Analysis Overview
SHA256
a1fe19a6f8e7118773f8ed982e88ded4bb2e161503ad41428e7c99245d79ae35
Threat Level: Known bad
The file 2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (85) files with added filename extension
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry key
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:54
Reported
2024-04-03 18:57
Platform
win7-20240221-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation | C:\ProgramData\DMoMkUEw\pWMkUoMo.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\yakUcYwk\raYUgwMU.exe | N/A |
| N/A | N/A | C:\ProgramData\DMoMkUEw\pWMkUoMo.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\raYUgwMU.exe = "C:\\Users\\Admin\\yakUcYwk\\raYUgwMU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pWMkUoMo.exe = "C:\\ProgramData\\DMoMkUEw\\pWMkUoMo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pWMkUoMo.exe = "C:\\ProgramData\\DMoMkUEw\\pWMkUoMo.exe" | C:\ProgramData\DMoMkUEw\pWMkUoMo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\raYUgwMU.exe = "C:\\Users\\Admin\\yakUcYwk\\raYUgwMU.exe" | C:\Users\Admin\yakUcYwk\raYUgwMU.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\DMoMkUEw\pWMkUoMo.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe"
C:\Users\Admin\yakUcYwk\raYUgwMU.exe
"C:\Users\Admin\yakUcYwk\raYUgwMU.exe"
C:\ProgramData\DMoMkUEw\pWMkUoMo.exe
"C:\ProgramData\DMoMkUEw\pWMkUoMo.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WecMggMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MIAIAIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PaAIIosI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jUUAEIAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCMgQckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pWAEEgYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qswYsQIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UucoUUAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qcQIIIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CwEogYsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FyoQwoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\byMEEEsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkcsQkQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DegAMkwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egwocEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EUkcYAok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OysYcMcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iSQAQcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jmAIAggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fMoQkAss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LokEgAEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jwAsUUgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WyQYcMwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IcMococo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wEYIkkUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sqocIQUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sCEwQYcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEUoQoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HgwIYQoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hkQUMkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LMMwooss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-211040385314253254631915099310-555124270-2131797716-744072017-17238051671671218607"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\csscEQgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AoQQwkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QQckcooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yMYEQcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1971980157-2665195559825804471957747669237545228-1475939521-243892172-757520651"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NiAgoEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-878334310-135901993219030014592029266645-2073058527-1897543122-1643093377502301726"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pEoEsIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TksUskgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LSwYwQsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SiQskoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uwsYYkoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUskEoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OogQAUIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LEYsskUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bKMcYosU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jcsocUEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KIYEAUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SyscoYMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iSYwMswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NWQEwooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\liUcMcsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dmUIAwgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bOswYggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tAcsoEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISgkwgoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AacMYMoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UgowEkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kqogQQEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2940-0-0x0000000000400000-0x00000000004B4000-memory.dmp
\Users\Admin\yakUcYwk\raYUgwMU.exe
| MD5 | 2f60b135fcc53ef58f01e4f07bfb6003 |
| SHA1 | 2cb10c39827397624aa746852b5a6bc6046e32ce |
| SHA256 | 92e0bb80a9fafe5b895fd984e32761ba8cfb16c36e4fbbba938bee7fecc05ff2 |
| SHA512 | c71bb976a4fb421015266abab0faa47997c6338702343a367d4b9b3c66c89e8d8e4bbdac339f2a81f86fbd2ba31e195e6f3ec06f110d43500f09348a756689bf |
memory/2940-12-0x00000000003E0000-0x00000000003FD000-memory.dmp
C:\ProgramData\DMoMkUEw\pWMkUoMo.exe
| MD5 | 652713c706e48792ba2a116b1ffa7c36 |
| SHA1 | e8aa0a70392cb99a4e0b7753f74c140991f7200d |
| SHA256 | 18901e699923b269f3620b31a08954f5a7b5f4f4d8f3704f79534b0014a696e7 |
| SHA512 | 19711b7bf4a886029e0d35d26a2306fc8d7c091e21ae3b3254f9e2cbd6c522a301f3292ca90b604ec0ace69dcb0b9c8e98a6688f2bf9e7e414b4ea81337271a5 |
C:\Users\Admin\AppData\Local\Temp\sykIsAYM.bat
| MD5 | 5c4fef0148d9f42282d8c2279bd04c73 |
| SHA1 | 5afc6a426c9b8d073ebe2dcdea6d91a879ac9faf |
| SHA256 | b0ea08f9fbf6aa8ae78cbd60b7d88c015d80e45e00c2f811ea06ee5a0aba4b51 |
| SHA512 | 205a2b69a359596f8744ed02ee406ff4f00ed213f0688004edeef02c97cd5a9baa47d8cac5ca63371e5427484f36f9ff6aa0934ddeb4a10cf3490ebf2fd7ffd8 |
memory/2940-28-0x00000000003E0000-0x00000000003FD000-memory.dmp
memory/2976-29-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2652-30-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2940-31-0x00000000003E0000-0x00000000003FD000-memory.dmp
memory/2664-34-0x0000000002370000-0x0000000002424000-memory.dmp
memory/2800-35-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2664-33-0x0000000002370000-0x0000000002424000-memory.dmp
memory/2940-43-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WecMggMY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
| MD5 | f2271fe569c058dc724d9b9e53811e31 |
| SHA1 | ea276fc14127875413ac387f017bd2291a987f4b |
| SHA256 | bf0074851e2435a255b512e502b831ed2c456774971f8fc57004d597769364a6 |
| SHA512 | c324428534f64879aa17b190206e538066308486d95e9fa1b8b7238bc79067042717c232034ef8926376b72d3123be169852b05bfe58c7f69887245d91e5b53d |
C:\Users\Admin\AppData\Local\Temp\CYgoAYYc.bat
| MD5 | c835d1c47826314c76df708a4349a6b7 |
| SHA1 | 4a6e127af91f011541809f1e73e4e3e984f4354d |
| SHA256 | 7df412365d860ebfbe954e8c177118aaa3f5663de858fdc72e061b0968309aec |
| SHA512 | 955e7f03f7021a3f29048e35f42a555a5cf85be0a84a4be8e1d980f0f232dcb678e43e370c421dfb2af116fc8b751f4232c82ff4d6ec8a5c15eaceba3a04fce7 |
memory/2352-57-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2240-56-0x0000000002340000-0x00000000023F4000-memory.dmp
memory/2800-66-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JCIkQgkI.bat
| MD5 | 965014a9be90857195b5a2e7106e0870 |
| SHA1 | 0b597159e0e3931b864f7c409f34503893d1f75a |
| SHA256 | f1836f6622d4294eeec32ca6fc96e24dc84792834fe3701fa0790f450bea147b |
| SHA512 | e03fb3e5999aaaae2ac5fdc301e78ef4c50366c2ad9465bd94998f8f1a4a83c8a33434231f9cfc239cfb83726aaeb244fdf5e99011b67506159b66eb7f905510 |
memory/2216-79-0x0000000000260000-0x0000000000314000-memory.dmp
memory/2352-89-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2216-80-0x0000000000260000-0x0000000000314000-memory.dmp
memory/800-90-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xQgkcAIE.bat
| MD5 | a74d9f59b3462e5696636cdc241a1438 |
| SHA1 | 7a3a922762c83eb6035b54f79adeab0bbfb088d8 |
| SHA256 | b85cfbbf4fd2bbbfccc2825284dfc4a2f3faaae6f87bc7deaf6fabd7089e8d55 |
| SHA512 | fd295cba20467e973c98c649a377a84f4c877ff83f58171bfac0b06617a4485509a5237b5bc1700e137dd66fe3bb51722f20213f56da3fddfa1c3ed37583adb0 |
memory/2760-103-0x00000000003B0000-0x0000000000464000-memory.dmp
memory/1760-105-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/800-113-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BGAgEAEE.bat
| MD5 | cfe7d9f6eb26b4beca940913c5e01a93 |
| SHA1 | dc8f4f542b9f4ba89105485b0cd766e475b847d1 |
| SHA256 | 71c87dcdc3b226b4c080a9426c68a0717924176ab7aa050963da701d6b463bb3 |
| SHA512 | 39347c969773d2445aca1b8bdbcab9d5040713d69c663c31cb2072bee28e524f521741b47f32b85905fb12159fd18da5c164aaa91d28959e2698f6881178cdb2 |
memory/452-126-0x0000000002390000-0x0000000002444000-memory.dmp
memory/2152-128-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1760-136-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nqUwEcss.bat
| MD5 | 855a43c6f535c1752a7ebd5b6b270400 |
| SHA1 | 551dc572bcfc5b99de25db7ff250d5324acf9f65 |
| SHA256 | 98843b55661458eb82b632aa5fd478c9fc8c085423434213585c62593a351d57 |
| SHA512 | 556cc127a50eb580711a25bbe6040356daf5163d5994b3cd515c6a663adc12ad8c80a4f233ce47a0e8c36268e5eb140a61a167320ab48bfbef0fb3d1c7a6f991 |
memory/1524-159-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/904-149-0x00000000003A0000-0x0000000000454000-memory.dmp
memory/2152-158-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kgUMMwIM.bat
| MD5 | f833033a140f55690c6b3119787bec4e |
| SHA1 | 07db1e900c659026f92000a1a9d4dc96f56681d9 |
| SHA256 | d978a5f21fc25eb90aa76770274ba46f815481e3b22f9ce2de64265323fab549 |
| SHA512 | 0fab9d658115d8ff7af1621f3280594f735ad4251eb6298f9ddfe31e60b1d254a295eca7a296cd2530c33da75ca7ed0c0180318e375b2d05ecb96b01f7292d0f |
memory/1524-182-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2620-174-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2680-172-0x0000000000420000-0x00000000004D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CCYMAkEs.bat
| MD5 | 15a02dae27a6953e0000eaa18630219c |
| SHA1 | 7ef84078c8a60401b5fe234acec10ac119b5509d |
| SHA256 | 081c53eee821e9eb92d08ce4af7a58c1fd9e15ce0def1cb2b974a4fff8f67428 |
| SHA512 | d3138e2c7ae24e4b5288fddb393f3e28a07bd3a5f7a41f200b6fb407cb0122796563ef43d5fc5781e2dae62e4e18d17186b58bc0092af7ceec2d1f0b2b5d5d27 |
memory/2524-195-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2620-204-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mSEIogQo.bat
| MD5 | e2ddc5a4cfd7c3ccc3317cd7c5c58397 |
| SHA1 | 860ee70705e0155d9bf45ba5acf0800757e75d6b |
| SHA256 | d85862dceaade41638ef1b8252811533e8c6c4515eadb79eb25ee9eedc9bc0ca |
| SHA512 | 2c627f7ac1275d7eb392e91ef3720c10c0ce3b939e32dd0439917f9be86a509d48b37bcbe094f2615ed1508a284d8dc2ca0e814551d4b45ff949ee3099a5bb9e |
memory/2524-226-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/312-217-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\giUAYooI.bat
| MD5 | e2a3868b22aef3946847d0ebd042f6c0 |
| SHA1 | 5478e337ca780e07a0bdb855111cba508d94e30f |
| SHA256 | cf47cb68bbdb5282b3f743587c456e24dcbbd434b93625214645d6fc9607a8cb |
| SHA512 | bc6787bcbe8813ca495373d63cf7328c7ee02056fc66b81ae7392e02e0395cfa0226dfd5d3f125e25477034e0e7ea72fbbb9dda90ece16b9cb6b005a3e56a329 |
memory/312-248-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2996-239-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QiwcMIUU.bat
| MD5 | 6b5d9859112f598f7c0720b3154f946a |
| SHA1 | e01b72481b9a4ba4384391e8022263089a5f81eb |
| SHA256 | a546ec66b7935b2d3abb34cce275d58ce57c2873979e8a2565d2d096982523ce |
| SHA512 | f7194246a84e23c18e8af5d53f54cb98146c6480ee77c798d2f7eeccb6192efdf3d255df441363b76cf7a3cc6b6ba1c243867608ab3b94a8bc4df75729dc9eea |
memory/1504-261-0x00000000023B0000-0x0000000002464000-memory.dmp
memory/2156-262-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2996-271-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hEowYYsQ.bat
| MD5 | a67237f6d652110d6a55c8688303a3e8 |
| SHA1 | 6dee56187cec65a2a59646511ed420668c3a04c5 |
| SHA256 | c72ad1678a1db14f6381a7e93038f66880e422d7a0a0b43560edbbd4623df4fa |
| SHA512 | 0f5ebfbd7da05a0ac667785c6b87a30e4f73fbca50a2dcd14709c8accaf7264d409ce4433f048eb1654583b87382b17cba0a7ba2bf82c76eca26ecfe249b21c9 |
memory/968-293-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2156-292-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VEAYYgAc.bat
| MD5 | 770a587bf8b4a5771b276fd0733cf02b |
| SHA1 | f6f2bcebdfbb38b215d5c2e2a8d004856d78867f |
| SHA256 | 3bcd8665626d1dd70536d042c00fc5d4d5f604c3b813596c456b2b91d9bc3bdb |
| SHA512 | 7de8ae09f097349f814b1ce11dd8400ceeab3317f0190721b51b307db083ebcbf37dbc967678f31cb03b843c9e30c52df10cee73e05cfe972916004f676e414b |
memory/2932-306-0x0000000000160000-0x0000000000214000-memory.dmp
memory/968-316-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1628-308-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lIcoUQEo.bat
| MD5 | 0a00d0ccd3ffc0b11814835c67d5780d |
| SHA1 | 1593cfc5540a3f0adafdee1fa3b0bff43f4221c4 |
| SHA256 | 5de479318bea3fdebae9ccf8552eddd424199474af37d3c0d5ba47b942b462dc |
| SHA512 | d13693ade8539138a9e4e40fdfbd374b3085dab5c122c66a84a081c01ce088dadfd7c0d085573735c034c7a5e27c280dba0d743eb8eb71db63187484fde8a0e2 |
memory/2472-329-0x0000000000430000-0x00000000004E4000-memory.dmp
memory/1628-340-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2584-332-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2472-330-0x0000000000430000-0x00000000004E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vacUEwYg.bat
| MD5 | 46d2aab71f9e99b782ff6f0a84d66110 |
| SHA1 | 3371ec9accdaf2e590a4aef55161e68135b45972 |
| SHA256 | 9b1a76f8a094b6d11f7f01d42df656a5d5db55b8f521661bcc2c59fcf51e3486 |
| SHA512 | ccf53619e55c084666583f6fc9830273db12ffab8fdf43f39a349434002f8384078092b926e975b64c035401e14a5ba9e7aef7042a76bc8c917e9bf46f0cd965 |
memory/352-354-0x0000000002390000-0x0000000002444000-memory.dmp
memory/2584-363-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2380-362-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yYMcMYMk.bat
| MD5 | 9712981f6efac352cbcadc57a38bedd2 |
| SHA1 | 13a6ab124c929255d331f8a3da3366bb346ae933 |
| SHA256 | ba91ba188fd481f5f3fc9dfb980f492dcfb960f40f59aa787feac08b13a7f577 |
| SHA512 | dd9c47ab91c573a25a119ae19b08be65c3dfcad8768dec18a348100dc123f3f1e9a1e9dd08e739563202eedd9686dcac12a9eebca44c0cf07e8cc4114783d3e3 |
memory/2380-386-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/928-378-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1532-376-0x0000000002340000-0x00000000023F4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\usIkcIwE.bat
| MD5 | 735f7ecc53420a901130dc1ec058eec2 |
| SHA1 | b8c25fa79d6ca23ba9be56ccfa1f7cd1ecfd91cd |
| SHA256 | 9d89e01ab8a9a3d5a1892ffd6b1a7c10cf4a7d3bb389e5ff114635405cb2dad3 |
| SHA512 | f5f19c93e33f0f98b26d853643b875a1bf1ba9ceb4dbd58f2b6114f0282d3bb99382e65cd206a850273bc78a989f505ebe86db988bf9d46b745048b79436451e |
memory/820-399-0x00000000003B0000-0x0000000000464000-memory.dmp
memory/928-409-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1848-410-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/820-400-0x00000000003B0000-0x0000000000464000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\syIQQcQs.bat
| MD5 | 265d791ec1fbfff7b9e4b0d014f7cfdb |
| SHA1 | f2716345f481b101dad38e6d574cf2d4d3dbd45d |
| SHA256 | c88383ea9092260d2bc2e43fa528904f850ee11f4f902413360b172b98a371fb |
| SHA512 | bfb0ee5bfe67d9fd0e944a08d1d12187523fc5b3a254407af80294446319df12ae3e969be868c7d686d248dbb513a304bc19cd6bde2a3ee0e546ba5facc2511f |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
memory/2156-423-0x0000000000400000-0x00000000004B4000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\YEYw.exe
| MD5 | 0a71902ed5d40bbf4ea9bcc6653925d4 |
| SHA1 | 9f4cd7f100a100ba258e9b2095ebc769f0fa12b0 |
| SHA256 | 2334a54f8c883d3fb5824535753d6fe9d022a0cbcf9826a104b6ed2e87a8280c |
| SHA512 | eb6a9cc8d47460d37bd7b36851a7103f8663eb308311b086b6965d8913a05b104e6cdd85aed67ec97e73a9a706cd93ee4df3a2dc9c30586399bb3bd51d82912a |
memory/1848-436-0x0000000000400000-0x00000000004B4000-memory.dmp
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
C:\Users\Admin\AppData\Local\Temp\gEcIMYcA.bat
| MD5 | 7865b2ef201dceea0dbd657d63883f70 |
| SHA1 | d3e840d996387e060771bbf863e92f1288a352c9 |
| SHA256 | a0e43a261424d2035b985a2bfe61422067d286edbac2454aa7216d8182dcc2f0 |
| SHA512 | c711f53008b4e5af80c68f486f273ffcab9d0549a54ee00b18ad04e3d43da3bf6151ab97cef098c400c2b64529fc16c2ab4334ba8357f4971daa57bf8308fc41 |
memory/1736-463-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2636-462-0x00000000022E0000-0x0000000002394000-memory.dmp
memory/2156-485-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AQIy.exe
| MD5 | f1bb5a5e585186dedb153e0453df09aa |
| SHA1 | caeb0a69f630e49ff3208ca8467977381c315580 |
| SHA256 | 90b35dd83294ea0d14ba67dfb08c48627cc30c003a64ce6037baddccb98abac3 |
| SHA512 | 96bc8134ed15177c9f1305488b0f5702ba6bb503e625a270abd5aefd42805722aac809d7140cd11ef15da6c73bacf9a23952962b6169261ead92cf8cc820d740 |
C:\Users\Admin\AppData\Local\Temp\wYwQ.exe
| MD5 | cfca7f784852ea87dc431b32e8ff30c8 |
| SHA1 | b14557a871dc175707120171fee1dc28969f8533 |
| SHA256 | a3494f6fd318efb458b6bc6b435b78e3c616571ede614e27fe286e97bb672c6e |
| SHA512 | 114d96c647796000306a88fd5f1587d86e53f452657485068448772711facd8ac29509787f6b76f1e81c7d41651380d0cdf5ba971527767541065a9379b26170 |
C:\Users\Admin\AppData\Local\Temp\ksUM.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\OIAQ.exe
| MD5 | 50bec4f89a3ad2499d64aa60470639a9 |
| SHA1 | 6ec0d4ced31d743ed8f8e825489b9b886967f9ef |
| SHA256 | 5fa366c3f744ec0363793a16b02a88916a64012c43d0d980c32ed02614f89448 |
| SHA512 | 7b756995a94c3db8db0def458c77b4281adc5155e845cdf4ea8b5a0e18ffdc2dcd99d6b0575bb177e5039528dce12537745304949bed1f98b01912999fd13c41 |
C:\Users\Admin\AppData\Local\Temp\eMgk.exe
| MD5 | ef54c60180d2417415f702e0beea4348 |
| SHA1 | ca3a41ff7f2aed236302d4e17cc0292206505b24 |
| SHA256 | 0c2f63a34ef2c35dc94809c8e82cb41b9e850829a0e9f9a34f6da39883495abe |
| SHA512 | 9978ad38e19fc7c02c9edd68cf90a9c1f363cfafc52d02c154833325cd8b92c50d08e48448d383062deeb8da1035063be8f9ec25ec51328d4754d0ecba77e486 |
C:\Users\Admin\AppData\Local\Temp\WcYQ.exe
| MD5 | 64f2667692c6cd35df6f03a399ef676f |
| SHA1 | ee57a6ef70c3cc7a616f4beb44ca1e5d6ba6d6f8 |
| SHA256 | b6fb60760e26e0f710b389b3831e1fcb9362efabba36a3029b3d260583f802e1 |
| SHA512 | 26b925361995954352b015c4665608b216225339d30eea87a0f6a84fdfe13323baeca1cd383bd7788ab26f55e61b6c7655a82fc2aa324213c0786c2794898925 |
C:\Users\Admin\AppData\Local\Temp\bSkIAcgA.bat
| MD5 | e7d9e1ff4f85c743f18bac547344b502 |
| SHA1 | 560be011eccdf1bddf5441de23a0047f1572176e |
| SHA256 | 4a4e63293a7ad12910de7c2eca1c9971b60ca7238d148d49f3ba1db40684ceb9 |
| SHA512 | bf33ccd2d45cf6ba5955a771051fb3eb1992113e2f36d53ddbe741284e6a455e5eec36675073926f00d2948398446b04e74bc69b1c6782334aa4927e244d8640 |
C:\Users\Admin\AppData\Local\Temp\KYIU.exe
| MD5 | 29b5c9dc0c3084b626a32f8de1f98080 |
| SHA1 | 8f57d907cb698be323a47337f7f109632fda8f16 |
| SHA256 | f6c02120dc94290f5a7ea37c48ecfa730df37c602ffe5a426464986a42414a7d |
| SHA512 | 2874438fbea9160dafc33af942866c726e163ed2ba398d7702575bd5577fcafb3f9a75cec3e3047064171c69ed5449fbabe557113cd5544f88cd6d7ec9953167 |
memory/1736-569-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1316-548-0x0000000000280000-0x0000000000334000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YYog.exe
| MD5 | 125ce65f7c451b06beed6502a6d49120 |
| SHA1 | cea84b57fb3f41734ee239459f5a5e93f2c907f6 |
| SHA256 | 7a54f8ae0340f0d83ca2157b70e31f1e53ac489b23d10bc5998e70ff348956f3 |
| SHA512 | fcbe9b6a7f6d08a9d0b35bc205e9aeb2fde14aed373a5da6b2bd706346e678449693e51a99a49834d85cc848e6a160432015627f87b599f0630793f540537b7e |
C:\Users\Admin\AppData\Local\Temp\wUwM.exe
| MD5 | c9bb46de9589c67d63e14e08f9e93f1f |
| SHA1 | 3ffa924ea5cf9a3ac561c9183a8ee2acde2fd5f7 |
| SHA256 | d3c7114e11f8ff184b6f5756e3dbbd049c1871d411e0ff4a7dda3df1f9826007 |
| SHA512 | 6497a21b7f40d96f92854818830a535c2e25ec39ed1308c7583e498ba7ab3dccee68e0b5393fbfe99618b7268097759fbbc4f0b27e0a32a994bb70a7625c8e37 |
C:\Users\Admin\AppData\Local\Temp\hsIQIIQg.bat
| MD5 | 8a2e9b7926faafc0e1a28d7c5cd2acad |
| SHA1 | 4b6bdadb98ba6680b4a8aaa4e3ee4704957dd2e3 |
| SHA256 | 11c61fcfce64c25c649466a195b7325ad5bf37f984dfa8bd57b493dc5aef35df |
| SHA512 | 6636e7c9147b6bd1431eb27d3a582c7984c1e238e5b37121e1cbdbf2fd17aa8f61db377c3b4dea1060d869ab070555c630612396c6cad9ca36cc36cfadd29d6e |
C:\Users\Admin\AppData\Local\Temp\AEIC.exe
| MD5 | 5b38e8e4f5eb6da32a73ef2c383bbaa7 |
| SHA1 | 405ff7d3eafd31ed1018b1f37177d076efe7a212 |
| SHA256 | f63d008c96c1b24c3235bb93f3a931be0e8f78f204fa18237a05b811a0cdf5a5 |
| SHA512 | 084e19cc7fba1f61b1784cab2185cd7be641ded8b42ef6e4c7cb9ab87516281ecc5cd83b3d10c5924fc82e1b0ebeb6d90116042c837666b283c43e7c21272f41 |
C:\Users\Admin\AppData\Local\Temp\EsUg.exe
| MD5 | f1f97e9521e5c158ec25186186cf60e0 |
| SHA1 | bb63ff39e92cf8b48081c6743d7db5ba0a049cfb |
| SHA256 | b8c5ea156e049aaca0e2a68e9fcfe787ec97c72d8e41ca777c24c12478d52a41 |
| SHA512 | e6cd0029045f1a83b2643e1193c50ffb9f1d3e8a015d820fd929e582bf336a8513b0d3bc75547fa86897de469c38a84adb979e361bf4130e0a59b1755794c324 |
C:\Users\Admin\AppData\Local\Temp\kQUu.exe
| MD5 | 5243da6b8382270d168006077d7550e0 |
| SHA1 | 849aa7d7a38b3704c1b7e0d4d8ba91377907a8b5 |
| SHA256 | bf2e38cc0fe9b4208df72be59392e2e69c393f0ca4e0af6b925b5ca932db5c4b |
| SHA512 | e64e151a7a91d9795542f28f5d51d9574a22c3f6ddffed28712138ad6081ab89f0d7537a7360f30b14be745fd57f9aca0c7166db8e99060044a048a6a96dc67f |
C:\Users\Admin\AppData\Local\Temp\cskq.exe
| MD5 | f8c84aebc581c8c3bb12d4fc821f5fbd |
| SHA1 | 8911bd607991117a1e7b2e2ec9ef49c9a1031206 |
| SHA256 | 6e0ccbc281c21b815a5c0d4642555d1c0343187da82024af94aa82a87931ed48 |
| SHA512 | dcd8d2507a8d30b251b746444ec5c58153a835942e785efdd184f37eb0e70ea5fa3877950b9530cf941f72a734e4c445fb5034aad6d418e9f093f77f2f57b8e1 |
C:\Users\Admin\AppData\Local\Temp\QsMI.exe
| MD5 | 97f40a9e2a57fa5101e01a7d411311f6 |
| SHA1 | f7c2b941042e195224d8cffe6854a1dcdb5a8c5d |
| SHA256 | a270d8f6c9463ea831a7551aa177614ef1cc8e7b4b2a3654d245b98b0e0233a9 |
| SHA512 | 3a16380f6dcf365955818a2a3171101590089bf5d25460b320ef6e0a32a9c3d4b254b93d5eacb7e4851635ce1639bba8a5f81a84051780c6a73ed8ea6cfea996 |
C:\Users\Admin\AppData\Local\Temp\bSwQQowY.bat
| MD5 | adde2bd440df3936030420d351bd50e7 |
| SHA1 | b71c8babb94b45f530938f814feeadeba333973f |
| SHA256 | 3fac97240837571dcdb8d64ee67e02926fb3a459326efeac859711d9f304e512 |
| SHA512 | f216bd77542b746cec707f72431b32d788f9bf2866abcaa9a7d1aa5167fa0dbb8f452bce280195d97bb2177062bb0f32ad703d3eb67275485f04e5d38870856a |
C:\Users\Admin\AppData\Local\Temp\OMQG.exe
| MD5 | df3da5e1903955b75f996e9885eb3906 |
| SHA1 | 00f21152f3a21d6380e068c65ff09df2a013aceb |
| SHA256 | 5082117d9057bf6a31c9f03723d5f21e6551bf7d39ce8edb83858de2dd14520b |
| SHA512 | 8cc6a175e335ce235d135158201bb3696db8991e2155871abbe485b53e192fb5659c7cf0289c1b24ab0c6a97e15b4be35135531f8f00a144e5ca258e015752dc |
C:\Users\Admin\AppData\Local\Temp\isAm.exe
| MD5 | 827582d30231c518a68e6253b0b2e2ff |
| SHA1 | 3f3c37e58456abbfe71fdac7a84c86348676d90f |
| SHA256 | d84c9042f8327280d94955fa55a1259356828b1d330747b77e64a8a5787d66a9 |
| SHA512 | 41958a743499f720e176f2ec4e45d050d2bd583d7113d8364db6220f1890e247176fa393671685da578a4c91b3157d9ffa6133215cac568e709820fb9fa1bd70 |
C:\Users\Admin\AppData\Local\Temp\cUce.exe
| MD5 | b4dcc802b1eacd8ec061aab67a78d92c |
| SHA1 | af93a702ac187e02fe82204efe27de7ce5470850 |
| SHA256 | 0ba20391614b493b64269d693f6dc7a66f28befcd17c2ebf63d7c811b237a2be |
| SHA512 | 131a8a1744a30a15fa9751494e721f5b629558eccc23f2730680d5d467baa5b64f7987c6884f7e83bf425cf58a37df1c0e9b49a86a821ed3ad0d7c27e26f662b |
C:\Users\Admin\AppData\Local\Temp\gEcK.exe
| MD5 | a6187a0365314fe38773df680fcf8be1 |
| SHA1 | dbd40da138f0f96f2ffa11b1138aea850935c23e |
| SHA256 | 6e57ec5353e63d707bc1303f38db5b409857818dce32c13f60ae6d942551cca8 |
| SHA512 | 0ccb38f3436045930fea6ad5cd1cc542f7c2e3df01c1b6c9cd506ca69b396f876de9ea57b29bc910db137db0c4f020a429d0eddac744441fc31405c9d1b794f6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | 25b76913eab1a40cbad103a6b148e638 |
| SHA1 | 2fcb43cca6ff2e3ec89569e0a12b17481b971d00 |
| SHA256 | 87d4c5808b5c0392668433467e5b7c3fd0f0eb0f2a4186d66cb0e7dbb1c325e7 |
| SHA512 | e77e0b94f58dcb6febb455d9b6ec7fbdfd096ee78b0c14acbea62135c8c9b4714381533107c6af924887101173ec11676e1767fe4dcedb5429b6aa73990eaa9e |
C:\Users\Admin\AppData\Local\Temp\TikcAAIU.bat
| MD5 | 12bce02116f0c42e718f8ae0437d7542 |
| SHA1 | 0197c2364346c624f1cec54ee5b87d37bd8f2cb6 |
| SHA256 | 1c701bde4bba2f6060a8a6de35b0da4ba7b972105c13e87c9c536b85cc117b7f |
| SHA512 | 8d877a2cbea44254d8af7b88d82b9cdb4f08176398aafa158cb8df108a2d3be6dccadedfd71ce21e757f30aca15bc5782f273201f5e81941f81c3f7864434f79 |
C:\Users\Admin\AppData\Local\Temp\sMAK.exe
| MD5 | 10387ff797da13767bf5659c97c25a54 |
| SHA1 | 029a171e1a5a5d6f58d19b8e88c832e6694f08df |
| SHA256 | ebf4b89516c0096145c3e492ef783e3f135f18073572c8f3e8dbe72783c4ed9d |
| SHA512 | 627375578d67073cbac761f4e5865c19e1f04cb344576143878a6fd18a703a16306c0000c08fb95fd857abc48f4dd4de3d995180a4b9c5004af9820fe680b541 |
C:\Users\Admin\AppData\Local\Temp\YkAw.exe
| MD5 | 3a3835db075f19ab6e782f0e70344dae |
| SHA1 | 91085e055ec6da66d7ecf3befd8404119bbdf640 |
| SHA256 | 6c4cec895be9c4521412000864fb965d887deaf931e802c3d29a31eab609e1f1 |
| SHA512 | 9a58826f9dc01bc3027b10c094cce11a9a2b17e288108193bc80208db61f768a72dd5ae6086fa1fa788ad1c9100ae05bb6d5696296ce857f540e861861818219 |
C:\Users\Admin\AppData\Local\Temp\IwEs.exe
| MD5 | 3f681af71a07a37f6274679a869f999f |
| SHA1 | bcdaf3786b90e66f0153e94d6bb28b13b75f7783 |
| SHA256 | f2a6bf3d4378ba82a5a32287a1776f6f94da9081924ee6d146bf85868d773742 |
| SHA512 | fa1058257e69dab52e7d3e115266b119fa818fcc38d188b4fe61355a265e0cec4ecf914e3afc5f4c9171ba374d3d925a5efb31f10a3e749ff5ec1897e8da7ff1 |
C:\Users\Admin\AppData\Local\Temp\OkQS.exe
| MD5 | 117cec3eb8f4e8115b61d79a07a0372e |
| SHA1 | ad25136cd7554ddc4ced7634f982cbb0ab044943 |
| SHA256 | 0252da771d2d2f4159126f6ba1e80b9358cfcd7fa753c832347ce217a61aa291 |
| SHA512 | baeec43c68225df1bdc7796bd496a9236d5beba914d5e019081bb626c78eaff655bd90b080c3a572b8e3c4a8a2be23431e7c9f1a48c2e9aa5f2eb085222da382 |
C:\Users\Admin\AppData\Local\Temp\kEsE.exe
| MD5 | 0db849b11653320f941322e12003c4c2 |
| SHA1 | 028f50f1bec78837d2e27e334c1dd8b4d538bae7 |
| SHA256 | da879b2c070ee4ce2628a4db77b1d7734f6373e9d0c0a61961f037212545d3d0 |
| SHA512 | d4b3c175cb44ba69c5d446d750cb67c0f71ef8644903b2a2a7a7a50a9ebc3ffd89e846c5920cfc7c23485bac1f1d43102307d05cd8761ef407a8158231b007d0 |
C:\Users\Admin\AppData\Local\Temp\kiYccUos.bat
| MD5 | 6b0e8dfca577b877c54ba495b860b954 |
| SHA1 | e7f20c6d9f4b4a255a2b07706cd86cc7c53b54eb |
| SHA256 | 8c03869b5981208a6b0765f692ce6067c2435ad179557c6c3fe16caff09e2d80 |
| SHA512 | 310794654f8396c5856721916ad8616e80a11acf9bf8b96a64fd77b2605733681c36957b219a775fd3e874682460279fbdf1e98bb713637018f300cbaa35c356 |
C:\Users\Admin\AppData\Local\Temp\IEQs.exe
| MD5 | d080e5159bb8534ba719fc0e6c09857f |
| SHA1 | 235eeb801dd9b9d7a3c14b54f2b8678a3142a76b |
| SHA256 | b10cd3d431fd814f0a6ffd411bcc113f43553eac6ef7df7943f40447b066d0dc |
| SHA512 | 033cf202c99e8ec02f86c0ad02de8bd09adbda822215a4b7a4b58e4427e789c282cbb4c1afb07e93b84fdf450398fc183e32df57271a8e6bd1e08f2fd3139671 |
C:\Users\Admin\AppData\Local\Temp\eUQk.exe
| MD5 | 411cee4e605ff9753bb8f034c34cecf3 |
| SHA1 | ef071e60965cd5e78b864c896e210ce89b9532d2 |
| SHA256 | be8b9f0a58c7c1e1f2d2ab09b28a1e0ccc6e2bb782c9ca261ad098a69bd3fcd0 |
| SHA512 | ec3d645903260ed1a986930dcd713de9da397cae6130c91fe12d6aa318b69efa14168f61e27caeda23bca30dae5ede0f7471ba093af97265bac762d936502d84 |
C:\Users\Admin\AppData\Local\Temp\mEEY.exe
| MD5 | b246a52d0d0cdcf14eccaa05fd1a1926 |
| SHA1 | 5e8166014eee2c9bf9fca6b7d834012e8437bb71 |
| SHA256 | cb6da28d2343529827730d8548fedcd37fdbb55e64de4b471bd1b672ce616814 |
| SHA512 | 2078b8de08a069591622ac5b2bcf9ef12288c94886ae78d34e74c9948a463f7f7a5366280c73f90994a92edf282aa25f580fe3efac786575b18c36c31a75bd26 |
C:\Users\Admin\AppData\Local\Temp\cYMg.exe
| MD5 | dd225b899a8e4970bca7c86ddc6f71b7 |
| SHA1 | 3ecfbe5802ab909c825c8184dde2f5dac3dc5e42 |
| SHA256 | 5c1a427cdf42a2c9fcd7838714d1c0fbae33e6f198da8fd7ab25803ee5d691b1 |
| SHA512 | 661b8432adaf926ebdc87657c13a95bb0cce7169038e19e4c8c1e95609e4ebe142f2fdc67ebc4a9c05880a55222d38a6ed5b17284130af59ab0f325afcf60565 |
C:\Users\Admin\AppData\Local\Temp\WsUAAYcs.bat
| MD5 | e90398221563e712c55bbb1b6071865c |
| SHA1 | 494dd121f174153984daaef3df62f6fbc6892835 |
| SHA256 | 3291d72966dfef2e5f5248ee19b9a6e8b2124d8bcada59e9443b122199c10e84 |
| SHA512 | 4c9c256ee76883855d5d94335376481e84975bd0e6f96db05292f7f2e1a2da882c2a22bbd7f3e66716bd63e401ea0f42e849e786741cca37867a1a6d52d6eabb |
C:\Users\Admin\AppData\Local\Temp\YAco.exe
| MD5 | bfd7959a66848263f565b77d2cac235b |
| SHA1 | a7d735a62c80bba741bdb4eb432450b7222463f4 |
| SHA256 | 3c6505f1881a6d1a8b71b4a7b9ba42dc15eb07125b6cd4451a090b797182ea09 |
| SHA512 | c32efaa2be5b37af1884172a8b755d1f533996db249dc8f8f715eb162b2ec6303fc3b188118003219f59657298e4986958a1995fd389f870f87d28ed4c65e8a3 |
C:\Users\Admin\AppData\Local\Temp\WoYq.exe
| MD5 | 68ba523a58bc182c9e2dbd8b0d6270bc |
| SHA1 | 907f93f8e927ca61f464bab06ad8d88d7db6ef66 |
| SHA256 | 10854ecff5055a5745dcbffd4c6f2a03b15e76a08c32154e817efcfbec03de8a |
| SHA512 | 0aab6aa648010d0c122c60d719adebe7e6056508da3e9fafa129375021143ca52578c2a6a20cc048b1e8d081cf6bfbc6f0fafaea40188d66e890a3df89f43226 |
C:\Users\Admin\AppData\Local\Temp\ugYW.exe
| MD5 | 6a3a2ce0b082ac4914df10eabc106aab |
| SHA1 | 100b04b2a676234134d3d244afcaf60e93715b03 |
| SHA256 | 92e45a55f51f27f14c342e52376a77d752cb5881c7bea836ba609aeaf871aeed |
| SHA512 | 41494fc7bbb51b3a44f20f8315531e736dc18c3add1059345e3c23004b0e7bc6543427751960cb1f0513ce16b7fbbef66c601edaac96d1c6fb788e09541aa293 |
C:\Users\Admin\AppData\Local\Temp\UMYI.exe
| MD5 | b512681b1ff75d134452b2db5d0c9783 |
| SHA1 | f7f444fea389d8f1387bcc3a1c48c7ddd38b5bd0 |
| SHA256 | 6892391e11b8b71061c3670a464515ac22b1f37b0c9b55d70c66cc0a6ba67422 |
| SHA512 | af4afa096340096bb8afec05c43314a6c972eb3126f1f0cdd93bfe85f5d35aea030c685e37983eb794a22de45ca99483a267da9fdc0b2d380191fe9156015cba |
C:\Users\Admin\AppData\Local\Temp\WcEe.exe
| MD5 | 657315008b715f655da4855486359855 |
| SHA1 | 1e0a22f2b39a11dc8124f6c2a7ae6cfb9211b05c |
| SHA256 | 1589479e53f76fe01a512f64d18dc42a92f7c8396929c4dc7ae5129cda5764ff |
| SHA512 | a5367ea5d40fe865d5b2b3098ee3a6dc2d793f6a563b738da64693e67d8dff7b8f09c4ed1a0356cbde812b69ba47ec34e59fa334b9c1235dd4b803fad5ea25e1 |
C:\Users\Admin\AppData\Local\Temp\QqwIEgsA.bat
| MD5 | fbf20cc742697236ea1f587b2c2e6eb3 |
| SHA1 | 02f6eef02977d7c5fede7923864c996ed8a20151 |
| SHA256 | 2618cd6e167349408fc3696aa82e1131c43dc537cb024868891dcf13e6f0ebaf |
| SHA512 | 9da34c74d02a3970775c9b3106e64eb3d0d01049e8cd2d4c527e9f36e32ab32208ddad30ef24fedda1dfd77b65ed64e3c5dcf171a60557d1d6bf19c0afac485c |
C:\Users\Admin\AppData\Local\Temp\qgEi.exe
| MD5 | 6ff8a031452b374d6f33fded335cae87 |
| SHA1 | a4643bcb6f9755172f577d6a79ae5e2253943e5d |
| SHA256 | be861a684e9c13df3eb2a07b7ecc8cc59d74e6005248998e6d319ed94db3d2be |
| SHA512 | 98947d240f1b54461e17c165de842834fcc850da37cc77d158d4d8298c34c915fb0c1bc40c83d3b4230f4f0b44b065ea0fa6ee36345efc15e47f10ce42ab92b3 |
C:\Users\Admin\AppData\Local\Temp\YUIm.exe
| MD5 | b5664a16b2e7cdcd625f0ded4f947daf |
| SHA1 | 78694d9e481a4fc37404cd67bbe632ca98e3633c |
| SHA256 | 4ae06d8b31e786caef86b57715395fa44f329723e810427e744f2e1c7879bf59 |
| SHA512 | 0db9bd7a47598c86b2969e909b4b99729ac0665ea941ca39b4e3c2b8277448731c11054faab783eec4968e1e448a988cbcf74643d4f4e0476d545ef7e9b88c3b |
C:\Users\Admin\AppData\Local\Temp\wsIw.exe
| MD5 | 47ad052b372567335a0ba5dd19685d0b |
| SHA1 | 1b98de8e5a053124afc13eebdbb8b65b24630b89 |
| SHA256 | 8066819435f2441eda9a34b465e2a3d6c3f869956711b80c370c674f21111638 |
| SHA512 | ffed9acffc0e315c33451d7d3997008a995cca459fd762ddcdf764bc3394ff85ca726b3f6a6ac36cb143618a1fc0d4e75a307bad9feea0802dde2aec8b116b95 |
C:\Users\Admin\AppData\Local\Temp\ycEY.exe
| MD5 | a8cfa3983ce0139c7e2196cf355961dd |
| SHA1 | c6c40b27f2eb6d0a64270ee6ae4c81132c250d28 |
| SHA256 | 1f36347e49420cad3cd8598544d4956e82c247af9e6452978d61f3d9571dd988 |
| SHA512 | ff9ed66f401763831ea4b4731c8f6209d0f8800a53c652c9d48b5a25211198eae429a84ef6fb4679ee7f9d4071171309fe08746f501e53d32ac87f97888ed92d |
C:\Users\Admin\AppData\Local\Temp\SckG.exe
| MD5 | 24ecd9a747931fd06b79aab0a63336f0 |
| SHA1 | b87f5e8191b8773743e0713bb234fbbe47bd1c59 |
| SHA256 | 47bd5f9ac5f0a56988a2926630878dac134eddab414790dfa66c39bd4fa2a4d8 |
| SHA512 | 1ec9e30be2ec675fbd62f7e593a3e7f15bb3bace9a5446b4f1e55dd2aaf2d3044f381eb0c72806a1a19ba2f2ddf6e17865122851698a1f58cf228b0b60ee76b3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
| MD5 | c8661eb268c7002325492e8ab8fa9db8 |
| SHA1 | 20183038f9fc44f1da98d71d9cdc85343f8169ef |
| SHA256 | 7231bcac4b25e55a08c5f5f6587e59a2d31824ac88eb178e5f77bd1d79b9a979 |
| SHA512 | 21a093c3e9d103c6ea53dcd076627b3dac174aef39260b57c714dfb148df301e1bb21d71fc348a655fd88da6934f163fd2be3acd72ff858e7d01c62041e9247a |
C:\Users\Admin\AppData\Local\Temp\sEcYcYEA.bat
| MD5 | a5e8a679ec506e5d31cc1b9ea36dc179 |
| SHA1 | eab22a287d79dc89488abdd7abe1fa54462c17db |
| SHA256 | 9f4abc43dd09239a56382063f4f1eee4ca1fd5a263a10f57c6293deb625806ce |
| SHA512 | f2b3595d63951e2b6cb2837ae52198d0eb7b4508d890fde86f8c505b2f33b45990c952dc770c5a5a9522974346c44b5645ea52570f284abf8558452dbcf98cd5 |
C:\Users\Admin\AppData\Local\Temp\okkG.exe
| MD5 | 11a63b865739aaa190bc8e11a92f5723 |
| SHA1 | 5e9f21150826ba93d53ed4117030c5f98733b4fe |
| SHA256 | 9d9e0cf65b3f9ae1e93a298be2fe823662860dd562920821da1d73ecea2a57b8 |
| SHA512 | c8724fee62eaeeed101b968bcbfad3cf450c2f302b6626aacd9552159173e29b194f83bad7f9b9377e12317febf4100481d9661819c7f57fe08a38e48fa333b7 |
C:\Users\Admin\AppData\Local\Temp\qQAM.exe
| MD5 | 35b77c2e2107fb614425b161e6d51c31 |
| SHA1 | 666c3a9477c3fe1725e0eb28a8f8daf22297dcc6 |
| SHA256 | 7a91a06811af5309d1a2c5c40b9571e08ae9e1eaba982d989ffb3646a59eb458 |
| SHA512 | 776f2c3b492f6d5d54ce861837fbe7c3545e093873c652a95e5dba84e669b3b914c272bb10848420bf6d1a77a4ffaea8dee6076481670f4b68eb22019c89fe53 |
C:\Users\Admin\AppData\Local\Temp\awcC.exe
| MD5 | 582592d95f81e1a69c8b3eaefa34eb44 |
| SHA1 | 7109d8a370824e0c19ad1b426977d0973bc0f33f |
| SHA256 | 229a6594db3c25ca337ca3b634557dc1c43680cec1448199702956d1eb90bffb |
| SHA512 | 5cc1e4d4290803c8c8b232be477762ae36299233f2e1817b414cf34d04fa577f566d94a7b7e7e812bed4ae15f7d64a1e0e4657ab979679b79f64402c34a9fedf |
C:\Users\Admin\AppData\Local\Temp\qgIw.exe
| MD5 | 3987c2fba0033abd973d2d5d96c5cace |
| SHA1 | 16e8ae7527171b0d6e5c676ad502ee883fb4fbba |
| SHA256 | 47b716af5cddc32a491b6480c625e062882db0be5e8380fef70a16b7e91f1240 |
| SHA512 | 222c712b3105c60ba73025460623bf116aaa89bc80e230ee03196d5dcacc9d77e4e4ff4dbb13c2252944d23cf7817782c4b62dffbcc05981d49a487789a3ebc2 |
C:\Users\Admin\AppData\Local\Temp\CgYo.exe
| MD5 | e39c5ad60a655f1b763d5eb2c2e5ed36 |
| SHA1 | cf4c01bcbba18c303149ca69b84aeaf936e0296a |
| SHA256 | 8ec48fbea01e86d3496d13c28bdae5928b618464c2c410f91637f1bea8a29cb2 |
| SHA512 | ced0b012b577c90300f3880cab92801e65298418a5b0410cf1d2c6d700e3ff729ccdba3e0d3ce6c8556b0946fd3003409a0e28184010f287990e09802ce5c591 |
C:\Users\Admin\AppData\Local\Temp\qUQm.exe
| MD5 | fa1757f18fcc942239ecdde63afc9064 |
| SHA1 | b66b18bcde723f75ee3d7c6a9e16caf8707b963f |
| SHA256 | 91db5fd9f28ee1baa4ca8a913b636b1913bf34bab3363178c8bc87462ea56c88 |
| SHA512 | 0d7146c1cb1d6f644238b5ab1e11aefd5bf318ef04eeeb3183fa99b5772264c27719206942ef95479e163fe44f39f150e18987c37266a09db0d13c55518ba94d |
C:\Users\Admin\AppData\Local\Temp\SkMUMAMs.bat
| MD5 | ee821188fbd7ab4c0316c7847af78cc8 |
| SHA1 | acabe121f1d50c57e269652da8fa5927ce85cfd3 |
| SHA256 | 07558436c78d8e479af555bc40f0f2f84abdedab6a05b75291ace72ff64edaec |
| SHA512 | d0dc4642e7191f98f05fc545e52a749676675438d604bb6e1b4d42d1060ac399c8fef52bf4c46e3182d4f7128bebdb7d41b3dd0142dfaa858bf4ee69e123afec |
C:\Users\Admin\AppData\Local\Temp\ugQS.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\gEYA.exe
| MD5 | 1124f7e072151b401e0fa997e4f224a9 |
| SHA1 | e7b4f24aa3309c3a184b5ad6cb6fcf633642fb83 |
| SHA256 | 8caa182cc110e7d0deb3e625c65415ab69c66b9794ead8b8847e9bdc609347f5 |
| SHA512 | 033c613aae3a3bd5ae6b9e82ef227bd7fb570d0c2ce2de0feea3b184e80c998bcd5dce14eacf62867b6ae43a2bffac152ce1deb489f98cb2b4ba4d5e99053a92 |
C:\Users\Admin\AppData\Local\Temp\SEMS.exe
| MD5 | 7fa71172f68a6532a679151bf0d05d84 |
| SHA1 | 571ac51281bc721c3358c112ded5984f4733ceec |
| SHA256 | ee36cfe31bce4ff0169e2b33c9cef4a26bfb10902c8ecaafea303ea7f8b0120a |
| SHA512 | 169351432ba9ae724ac5d9978ef88c7c0fd856fb772dc74c4287cf512976a8856cdab1e6161ba299a57b5f9bb29ef90c0371cf15888033cf103e8ec8b667811a |
C:\Users\Admin\AppData\Local\Temp\IMMq.exe
| MD5 | 5c9e51345dc4704c5cf99aa8456b8797 |
| SHA1 | 56d84a1e9c4f1b8dc69b9527d9006a3fccf6a089 |
| SHA256 | f30e6b186f8bf65d25e5193dc780c823066360b59b65c709bc2d8a230e0f79cd |
| SHA512 | 098218af04fb2226efab00a67413dd5cc48ddbe3398631c7b4934f7f5a24e452304d166637e30df088c008fb7c8a31e406188023c3ec40e03eb9679f7efc7310 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | bd2647e28317e6406c175250a35856e3 |
| SHA1 | 03fd4cb380ea8db80786d23d4c47a0cae5bfd7ae |
| SHA256 | 1f5c6d49a9998567fa6153fd51056e7b3bb790a42875c7066a462cb035a5b810 |
| SHA512 | e852c9655e60146ae5e76bf9e0f444d24bb294672fd766d6a5d72cc14ff15ee53414330dfb468d1ec0203acffc48d28f522495204b34f8f6cc3e105eed74a709 |
C:\Users\Admin\AppData\Local\Temp\iwwY.exe
| MD5 | 987ab7a411224ea41e4366982c2780a0 |
| SHA1 | abd096287a8e236da4d075b7dbe58dacad647607 |
| SHA256 | 3d1d75e1f955f9cd82cbc41719aba76975b25d7dfdc081f58602289680275ef2 |
| SHA512 | 2def9c16324d89ac7e0cd0afceb74e8244350c651fb3f9135c243d12f0d88caceb4e34500280505c3cc26561fff9713ec89b1c8c854b4bcd8931ba69a34680fa |
C:\Users\Admin\AppData\Local\Temp\NskUAQcI.bat
| MD5 | 92e65dd48a0c6f7b99a0ee383b10fde2 |
| SHA1 | 2aa1e80ac3f1a4397249e5ef9efc6e84249d05e6 |
| SHA256 | 49e2e711169526a0cb45746dd4904ad86102e8054bb2d658ee5cdc79749d8b28 |
| SHA512 | adc82a12b56ce0b3a5ffaf668eb476a8cc52ab54bb664b31398575584f72fe34c9ad59bed8a6828880f33fefdb2c0ce1853881e79974cbbd29b400e2064b8572 |
C:\Users\Admin\AppData\Local\Temp\SEIo.exe
| MD5 | 21a98817c76be14993f98977916eb537 |
| SHA1 | 2caf60682221efe70b8bd1e719699390ae897714 |
| SHA256 | 23f028295670c0d2b0f95a162eeb062268357aec5ea5420c9f6a670ba1fb3f1f |
| SHA512 | 9336f5cc3c4bbc89cb425fa15f56946fbd74b2cc05e1dcb296fffabeb2445ed11b1cf0248f6a1c63d448a6d879fd6db5c8349d92af79bc5e9ac3f4c2898b9f35 |
C:\Users\Admin\AppData\Local\Temp\msAs.exe
| MD5 | bf7c3eda44bbdfffcd4f9a8565f2efdd |
| SHA1 | fed296c2db76d3be7197b625bcceb4db89b61f50 |
| SHA256 | 129eb511f24e71a35de25dd0683986c6ceb3c4da98fccdc0555f87e56f381e0e |
| SHA512 | f1a45a0f71559fe142e63a3056b9d4f27d28cf884675b594e9b4eb664df2857e6aa29fe95adb2c1f9dfdce734ebc4a0db9dc11fbe8f391cc4d403ba9cdb0c7c8 |
C:\Users\Admin\AppData\Local\Temp\mwYE.exe
| MD5 | 1593ddc9da8b560d7a1dae7c3759fa47 |
| SHA1 | 5feb82b21bee8223f50274d55b858077e9d9b02d |
| SHA256 | d690ccc0caa04ab3d18834018e10e5fe836368b8222451044b831ea61c8a7c10 |
| SHA512 | 6813074e67e5a4e5eb410c564f83f6bb536af103946142a5f7e45c0fed8fb4cd078171c4b9ca48c27ad5674abb828c9d279df3a398551ae07d2eae0d9a27dd55 |
C:\Users\Admin\AppData\Local\Temp\agMi.exe
| MD5 | 35b013eec1ab2e62cbf09679a705e486 |
| SHA1 | 108530e9b54b127c1fba7be1e5a5b9512c8f6e9b |
| SHA256 | a99570e656ed46a614a392b35477543e7f06e8e82edf10cc6dd17207d0fc9d10 |
| SHA512 | 5fc96a05fef480a1bc79afee99c9866d5efa2138c62411efefd77b726250c00fcd0225264503950381b508276cd1b4eb12329f3695d3f3e96408027d5208b2d0 |
C:\Users\Admin\AppData\Local\Temp\yUEC.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\cgYq.exe
| MD5 | 8fb53aadaa36d7139bddae6e3d9c0fa2 |
| SHA1 | b6dd782e778aa184f8de7597c4205a340ec40760 |
| SHA256 | bd1ace24b782ad8ea01487bbd4c6dbd2489f060a3b5997d589f5c18e64bb7d41 |
| SHA512 | fca9659c9b63972259a6a35aa1286831d5c7c59ddd7fe92a4dc1b1e9da124d4bdc10c96ce5b6ff0fd934dacdffb176ce8a39f9a395a126bfa4cde55988d3599d |
C:\Users\Admin\AppData\Local\Temp\RioEUYsg.bat
| MD5 | 5c3e4ee1894d32bf68351e49b446d342 |
| SHA1 | 9b026c985b8850be1e0084657af9fcda44a8bd0e |
| SHA256 | 06785420829b0c1c7cfb337c54b3909d4835d4f84d4309ee1d19066cd2e064de |
| SHA512 | f79106ac4320bf1cd8ea1345782ccc883ab1164a76c2334c32aa100b4fcab0ca1d203887b859d9bc57a51ddb719fd1b13cceb819f1285a6f373b7325a0807592 |
C:\Users\Admin\AppData\Local\Temp\CEsS.exe
| MD5 | 7cb9ce90c16efe53778db03cfe118cb8 |
| SHA1 | 05ca8ade3cd68f20bfb58d7659f57f0b63100406 |
| SHA256 | a1f26290deae97d007c843d648c2f1aab762c31c2b414f6f6eb97231885f8669 |
| SHA512 | aa6ffdc98088c8bd13f791e9fd30c8ea3c6bbbefa1a1b17f192739d27c4c0dcefe9ab046bef47ef53759d20c7c86479790f9a0ffc638eb9bd6450701eeadcfcd |
C:\Users\Admin\AppData\Local\Temp\yggM.exe
| MD5 | 30f227352c2588a519df44a20da343d6 |
| SHA1 | 17a4ac4d6d0a9df8569f59b36253fd416f2cb7a8 |
| SHA256 | 754dec1f2946a6fb1bb066e425a11ff24d552abfaf848747297e7d901bccd23b |
| SHA512 | 0d17c2b573ef0568bf5c77ac5e4d67653609acbcb55712de7c89eb39bbcf2e80e151eca81425d271595834583f8d230e0f70ea7adc8a1e8902d05741a2c49868 |
C:\Users\Admin\AppData\Local\Temp\YAwe.exe
| MD5 | 571172bf24d52a8f15187b31a4c87675 |
| SHA1 | ad09ab7dafaf5d13d82d83c1d62b4cd8e4d722b7 |
| SHA256 | 937d41d7f3959ab3f01a7676ef81835eb05ef93c3be00a48df2f0a5efe515439 |
| SHA512 | d76e1d8edfda1fc31cba795021f5937dcf49c1245905ef8a808c528f4aef228b9f841233d061bbad29f2f5bcdfcc70d46f44e3385ad1366210697fda7870575a |
C:\Users\Admin\AppData\Local\Temp\gYkS.exe
| MD5 | f8d650df87baf87c81cc1913eb477001 |
| SHA1 | 445008937fb6ed9067803dc254b8405fb51aee61 |
| SHA256 | ddca4eaa09b2cf22a1bcb563ced22774b4c05a4ec4eeac31bfc77f31edf1ef21 |
| SHA512 | cc42ffae93c909ff18731e2ddd1d72df3016907fe22e0da91a952cf050c98e46f60dc909dfde89e9960bfc24f4b4eb1817da75d2cca1532eae0ca52c30700316 |
C:\Users\Admin\AppData\Local\Temp\tsEUwwEo.bat
| MD5 | b8ab523f4f7c6a708ac4f34753ac7716 |
| SHA1 | 5a7a2aee5a6b545dd7aced1551901973a3e6c98d |
| SHA256 | 891a092ebfb1e5d1981e53e33cea6cca13ec3f06f73fd1cb65f28794c27a4ed0 |
| SHA512 | 8a19ba7d1b5a89c7a38724e1165d64a2ebf832e09d00386c0a97731993c8772f0643f90fb6c0128d0649a8d79821373d68e98384f987123c338aa4dbe551cda4 |
C:\Users\Admin\AppData\Local\Temp\EQQC.exe
| MD5 | 350f5e83c0e3f83a98f21435890c652d |
| SHA1 | 3638b4aa08f39475ce87f94f6f97e71c71fca9a1 |
| SHA256 | 93b3fe490e105314fb94a11fd919a0dd7c9983861b183c905ab1e6de14d2e743 |
| SHA512 | ac08bbb2c17e9fcbeb12d542b57367703b52d715fb3ac47f050e9b9004da778c998677ffaf43fa459662e960afa0545adfa9cc2907828758881561e1f3bfc4fe |
C:\Users\Admin\AppData\Local\Temp\eYge.exe
| MD5 | eeaaf0adf62f7de46849f94d4f9bd0b6 |
| SHA1 | c67eacbbd1e45381df8afda65af6b839e238cd4b |
| SHA256 | 81fca042c13431a5c804a4995b51390dcfbebe3ecaa7531ae8c107fd2acc48e3 |
| SHA512 | 438cc1fd4b3b8b1cfba29851a67414d169f896d41d49988d9e5043ea620479e57ceb234c423a8ac61c69edd2729bf695ad94cced5590ef800e0ab68c4bc1546e |
C:\Users\Admin\AppData\Local\Temp\esce.exe
| MD5 | f5c7ccc4220e4bbead1944d8f4021f0e |
| SHA1 | 09a184e98bc0ca245fd09d73bd3b3dd2f06e5572 |
| SHA256 | 781f386a1005e8d43a55f6dc3c8cf06e657c79b00251e36ff819a4041f102a55 |
| SHA512 | d22d39e0f7b2c70b7289e9cda42d57411f485db7314b952f5a154c0a6b4fa734829a81712229752ff335f14b6db56513ac8720e37b6a6aa5b87ca0234dd9463a |
C:\Users\Admin\AppData\Local\Temp\REEsocMI.bat
| MD5 | 361ad5f77715d178501994bed4216f0d |
| SHA1 | cdc979d957f9cd8dcaef97ea75408f22615ae836 |
| SHA256 | 9f398d10842976f85bde274df68f25dce19f4bd32f24b81a008739d43172ef3e |
| SHA512 | 6412ce4afce0105a221e3c23a381c20adb7d8ff243d9ab123d5d5df99279ac3d5520679b4a2df799c0cb4bd1fbee6e855eedb749c3cf2db18cbae326dc6a0295 |
C:\Users\Admin\AppData\Local\Temp\Ysgm.exe
| MD5 | 0df9b4f818ba2ffae8553c73fad09dab |
| SHA1 | f152ab07c8a9c3ac53721bf80bd1161a0d866e2b |
| SHA256 | 239be74aefe20e94019186416fdf1ded420ddc58d3a02fb3bcc77eca956c6b17 |
| SHA512 | 588ef7ba35aa6548fd0ab5b9262e09eeb5c0274db439ba21d13cf5b3eade71c8fe85becab2c998435940a6463c75b77b1986d0b15ac298164c689d575639efa3 |
C:\Users\Admin\AppData\Local\Temp\wokW.exe
| MD5 | 01a4d6d811d8451b9c2289a7539bb32c |
| SHA1 | 5154c81dc6f26a4b88d76b0ee6b7b6f127ae92f7 |
| SHA256 | d5e0e0db97841276e0ae184c628d0c5846ebfc44b930eec545e2ab6de962dde5 |
| SHA512 | 42fc74436f3b37b58278f7557ea563ce8e65e06e116edaf27a7c57d515d49175489006ed73c0174872ecff827b4994f50892401e45f7bc1bc8055f3ae9cf6b7a |
C:\Users\Admin\AppData\Local\Temp\yMYg.exe
| MD5 | 1dcfe1f0008926818848ded7b325d900 |
| SHA1 | 7c93c849aea644b101d422c33341389df86fce05 |
| SHA256 | 4c26ce2edad4bce35c3977208980376b166a2f64bb6e2b4af9a677047fa255f7 |
| SHA512 | 882816d46e6d4ac92b74e0bc0fcb4a9292dbe90604571a5068c55015a3cddaaac77f5c34ffc3d7118742fa61a983af953161c355c86e8fa042f0335e08e4b36d |
C:\Users\Admin\AppData\Local\Temp\KiwAsMkk.bat
| MD5 | 4fbf154c17dc5d74e4070749db5bffc0 |
| SHA1 | d66c2544f6b9868213b8dfeceb297e6fdb685764 |
| SHA256 | 14d83bed974f72cc4ed8ba6cff2968c3aadbd4e0d70a0b0d5bd6ad581c39e940 |
| SHA512 | beab5dbd6d53a533e106fce4cb1838852caafe495718077e00d1f86088b158d61742cec5a89b9ee3ab7f0578f19d4aabdbe9aace70ce1260b66fc6deb9897373 |
C:\Users\Admin\AppData\Local\Temp\GAYy.exe
| MD5 | 0a9dff07983601b5a171b5740150cd10 |
| SHA1 | 3cb3c5d9976fe3869eb1aebe69389c1ae9cfbab6 |
| SHA256 | 699c920008b039c4762c061c8198576687949b37bf7690193fc35edb7d8638e3 |
| SHA512 | aed18d81cc04e836d6678bfc3d01d93085d0a83510096fa531606f24d5695966d590519e0b625c7f1b23d3191fff665ed91c2cf64ac4117002c5abef0149bd5a |
C:\Users\Admin\AppData\Local\Temp\KgMk.exe
| MD5 | bb4d6a767e8752f0daea662e28ea957a |
| SHA1 | b6163d23f4ae453496d66fcf79dc84f48af3af33 |
| SHA256 | cda2357e89032bb9beb48b742e4ad5df068c8cfcb09f693906ca4d4de316aa40 |
| SHA512 | 51430746a94e2e59c798b26163ced3578caf1a8704377cce1a597859507ca794f3dfcf3450f80b708a78658026b2f1614a12b573eed5949f58be20b45ffe9dab |
C:\Users\Admin\AppData\Local\Temp\gwoa.exe
| MD5 | c9c76d2966cab3c9947e9035bbc1ba45 |
| SHA1 | 8fba389b8d13be693a1c8b70acbdf7fd22eb3b8e |
| SHA256 | 68b87193bffc18e6ce5d0c25845c8071f6ff69d6fcf16a1f8359a4dfd9091d73 |
| SHA512 | 8b6fd1707cb7a46eff5fc9fd0ab40f3621483a324b926e1cd6ce9427c23f48584b0c09aae3c0fdc604455c27df4cb69f2a2177659c2c11ef08c4f1163a618d0d |
C:\Users\Admin\AppData\Local\Temp\KMMU.exe
| MD5 | cc8e4ed62ece986c5409e10d4f357e4b |
| SHA1 | 44d945a072af68d51c1f3e6d9c3e1b95537833f7 |
| SHA256 | e443152c3b022249811c998f737a99fd42aab6ee166533ec2331e212dcc4f12b |
| SHA512 | 90c013f8f64cc8028488c6b9abfbbdbff2097ff90b6602f0815bb4b4bc3253d5ead12c1b9e6dcfe7e59e69fab9c9c239291ab8f6cc8f1f73f7a7b6ffacca36bc |
C:\Users\Admin\AppData\Local\Temp\uwkAgAgQ.bat
| MD5 | baaa14263d09f9d20b85bfe5fec35e85 |
| SHA1 | b73e750b396ed03f373f899edf3de7bb934c0ff2 |
| SHA256 | dd6cf22d0adc111a6324ec534eb828eb0ffde7c1c071600acd2c580329b66219 |
| SHA512 | 1da71d93656d7b2d101e8b121542679cdbe151d38db69145d1832aa02f976b7f1c00fbd51549c031296225e5bf777c3b0651b338649f8910a55ac2b515084ede |
C:\Users\Admin\AppData\Local\Temp\cUUu.exe
| MD5 | ac3e79360bdde1865ab0f31ec4679d23 |
| SHA1 | 7f58b156a94224eb73cba686c1393300c87ea8e2 |
| SHA256 | 9611f7c9da6770694788e185e54945fa4822b22ea8597dec273c37b6445f5e54 |
| SHA512 | 87fc28fa96913a53a10d124cb60fe11fac9ac8758f3940dc1db2f7e1d09759fa3156860eea075caec15450720c7a58e27fc0a8094ce96bd6227e477d367b2266 |
C:\Users\Admin\AppData\Local\Temp\YEMo.exe
| MD5 | 91f2fe987991627ab3a44507d3858861 |
| SHA1 | 8489a031b5e825099aa4709d3dd0cef57d135f9a |
| SHA256 | c57ecabe224aeef6d045716a84287fcd1494e096a262e15462773b802870b728 |
| SHA512 | 70cb36409f3646ff5f398ea42cd4d651fa0de2fea2bb7797e96e17fe8223e692ccb545d74a305ad14b7a5cdcc8af77487f7c01d35f3dd289d3d52ac75d71977a |
C:\Users\Admin\AppData\Local\Temp\KEEc.exe
| MD5 | accbe4944f2e0577754d317c80c69afc |
| SHA1 | b16c9f4e239b807c74d6ca5862591ba28ae20991 |
| SHA256 | d30240a3c371a234e10bd151e8502cb20958036d51499963c0eca05f138fe44b |
| SHA512 | 4a7fa2e6f91de1d478a3a99ac417943400161e344725f87370d0e469e30582e2d32d4272fc9b96a521df83e8622b3ac41c45a1e14cd08e7a82c2e58aacc7f191 |
C:\Users\Admin\AppData\Local\Temp\cIMMMQQI.bat
| MD5 | b49bac56bbc7094a769b4a1fc9ce5246 |
| SHA1 | 0921a94cf305e5730091ead1737a17bbfe8366b9 |
| SHA256 | 6ad38de62440510af29e8da04346b7223ffd952f27633ba77c033fe6b6eae36f |
| SHA512 | ccc2bcb6113070320e26212bbb61a550ef90b64aa8f72089920e78efeb82da36d306cecc0212445126ab98766402fb4931caeb638246d1a906f73ef49651f998 |
C:\Users\Admin\AppData\Local\Temp\MYYq.exe
| MD5 | 2866a168bca8851581d6599447cb18f1 |
| SHA1 | 2450c93338bc2d559b49202680c415a96aa481ff |
| SHA256 | a2546f4d5fb3542f055c8275ebd3630cd31c1c369a64cc40d302600d42ed14db |
| SHA512 | cd829c4936c8a87e8e40b2cfa878d00eb9ce34c50bf584bc977caaebce0701be776f5c09700313f143ea882205e951614e3addc3aebefa1717de8b5f2e75afa7 |
C:\Users\Admin\AppData\Local\Temp\aEAA.exe
| MD5 | be92351bc49dbb0ecaa193653a0def89 |
| SHA1 | f32f29dd6f9f031502f2d93570e09fecfa62f6d7 |
| SHA256 | 2df925d564f055d4dcd6085e118ec49fa8cd9a38f1bccec2323c4d8985b22aff |
| SHA512 | 54161755041ffabf2f2050964746f64d49461a8d7dcde81609a793173a8085b44346726ffb7593034937146d7be0e12537f97ac03504146c762e65f09b0ab42a |
C:\Users\Admin\AppData\Local\Temp\ScoI.exe
| MD5 | c7776f4605816c45e988530d1d4910c3 |
| SHA1 | 7326803904c925659137409e4c599a73179a0404 |
| SHA256 | 501ceba3c28e2eb728015963c3ef8b95d5d651b543dbda8000a792036178bbc5 |
| SHA512 | d9929137d6a8b2691be2b1ca41a97c273219146a7ed4cc2ed0ce44c19024820ec241e47905a3fed7b514f256d8d6e5a1c181687ce1f53ee87349675722d1a6d9 |
C:\Users\Admin\AppData\Local\Temp\QwgYkwEg.bat
| MD5 | 91d475e7ea4d7b095f87aa0d59a61229 |
| SHA1 | 40ab9430ea4e6d50f3e8f609f9114346e9b1b428 |
| SHA256 | 44a24d8d07179b3adbd39947be5fe28a5918aac43d8fc1903d8f072c4da11f87 |
| SHA512 | bb0fefd4f83693929e9f933f671bdf087ee36363e42c8626e5947d38f8f397f596cb5a3d5d92aca4fe1662e9a21008b021d0159a81a7df962714691872cc46fb |
C:\Users\Admin\AppData\Local\Temp\KUwu.exe
| MD5 | cc7ad2b9def8aa2bbae3dc55e2281382 |
| SHA1 | 5a10d38a932e396c2693216dd3a5d46767363930 |
| SHA256 | e18f805a1a78c3f7a16aba7dd2ac65a987b8c8ddf4bc8a786ca1f12960df1cac |
| SHA512 | b0a4051af49b80957134a7429b542d1401e5b5dddfcd463d03d70bb77d109b9d296665fc84303c56938cf8f441f96e1bc988da6d3cef115452aa11a2b7d74afa |
C:\Users\Admin\AppData\Local\Temp\swEe.exe
| MD5 | 8d47775d989451b9666238e2333387d8 |
| SHA1 | b0b08075737ecdaa716048fdec50a527ae6d5be5 |
| SHA256 | 95a56b3f8e2df166fc7108b0e32ec01118f537b66338cd3612c8cfe13300bfd3 |
| SHA512 | d754df5c1c2e351c514e5cbd3c6bb84f276b9ecca5c37841dbf9c00339908775936177dbb70ebee18adb73fba570f9131a32aa46d022fd655fb09a505f8d4279 |
C:\Users\Admin\AppData\Local\Temp\yYcQ.exe
| MD5 | 88584b147950a9e6ea91887f684628d5 |
| SHA1 | a1c36aef61a6005266d2ad407704478912738b96 |
| SHA256 | ccf8fcc2b61c73018701895dd7e678fbb02ada9a9eb749ee6b32020743b88ada |
| SHA512 | a448c2d82de75b0a67065351d2436d679e3b148594bddc5e0b407d61870bb949544d6bde01ec467796b19e0e3f804c23bcd79e845c5939b1c4ac8444db768d2c |
C:\Users\Admin\AppData\Local\Temp\IMIs.exe
| MD5 | bd3934cdf8717e2df1451427b0735cf8 |
| SHA1 | bc6c6a6b0d13fd10f8e330bc49354a7a07e9b047 |
| SHA256 | 5d9a85cd1617cff080cbd782c2274bb5f3ac6d4bcf41f17ec9598df780a3425a |
| SHA512 | 6f57e9a58a225fce63305725bc5abaa1b682501d1ca00b10ae7caaff7722bd9431114f71d3c065445426f6cdca2636c611c1c450887e4cbf0241048728be7cbd |
C:\Users\Admin\AppData\Local\Temp\tmUEwgko.bat
| MD5 | bcddf0daa19352b2ceb03bb5979f4e38 |
| SHA1 | 42b3d07a3f2bb3ba0d34224acbf911cfaf5e9612 |
| SHA256 | 14c6824f5db388f5deec6b9f30dcc39c0c66d003c7bb4061afd6cc5b81e0a4da |
| SHA512 | 55740ea05c9e82ef7c059c02867547d64302014187def87fb5241dbdffc5ff8a8e368e9faca7c087575ce057aee25b7418ce4851ccbceb08d9e9cb84b42a844c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | e7bf957c071649b48d66355685aeebda |
| SHA1 | c531a19adc534dd57f228547e9a3d394cf320a18 |
| SHA256 | 67f188199b4a693ebcd9da5938a6aa666f3300dd2358a4800cd5ace286e05abb |
| SHA512 | 4686fbb5b8780c9c68be08f82795e1ea85030e2259bef87b9b7e26ee86ce8b7204bde538f1fb3399d5a25ebb25ab4e8cd6d35c478708e3347ac66e00650792a9 |
C:\Users\Admin\AppData\Local\Temp\koAU.exe
| MD5 | 5be40facea863954b74fd9cd24952b89 |
| SHA1 | 4e219089145468cf8b891e7b73c4be23220359bc |
| SHA256 | 4c2c09d5b929555c3150fcf17c40912ac7aedee44dffe9cafdbff26e7f707b5c |
| SHA512 | 0067f6c860cf98f28b650e297e89b29ce15b4bfd86a8dcb4f6be3b0a022d61043bea297cbcb5a82241711a0cbb43350156002aa98f5bd11f1ab6efb6434deebd |
C:\Users\Admin\AppData\Local\Temp\ssAa.exe
| MD5 | a938b57527c4fa8edd6619fe3f63fea2 |
| SHA1 | bc7ab9f16558f37e2c6fbc65377ce67345439915 |
| SHA256 | 9d829e701a6537f73c428b6c5c13aaababd3908b0b97be57d2d4ee3cb6a5acd4 |
| SHA512 | 5a9ad993371b548871d9bf576ec2002bafd8ed6939db2f6f1a7c584121e98ecac757917f8780d9e7055f02750ad8b4ef991c3feaed656f50363f861c00fc0221 |
C:\Users\Admin\AppData\Local\Temp\koky.exe
| MD5 | 4a70953c04db5021b55998a659a174d9 |
| SHA1 | 3b2066ea03cb25314824789611e545dd1adcf6b5 |
| SHA256 | 32d37a3d3b400c161fde6883d68bd6b79e84691e14cf7105e63b584e41b5e6d1 |
| SHA512 | 06f5cd697d7f82b25d7fbcd704e09fc67955ff0cbac0e1cb18fb5d4dc2bb3bd9dc8f3c2d1fc49d4bd1bcf3ac40ccd346e8873eb65731680cfc86bf6ee9f76855 |
C:\Users\Admin\AppData\Local\Temp\pEIIYsoQ.bat
| MD5 | 8b7e758d6212eed132e3071bdd783409 |
| SHA1 | 18db28ba79a952b68ca09e97f118ebbff8bbc6e5 |
| SHA256 | 791cf5abd762c8db49acabcf27773f0dbf2aad5c2e4aeda54e7a683e4f61244d |
| SHA512 | df43e75112a049a67c5f1d7a92e6f83ef7e39d0a406c44c0a6dc8e23d19cf61347acc5a2ca642737fd541fe344dd0ad8890d01cbaefa6c0fe4b23a3e6dbce217 |
C:\Users\Admin\AppData\Local\Temp\yMgI.exe
| MD5 | 444ed4f5b8129f50aefd02ce5068eae5 |
| SHA1 | d04a7c8bc6fa21df583ef7e1ae04745f2f267b08 |
| SHA256 | 718772e104c3fbc228a83d49668190234f16025c99e7aec1183a82c37c655605 |
| SHA512 | a162305bacbce42af58abe1f3d6d76ed261445b7933777f7d6ee4cdc473166bfe5b483c18b0fb39d776a4a0c3742a03a19dab222475c606e8455f85b213c351d |
C:\Users\Admin\AppData\Local\Temp\EAUy.exe
| MD5 | 345ba79ac3528107a691d3fba5b6d558 |
| SHA1 | 33e8022cb169d8876d6bfc8e141618364412e50b |
| SHA256 | 34d1d342dd13293651c2b6868cf178879b603daaf8f7f96a93919a7b3b92f846 |
| SHA512 | f282cc19aadce4dd443bab30640371c36b28e031177b5670949d4c37908af124b58578f220475a3161fb230531831e907b6b5f40e37063570bc7c45c8c4587d0 |
C:\Users\Admin\AppData\Local\Temp\bkMkUIco.bat
| MD5 | 6e1ce41146c924db80499ec0b8c7aaf0 |
| SHA1 | 55d376e74fef05356253291854cec54e737dcc44 |
| SHA256 | bea396237b375e6b43cb2505644c9b86327f9ea91732f20309042bb89500cfcc |
| SHA512 | e50a486a24f85b3baa86902036944751f85756e66bf44f923166785733c0b9901ecf613b9bd10bb9143809dbdf37d04d933263ea1e45bade0b1d723c7751bf2d |
C:\Users\Admin\AppData\Local\Temp\eAcG.exe
| MD5 | 809e63102d0ff672c6d9bbb80da65165 |
| SHA1 | c089f95e35445520dfdc910da875c71f4b936bb0 |
| SHA256 | bd7e98dcf991648d43fe7c56e6a03fb3237ff5cb82e11a2f2e3bb83b955ec1af |
| SHA512 | a3233d0e167af6db6cdfba4cf7b4a58e6ce06ee5e294b9e1a1929955978eb7531724d92d1548f736138873ee7fc45bfa24b9673b09403e37d855db987c8d471c |
C:\Users\Admin\AppData\Local\Temp\iUgm.exe
| MD5 | de7cc9bd984dd187098d211d016f3521 |
| SHA1 | c7df5eac3d64eccc9663fb8adfedd1139e94ad6a |
| SHA256 | bff45c00cca23482a1c0f45fc82be6b5f7caaefbad1f2c4f275b7118198206f3 |
| SHA512 | cc75d6d0d744f030e7d611729c4a5e9c83a714bac09535e775e5948ad14f97b2967bc39989e33fe9569443f090ff779366e805beafd975c0eff4d80a668072ab |
C:\Users\Admin\AppData\Local\Temp\CksQ.exe
| MD5 | 34a5bce24ddf0aba2fdc9b7c7c2f7e19 |
| SHA1 | ecf6120b6010ed9f5eda6e5e34c48715fda6dd33 |
| SHA256 | cae3ab6c098293a3c869deb6e7a875f83975ca8dfcddcde81d3176b629200574 |
| SHA512 | cc968073cfc326cba0a2365815dc35935775e7fa3e59061022245ec0fc506f9ca064f77ed4e264392c27955e98ac3ffaf294d70040f88754eff1ddadf4a29599 |
C:\Users\Admin\AppData\Local\Temp\JagMksYM.bat
| MD5 | 256fb4d2349145d37d1e1ca973ef2e74 |
| SHA1 | ac4a06d04c08af4f45ffdce5403fabfda309fe7f |
| SHA256 | 88a4c750ff5f46c75b84c31b0e7191023615ad4413895228ce6f01b23d269e87 |
| SHA512 | 0b5bf0d2e74fab23b812257bf0faec7c3b5d653c19b752ec3b6b5d40302f2e12567fab4cd2ecf71654ae2a31ad78efcf8e07d3c26f35dced8c77047c776f2664 |
C:\Users\Admin\AppData\Local\Temp\oMYe.exe
| MD5 | 18e51505a065fa5e55cb6d40c500dbf0 |
| SHA1 | 3d1cacc0aa446b65f5a8ba6972d44adca2998c1d |
| SHA256 | 6c91d239adbf3109bc7a61cd9257c88748abf03706408ef964215b48ffba8883 |
| SHA512 | 5f2d9f9ea5f0e1e165c26e53e04ed2956a30772add1da1e07252c7486256f02d598a03ba8938d69e5d3a2d8ffd6f69a045b746f5ff0a9335d5ef14082cd1d18d |
C:\Users\Admin\AppData\Local\Temp\QQYi.exe
| MD5 | 52d03cdebda70b95ff440e9fbc2a7e3a |
| SHA1 | 836acdd78cdb13c989bae60956c999b6b12b5f69 |
| SHA256 | c00704f920f5171633a26b67e77ed8fbf01740c2d507d31abbda852605861870 |
| SHA512 | 9fdd848acd4f62c425bac3f2f8ae22a9a720006f630166c49299703908221b23dafd11c2914dfcffbcf7bc1b571cc187ddb346319caf65d6020cd60c067ea920 |
C:\Users\Admin\AppData\Local\Temp\CIsC.exe
| MD5 | cb68822f20f24c90964fe98189c36654 |
| SHA1 | 596c397fc8603e03d22d181b4d650828a92f96d1 |
| SHA256 | fcb195527284e42b4920702d17a30daedade1996a0dba3727b21105339feffa3 |
| SHA512 | dac7eca9133f72ea20ad70af3bb461c633dd504f8092e1d10b7124f7ebfc0f7b60a7beb409ae8f72b419381fc7f57e8184a18caad5cdaa860e984745a8e1df7f |
C:\Users\Admin\AppData\Local\Temp\UAsG.exe
| MD5 | ebdd45d19e331d1619650779ee6b386f |
| SHA1 | 1c23e9e05a4cb2f8039013002f6378ae7e7e8547 |
| SHA256 | 9ed53bb6e28259ac5ee337990ee8c08e3c08bb5db49e4919a3c36b213caded5a |
| SHA512 | 567ca608477c7d97cf7723c106bf9129686b3428995a8e67c71bd5caa79884c71ea269d41cd7daf197be13fb6d22c100287cb1a7c1b83b1c642451f519b56d29 |
C:\Users\Admin\AppData\Local\Temp\IUwEEEko.bat
| MD5 | b4210e5640e9fc0cee6e77027860d954 |
| SHA1 | c189f7cced3267c28f9b2b644a2129a5fc053122 |
| SHA256 | f5c314fd0bd8a50828c2f84e95607dcd93c392dc0e12652d85367dcc0d0b2647 |
| SHA512 | 5a22fc1bff722cf8d048d0c4632fd875de02d93448e7d477649b0430e41f089301db6ddfbf3be8e9bd3a45a79180745c847086e0ccb938099156584ab497d734 |
C:\Users\Admin\AppData\Local\Temp\ussE.exe
| MD5 | cd77374a14a33087ac04ee1f33c7ba85 |
| SHA1 | 18d3813773f773c0861e4d9266df00605236ecaa |
| SHA256 | 15c87b291c09c8abb7068509ac34e26fb99720280ae2d5fd6b9817b3d6515fb0 |
| SHA512 | aa73518de2da162680b6e7b67be4f75abad30df9c2090291b6aed4e7f9a14cda114a500b138a9a67fd8e8bdfdb6d09f902cb211c303e601871faec90da18ecc3 |
C:\Users\Admin\AppData\Local\Temp\sIce.exe
| MD5 | 8f3c598a0d169e35ceac00202e82639c |
| SHA1 | 98305bff435baeab4fb605285fc8099bfcd487df |
| SHA256 | 2fa04371681e957344faf5187a5347b2df2d9e6e7b66c0292a7d72c428eb4269 |
| SHA512 | ea7dc576be60b3c5af5ff459d7793d25c1244ba1bfc4067a70577d0b101bc52320a0c5721fa7b0fd81711a168ab194a8576ae0d2e84e0f1dedf9ccb3634fbbf6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | fdeb612230d793a64b044a40a2135bf8 |
| SHA1 | c528c7dccf9613b3a30fffcdbb88c30410f6e626 |
| SHA256 | 3c9d1b154b576f67c2b6467a68d220bb43b340f5386cd2145aa386478516b8c8 |
| SHA512 | 9e5d01693ed75cddb295aa07787e66d74358a8bb7c064b2b6247c595fdf2ec7c55e698f48c05775373c09cde1c157b66e28c3a6e7c9410d79465e859c73a2c20 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | 425689c45cc0727d3595b9eaa9f81389 |
| SHA1 | cd79ff27751640d0b9fb2d92f011ccc4e9ec2bc8 |
| SHA256 | 58b252f4e7756cf724acd4fdf23bc88a87cc5b6717fea2498f0c30d5576a8bd8 |
| SHA512 | f96a2475bfaae857d208248de75dc6be5952070b1fe459177d15c732b8829230b5c3deeeeec93ea03e3727192cc3960c952a38b9a1a62dc19323953f4c5e69e5 |
C:\Users\Admin\AppData\Local\Temp\GkAoYcEc.bat
| MD5 | 306d71cdfb2ae037d52ba37e23b93ada |
| SHA1 | b80d152f53eacbafe5ebae9bb5edbc09ce036f28 |
| SHA256 | 47554b5481f6d3489f181dfcf05682939b2f6092a4533eda3f47ffd3fd694297 |
| SHA512 | 15e5ecaf3dd3bbf5f4b47901e1f6649a90721da612d7087c065e41b10bb523b1e02a955d93bb98376d6d05d404948f0c87674ccdf21b8b5e3931ccf24e129d31 |
C:\Users\Admin\AppData\Local\Temp\mcsa.exe
| MD5 | aea5eeb20ca239b2753861909da2305f |
| SHA1 | f95648104ad1102c2e386b0cba4426b3d0a02e04 |
| SHA256 | e74c0e50ec0494b5e1bb8d8f801cfb602f4d73d3a9093e233555c56e0f484bd9 |
| SHA512 | 609cdfc399a14efc375c90a962ebe4ed0e3236204e7727cfe0dff3e93bbe3862a6eea528d70db0829b40c08c849f09fddc1f7d97f9bad5c8a6bb66b57e3f42ed |
C:\Users\Admin\AppData\Local\Temp\iAMs.exe
| MD5 | a20d3ed5078379b4a9834bf6f0ed22be |
| SHA1 | 1bf3ce8f3fafa8143e9eb8f37761bd55d5e55cd8 |
| SHA256 | 2e6c56bf3468f2a1721b05fca757208a702ccac1b1b9b9aa9066ad555f669e38 |
| SHA512 | b5222b2c675c33e67fba05ad1fe9ca67f12a73e5bc884442b91d744ef2915dbd94a9950febf27703fc62230762a0d4de6dbc7c330d1b79887fbd76c488d6454c |
C:\Users\Admin\AppData\Local\Temp\cEYk.exe
| MD5 | 673872d60d85d3945b68d8e7d58bcc53 |
| SHA1 | 566572e381a48fb79fb1a9209b824ae5b1586458 |
| SHA256 | e308e1aa8d5ef7432f1e89de01b5dd540e90d2f2713d6db247deca53198078d5 |
| SHA512 | e2bc76be1af33035163c76666692ea0dd459baddeecf76a39393ef138554ede5cb118d2e41afa17a5807b0f033f83661fe0c7b1a21ffbabab6f4c691132e4095 |
C:\Users\Admin\AppData\Local\Temp\MsgskoME.bat
| MD5 | a0390e0947e428a5a990167d5cc01fde |
| SHA1 | 1d83ce4eb5667f79b45748d5994662763ac0ff2e |
| SHA256 | f374dea5e1c92c60559f20d43a8f00e39d8cffe6eb8a87869e9928085bab47d7 |
| SHA512 | 1671a8ffca85c92f829173aaa5dffaab6a4bfb3271feec79a554a72cb5d6bab455230b43848f73d62da401ca9ef3e34b3c2bb7d49d147cf2cb09d307eef7dd7d |
C:\Users\Admin\AppData\Local\Temp\oYcI.exe
| MD5 | 5493d47e757f9c964b42b43b452ef00d |
| SHA1 | 637c64beb801b053f4d99d5fd1f9ff12f8bf7b87 |
| SHA256 | ca8e455bd44740243991d5d0a70038c60d93a218a81ef836c39881832c66ae47 |
| SHA512 | 5dc0d76da318e6638dfb53f5efe10c2a610669cf92278f1ed1efebe18c29c3962b1203723dd30a7d65f937d3cc6ca840045874f6f29ebad37d913145e7e26203 |
C:\Users\Admin\AppData\Local\Temp\yEkI.exe
| MD5 | a6d3923f9488229f999da0932899ea35 |
| SHA1 | b06f4ae4d4c363d03c94c5995bb24a079159382a |
| SHA256 | 78fb863e344d7125b6b7704350c55aff483c514b34d87ac073591d24ab97464a |
| SHA512 | b50b05126bb6fd2eab13c75eafa717f98751129c3c7097fc0dcdf6ea43a9933bea9eabb55962e8be7a9e2859a57454e54c56f8ec67c71e06d672af1f7e1d9477 |
C:\Users\Admin\AppData\Local\Temp\vIIcEAcU.bat
| MD5 | f9e1ec36580cee34a4fdb4d9e63f4d74 |
| SHA1 | 2a6d6372440ee92b69772954748e37d0cc2d8e6e |
| SHA256 | 3f9dc101c137230ff36f698f05a7d790d9b4a3f7083f3abe72c21ea0887bbb35 |
| SHA512 | 909f07455c32cb33e2d31e7f1d2b39978bb31c348f0344617963064130f2b6032bf1aa2ec1d9b52ab3b2e14e30324a57576766c8a05a1e6a0792c924bebb2bc7 |
C:\Users\Admin\AppData\Local\Temp\AMoi.exe
| MD5 | a954c443ceae61be02fc2eddbd6db597 |
| SHA1 | 9fad9604097780e6c1da6292869ab540f66aedaf |
| SHA256 | f9539e970abfc8fe123b734da0c746304a9a2bc0714f4a15a24b765f08dc49ed |
| SHA512 | 83b2d095de6f6918c2254de1f85402f62c60d2a2ccb1018d76a3e9b6b1675d06fcd02bb340bfa16109b6f92c1d17264c82adc6b92d31b40e048fb175084a6fac |
C:\Users\Admin\AppData\Local\Temp\hOIkkkcc.bat
| MD5 | 5e271f68ff78b060d4b3027d3bf65e96 |
| SHA1 | 3435a8ed28699a0188bf77c658096437fe2eb868 |
| SHA256 | 5c14b0f394552c6b8cca8dba2f2518d763b559f71b9a0f336935f3f3413e35da |
| SHA512 | d3a4b9f43510aee078287bca92061507c95f63e6680609191f35dce6d402dc074e5c14b8cc1c54f70dcecd821b57e9a22f21b84d623c3d2afe09f2af1c6fae90 |
C:\Users\Admin\AppData\Local\Temp\YMoU.exe
| MD5 | da727688e48f913285053d5f9870205e |
| SHA1 | d1f136b6180fe779235e375ef6194d21bdc7991d |
| SHA256 | f7bf5c2dd21e70c5126140d56d0f33c41555bf042f03dbc68d5b355cd7bab927 |
| SHA512 | 8cdeb8e22c368ac76d4b48c031085d77038af40004c64bb14c65df9ab795ef28ada0b94854689aede9923b9b188ff0cc519ce3f40c0fb79eceaa42813202bd57 |
C:\Users\Admin\AppData\Local\Temp\kgoe.exe
| MD5 | 517a640f2c62256c70fda8c6ceb74bb2 |
| SHA1 | 859856324a0b70f0b3712f02fc46bc1e11ada228 |
| SHA256 | a9f6a1b56c231021f2923939b01ce52d79c830c3905ac01afc61a3b98f89b405 |
| SHA512 | 3ffa71ef31d72e9e2f69bd5048ef274ad0bddf701082942d6bf9e4c9dbeb79b98c4a54720bbbf0bb429ca731446ad66cadbee538e7c6a82192242f044db689e0 |
C:\Users\Admin\AppData\Local\Temp\ewQS.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\coEe.exe
| MD5 | 8f548f1a7505e400819b6701492b713c |
| SHA1 | 06b2dd62c35766bec8c21a99eccd1b6401aab696 |
| SHA256 | 3282a5a7c8c073d071c56561238613a51b57d5110b5478394be03f89f2029838 |
| SHA512 | d75c697edad6c9ad6b6df71f384e5c7284aab7b173c97e19a3bd1f1a59e535d535c6d01ed7feab3fb877b3402da7800458fb5ef1b4a8d91e113a15c8465a5790 |
C:\Users\Admin\AppData\Local\Temp\igoy.exe
| MD5 | 6663c3ed63df7b3ea1913e3801c3b9b5 |
| SHA1 | 41e9edc52f9f02aa6b55107e6bae24a0dcdad992 |
| SHA256 | 6d60556d5498e466aef405e05bcf9239b4662fa43f2e342413bc820b381ce8da |
| SHA512 | b4a3e2d7f361d23574509d4bf974193a0858678dcf728f02efc899e72da42e2f6686fb70ee87338985631b59bc22162ca069bc595f97978d884d5781c938bd4c |
C:\Users\Admin\AppData\Local\Temp\qcsq.exe
| MD5 | d0040f8d8fcaa9358be041fd02007f15 |
| SHA1 | c15760314959a6085c3bc4c6014acc6208c59f1a |
| SHA256 | 5819a201781d7b7ab4ba668a0d03862415ac86252736d955c3150a0932700121 |
| SHA512 | 150c32b654b55a4e54a7f7e42d5ad468a133c8e01089c8a369e46b77dcf9a0202120958755d10caecc779f4164b94e6ab76889ad6462b95f5aa35465d67a7246 |
C:\Users\Admin\AppData\Local\Temp\mMsk.exe
| MD5 | 7426ee90fd899349af624bc0cc21895d |
| SHA1 | c7cf43281711841b3f581cc86c502abc4e36d0cd |
| SHA256 | 7577fd118d3db1405e57bb9932d712c398e652e404223e24768fa8c83d2fc298 |
| SHA512 | 885038ac601c5818e5748c7a09274e25a1a468197fa1bf18e01870e8b4ba2ac1f36e59141165f19419209118ead554866ed6966841652f8f8b3b453a78070dbc |
C:\Users\Admin\AppData\Local\Temp\kMse.exe
| MD5 | 3c877093b726ab3010316d9f65f78ebc |
| SHA1 | 1506496eacfd7b160126591d858bb8507c398992 |
| SHA256 | 6457fb001ac5cd18ba2dcec5e7398c1bedf5ab7232bcb955532a7a27e0aeae58 |
| SHA512 | ffd19a9dd9038925b030622b153ac1956ade4f7f439c2e09bf96424d78b233e036d79d97ecdab0a235d540ee32e1f3c52ab6b24505fc8d15b42c47b852afc6aa |
C:\Users\Admin\AppData\Local\Temp\kAcY.exe
| MD5 | 70275ec726976aba875a362b45518d4c |
| SHA1 | 2cee99313947f68bd163c22aaebf598488a25371 |
| SHA256 | a0ef6d6a486216b2785d38400f6bae23970c99c39551eae4ff45c8f095a2282c |
| SHA512 | 6b4de6a64dbddd42035fe3abf816f42b3efb0dd1bd7784c0134ecf9a6953aa121bbcd85ef24a0ea018f272f2c2438735269799d75077bac12cfd66b0b1da5863 |
C:\Users\Admin\AppData\Local\Temp\GcUW.exe
| MD5 | 7236ebc9d4708c2d83f3a5b0dbc10a4b |
| SHA1 | a43499604a1fba01a88717ef4177d6566edde525 |
| SHA256 | 571858a79fba8cf5f6dd3c8ced0ca25d4a9664cf9524c58bae81a74b7b5c5de2 |
| SHA512 | fe875a3aa6d76823294327376c8583fe7c59931ba01a5bc4f2ee7d1d8bc32197fed37a953da98efd914938aa87e454a5f15f5b6a39ec19b3749ac64d6103027f |
C:\Users\Admin\AppData\Local\Temp\cEwY.exe
| MD5 | 4bc1b350fb545f59b7bc8007adc11a36 |
| SHA1 | 8c9c21753e00665f515e5f43cde0cf71741265af |
| SHA256 | 5a153097f7c476fb6836670f42b746c4f982184ff5aec3b4dcac268d7188269b |
| SHA512 | ef02b7b3c149c985f39c22a6cdce94f5b0033c1c8246da593cef0f2e5af936ef0b7256cc8189c9061efb87f398b4f8308f2a269873d1b0a23c21fcd4000c90bb |
C:\Users\Admin\AppData\Local\Temp\jqMgIkcc.bat
| MD5 | 69e84cdcd63b6232594aefb5621c40e7 |
| SHA1 | 16a41e41cee3b46815af655178975c53d6eb8acd |
| SHA256 | 35c0d9e1c57dbfeba5f8f2130d2f02a45e87b8cbb38630c5b1b6f3016ebab9b7 |
| SHA512 | cba3fda7604f96cf4a26db617bae5958fadcbfeb9efc05d2eefaf4ff96f27edd6381f2d09f75a6aa737a75ba47fead5b4a682f1fe71efcdb794cca268ee63746 |
C:\Users\Admin\AppData\Local\Temp\iWsQccQs.bat
| MD5 | 623af119d823b34064afd00654998a4e |
| SHA1 | cbfa66ecccb0a4dd843f3c68dcac0670365fc9eb |
| SHA256 | c9c8fad6b9e42fe5ccc9aed35a04a539ba1b4ab9ddb7e269418f17501cb11c25 |
| SHA512 | b0edb5ca3a916535b0e50c52764f1340b7358c5508a30a235ccea767d14d0eb150322dba10a73e400d956230fe0816486f6e4ebe53278512fb8499a74d8e115b |
C:\Users\Admin\AppData\Local\Temp\ooMwYcwk.bat
| MD5 | 47a5c5b0070457e4ca1d50501abad6e9 |
| SHA1 | 0499f61cbaf59839ba3c331497a3de83ddb45845 |
| SHA256 | 0f469efb5247d305e03c40945cf7af1f9ae356af4243f26c9b055af2f53a1f02 |
| SHA512 | e84dfb2599ba7395470fd81f5978cadd113b6e5d0ccc5fdabb014752a3d99c97a2af666d325e443272b79d556238c3a57c1ccc716c6480848c6819983b5e25e7 |
C:\Users\Admin\AppData\Local\Temp\wmcIIUMM.bat
| MD5 | a89f9d2086329ba8328f72c3d9846322 |
| SHA1 | f1291d8a06d74f3cdad424880228631147a8e524 |
| SHA256 | 2c1ea8806352344a3953d07396ab30d3efad30441ae28c8e1b34dd08a480f678 |
| SHA512 | 041bb3e8e4ff37a0aa46e6bb563debe8f5f24161a2ea3a1ac7d628a595cc76c7370523e964144cbfa3a3236886a63c6cb5aff163b0e3bb64682384d1fd661981 |
C:\Users\Admin\AppData\Local\Temp\ESEoMgcU.bat
| MD5 | 530305fbfd138f1d7af5e59f6c7c132a |
| SHA1 | 629f2a0c3e45532c3cbe7ea006880d684d76e847 |
| SHA256 | c2a8ab485a691cf73019c5042fdde8554de3febdc4f5695c46152a8b842792a8 |
| SHA512 | 0114cd5b5ea1f94b0f5b6d03e35054a6d00679e084df47698e7c890ec7f778acb1ee5ba82f814f20010be764c7e696030b1df27cc1718b3436900b1de3174a98 |
C:\Users\Admin\AppData\Local\Temp\ZWEIQcMA.bat
| MD5 | 96acc609c428c64229beebcc25ac5388 |
| SHA1 | 7af7830d709068773533eae57e10dacfd8b05ff9 |
| SHA256 | b64a80d72f922b0ee96526f7759493d467b6b101f4e25e0fe00d7878eaeadc1e |
| SHA512 | 6f795dd0422dc5c9b6bf2cc702e67777ac6de0e3cd305320ee5f3baf7c8cddaec42928e9cdb3662a19c9d0ab82692f3066aa94b7355fde98d198417fe25ad668 |
C:\Users\Admin\AppData\Local\Temp\NAwYsMoQ.bat
| MD5 | 5a100fb74bde2801d7015a3749a9947e |
| SHA1 | 238cc96c2443d2869e0e6d51c77ff7c7e331506a |
| SHA256 | 9b0fc5d68a3a828466e9c1d49656a0d66ebeb701bd50127b663359b68b2783d1 |
| SHA512 | 58ac9e98603ac4449fc22c0cf83a10142a55988c3a7f35c3d3028bb524957f677e60211ccf21ea4f73ff95dd684ed0d6235188b32f233919810f71e484662c87 |
C:\Users\Admin\AppData\Local\Temp\tUYEUMkQ.bat
| MD5 | 5f04bf8232763e89f655820efbcc45dd |
| SHA1 | b7c62fe3b42e0c1a732a565f2c99b78f271f13d4 |
| SHA256 | 7e9a867c8ebd824b41d05b711b6be4481c2a53fa1e9fc8adf8e5b2056d99ad32 |
| SHA512 | 4a821b8cd9b57d6bcc73ab4c4d2e3d0fa526a9dec6b0f64ef81d0803931cbe7c846990b1146ff27c2926656cdf0b4a60c0d9c0159ba06618deee77e314ed574e |
C:\Users\Admin\AppData\Local\Temp\LuccAUAo.bat
| MD5 | 879e53eb97935fdc19aaa669d4798291 |
| SHA1 | fee36e6a6e882565268603364f304e44f6c8185b |
| SHA256 | 1b6873502d191f9249187bb28bf0c914913ebb519f1a6acf85f5b003b7732289 |
| SHA512 | 7eaa60aa86935d13843505d26a491ca4d90bceb5bf20964dcfdc690c9d07bb8675f81bd211da31a9cd92ecd734788bf337e9a089215f1a225483d0d0c371a6f3 |
C:\Users\Admin\AppData\Local\Temp\megMkAgU.bat
| MD5 | b984f81a658dfe5c51105d4d00b82481 |
| SHA1 | 4e096fb9d9b3851295a1d457170fff832eef407a |
| SHA256 | 44e28bc055699b230fee2ead1b85b725bacdebf6bd58d032f37946b88ec4eabb |
| SHA512 | 2252791fd6c74059c77bcfd1e7bbe8949429df33fd610638d2a0d214d5ef1f9046168b3f75d0d62a4a605e4adc18623adc7ed8b5963355b14d8d59ddcd07c072 |
C:\Users\Admin\AppData\Local\Temp\aygoYsok.bat
| MD5 | 1700460164b47deb61bcb89b4b1f6476 |
| SHA1 | 319bbd9a879080f2ae5e2548041a2784cc68cba7 |
| SHA256 | fb251d7688720dc3463c9017f8b4685d093dbb6e1e2732d5f9966d36e998ccf8 |
| SHA512 | 315c67d2684abf3340ae6d5f22b575080fad44b7816924b5ac4d78dca11cd9a0b7f2da483398073be0c6ac5f8415f1435c12313308ac97b0f54813279dd343b3 |
C:\Users\Admin\AppData\Local\Temp\WQosgQEw.bat
| MD5 | 6fc21de9a70f03bd387e404d755cfcdb |
| SHA1 | b003cbe9b6efbcdb11ad9ea80f8ce4a6e4010d57 |
| SHA256 | 476797622ae8222f4eee90593429c268450e5e9b399bc6acf0cc200d528a6694 |
| SHA512 | 8dc7f38eb21c28f986eef2defebdc809d634e8412d879e7d2d63e1770d4c9e47e268868738737978efe63f0ca3897bf18f8adf26d9a94db840a729163674038f |
C:\Users\Admin\AppData\Local\Temp\qsEUgsgc.bat
| MD5 | 721c6b9fe6c09f28ba8d7a43eee9c9a2 |
| SHA1 | 1ce77988dac63cd8da27c23ac9328fe2fd83ee0d |
| SHA256 | a405a4d20e2427a9a847a0e9ad5e14edebc36d6c6fbe81f1510cb66dd514a49a |
| SHA512 | 2a0c565491800b4da5188082ae57d33111afa7d5505cd576bbb960054e9990155fa79da1f05d65f0c0c17884de4ce3b5508160303cf14a81c84d23231fce9029 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:54
Reported
2024-04-03 18:57
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (85) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\ProgramData\TCMkYUEg\XswooYMg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\zmQYEgwg\nKcMMUos.exe | N/A |
| N/A | N/A | C:\ProgramData\TCMkYUEg\XswooYMg.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nKcMMUos.exe = "C:\\Users\\Admin\\zmQYEgwg\\nKcMMUos.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XswooYMg.exe = "C:\\ProgramData\\TCMkYUEg\\XswooYMg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XswooYMg.exe = "C:\\ProgramData\\TCMkYUEg\\XswooYMg.exe" | C:\ProgramData\TCMkYUEg\XswooYMg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nKcMMUos.exe = "C:\\Users\\Admin\\zmQYEgwg\\nKcMMUos.exe" | C:\Users\Admin\zmQYEgwg\nKcMMUos.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\TCMkYUEg\XswooYMg.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\TCMkYUEg\XswooYMg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe"
C:\Users\Admin\zmQYEgwg\nKcMMUos.exe
"C:\Users\Admin\zmQYEgwg\nKcMMUos.exe"
C:\ProgramData\TCMkYUEg\XswooYMg.exe
"C:\ProgramData\TCMkYUEg\XswooYMg.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mSosUgwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YGoEIYMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dUkIcwkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XQoIAsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nswEMEEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aoYwcoQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cKccYcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAkYMIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pmsYkEgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NcsMkEko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEkkYQUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dkYosIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nSskQQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwYccIEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmYUIcsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OMMMcwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scEcosgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BQMwkAMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQswckkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PuMcEIIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JccQUMQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AaoQsscs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GcgwIoMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AQgUkIYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACAAoYQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkQUMIYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\voMogoww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZuMEoIwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqcIYYcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEgkMgoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kywwcYQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqIAwAkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VYcocwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FKEgQEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FcwYgQQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyQsUwUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AggoEggs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qEcgQkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEMkgMMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FYkgsEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tWgEAoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DwIgkUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YcEcwkEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MAYkIsUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SIMkssEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gyIcEEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAcUMYow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ncQwgQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAscYUUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeoAAYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UcMAkUEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEwAkAcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YagkQEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zYAUMgsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dYwoIkYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nwAMAwYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Pekkoogg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uScMssIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ycIQAsQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\COssYIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uskkQYQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RQkQEEck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TScAEsAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ziQYQwAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dOskEcgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EAcUgEco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cMooMwEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\woIIMEYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUgsgMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rskQkwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSsQcwQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pcscskEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jEAocMgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEgooggs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QKYcEsgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kawAsoUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NOsIQwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGggUUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tgsscgAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HYgEwcwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CqcEEIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYkIQMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEwsIcUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SMcYUQkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgYYMEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NuEMcock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DuUIocIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SqQcogws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CwkAoEIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIMQEIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zUUYYQQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xCIUkMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RGAsYYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQsQMYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUYQoIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkIIcoAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMQAgcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DkIYIAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSggYUMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bisowAUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/4924-0-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\zmQYEgwg\nKcMMUos.exe
| MD5 | ef15d8f47024877808650d466647bca9 |
| SHA1 | 2bc9d8cf9a6bb7c12498f365123848551ef87579 |
| SHA256 | 8bb4fddda6ee81ef86b999f1e396696d75c0c26f98a8b34888ab3e14ac1c1e33 |
| SHA512 | 4a50ec941d13337b3fd999f2718698863c9c2795268d0b512f6dc2cabe12090234abfb503421900782fec1402b6cda4e8764050f49b48be85205a4ad13fabdc0 |
C:\ProgramData\TCMkYUEg\XswooYMg.exe
| MD5 | fd97e433f6ad0407012a5206f38de25d |
| SHA1 | b3ecced8d5b740bfd2f33ade6afa565d8a0ff840 |
| SHA256 | 3f320ad3bbc1e1fcf376d48c69b9f0bb453b919f7a1cd27f7e3934d92c3bc590 |
| SHA512 | aca4cfde94172c28e0b3a93352dd1d1fc3e208cee526ef36a59cfe2274f9b26e44ae3d70b165934bc5e8d6a03ec8707fa92c42c8e82ec91be8e5773a2cac5957 |
memory/4144-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4252-13-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4924-19-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mSosUgwo.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock
| MD5 | f2271fe569c058dc724d9b9e53811e31 |
| SHA1 | ea276fc14127875413ac387f017bd2291a987f4b |
| SHA256 | bf0074851e2435a255b512e502b831ed2c456774971f8fc57004d597769364a6 |
| SHA512 | c324428534f64879aa17b190206e538066308486d95e9fa1b8b7238bc79067042717c232034ef8926376b72d3123be169852b05bfe58c7f69887245d91e5b53d |
memory/2304-27-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3020-31-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2304-42-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2280-43-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2280-54-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3028-55-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3028-66-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1304-67-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/888-75-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1304-79-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5080-88-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/888-91-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3656-102-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/5080-103-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/432-112-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3656-115-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/432-125-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4376-137-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3464-138-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3464-149-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/620-150-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4724-161-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/620-162-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4724-174-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1448-173-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1448-186-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4124-183-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2904-195-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4124-198-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2904-209-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4048-218-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4092-221-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1672-233-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4048-232-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1672-245-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2648-244-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/2648-257-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4848-256-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4848-265-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3972-266-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4380-272-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3972-275-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3836-280-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4380-284-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/3836-292-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/552-293-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/552-301-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4356-302-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4356-310-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1588-316-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/536-319-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/1588-327-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4384-328-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4224-334-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4384-337-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/468-346-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4224-345-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/468-354-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4812-356-0x0000000000400000-0x00000000004B4000-memory.dmp
memory/4812-363-0x0000000000400000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kAIG.exe
| MD5 | d1fc8e76246d344c6606b1aead86ef72 |
| SHA1 | 3b9893c5ad197af4637abd666a8a4b386d503bac |
| SHA256 | 6d62a747510056b5b92bc2d7dc82ecaa51c5b92a5fbfff9dedaaddf1d065a427 |
| SHA512 | c47be00bff22a9a9bb1fbfed741096de0d281315ac17b21e060cc6dadf540bcdc718f6f951dc35273fe93558cf05511e7cfc94aa58c8c6bda4177d1236ca29ba |
C:\Users\Admin\AppData\Local\Temp\QocO.exe
| MD5 | 39d4eb9b5a0dc0c4db727bd5db4375c2 |
| SHA1 | 523e142b2de2409383c4a622fa15448469345d2a |
| SHA256 | f70eb91fb1b25cc0d83c1365193e728c6512e57259f5b61049c5a564727ff5ed |
| SHA512 | ea6f5908c1be548c093425a4749201d7fbb32b30194d99b906189f87bd8316e16aacead85a25256c820308bc507da57180172c9f207fa0b4c906fec93c028f14 |
C:\Users\Admin\AppData\Local\Temp\oYUG.exe
| MD5 | 613c5dbb6fc39296ae231125e372704b |
| SHA1 | 3623118d4c8129bb8d13ff00e05cf6ea9a9bc65c |
| SHA256 | 4edd29c00fb7ceae21429f87db698998867f08ee070741cbfda00fd2bd45952a |
| SHA512 | 3a43b3a272d9c2b622a9daf659338a2fccc33ddb4a72aeb19c4ebe14729c3044c6f74e6bdc3c66a42fb3b9048a75312fb59ee9418481e2c521e92a015c0cb326 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 0a1fbf087734034ce5c877ec687cd972 |
| SHA1 | 45e61133c9710c065ae197fa99bbd24863637e2c |
| SHA256 | b6497571e2e350fff294220fded36e1e4a06bb306d1b8938cd03b7f5fb85a6a8 |
| SHA512 | 73285ebf4440f6ace998b99ed4263555872b6aadeb1389e82e234b85d50ab54cc1cc5725c5054e30077e544f40e82f47b3ddf466c25a7d7d60c481ead2da7c11 |
C:\Users\Admin\AppData\Local\Temp\kcsI.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\ScIe.exe
| MD5 | 65d5815ee60c527094273d10211b09a0 |
| SHA1 | a1cd5b5c9d38a2929cea223b6c7ce2cb05e137e7 |
| SHA256 | 372e0ff4ee505b742e5182d522f913b10ff189d0e28138a6e4a0963e66b8b644 |
| SHA512 | de6155bd4c2027de930d0e0c7e98748f8b2cd9380ec94533e50fe3d44225344026b546abc53d7537379b920123cae8e5f9a2a306beb306211153376c36952d0d |
C:\Users\Admin\AppData\Local\Temp\sEEw.exe
| MD5 | 86b5b7dbdbe5a805d9850d477b3fda99 |
| SHA1 | 62b9a5882549fde724a6c3ed59a36b0cc5e21078 |
| SHA256 | 8aa3f565bdc5b82d24837093ca1650931c46ba64382eff7494c4d593e2952043 |
| SHA512 | c0c17478f6118439265cff597ba794a210d97d7c63434038e020583528115489d3ccc6e2918202a6fa747de03bc15037d36451c9bc2e02a5e6d743ee0c8786ed |
C:\Users\Admin\AppData\Local\Temp\Uokc.exe
| MD5 | e332c4d8cc72200ee0bea190ef540e22 |
| SHA1 | 013014361ea635f908e0156da269fe9e8ee01772 |
| SHA256 | 703b82044965dd5dda48c4b1265fed27c6fc3d96a247cb352c6a2f47c09f0d1d |
| SHA512 | b92c26b845d1d5ab12447b7734b9c00affeed7aa5a8d003c8ff761ee404c3e553b591c969c0dc0b2938ce266a3e87b5417c5954b6d43b423690c297722944efa |
C:\Users\Admin\AppData\Local\Temp\eYoW.exe
| MD5 | 6d320ad9aa716fdd0357e296da5dc810 |
| SHA1 | 1815bdd1ef54d56d68f05df9963e4d27e266cbfd |
| SHA256 | 197860a5d3a73a99295a9df3908a487f19ff09320487006f800e2763b33ec1dd |
| SHA512 | 4f8ad15a4a10979f5f86f78ca30174049f4a9e4a91c014ccceb555e792a738be6a24bd34fd0d51344197631c164e31b22fce8970dafee587670bf1672236d16a |
C:\Users\Admin\AppData\Local\Temp\yAIu.exe
| MD5 | 390af74bf0e9b26547ae80046cffeb68 |
| SHA1 | cb0d3f2107879841d0fdfd6f7ad1cf3df8ee0b91 |
| SHA256 | 504e2c48ae9829fc4d1588c5b0c2b72174d72c26e45befeace334521c626deba |
| SHA512 | a2dfc4971e541271138e3a1e988e56cbfb902f60ea1672cf8d21bfdb81fd1af857f13201173052a9451fad5fbdb14c991adeba24cbc0d606f8e3e84098c13646 |
C:\Users\Admin\AppData\Local\Temp\wQwS.exe
| MD5 | 9fe1f7ffd93adaee672fe24e08baa178 |
| SHA1 | 7beabf057cc68067098a9a5b595b5bb11d187819 |
| SHA256 | 6fbfa785ae658597a1c1c60623fc50f50f2369414a474141f11e6cbbdcc4aa17 |
| SHA512 | 5f2b6c8fe2ec6c41b4ad9c633a17701a7a8a67fcd324ac78484e8c503050b178b9e74b9c4007c7f5977dc18db19b99ed84e95b0f3151a3ea00ec08ebf5ac93bd |
C:\Users\Admin\AppData\Local\Temp\OIEg.exe
| MD5 | 0b933674eb863e6dba6196ce9612f0ae |
| SHA1 | 3bf95d65f5627fe82bad8ffc671bb66578748c67 |
| SHA256 | c3bbadd170f0951d3c5c79f4be9a60ead71e9466243401410d3b3fdc33231b22 |
| SHA512 | 5747f29ac0b57ea2d9847bca2f0d522151304c354ba04b6742ee94b9c88e48e76b2a717b15c07cce9c82de18daa7bc1129b78a4647b485d47428301ea9b111af |
C:\Users\Admin\AppData\Local\Temp\qkMK.exe
| MD5 | 1c846aa02fc094aa0dd5c182f8dcb91f |
| SHA1 | 8074ac56ba36a225ade372981058839b2e6456ca |
| SHA256 | f735a4b372d36c1ab67e622b2979044acd4e47675441c9935100f6d92ab276af |
| SHA512 | 9fbb507849af6f5ae96d28d233c8c5e6e4c374c7b29aafc7ceda8ba87f4766f446ece783b5c095b693fc22c21bea3e02728cf407f100c64784fdd06f2fe02686 |
C:\Users\Admin\AppData\Local\Temp\GoUG.exe
| MD5 | 9c84dce1b0a3e183f7c4a35296abc62a |
| SHA1 | b824c5963d46e26b52f30d9b1ff1a68745fa2a90 |
| SHA256 | 2ed14fb5fd9e1d5b9f87a318a59919fb6f32aa2a6112bf4b0a8bae702d0c9fcb |
| SHA512 | f18ed513467d540a267e254c5b9e549103b687b0b3900c7f2ffc153df2d66090498d4aba702df53d9e50734e8ebf0a957496a7c7cc63a5bc38c27070b7b8c3bc |
C:\Users\Admin\AppData\Local\Temp\kEgO.exe
| MD5 | bd683e5f8ca6035c0735a564f634b9a8 |
| SHA1 | 8c19e2163a3be149ad1b6319d652efa353808c08 |
| SHA256 | 73558bb89c77f7a69a287d27b969b99f3848c260f2034c7c0de84bac3662776b |
| SHA512 | 92badf19002786f2adfdd85af125897f7f0515e6fecf28a0ae11eb9ab679a2447fd2eb657bc438ea6c7e924b9a1d392dc867c2310d299545bebe5e62822234da |
C:\Users\Admin\AppData\Local\Temp\IQoi.exe
| MD5 | 5070a71850729ca4782c83ec3b412697 |
| SHA1 | ba97e88352838cecc6839ee91d86ad906efc8a93 |
| SHA256 | 7a8eae2acd18ddbeb45f1bb948c061011136ef7b9e7abb1d41e1d6278440f2ee |
| SHA512 | d57e432b0d2e3109960de85e2c88de5f071a73debc16113e622df7d654222afcfa52788f158de41533e22f85605256eea18b0333867b335f41802ef02aaa7d24 |
C:\Users\Admin\AppData\Local\Temp\cEYs.exe
| MD5 | 4e918bc202340d75610979f4c5ecace3 |
| SHA1 | e5e72bee55b2c46762e0fb489226cc4554d6a2c1 |
| SHA256 | a557e9709262e673d81fee249021f8ba98d27000b74edf25d0ab0cb8b90a8f83 |
| SHA512 | 41b4f812aaa180fd574ed05a82a81e3b314fbcdb8b0834b63cf90e2beb8d542988d38ba53604e55070fd50eb9189a4ab4d07a4aff87777bbf4e5d03fbda69a15 |
C:\Users\Admin\AppData\Local\Temp\sQsC.exe
| MD5 | df81c8c58a33fc8d5dc531e7a861ceec |
| SHA1 | 5a723f8213b59095ab27fec1e66c5018b133e706 |
| SHA256 | cf0b353f723b9cb15a4fd5cb0d518b002b7f1dd44e8ca0fabca0199becacf2cd |
| SHA512 | 41b0bd4dc95361c3bdbf9bf618b7691c327d1f8a6b836e345420ceab0cbc52ea47ad3a464b00ef3e522b2c4fe68ee6a66c0ce3916b68e98c66e030e9027a7e2a |
C:\Users\Admin\AppData\Local\Temp\OEQC.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\eEMM.exe
| MD5 | de2c4de4f8fb41c9e80aeb0f515dbfdd |
| SHA1 | bc4b296a29ced096319de5bdd5a4b9448e933976 |
| SHA256 | 187a5b8d724a2c261d3c8d6ea4091ed46f3f969c3e7ab04dda119b21050b57f5 |
| SHA512 | da650951286e4b1e1cca622c34ae3ebcdcb1430b6b25982d5d23bdfb28ad74ca36cc5b56687d61d156625b67f2220f2af6315ea713cbf4d7ded8cf544a8df500 |
C:\Users\Admin\AppData\Local\Temp\WYsc.exe
| MD5 | 1b110569c4fd6b3bbaf1e53ee0dc1160 |
| SHA1 | 5bdd8972c9b2a6536ec26b0ae5189c5b8ec128a3 |
| SHA256 | 51f3818a90ead18063477a87443b328499df488677cdc7f07fa9e95848b24789 |
| SHA512 | b548a40b7b36a98194f26265ccaba8b2fe12af48243bc8ef3f6c3ffcf705c59bd9eabb824a5cc6424740b907706176e312933f088bdd972cc82299927fadf5a1 |
C:\Users\Admin\AppData\Local\Temp\EIMm.exe
| MD5 | aa972bd4811bb2e36ba967fd22251865 |
| SHA1 | 4f54bad1ce83b6a26203a027726686d075c82cb4 |
| SHA256 | 773dfe6591b0ba578cd15b66b0e407e9d3ed08f3f246266878a8bc07f01945bc |
| SHA512 | 681d10b193b7cabeb14af7caba1e04602afca284b97db27d82166341ade3c28f1dc18d8316513e6fe19f9c66a2c854664b946dca66c5e5fe8da722cd7fc2f546 |
C:\Users\Admin\AppData\Local\Temp\sosk.exe
| MD5 | c3c527eeabd045c004b00de2235953be |
| SHA1 | 3544786720cc029752f1733c237bbb0522b657bb |
| SHA256 | 660181895db8fcdb3fa372d93b1b9a5fc56f3c3ddbc4f2054041073634ca6a0f |
| SHA512 | 7c74856fb74e2e22fc4362ea2aa61e00069bad511ec448aa64579c6799b60487e1758b98e3a1dd27221e25021935ff3e2681ededace687994b2d2798b532e8ad |
C:\Users\Admin\AppData\Local\Temp\scgc.exe
| MD5 | 2b9cdc31ccf77c15dcef22e9bd9beb1a |
| SHA1 | 30ac6ea422fdca6ef89d8064de5fd5534307b783 |
| SHA256 | 2c66e23d71119ff002335484e5e380860b9a9fe218dc9df334d6252102f47306 |
| SHA512 | 5aa06bd9ffa31604553c86a1c5e7e2252ba4462e9cd97a3f72666d650ded0cc22cdf435754e79c777f0b0bc31514ab5f0602de15da18cc2390ee95d791e1c699 |
C:\Users\Admin\AppData\Local\Temp\wkgG.exe
| MD5 | edc8ebc6c616f96309e5fe20ba6fccf8 |
| SHA1 | ed15db6c350a7ef2ff6f2b4d1213a3f2c892104c |
| SHA256 | efed4d81ac03516a6e1d3843794ca8efbc18436bfdde43bc36f7cecfff22f1ee |
| SHA512 | ebd7be18add15a654b416a8ee6172065748744347a879320094a6a0a88dfbecd855fb16461aec5c10e24b67d876415e9bd06ce030df6a5675e3ce44fd2a240e4 |
C:\ProgramData\Package Cache\{fb0500c1-f968-4621-a48b-985b52884c49}\windowsdesktop-runtime-6.0.25-win-x64.exe
| MD5 | 5644708579f0b6c6eaddecfdbf57eeb3 |
| SHA1 | e87aeae1a161d98c9503460842637150ab76d196 |
| SHA256 | 43b51db722377ddfb88cd3cb562e0909290499080d0662a12d9952b79a8a7515 |
| SHA512 | 10f58e57a342a3e34526a6dba8cd8bd332ad00bf6e545f0daf5fcbb1708d9c72ca0e3f51353459e0e0e35f10a87873193a1230e6c87e569e2d0f5cbaefd439d1 |
C:\Users\Admin\AppData\Local\Temp\YQcS.exe
| MD5 | 8f956ac444a1a35b109ea10bf6637f56 |
| SHA1 | 913726c08973793e51a37eb3775b73e020f20908 |
| SHA256 | b5e32fd908e2641e1850b315b958e59222f2b615e8d58397734e204538e96fc2 |
| SHA512 | 6fac78b558c8881785c792a169b26cd0df91586aa999f971e881dd42f88a86fccf5bdd2b75392d03dfeb5bae7c81b975874cf645d7624a9610b4309ab87227d6 |
C:\Users\Admin\AppData\Local\Temp\GgEi.exe
| MD5 | 1af10a36a5db9657d2767a25807b462b |
| SHA1 | 8c510db4c4e5c68ed7175e4d473cecf1bcdf9f4a |
| SHA256 | cfcab52cd59b58ae95ff22c95404047f39dcb280cc0e7a863e7e88dca5178de1 |
| SHA512 | 026a80bacc0564befa93f51fd3ff117ee55c6096176c8650a0faf4b8aa21b0418b1f755e3b7485f787b3c4c3563071190324697652d0639e861f4bb9a58babf7 |
C:\Users\Admin\AppData\Local\Temp\SAUA.exe
| MD5 | f0e00b54bf244f6e1533aa3df688d2e0 |
| SHA1 | 3e941f821f72c0b686e73fee2dbb9fe6b11d3831 |
| SHA256 | 1859e79a9fb7262f13192ecc61ce9af641fec5998ebcfc0ed63e619b16025664 |
| SHA512 | 14ea077eee3a639a9920f16d8e3461c4f19a26cf764abbcc4066b9b2f1a6147a9b6c1cf9ff5d4860a2bff267ddbc42e18721b8643773ac9e0453288228b4a33f |
C:\Users\Admin\AppData\Local\Temp\MkQk.exe
| MD5 | 07c3d008539a26fb886e019355694802 |
| SHA1 | bc0d6dd3659d1d86141d894ba66c76cc5a51d7c9 |
| SHA256 | 4ab283e82bd512937973001da64c10267c918344048e65d5d42b7f686da599c0 |
| SHA512 | 60c5086c485a0af01a2650003f215986962654f66da2ba3129f9aa47342cae31f13ba5ba2cee4aaf355e03e52e3e4b88e939c10b76a303ea843501b62257b27b |
C:\Users\Admin\AppData\Local\Temp\GgAU.exe
| MD5 | eaac2f12131f377a044e2063d591e787 |
| SHA1 | 8ab0d257fe5602728b8c7f464e8059a9af40211d |
| SHA256 | 12448b1a32768bbc76f75e421a108c8d005f813224f9fcae055aaf68ce1e5c6d |
| SHA512 | bc90197dce3e9af86462e9ce8677e7a13152a4731acf4a1b022f19a1d38d1b35444b2b4939ef3bed88e32c82e051f2b7c36b2f66abba6017347f9290070208b3 |
C:\Users\Admin\AppData\Local\Temp\IAck.exe
| MD5 | 7482593c8be9f3167aae0c00942bbc13 |
| SHA1 | dd1ea95376c66aa3eb1803da94d00e5f2815b878 |
| SHA256 | 904653545a1ced1b927cc53123fb15c637bd3a7ea0568ad7741a489031db1cb5 |
| SHA512 | 397ac932a7c550b70dd62e8836329212fa57af53586ed0c3ae6d143b758e5c9e47766d14e6e166f2349518322b55a858153182073b50aa59612d1bccd5737464 |
C:\Users\Admin\AppData\Local\Temp\YswE.exe
| MD5 | 045ec5f6026d183dfea05b8be2ac21fb |
| SHA1 | 74dbf48e6d8e4082caff88e7ba8154c5d0ee1776 |
| SHA256 | d8a29af943e284954b37ff464eca796eb71700cbbc4cafac48177ec900755a2b |
| SHA512 | 655a19e87c40e588ab8896fd9009d80bbed0712e7504313a30c52e2206df633a30ab8c88ba436e1b979071e6b1ccee552a37dd26693c6a85c5ebab9243fd40e8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.png.exe
| MD5 | 298ad1dae30d462a78ff51f0e37eb625 |
| SHA1 | f3642cba7e7f8fa4e109b5bcbfcaf5d859108d9a |
| SHA256 | 9496c8333870ace85e4e43670db2973a6e1da97a208222affa079d5d4cb88156 |
| SHA512 | cdbdf3a516fda89d509b17f365d15e5d7be4b95f1f06fc9f3d2a01d9e370ddacaa7efa61b9bae813813d3b2d4c7d6889416014b673e68212c0ab728023208b91 |
C:\Users\Admin\AppData\Local\Temp\cIgm.exe
| MD5 | fff07dd1aebc66f41f8f47e9a36f596e |
| SHA1 | 48156b184698fc11b72019657adb9d2555e48849 |
| SHA256 | 093b6cce46eec80782732c42643e66b002f156d0cc7d014c32f58600275a6e5d |
| SHA512 | 68cc5a58ecd17cedc0d1c4536a395f98b79b5a96078d9220cdedce2a07684eee080d1743a7697c9d54e8bf2d42ee0b8bb3a3446e8cbeb0ebefc288d2e3f7ef82 |
C:\Users\Admin\AppData\Local\Temp\AEMo.exe
| MD5 | 26a296287542136b08aa5c68a2251abd |
| SHA1 | 722d14f365bbf500b72689f05f1b3f3c3635239d |
| SHA256 | c57997b5793ee8338ffd4dae42aa397912fe74d085c98602d336bcfdb4711dec |
| SHA512 | c0355b27f7a41c5dac08ef0a5ab9c405804b9029016f7372b358d97d424b5be4f16ef87b16e7850f6ead364a239aa4629c1c262fec4c3c3be9ff36c74e053bec |
C:\Users\Admin\AppData\Local\Temp\eMYS.exe
| MD5 | b009fa85ea73d522b855db4a4915a354 |
| SHA1 | 43c3fce9f8fea2faf3f915002cd733a16e88e9b3 |
| SHA256 | a89ea025b74c2598ed923b7e148b0edc11bac3d6c853aa337207e5564266cdd4 |
| SHA512 | 5106de81e2082bb79099f251497e926f31f71216d37f63c49ffa0a258b727a5cbbe9ee3b6882f47edb7604bff2ea6af35f289471f63e74555dc7da683511eda1 |
C:\Users\Admin\AppData\Local\Temp\QkoU.exe
| MD5 | b2d1a595cd270185fa9dd7758a03583b |
| SHA1 | 876f548e6d49a2172a0643e21291202b52b2d7c9 |
| SHA256 | 3a22944554de7e5629878c1364d61987ee1f1ad9d546f007b38627aeed322a75 |
| SHA512 | b2923874314077dfae1624c3565697aab995cc44cb240f826bffe041cac7471e705ecadb0bc0cde802aa3256ae6e8a1eae5924accc3fe9c5b62e8cadbe05b7aa |
C:\Users\Admin\AppData\Local\Temp\moQg.exe
| MD5 | acbeb84d28253ded8109bbcba85ba70d |
| SHA1 | b7917c6434f66d27b3909cfad189017a6c9b8bea |
| SHA256 | a27d4889e8852468998818a4a3f0f4278338a0eb9d96ebf7f340d901a5fb043a |
| SHA512 | c76df357a8004c31d1d7ead631dd31cea2c5fa1e0ab040a550fab76f9a258486926ee5ae6e8e8a702a50934a5e082e7a302d6ec46baf9034e13603a8e473dd9c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 0dd21e16686e8a08e3625a2485e8ec1c |
| SHA1 | d8f97d855d9615e5d00bb802d95a8dad42043854 |
| SHA256 | 7a85be859542a8711f4f24d8c6d2ad0c2606918c5d9c262d795e37ed8ecbced1 |
| SHA512 | 9274b56ba132784b467001c9e3928787bdcb02b0888115ecd12f57f755ec17e8790463a106c2fa786ea1c96c1ff735b5b9252509db033729f9bcded6b124f57a |
C:\Users\Admin\AppData\Local\Temp\qkUs.exe
| MD5 | 51855fb6f80bbc3cc49be7983a33e3e0 |
| SHA1 | b0933c78ee8515a9dda68b8a7440e3f9221d6c6d |
| SHA256 | de0e94f9362162a6bcae1ae065e069f081a5a50c4c97cd1ffded7c4af3dde85c |
| SHA512 | a22eb8c2a23a2190015f273b9592b61ff8ac7febd5399516ab8acf07d3415eca50fbc3e7c79edc85c25f24efa70de6181e29aa28b31309ebb571abc06fa5079f |
C:\Users\Admin\AppData\Local\Temp\qEII.exe
| MD5 | 7ecca293b8726ad7b1ff462ae626e2ae |
| SHA1 | 6b01085285df4f2a585c5040bf0e29e77b502f95 |
| SHA256 | bae5f9de8965f89841dab2939625d93acdb1fdf04e65a5074ddcc488956ca18a |
| SHA512 | 9e8eebe678a720d210b9493df62d27dcf270bdccc604d8dc8adbc9bebed016e177a7f2cceab6a7975469798fbf00a316767a9638cf616df83e9a4992deacc9b5 |
C:\Users\Admin\AppData\Local\Temp\msYs.exe
| MD5 | 3c6e805b1de3d79dfab4e9949180749c |
| SHA1 | c6fcef11adcd943ea83fa3958748095127f92e96 |
| SHA256 | 1e347af34df84feb56c2741d89280979448124714f5ba53abbf0c83878d70c72 |
| SHA512 | 293e111f5ded8fe890da98f92afcb7eeebe0878e2bdf25c8fc5fefafd7133fb373059eeedb3cf9f9f8e37eec2f3f066abbecbe1cb8125da85dc667742b3d1653 |
C:\Users\Admin\AppData\Local\Temp\mgwO.exe
| MD5 | da9846be95e2c1e8ed4fd5200d566b72 |
| SHA1 | 60b4b0c5c881abe6bc5622a720f7a7fb0bd1ecb5 |
| SHA256 | 1846fdc0d07e4bab22770145b3ff5e29fe29644cc1078bd9bc30015918d6c976 |
| SHA512 | 0fc81aeacb14c57a9ce65ce098079eb65aa6066b9faaa9770c58fa63bc5cb50ad8269e511e1a70c77f65c51639ee71f92a34503de274ac47083f8570af082e37 |
C:\Users\Admin\AppData\Local\Temp\WAws.exe
| MD5 | 45f898b43f1c4389d450c15488e6ce8a |
| SHA1 | 52eb832de873fa5b0da1fb1395122307a625da97 |
| SHA256 | ff5a12b40b1c7bea320fec65389b75d9dc1092f77a10a87f07e3e6812a1d0bc6 |
| SHA512 | d35c5a12b188c00041a83a15cef5116da5787959238adb589f0ff708ca4d51694636966ec7a75380c1d056bc4f175256b76369c3b5352c020bfe832add76fca0 |
C:\Users\Admin\AppData\Local\Temp\eEgW.exe
| MD5 | b2bbf7303a61132c98cd1047a76cc128 |
| SHA1 | a6939b081aa528cc12b131d6493f4b39e49d491c |
| SHA256 | da255e71d5d82e3d9236599d9c3850ea2d64e47dd39f41ddfc48f452bf359661 |
| SHA512 | 3c8f23076725584fbfbc805c187d70de675e2b51d859ce0b2c4624e6cd72a717bb4d7cd33c7ac43ec0d4ba837b882e68b48c9772c787604a7662dfff2f59538d |
C:\Users\Admin\AppData\Local\Temp\GsYM.exe
| MD5 | 200d540b8a494366037c7aa613d214f6 |
| SHA1 | 0adc3e3d9afe997469dd2ecea07ce63d2ac2abf4 |
| SHA256 | 10b4709b89d5acae256f579856035048eb14b6412863145a18fdb4be8e0ecfe2 |
| SHA512 | cddbbffaf89bf47450e2fb2c98daee69c4ce9881ce794b5c8a6b70b13d82dbdc8284078c38a7a7e0c0191db4e82fc2b9fe49f41b02578a92946e8f0cc12aac1c |
C:\Users\Admin\AppData\Local\Temp\eEUa.exe
| MD5 | 9eb9b94ce8088e9c0819045cda20110e |
| SHA1 | 665fdd464e980bdf4ed0de03544e6fe1d7779ba7 |
| SHA256 | be66b5e4df9bdae67377904d728955f1add68434ba0b2a67f0471520a0fbe7eb |
| SHA512 | b461c78ac16cf07b06f1bebd7cfe9dedcf72b79b4201717876139f2534a89411a4d34065ef99380d8feb6da49f96f8d12d3745c8f256f86241face60ea144aec |
C:\Users\Admin\AppData\Local\Temp\aQUk.exe
| MD5 | def45ab65da6d4cecafa26d41b50eef1 |
| SHA1 | c8159d481e4f941d678c6cf63c032325c01df535 |
| SHA256 | fa7f78d00bab7f6b2e0efe031ae1a8c96754e5e285ccb4d56964cf09b8a4e2ec |
| SHA512 | 0b37a8760dc49bf6c64933dc06d6281124de63e8144f4f9038c29d5a0c80f38c4c6da0ad87b6bd0df05a74547c6be7c58b59025c3528e3d5c5cbb8af900db5ac |
C:\Users\Admin\AppData\Local\Temp\EQEs.exe
| MD5 | ef29f5e5b98cbbbf2017b9fd34b29710 |
| SHA1 | f3079da138028d95475c78b7fe1227208496f07b |
| SHA256 | cc39bb336c93abe4da690da4f347ec601e3e27b6a5e36c564fc5c495cf0b2806 |
| SHA512 | 14531fb65814a4472c2c9b5eae9c149fee2ff24f796fd23585b2ff92e1904840b10764105c61f5bd99beba79e966062aba992d0dae0b36a57df7475b41c17cf9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png.exe
| MD5 | 5bea15032cf2060d764d6d1ccdbc045e |
| SHA1 | 7e4ab06fefea3b18f8356da206b34d6aa80792f7 |
| SHA256 | 0a775308d52cff345dc7819e4f7068e518fe729f0cb3c278b197a0a78e26130d |
| SHA512 | 35c0b654ee9b69e469b9d08ad687da3102e91c578665d8b9dc0da504e82f3b9ff7d1526f70eba5ed44b81b069e7c895a0d27feb2bcbed94744871393671e831f |
C:\Users\Admin\AppData\Local\Temp\SgQA.exe
| MD5 | b360c922516ec4b277a6b2bca64afdcf |
| SHA1 | 4ea8a65f83396243f91dbf1c7ae8c39a9c19dcae |
| SHA256 | 63cfb9b9b6738f9eeb57d3887ecb900faf34305edcb76499025b67149ca88ebc |
| SHA512 | 8e460579649d36a97987e9febaf75a7e648636a5ac2bfb2be22521641772481397788a90e05fefe1644baa679ce3282db52022f565ae6de469e275824c3180ff |
C:\Users\Admin\AppData\Local\Temp\yEEi.exe
| MD5 | 61b1b46645a7aefa158f507560a438c3 |
| SHA1 | 895541cd99559cd6b60b62dc61cd4d2368d1f475 |
| SHA256 | 279dbe1a0d7a01e6b5801f89cc339267ff273b10f0fd78a98577bbcfd04427c4 |
| SHA512 | b745f7761deb3f8be4a552c455e021c7da7bb8daa0d084746f7b353db19a555fc44ae45ca66ca80fb4ec7601abf2d1d29f41e736fa384c59ba01441db881e36b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.exe
| MD5 | 642c18a1ac12c1d58be309e5e766af48 |
| SHA1 | 0e9dfbc27d5a3cd02523ae6c7552552eadcf8a93 |
| SHA256 | fffd257eb17a56ea7ca35e3610919666d8f86cae7a77a0976a13545f98a00593 |
| SHA512 | 3eb749de653f2c394cb12b7230bd666564042c5df7b5170aafee242a2ac0e720fcc21e1ea8c83ae740102b978bf4530a969d928a4d2375b5c5794971841fa487 |
C:\Users\Admin\AppData\Local\Temp\OkEq.exe
| MD5 | cedfab39b5a14b3691215db29625280e |
| SHA1 | e6e08bd12e35a44302c67d1ccbea4ec98b356d8f |
| SHA256 | e128bd5d956de9e95314387854132f4d7734ac3f07fecac38a63f92da14a027a |
| SHA512 | aaa0c99f8ba6a293e1d58613dd8d3d575b8f8e62793e7481a77b083255c9d0238e73b43366f526406366c07b757df0bf61ff07aae96f98456c808411717c1c0c |
C:\Users\Admin\AppData\Local\Temp\EIgO.exe
| MD5 | 7e7a3222d7e839b6db06ce1962b9b44a |
| SHA1 | 3598593df43c5da7034b37be59f69914da650bf0 |
| SHA256 | 8d957feab10d77692c3b603bcddfaa3699e6d00f87e6cbeeb6175a168ae13036 |
| SHA512 | 8a44dc8f9731d03ea3a2ed92631d247554800579987090a3ea174acd7b7933e24785a5985137040b3bc31bcf914d70ed50595247df0860ac5dccde4ec78d937a |
C:\Users\Admin\AppData\Local\Temp\qIow.exe
| MD5 | 66d29e279a34d9ae17deb86424f9ab64 |
| SHA1 | 3d5a80b11bd60f579b7dbd933beba8791a314247 |
| SHA256 | cd2d128406aa4e49b52922b8355b59b007ff1720124e6eb597e0e6b2d04b2d53 |
| SHA512 | ecef39e12a115b7c6627d9fc49e3e3064b94746258febc5c4fdf646141dcb56c1a33e8250edd2f68a7411886dc0a88b0b5ae5edc865bb1e92fceb48e9aa3fbda |
C:\Users\Admin\AppData\Local\Temp\yEkm.exe
| MD5 | d0697ae2fd72ed373b4c1335c1b5491d |
| SHA1 | 5e0e95bec4dbcaaa353805aa75bd039f2434338b |
| SHA256 | 36fe0df3cd149220769201c8f5be7ee8fdae5d06db2c79273acef6498da4244d |
| SHA512 | fb7da78dfe441f2145e26fcc8f948507b83862cb548ef631dfcd1019aae061d3438fd5452777b2ae7b122d69191b3383ba29f5b83cc981764b4103a7cb6eb864 |
C:\Users\Admin\AppData\Local\Temp\Qgks.exe
| MD5 | 1da61b46db66cf56087e0a5a6e9757d3 |
| SHA1 | a985cc3551c0df8f2bb63d739ba180e1bf2a9e47 |
| SHA256 | 65d9cdfdd3e391ac1a5c26cf8445d140b32db52c7e8297c80a7c086454c414a1 |
| SHA512 | 4a626d6fea732c97c71f2617697594fca3e0f5e46fd5995b5af777110fa89bd1c6d0b16929626ccae4cf41abb6624df25068a9de4ab9b116fc24a193026caccd |
C:\Users\Admin\AppData\Local\Temp\MUIi.exe
| MD5 | cfeab2a0d661446edd6a583b29d4f382 |
| SHA1 | b5957027da4b62d7ba54c33ad3c1f0c014bda72d |
| SHA256 | 9221cd33aca765f12a6fe100322d3eadb3997da1286109737d16aa004a994d62 |
| SHA512 | abaace130f8ba8afca5f9313ca70ec78934dffe335eebb8d6f9f026244099514484deeb97878b16ab5222b4dbbf7d7a921b50bca0547ddad2f57adc5f0584d6e |
C:\Users\Admin\AppData\Local\Temp\UEsk.exe
| MD5 | 583757419b551bfc1769ce8df6d35c6a |
| SHA1 | edee7910b40fe7f3f11422ae07f0945b91a859ea |
| SHA256 | 80cf0d7cfd0c4c4ab0edab48ecb3991367448c75042e223ead58f97f98900e47 |
| SHA512 | dedf04de734088c70f00e293379c47711b6873f133cabe9b0e62f0dbff58163316aeafadca18d1ce0d7cc3cc0e0ff7fd21a2eded5a784ffca2408a5982baf72b |
C:\Users\Admin\AppData\Local\Temp\uwEA.exe
| MD5 | 277061f6191577cde13ba2bc8cf75c5c |
| SHA1 | c3b4bbf86c7eea35ef530eaf1b3f34c4244743a2 |
| SHA256 | ad1cba818e49ed50a6b1b81e76f2c7d8bb4a1661a2ffb8113b8f8073da27177e |
| SHA512 | 39370affb47757d7b0fea6d90f252cefd484267176cd9ca5c0c62ea02554b3cf46e0b4c47f964277e8fc5534d43b0453e01d5ded980898f6bbc54e014eb5e910 |
C:\Users\Admin\AppData\Local\Temp\QoMW.exe
| MD5 | bb324eef46ccb968b3926dd84a1caa13 |
| SHA1 | 7b1f896bf82837977143b92774e404076f38f2c1 |
| SHA256 | 0a7fd14b0161fbb63d89937926376f28250999c8f889ff12d8568d8d68acd644 |
| SHA512 | ef6e9c70f4f46dd9cb90b4f83e1b64199eb436e8fc18e85371831df604d13e94226b82d988594b49963f331146d8c9766b1e36edfdf8fcc1c737bdecb9290e1d |
C:\Users\Admin\AppData\Local\Temp\gEQg.exe
| MD5 | 7b7fcd58ed70fc9f57560794286f6779 |
| SHA1 | 1ce2cd0b73c0ac7da0682bb4ca4a1b4e781a5e05 |
| SHA256 | 1485f498ee6a6c954cd8106b1514e37996eea688753c0c419e0e6777e9f6e414 |
| SHA512 | 5b809fd9c3323dd91d50e696a52d78393965a8c276062423df3650520c169f1068e7f90601e074d01cc76ae6490f6415cdb82ebb6b1a7b9ea7e05fef4b821598 |
C:\Users\Admin\AppData\Local\Temp\aEQQ.exe
| MD5 | e94113ea87adf53e7413f531e6509bfd |
| SHA1 | 841b3a0afed924ce6d27c3a8736b524629477c8f |
| SHA256 | 4875cf77169f4751d83a35807fe625eaf1a0df2e08197d89971690e8b12a9259 |
| SHA512 | 863898111a61a8ab4623c6fe85425808ff0594cc37fbffa7252726e76772c6ff531515c3ee8df0f4f318d17f50efcc6a6512e9320e61469a3a67d34fa943cc4a |
C:\Users\Admin\AppData\Local\Temp\Qooo.exe
| MD5 | 8522c59ce9f3740f2f45f74223566b8d |
| SHA1 | 37de98bb9eb6ecc980fd1207ab0e244c88e481f3 |
| SHA256 | 734f7ff89e588c22162a938a2e0f6af0e8f818ff07bfc8a57a10ddea4e1a8020 |
| SHA512 | 39aa2cb9a0ea65d594ccec80b909e3986422d3cc5ab1d372b6680c313c6d74b5ad7f4e729682ce862ccf2f41a11bc03f15e39ba495df293df86cb5ec0f597509 |
C:\Users\Admin\AppData\Local\Temp\kMUQ.exe
| MD5 | 43254291c630183393737a4a12c20384 |
| SHA1 | ef4717421e5f48c81fe6e6a0d55d84951ade463c |
| SHA256 | 4dce72cefa83f2c6be738b645d11903b5039375bab0d17a44a24c934aa159536 |
| SHA512 | b8541a3fb578c632d26e56fc95277636b5726a6fa46631b97f829f9cfa0390beeb0e629da0bc240cf5c6a37bcb207314c0c888b8eec27ff128fb4d62ccdcffc2 |
C:\Users\Admin\AppData\Local\Temp\iUYw.exe
| MD5 | b0ebde41aa07e108e2e448269393079e |
| SHA1 | 84da56a1de10bc668db4173ffad088cf7b041fd8 |
| SHA256 | 900b611a024ebc9b65a14c18aee57bd5fa4ef0a9a09efc0846188ec44602a90c |
| SHA512 | 452fd77065fd6d8dc48467d4be4dd53ef5c38a61260516196d469346652e6354e76f3d2d600c63f3c2b74f8091115839101a6314ba331350f2462db32d5a5f96 |
C:\Users\Admin\AppData\Local\Temp\YAcE.exe
| MD5 | 34fa640c98c592f897dea314337831b9 |
| SHA1 | ecbbdd3706b33058251afb0d6b593d0f57a7ef4d |
| SHA256 | c37f5a9fb93158a5bfdad940bf5dac9dca0e3530da3e4a28b884b92f2b9e0fcb |
| SHA512 | ccfc518fefce901cc2329d3a4321bce756acfd81cd238733420b09f28990355c0eca737d74485f022ed130dfd7acc439799aef3c2a55ff7c8ff48afc0476d728 |
C:\Users\Admin\AppData\Local\Temp\AAgE.exe
| MD5 | 781ff1ddf087998cc0936d2b9d94206d |
| SHA1 | 551d883a38cc85eedf2e6ad2690ef7de9946c3d4 |
| SHA256 | 0cacafd0363af4984c3c846ea46b7bca90fb60cff38619656d032578b77185ae |
| SHA512 | 953cf5fdfc36c34220be0a983c6bc4cc056f109e0f161fdccb79cdf35ed73d9f808200915ce98981205c3d13f3167ab07fbad17f22426e9f140b627f29f366f9 |
C:\Users\Admin\AppData\Local\Temp\yMow.exe
| MD5 | 3ee07fd3935a7c51c792144e1f7096c2 |
| SHA1 | 47867a11da8658fc4bc0fcdd3f1a9c59b5adc0ec |
| SHA256 | 78abac08d4a54819c490f1ed698934eccf3d2054cc7fc5a5ee898b6d722446ef |
| SHA512 | 900e3d342fb4c8a4a390a77bf25d462db9b575552a4700775341d07cbb716827bf115d365430027201210663895fb33768ba054741c70ea2f637874fd526cfa7 |
C:\Users\Admin\AppData\Local\Temp\EsAe.exe
| MD5 | 2b86c3ba5d52960dfff8b0f5b130da45 |
| SHA1 | acb4f0765f138d63371a9fdf35d936e01f1e84b2 |
| SHA256 | c3583e17c236e0300e2d4450965fb170d22549be4c84ba2943e77386d83bd174 |
| SHA512 | 048e76925e8141689ec64bc623e7ffde2f3311f8cbc905cfedd6d764b55d91dc151f4e708c794252d90fc00dae3108add0db647bbd72cf0c15ecdb9d25cf34d1 |
C:\Users\Admin\AppData\Local\Temp\AwMy.exe
| MD5 | 06d1350e3743ece5c496ce6c5c0029f6 |
| SHA1 | 7efe461dde8da6def5e9d8ada8e2cac0ec86d01e |
| SHA256 | 445c5235b755643b8f3ea9e4651a9ebf189aa1df577201807d5a7db8240562ff |
| SHA512 | e635b7a4fdc57752bbd09430ae5029afb83bc6c71dc60151880927fd4e0b9ed6a5b29091a2d215482072017e0e8fa97b0ac7fdaca6fed5d63d155774f32f89c5 |
C:\Users\Admin\AppData\Local\Temp\SQoU.exe
| MD5 | b80ebc22ffeeed5b7e71ee9bbbebc3c8 |
| SHA1 | a1012bb5ec7fb7d358b6d67150a1bcb9c7722823 |
| SHA256 | 1168101a9fc88c2ef77bce87a950ed3a97897c770f4409529b8934947bed4e6f |
| SHA512 | 6e75a51fc414ca445b2a827d3244cc3e560484ac47e22d04345ebbe2a2f37d0cc8e16f97dcf9dc6b527c216006893000a05d9ace6092f127f266bb1657e82f6d |
C:\Users\Admin\AppData\Local\Temp\SAwI.exe
| MD5 | 2a6223e2b38f1bd6e6bc456bd670792b |
| SHA1 | b02c926dfb932961367393555d4e5038096e352e |
| SHA256 | 26e2f1d44100bf0e0229831dea7457bc988e5341668304dbe3cb24f0b98e874a |
| SHA512 | 2f7dd1d10fdbdd5a5b7cd42aff7b5033bffda321140f1ce59fcd30fef9a79e2aaf05c25d1213cc2d004411fc6c73944709d9045b55e8ac85e99fbffe63a71e51 |
C:\Users\Admin\AppData\Local\Temp\Ossk.exe
| MD5 | 17d01fabeeeabfa9ec414c4c8f7fd52f |
| SHA1 | 86ac38e49c55916728b7237d8ec783cb88cfdc39 |
| SHA256 | b784cb8c4b552e62d0167b36c23bd9e408166bcd198082a65dbaccc6e1c12f85 |
| SHA512 | 1ba5343ead4a872036fa0e81c8b628b202dbf2e99d125897cbb44876fe1265f23caa9f8251b619077615529279274fc3225a1abb285bedcf7fce1f7f62bf915c |
C:\Users\Admin\AppData\Local\Temp\yQkI.exe
| MD5 | ba720939e48bae638a2879c1a4065c33 |
| SHA1 | c4dfce685dda4d72e25bf5ae355e828e5cbc712a |
| SHA256 | f24319b6ed1720888f4615dcf8222a820c7a22b94b0b2764f1892b952687138d |
| SHA512 | 1eef819cdf2ba00304a7791fcbd282b315985c553ce38f7fc14ccc77b5db424cf5aec73eb41ee736e31725db94cb09e22f7a7205e241b89e304366ae6e895382 |
C:\Users\Admin\AppData\Local\Temp\YMUi.exe
| MD5 | 1306359d8b7d2fdbe77ee15ec5aac2ad |
| SHA1 | 8b392e25bfd61992c292720169120c6866dc4ce2 |
| SHA256 | ce078d219f70593a68e4fee9a34723261a9d4f7e13111ab1607d348ad207d7b7 |
| SHA512 | 36b32d56c551b572920dd7fb1a42a6e47f8513719f0ac428cedd6b746572a187083dbd1c91cf60a7c464a92bd481115f2dd8526a381fc1324f61457911e158ab |
C:\Users\Admin\AppData\Local\Temp\iMQU.exe
| MD5 | f72261f600d785ab44f1cfd8a93b12c8 |
| SHA1 | be6ba21dc9edc86ab7991a33fe6c019d94b50c74 |
| SHA256 | 20070de5e192f340a79d32223f96c59ae6dec934287516406b0d4a0bd553208a |
| SHA512 | 3f4b072f7b6e05fce69a2a8c62c73776d00e5c4f36334fe98088e0d2fd7f574d6d61eb9e94b38663c0be02f04dc314ac9b7bf78d598408329e138d9eaad87c12 |
C:\Users\Admin\AppData\Local\Temp\AQgo.exe
| MD5 | 266c2fd61443ed71b057f570e3418d6e |
| SHA1 | d1fd4b332a5b7e38de4674a31170bd0916619055 |
| SHA256 | 3f627cb0fa99c702962be2fde851f24ba289e9ed8b9c8c43d58f187e3d34baf7 |
| SHA512 | 8cafc667b19e7dfec3686b4187472961b81b98985439f4818b516f6abacb004605471e0675945a4433b1cdd68a237e40ec47af8e027210baefb43c7461c401d8 |
C:\Users\Admin\AppData\Local\Temp\WUYs.exe
| MD5 | 0126f05c5d0d2f7a4eb8c64355145ca1 |
| SHA1 | bdcf1748ab9be825408e4ddb38ce0a942710b1b1 |
| SHA256 | f30d02e8692aa06efd386de67fc9107eb545f0a41cf9132c05c4eec793cf75d5 |
| SHA512 | 20205d836368502d9fb0d9a4be3edba4dfe2cc0ff959fb51eb534492896aafc4193424ffc71b2cc5415cb3806869192295697021e193a35888a08be18a1ca533 |
C:\Users\Admin\AppData\Local\Temp\iEkA.exe
| MD5 | ed48cffd6ea0887d3d5bd27ff5e1b894 |
| SHA1 | 2cbdd87bd707d2bb33d7b7e3c9f2518755a3d635 |
| SHA256 | c02b653758d3c03a9ddb28465450982d0fd5ff0c56d9b2b0cb25a2d8166bff1c |
| SHA512 | 44855ed25381d4b6842f5583c01cb581ba58a04bef5b5fd6129f8f50833bea03c8624efb566f4a691839b849c62395b9d1bb4ffa7219f4bdcb50baa0e0fb9da7 |
C:\Users\Admin\AppData\Local\Temp\WIgO.exe
| MD5 | c15a7415431f0ed18fff5c1cda87904c |
| SHA1 | 7c19241dff356440accabd2349c70e2155598db3 |
| SHA256 | 5804f09cfebc7e47a5328b13e5844915ad58420cf4e82c451c7cfbbcd64f27af |
| SHA512 | 79fa3b8766c3bd1ffd2fba787cd4c9c72619b73fb35c90dc0a9057653fa653abfde5da03758700d54d193cd46beec42f0603753de58164d2e2c2e27a002837bb |
C:\Users\Admin\AppData\Local\Temp\EwAk.exe
| MD5 | 285470a302f8fd659ea34118622fb046 |
| SHA1 | c4a6e86c01fa2f6200007f1965bd1a7f4d11073b |
| SHA256 | 906e9faf473152792d34da40277ec9a17dbc6531a0f8a2d45cf8e689b16acfdb |
| SHA512 | 3ba8e912547e806b26ecca4392d7dab5615c4528924f615ac687d4a1b0df1ee9557abb87a1b8fa7f745c227679d1951984410f4f4fff669aa1142239a2415992 |
C:\Users\Admin\AppData\Local\Temp\sgAc.exe
| MD5 | fab4422f63002a0123177bb5fc51ec9a |
| SHA1 | 660e4382250b0630c83a22b1c674dd7f16547af8 |
| SHA256 | 87923229d3d9cba28be2b345373f6b1c85c465dfc66ded04058be76f2b2a399a |
| SHA512 | dbef1205989a549f4526a5d725f7584f9a7ea4e78799332b945243e467119058d6c298e4e799d4bfe9220b72cbc590e0d6e4ee3f783caa9be1514103b6cbc8ca |
C:\Users\Admin\AppData\Local\Temp\wMca.exe
| MD5 | 49e4ad977c9ea03f8bb202ce19478a78 |
| SHA1 | 80b0eff0653aba6932cd532fc253b5b5686a628c |
| SHA256 | a7332b1e333ee999b000f1ac0f379938e1cca6d37b8440d74009ebd00db777ce |
| SHA512 | 77bb86d4ab7bac41b58a7b824c200007cff0f28156b629f538b2b17af52da3f52e62610e40ac359224e4cb5da128c216233b97ab858e0a99b32218d017882f68 |
C:\Users\Admin\AppData\Local\Temp\issS.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\eEwQ.exe
| MD5 | a24e625400ed0623665452be7f72bddb |
| SHA1 | 636bf87926bc09fe2cfa0d8400942584fa6606e0 |
| SHA256 | 785006b9938b3e016e1fb56240004e0a98ebf8436f8c204127b780416df2295a |
| SHA512 | f5639fd9b7be61b2c10b4da239fa3894cc9b7f60635035a632ce2fe47388eea21917dd49dc4df293e9b48cd9224ace69827858b227f00d55abc9b8d676ed6eaa |
C:\Users\Admin\AppData\Local\Temp\AokI.exe
| MD5 | d06d3b9c99f60ff920513d35da4454aa |
| SHA1 | bbc35c1ea23c018e3be5e2a7e7dc7a4295aea837 |
| SHA256 | 3e203d046050df218bf05a94619352b13dacc6bb63a7a4f11243323988031a50 |
| SHA512 | 7970486e4ab3e1cdce59fd6eee3fa62310e461cc141e87c5f2f82098a75424f614052e457143bd28228eea2c2fbd8c8a0a97ef3c689d629700757cfceaaa612b |
C:\Users\Admin\AppData\Local\Temp\usYa.exe
| MD5 | 55d4c260b3ebac9282f4332cdaf15f44 |
| SHA1 | 8bb8514d0cfda744d182e010f41155bc7f634543 |
| SHA256 | 75ac47ffebd81cc0b8b392ab10071b7b23be678affdf44faba2a5ac3885d0737 |
| SHA512 | b219a1d7d3eefcc98003c4bd1d7960c284f966de3254f7cdd25fd3f44166f3fa0d8d583f4b4a8603272bd3fccdf7834c1bb4cd12d12306293d083559f82f1146 |
C:\Users\Admin\AppData\Local\Temp\aQEm.exe
| MD5 | 7b68fd4f348e6fc2438a8b58f923cff9 |
| SHA1 | e01e784931a55e016244891f6818811a0649fe76 |
| SHA256 | f9355fab8f1b231962c78feb8c48bb96a8f4458343b9e2118dfbfa0dfcf03599 |
| SHA512 | f0566e209c3b141156d0b2410e005ab80f044def4a5eafb6e54cca137afc3795a19c3227aacbce73799a74822d1089377f7babe970b588e2109750f4ee23ed86 |
C:\Users\Admin\AppData\Local\Temp\gMkK.exe
| MD5 | 842e57a2693b5505df997ecdadb61bea |
| SHA1 | 809a578f98dc3e6087bfe65973a0b1930e45509f |
| SHA256 | 860db490954ad14199362ced6a7bfdc8c6949ad9fe98344bb678fb3da79667e0 |
| SHA512 | ab617aa590e01c9e306a388df310cb0df0230ae07f9e3a9f08797fe7517606b4fee84e410ef878afae2e7bb4d6e74b847946b123142935519b099bc2adf8de17 |
C:\Users\Admin\AppData\Local\Temp\Skgm.exe
| MD5 | cec46eeb6fc63dda91c0d0800af1be84 |
| SHA1 | eb32743c74aae2a8f151c93f72dc30f17253ea47 |
| SHA256 | 7267c75beb386209cd8c441f38ad821bb7c0e884d2e5d3751c5eaae5151a8ae8 |
| SHA512 | 93bb23de3fc2516af91f73c49e897bac2c5473ac4a8b77b2620ae0e86b23b31ce372e714325d67b5a1d85ea9fa393eb3fd8ad2831329bc99c6386bfb6b55ef50 |
C:\Users\Admin\AppData\Local\Temp\MEwk.exe
| MD5 | 783db7872e82879d24806acc72a3b3e0 |
| SHA1 | 009a1c38616d30d5d35f486802de129d065b6aee |
| SHA256 | 662a7a4e1859002451d373dd0657b7aaa4f225c7fe99115d4a539cc88c48207d |
| SHA512 | 66f8427c86e5ed3c847c59c49d56fafd44350643d867ec37e57bf17786599a9714b358de93acc2d9ec01a9c32fd110a978a0fbfc3826f9a68a387d4f05a14403 |
C:\Users\Admin\AppData\Local\Temp\KIsU.exe
| MD5 | 4e8a9865c298a65328113916851d1c1f |
| SHA1 | 025c6f295f54e5b0e724854bfeebdc2b1efab7d2 |
| SHA256 | 3966e18ec0306883fa2c15bbef731a2f6727d27a801a262b6a03790f449acd65 |
| SHA512 | 1ef0ec171627fa7d37ec5e7f5cfea188b969f21172e9f787d22648cf0b4288860b5e7247b903ae6ca771308cebe6edfd5c1e892ea18b0ade208fb716b4696ae3 |
C:\Users\Admin\AppData\Local\Temp\ykMc.exe
| MD5 | 8f2b4fb5e9f8bb0ba1314caa6db7c5fe |
| SHA1 | 6e72cf474f47de08eb8d7a183625485a87a70769 |
| SHA256 | 2e522cd7356d6087a81af6945e740482ad66c4729f35cc21b10e001e4a300e55 |
| SHA512 | 1254457f46fe01aacd9fc3e058ee638985b3c9c50a043350ffc659759ce3ab2f66bc86f6a3fe2918e076fd4967fe32602ee3dd6c46cefda41791ad1919ed55e8 |
C:\Users\Admin\AppData\Local\Temp\skEY.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\uMAG.exe
| MD5 | 22c2985403f72e24489a3a4a3dac422d |
| SHA1 | 9e0c4ef71ddeccf204899a516743040b2702827e |
| SHA256 | 8b57d058935843df3f2f1a48b2b2e27722369230cad549a256d0f2d3f81fb573 |
| SHA512 | 59c1e0b796ec2b8b8cdedf4e64f5e3f4ebe1534058bc11fdf75d6667b259a374beedf49ad123b4fb969948ed5d24c8e3173d4a94f1c10d749da559d0b4991392 |
C:\Users\Admin\AppData\Local\Temp\yAkU.exe
| MD5 | aae8f35f3bedb04df018873093913254 |
| SHA1 | 4074310500a149634e683d420c2dba5e1d485645 |
| SHA256 | 02628353b9fff40caf8c593aa7a0c7a2f42d0e4b4ecbd1c477b6c103bca034c9 |
| SHA512 | 94b72bcc446e65f801f9b16a93b413f857941e3cef382aba69250f90249b811e7c2cf3e3d5535a3e1694c9f9f56d703e5443f74f5617de2b6f51d421f685e1a2 |
C:\Users\Admin\AppData\Local\Temp\WUwY.exe
| MD5 | ed73e164f301a29205be922b62f4b335 |
| SHA1 | 3af94f42530aeaef142d32f739030b080749d12d |
| SHA256 | 0a0c3bdc0e5220a7fb45b136927967be0483c7e7a9161cf432c7bf8e7d81ee71 |
| SHA512 | e96aacc79787e6b48dc67e184fe28912409a4443739dd5782189ff3f7ee0024fb6bc2efa7909be47e3f3804cc56f2b889de18fd086fbeea90aa0aa6dbbb0c65b |
C:\Users\Admin\AppData\Local\Temp\SAcO.exe
| MD5 | 153ba6badaa5304164f9ebbee9f11467 |
| SHA1 | bbcac95a76c30fb9dff91dc4c9c48b1bc678dd65 |
| SHA256 | 1c02f6cecf42f136ccc5d62943728989ba3522f7c3a005bcc9276117288011cd |
| SHA512 | 57bead55650ff38c33ecd5c77e57660d7a86538e78802d888d207dba9891ca12c41a2e474cde607a0a6340ba99912dbbaacffd6c7350d5e6482f89cf5f45cce8 |
C:\Users\Admin\AppData\Local\Temp\UIos.exe
| MD5 | c1c6814de2da4ff71f6a8e5c7e106cd5 |
| SHA1 | c86d742b0754acb0a994c1febafb30fc7793fcf0 |
| SHA256 | c8e5b080dc4d21e703ce36f2b0ed622d72fd3461e6ff532bc5ad0c8461e34b27 |
| SHA512 | b5cb15c5233cf2dbb4840f0326646286abba3512cb3809013fcf12e43ad114d314577e0af5e63fc7e61da91578ed992e1fccdb9571b2ad5933c52842c3378819 |
C:\Users\Admin\AppData\Local\Temp\ogwy.exe
| MD5 | 181eaea9cd9a3759436d576b743b6e9d |
| SHA1 | dabf0034f3b540e6f2caddf8d88ae3a0acb07c2b |
| SHA256 | a28baa0c718d4f1110b8aaaf3aa90de2bebd28bdf302478a944ed44965bb91cf |
| SHA512 | 362937332f6f62b875988ccf7a2b785de466df1f0d50680f06187599ae357f53bccfb3fea33b947e0170b298b014bd4acd12169e6cf98ff2a4acda23b252ca39 |
C:\Users\Admin\AppData\Local\Temp\mMAE.exe
| MD5 | 845ac4713318c8f532f1947f610ca063 |
| SHA1 | f62eb3cef957c17525137b31488adf52295252fb |
| SHA256 | 810a7df6e806fc7b18fdcc2ae8a7a8d4e71258d8dff67cf4614c1c323c8a33c0 |
| SHA512 | ef1f6c75976f5a05fd4ed5b968e3960531b1f5c3bc9d491b9da2ff72b353b475a230dc6889d64eb33fda9d9de43e9f00d5acccdd7f5a27d3da05f62cf0206c00 |
C:\Users\Admin\AppData\Local\Temp\KAQs.exe
| MD5 | 4d828df2389493d08b0c0a3739adfc56 |
| SHA1 | 255705abe40dcef037122b20bc9779329513d97e |
| SHA256 | 93fa1e906fea6e46e065ce4fa7909fc365786251cd5d77269e5522dbd9910eec |
| SHA512 | a580f0e49f705d5535b1a44ebc5e37658726c63e60c57dd6715431244159c41ee1f49d438b08d68883c2d7ecbcaa357fcde14c12521bc876f0dfa9a51d7cf091 |
C:\Users\Admin\AppData\Local\Temp\KUke.exe
| MD5 | b33328273e28e8e298af8c9bf0d2b4eb |
| SHA1 | 8c8ac0210294331ca5aa0f0574615b434b36b6c1 |
| SHA256 | 574218a263cf20ef0ff912bcd15dca92eabdd6d92fc0f1df5d596a3fcc95f52a |
| SHA512 | fede8fde67935759c1edc79789091d08648edcca84a7e76333355f0b9a779fe2219359667bd77c14d52bef91d9a0491815ae892978438f9b40ae8126f158ccb1 |
C:\Users\Admin\AppData\Local\Temp\OwcG.exe
| MD5 | 9dbb2ebb2ab05e151ac1dd8986a46b68 |
| SHA1 | 831707e79792eac282e0298d3313a258d57c9e5e |
| SHA256 | dfad6cd6c30385007d53446c3c3b8c6455967bba03067ce3336648ac657623cc |
| SHA512 | e255783d0394dd14584bf4a943ab7ed6e2aea3501f940411da433b9ff927a497a6c19e76a8a0460243e02cc8701467af88b0ca76be856b2bed753df65a41a314 |
C:\Users\Admin\AppData\Local\Temp\Mkwc.exe
| MD5 | 454276992f63551ad9007330e65ac110 |
| SHA1 | e0d043025edb23dd00d13185efc5d907b92f4179 |
| SHA256 | 3c64814eef6d2d8e9bccbbf2c55b1261cc97a49d4fcec941ab95b6c648b7003d |
| SHA512 | 4fb598c2f6fab60b7ad6562097e05efa2db31147d17fea75e94b22c99c8bf0b95b847a7d839eabc7ca3175c8071e814fe8e31ae292c2c75c4f588e70118285a9 |
C:\Users\Admin\AppData\Local\Temp\asoA.exe
| MD5 | be796e05995d3fe579453adf1c313b17 |
| SHA1 | 37388235ee8797b043c3fcc69ad9e52cca9dd012 |
| SHA256 | 226a245b3e8cf09397c9388636f4b7c2d47e7f13d2b7d01fe06d33bf7781bf6d |
| SHA512 | 9a3af55e29c138acfea8cc2e2572e915273d237663d2bd0a8598a30bffe6195ff578f6912b96a91333fe621d8178593348fb87fa3713c51d6679881907ea2ddf |
C:\Users\Admin\AppData\Local\Temp\SAse.exe
| MD5 | ad551d249948e96a3a430c57abaf2983 |
| SHA1 | e207399ccf4a152fd1d9649cdd565b469f4ed623 |
| SHA256 | cd1725e819f23bf7f225d12b065c2031cf57bc0e0378d5a607fca22fd087f75f |
| SHA512 | 6f6c06cc272be0db8a1b18df26fcb4308350f45818a0b2d1635560f4cf77ef2f736a84a1f871760a1118580783a973b97be11dd235dd8803fd51196768d7dd14 |
C:\Users\Admin\AppData\Local\Temp\Wowe.exe
| MD5 | 67e8cf09360a1cb751ed5af0e6bc23cd |
| SHA1 | 3496dd88334dacd0c767a6ab08f51f109ef72a50 |
| SHA256 | cbdb618a0fdd4f7cbb3117b1ee8e52f8f0de9ad6ad8a762ea2e8ee72f2dd60a6 |
| SHA512 | 6784694a8f0174d703e998120952455aec22e8d6e85ceab91aa9fc00c4c93612e3953c9f3554bcda5bf8deba0b22845332ae2e7e0cdd112eb6f6810064a19c73 |
C:\Users\Admin\AppData\Local\Temp\EUYI.exe
| MD5 | 0193e389b863b3949aa0a92703428328 |
| SHA1 | c9dc0c65145bf2f16369f65e6fbe3ef3989768a6 |
| SHA256 | 7f70e8ed8984f3849dd03022e9ded8f6ee49a486e2452a3666bef0910faa9703 |
| SHA512 | 8088c87d999e2a9eef7b4f9646e7b3f27a2028d8b2578c7b978095b1a46ea7e1a3cf0062ddf06e7e7bb7bc5f250b2c1dc6467a656fabf8e25801dfd2bc32353a |
C:\Users\Admin\AppData\Local\Temp\Wkki.exe
| MD5 | 30182cf0341057b34abdb047621fede4 |
| SHA1 | 2993179f38cf14600ab8310e9d7b401f68afcd36 |
| SHA256 | 2dc1fb8ae7542e50f1f12b6e136583e542b8786da15796f94fea0c700dab3d21 |
| SHA512 | 747ec157066ad68a204eb36af65c8b581217d195cb47e204d27e3a117efd734fc56dd587e8f9c299c05bdcdadc835a7415b33fa7be1ee0823867fdf881ecdc95 |