eb70b3c24093412df6c460dc985a95ae6c5509af |
| SHA256 | 2379b8b2889466fcd0aa71346583091eda401cbeec1a4347c85b7f688434d8d1 |
| SHA512 | b28da46c3e83a321dcec5285bef5b7599d40023b3afdca66dd0583b6fa2db49b3502cf1cb4f7c64caffd6dd880975262a170fbec0275e5e1b13e908dfc2f6889 |
C:\Users\Admin\AppData\Local\Temp\Osok.exe
| MD5 | 97f23925f51c14689025ac38b6d4cf6a |
| SHA1 | 005e04571e66247ae423d86480844b99dccd0212 |
| SHA256 | 7aad048199f003fb3cc41ce1830dd82805fe9740b615fe53316ee3c2b5b83c50 |
| SHA512 | 09597088592ec3c6f0d2df6d43fd604940f369d840e158351571023fa3a7bbec236174936fc3059fc3555866708e15a3ab3527bbea294fa1fb5ef5cc6e47ee4c |
C:\Users\Admin\AppData\Local\Temp\sUMc.exe
| MD5 | 5ae04347670628a258e7e7607430de21 |
| SHA1 | a23d567aa327e10864bff20e881b9ca19405000e |
| SHA256 | 3f14f8e77a68a8e3bc9fbd4fe1ea7c85e495e1422525a4d0a4ce27188fec14dc |
| SHA512 | 403c4fbf33f5694121889e58d3e59e9e847800e42ae8860537712b9a50627a6ee6882e0f9074ee44b7c9674d148721d79193aa2c984c016ae6fd82460c6fd898 |
C:\Users\Admin\Pictures\BackupMove.bmp.exe
| MD5 | 6ef893bbf159057112a26338c73d4836 |
| SHA1 | 65872a26adebe72eb86afd223e93bcae6e486bdb |
| SHA256 | 63f074085eaae94ef940fe75568417e58f0425ec9d85b2b3e605b3de7012c8db |
| SHA512 | 151a03731405b0574e491e284583b66c032b06afd87dfd9fca9d54f0086f368375d14ac28191d4ac3825d0e1e0b432bf66270bc5e39b957bbc2426e5440e9375 |
C:\Users\Admin\AppData\Local\Temp\QgIq.exe
| MD5 | e75ccf833fab4ad99c0dd7085447eaad |
| SHA1 | bab84cbc3c33b619c602c667e6405e072a1f4a16 |
| SHA256 | 91346cab9a38f8cdf718cd9fa2ff94492de4676967c4fdaaebf19af0b77f8f74 |
| SHA512 | 6a42ece0da0cdf21abc60f7c81c28a9bcad1b6bc4c93aa123606831cef0917c303d67d699f048ea0a3a37aba4bbb9ff06b0392265808c400558ab5ff633e7091 |
C:\Users\Admin\AppData\Local\Temp\CMUE.exe
| MD5 | cc36c79186c3cea618b182e0daa65c14 |
| SHA1 | 38faf7b7139eadfd581e073da9ac6780bd6421fd |
| SHA256 | 769018a1eaef0a895cd80d14566ff21f2ac46ac94c6564bb6b60c110a1aadb7e |
| SHA512 | 030e1f77912d431233a487c80d9788c4d6453cf88d9e5ae26657dc7ac091ffc3fb5644b7001472bb99cdc64d5898b6ade0af6667ee75d9fdba82b227d8b1b965 |
C:\Users\Admin\AppData\Local\Temp\yssE.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\Pictures\OutConnect.jpg.exe
| MD5 | acd589eac6ea842480352f7013237097 |
| SHA1 | 131c03616d2e9f0df22fc608173aa01f675e76a0 |
| SHA256 | be39f3d1aaa689a4097ef2b70516661f1136ae9f05eaaf87cb2e4cb13688335e |
| SHA512 | fe757d010d5dbbc5ff1962de6385aa2564968c1816cfb77f5cfa887bf2a4553a0122c7b62254d85f4ad37b0d56289ef43dd1c065c6b785e11a6718e3ef34ebd5 |
C:\Users\Admin\AppData\Local\Temp\uQIm.exe
| MD5 | 2ea7ea12f2c83b64685df7c0f12f59a2 |
| SHA1 | c08152dbc9cdc1487487b4d26483ef197bfebe17 |
| SHA256 | 7e79c62442b9d97a5a8e0b50a15cab145c2ffd4f5d5ff111c9d7545c6c88bc41 |
| SHA512 | 953f2f9433632def6a7f33706e827cb6865adfd755deaa2991fb973b63694baa707ec93ef1a50d35941e290f7545cf5ddb0dff660c79f48f95550afc0250da4a |
C:\Users\Admin\AppData\Local\Temp\sYUe.exe
| MD5 | bd9d79e3885c99b4c7892fdd24bc1da5 |
| SHA1 | 5e430db148bb2afbf5f17b9d6394f7bfd9b48cf3 |
| SHA256 | 17fc0bf244d2b25ae92b1ca9009fd19494a61edcb9d382c5caca2655b62bbf0a |
| SHA512 | 47332c2035b826f37f67fe311c8ca7322116699698de7b5c8f12525861c2c677633087dd04ad6503ef13391c2ff801959624f553f293aee476cb5fa97dd6ca3b |
C:\Users\Admin\AppData\Local\Temp\YAUk.exe
| MD5 | 420a1085c3af613991b7cbea201f8c2b |
| SHA1 | b3a0ef1fc4371d413875272197c7122beffba934 |
| SHA256 | 117f6a9be08f9add793b4673d63eaaf6872d48425956440631156171c93e94ac |
| SHA512 | 7e38e3074b896c81ec89027f629807f42924618aae3b0c280afb7bf2834aa24d13864f9bc99115f49bc69a3837da5f2de6e34d886a93695845afa2783c4cd8f5 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 5d9420bfd9f3f1eee08225368a0317ce |
| SHA1 | f5dd99a5801499e1ddc0b662df0604c858370f22 |
| SHA256 | 27a02c758e1b7c5bfa882bd4e4dc8e4495b300c046b6f296062b3e82bf816328 |
| SHA512 | 95d79b494241e62bb2bd8487f38d42263b8f099d2c77cbdbf09f701f0e5f0057a163c70cb6ab12d728736bf00ce90368b7b13a3bda9fed3401bba64940d6cd3e |
C:\Users\Admin\AppData\Local\Temp\sIIe.exe
| MD5 | 0558f0d7134056ea3c324267f7f35917 |
| SHA1 | 13c610f153cd6d99064e54b371fb16a4cfd55230 |
| SHA256 | bfb1be10cd4e8e7236cf10b0c8dacd207f040d8c94472f1ba8aabf5d63420da2 |
| SHA512 | 95039b99c70e6f40fc65fe3e0eaf53dc1bb2941149aea92a63ab4fb37be5253065c9f6bf6c238959f42ea71220aa7585ce03702ad198e1ac5a60746209a956a2 |
C:\Users\Admin\AppData\Local\Temp\iccS.exe
| MD5 | ce449a958a52ccf8d7e3c28573e8230d |
| SHA1 | 7cf32030572dfdbe300f95157df466b29d2efc30 |
| SHA256 | 24489e42d056341172a8655d854ac0dd242e949b3cd9c4bc639fed77e66721fe |
| SHA512 | 310fe2802b29eb22d85b83758d0806ed73cb86fce330fe52256b005a54ae5a0e92b0c35f04c97938c78e55bd47f862b7da6d74e1b96da855163e06ee37882ea7 |
C:\Users\Admin\AppData\Local\Temp\oEAk.exe
| MD5 | 96b57eaab21db092d9b83ada55e9e2e1 |
| SHA1 | 528553933695572760957c1bab385145e1c7b9f8 |
| SHA256 | 7d12d7db1f73f545063d0d91a31390e3b9218e9a09e7d25b9d530169215a864a |
| SHA512 | 06fe42fcf7271ca8291c1a196297db2ab7d9a1dc788a50f13202e099bef544dab3f1510c1e1aa6965437d49a679eb8b9aac18ef79b98c56df4c7798878d2431e |
C:\Users\Admin\AppData\Local\Temp\IQoy.exe
| MD5 | c4077f7f790e5dd3b778a2d8c34e0f13 |
| SHA1 | 5c3e99f3e2dadbf12de643877ba34cb3b60659a1 |
| SHA256 | 6bc93bee703f3acc11f91dcec9b7a34f28f24953b3d110a291b9899d91f0ef5f |
| SHA512 | 4aca26f27ce857de83acca0757a9bdc2dd9b4a1dcb3db0ea8f2faab70f3545bfa9d085a25de9efc65aa145fefb97d435bad06085c0610e8e43c65217e39999c3 |