Analysis Overview
SHA256
fa3fa87588ae7afe00e7b465e7208973c217aaf395288bbce0ff2d4ecb0fd597
Threat Level: Known bad
The file 2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (84) files with added filename extension
Renames multiple (57) files with added filename extension
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:29
Reported
2024-04-07 19:31
Platform
win7-20240221-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (57) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe | N/A |
| N/A | N/A | C:\ProgramData\PaIYsAcY\VEYMgEEA.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\FYkUwsUY.exe = "C:\\Users\\Admin\\KwUwsQMQ\\FYkUwsUY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\VEYMgEEA.exe = "C:\\ProgramData\\PaIYsAcY\\VEYMgEEA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\FYkUwsUY.exe = "C:\\Users\\Admin\\KwUwsQMQ\\FYkUwsUY.exe" | C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\VEYMgEEA.exe = "C:\\ProgramData\\PaIYsAcY\\VEYMgEEA.exe" | C:\ProgramData\PaIYsAcY\VEYMgEEA.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe"
C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe
"C:\Users\Admin\KwUwsQMQ\FYkUwsUY.exe"
C:\ProgramData\PaIYsAcY\VEYMgEEA.exe
"C:\ProgramData\PaIYsAcY\VEYMgEEA.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ceAcIEEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\icooYcEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYwgMYIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\husgIsgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\joQMIQUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GEAQgoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sqUMIMIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eaEUAUAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WAMQEsMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lWcsYUQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nIMMQAIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BWEgkkEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcQUYEIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SMIcEMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IugkYcIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYscEkwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SwoEoIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAwcAMoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PyokggUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TaUIokIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\likcMUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bYsgUkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQAgEYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yiIMMYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QeQAYwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QaQsMYoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TWAQwIUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\laYwgkEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nuUIswAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VKQoQAcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7164051641270162928-1514434054789099563-196592474318228153095586408-193441175"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10039760911286415034787026352-20956048481510290343-1606978056-1511259737639108811"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SaUUYgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "590486063-1532752741-112349721-1696345979-641270118878728035592004179-720790998"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "443500675-1715000863-1227746081223430437861497011954883969-997584961-1900496982"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iyMsUMUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SmkwwAkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGoIwQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NWYkkAYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DKQMcAwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jOwUgAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18486163228802459718805042711024712860-547607826944631097-15077133461132775571"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAYccYUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1665919767-734743559497196698-133203771-470643692-461554848-1434904223-1597579633"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UwMIgsYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eAIEEAMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mEAwQwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iuEsAksQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PIQwMgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vCYwQcsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LYwAkkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tCIAkgEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VWgMEIAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CYoYIoUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uQwQgQsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "439605093-1994811762129428404-11619177181681774574-1706525586-52862801-738737399"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yagMowcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OUYYgIsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nKEUkIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TQooIMwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xgYIAccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYkgAoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IyEgYssM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIUcIwkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oYAogYYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqIocIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EMEUEUIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LAcQkIgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HIIUQsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PYkIQsgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rkUIYMcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aysIMUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5587036531046243342-1229625262-2002546937912336540-57971207-17377203311147412168"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eKAowgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1549084226-21259641122146148250375605577572856309-1286671281666458130638413637"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1744538503-1412419365-1962432305-1526259302-12679478931387987510-907512913-717609214"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "749600121-148544694512727880167468862404632436961026145720-1178666851-1410322058"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsAscQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "560021621-19933461398177873162641633-2001614761-3819525311412003799-1687280081"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MSIMkwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-153089448-2118644768-222159221624800130941718865882005314-123260418-955369681"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1029785989-1591461747-7783192631835588989-270320360524005018431465244-1508441537"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1025986453888115420-18699271371831895312212574769-8647012621414586238-1988092275"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12828228761879416010699722581364388813-21557309611807844922063994283-1244729294"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ncwUgUoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1758637087151022262318706784851664503843-1603096730-10769326086296137362036172758"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CEUskYko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2082070959541116764-601469004-4618922141804065848-17712635001593924286-166551058"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1903042284-1747099491-1503802861-17610783259926226761872291088-125439519248639254"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZSEIokIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1549170212-1348996995-1999886781563788976-6323964691361928466-1320957831811901107"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1566661754-147253736-1099728554980992018-1194121536-14994090021319441351060418950"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AocIAcUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "91958376-62285912-1378358583-1449456776557822489-1582264545765609317-86635223"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16517556521555161616-15027311101579803953277012822-2071496357-8549754051305386504"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11568196461507489089570270438-10801341291585987033-1661929836-6116441911762460163"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1105185341871819896-11367392621253096008-2540606401000769611824184731282008139"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGossYAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1267077764221153402073158008-1867282982-29723854479709521261446792303325757"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8014883951099076532-9883629981327126720-1306149881658280125-8007205621855230420"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15113283931627343282-20682532625193439511684561818-981158107-14054673401425898429"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "71126036-6251755781503219846-296329125-160253581723190424300992007-2141479879"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "89173667-12669992342040690447-2011031759-1373289249-1775122727-3880955041236205984"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYUEkggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKwIAkEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17263824431033291235-18028175892018292779-15262479985677146431500461871-1515034901"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10362018391098626200-1494829655254996554507371268-8475996071398554808-609640210"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-689069323502622163-225703744-432267124121458562310282471048279290621217641535"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kqoQMoUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1104544838608908975-606490406-647187857-388701083-838773898-1055025556-512161235"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-460819852804250449-1668190129-17800319661616079700-937486215195729111356326537"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwQocIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3477985591117287513-5213576441059827241-2053676911173957598-330126986-923357579"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWkQckoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-502231436562795425894137060-70608465-1768819399-189370979913407482382143894279"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "545193391-4154904711325856335-1972913548-969263036-1843236912-21290397981276622524"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1479226093-67405608918610361520715195401611513877-1940072836-369008489-1230160345"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1750428552-12582339838827925771014803270-7897998071577809062-14095368761223652924"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\esMgAAEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18351704824939542041738370811-627999422-728422967354533-2136311684-461785036"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gGYkAUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1841140898-1981073045165562994-210527213-17135535136439969421370127663755407984"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "715670250-1628249902405871439-420423595-1140097729-1897410885-3886769691801696709"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\daMYMQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1532931919-1689989672177204619818175326811235462419-2022582685-12679983572134402432"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18452550371337925823-1334318823-17805517301146463261-725930903213811428701938080"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "865118216423203971758087284710869656309558957501067376527937677-1517893661"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1906524099-1593630742-1612672802-1552299700-483842488-9129113651980700332514971113"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EqUcsYQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1602649385191025933121388740935730527324837674667976592-10301111141109222174"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1560778704209505087-1729654282773496732946844890-312360801353585391400337093"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-49593873861398011278804006368671104-17273805131008601018778138646874317060"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIkcEMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EGIUYIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IuUcowEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zeAwYQYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EIcgsksY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-506699955-104481214-1196186333-1232423727-271759971-1835379875768427844-1002848986"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWEMYAQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-486613916-18007725481045560488-10893316201171389665-1371423194-84418825-250083368"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NQQMEUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "108546411468868758-105908081-1105016130478457908-2036192903-517569750-835165647"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-90282423811540535775993920073105962861949444119-2041324659-10495936502100221784"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zAwEwUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "214800803652462923101959344544934613-440131092154906045016572336091594841977"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3898981571681076984-47690930819497082881303209779-541750697851852240-474538192"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "237789927-1259662684-14521468461514012920722349604-90669095613307332622565822"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "49941050717688800018074719812033492318-1139699881424273663-600261917-1676447310"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RioEUwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1041608861407407577-13634616741459277255-1588090222-2146067964-152528194-1111685846"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VskcoMMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\weIkAkMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1174566197-102478188-975973470537401141-17082344711508344268-813235444632389795"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1722611211689111381-6201889119996331401957572424-1205377993105480627-1484076219"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mmoYcMgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9451366351702107691141181906-214129817629421086-1664113180271798628-2130997613"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cKQgQgIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOYgIswg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1375394936193549645-17518160881242861360-12967233512540928152107992531819016472"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgQQYYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "785050327157020931-226292755-1915293585893834134701030086-548398967860109689"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PowEoAgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2095554783-3071173511810933418-569272751-777115579-651105360-24950007173936806"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcwsQEsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VokoAQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-133530965025864934013150954216522473821711360788-447734373-1789676583-107069292"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hecYUUQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19045350132007772061150940211-6676858281135036229-85639486494576540-28163782"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OAkEMcMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-469295411-2098659626-9606357541183060878114821221183248235-897986772-1745858241"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7331238915935267501405302044-6034496541960889685-8298892944046733381000004288"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KwQQkksI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WQwsUgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMYsMEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-446276218-8694916192601011691322138125161534828116240766789187639021807545387"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuUsEIsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-155877828-12061730401392448718-58206505734913434043732056915326400761194363452"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\biIQkkAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1038903318-766131008-1044169365-2113801078-644533673725724617-12154446001353193459"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VAsosMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-833785572-869071016-931233492210954791018127208662026494300-2075983119-519437806"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "552025299-1467010087-1368585318-811764287-654944896118127856819369875161518863392"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUMssYII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2094987697-2022484892-106997988-778149972-545469707194600989638482440-906227244"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BkwAUgoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-431604637-19190895171579964460-186463548380573161516664966321373070905871551462"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FQcQEEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1224903810-6453226214961582921607877318-2012848249-160634748550050115-1921845151"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqcAQYMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\scIIwAww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qssQckYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1257392112-14474798683559060931580413965583784172048592575-1031231751624922078"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCsoEoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwUIYsss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XKMAAEUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyYgIwog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20879055902085237629-1339234731-1249760706-1886891796435396224689954860-2047435230"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ncEYoAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SmIIwUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16487550511472722255483373841142445422-60367571613714939782738442-214386431"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MUMgEgcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1358719875-57832279384738406875806592-1947162848-556379482307925481-147259576"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1407105070812431316584622757-593007366570386958-15746174007117694981934582452"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gmIswcgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1111814980447880068-16805889641397182304-1196369523945603047-2103632242-367938168"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGQQIAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1544104883-4459424608460174261104935164-133709311421457175381546708686-1215631810"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkwIMEsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZqEMMIkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jwEoQAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "208958616617494361331910572965-665171933-986480050-325479376-420898840-1269962878"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tyYQoYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DgkIUokI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yaocYgkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qaMwQUEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-113423913-1218490981-1390842755-1674761975-1385928684-812468273714743855-2009300311"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmMUoAAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "373033617-7626358961855224952-64480895956276556713422393088338205221457720572"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| DE | 142.250.186.46:80 | google.com | tcp |
| DE | 142.250.186.46:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2316-0-0x0000000000400000-0x0000000000431000-memory.dmp
\Users\Admin\KwUwsQMQ\FYkUwsUY.exe
| MD5 | 2030813a58e714b4dbb535554490a4f9 |
| SHA1 | fcbc45434b4982a564ea2fa05727815c219e15f9 |
| SHA256 | 4a5a3b831995d1891ce7c71b6b7063e9267388a51d8b0b2b2f9554caf9d1b10e |
| SHA512 | 2945a3d4b6eb30798a9a355c07f15ffa7076626b6f59003399c89c0a484d8073142b9e2a5dac30e5e4efe966b612f9e6b837be37658534641129b1223f0cd5d7 |
memory/2316-12-0x0000000003DA0000-0x0000000003DCE000-memory.dmp
memory/2316-13-0x0000000003DA0000-0x0000000003DCE000-memory.dmp
memory/2864-14-0x0000000000400000-0x000000000042E000-memory.dmp
\ProgramData\PaIYsAcY\VEYMgEEA.exe
| MD5 | ab87beba26e7648d61f9fe702e82629c |
| SHA1 | 1c1e0ed0b27c21e294d7b175165df3f3deb0c28b |
| SHA256 | 87edae48738b5844e8460e1c4a3f9e1054c557b3f2e2f6d7e5084bc2139817de |
| SHA512 | d0799a6fc90eb7b29a7c2ec01750524a922b7a9a31e6bd5acfc3d4dba4088e0b55bb278042f0d81378afa4d778f21d2160345004c9b27a6aca4a8ee06ccdd18f |
memory/2316-31-0x0000000003DA0000-0x0000000003DCF000-memory.dmp
memory/2476-32-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YgkIAckM.bat
| MD5 | ccd5839fecb3e7d0bea57d5fb39fc63d |
| SHA1 | 2be19346e0a784bdd00068ca4d94f2f1a4f84ede |
| SHA256 | ba8570e63b3f6df54d983d5ae5bc6c8cb3efcde9658b23a61c4e6934e556df62 |
| SHA512 | e6d4b510773de5d46f3c9d1227e6ed65612773e49855e0ee5f408fafc6f0b0882ce2343552196219b8c859daa0a38cb4886481b48ee9828b3cad1754d9f39c5e |
memory/2316-21-0x0000000003DA0000-0x0000000003DCF000-memory.dmp
memory/2540-34-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2540-35-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2816-36-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2316-44-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ceAcIEEg.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
| MD5 | b7a1b79ee0aa71ff5c2704e112482771 |
| SHA1 | 4695cedee75846b343188b9cdfff6b443766df32 |
| SHA256 | 319296ecd18ddcfa1ac858cd0604c1a22ef1b39951806d93ae04906917481b1c |
| SHA512 | ddba05c444613efc4c2b932e44b39275fc8596e571c95e3e5de8ff02881d45deb4df84a10104b768d45136c0aca4505278c1cae0e67088b08a97ee74c585a729 |
C:\Users\Admin\AppData\Local\Temp\IIYwccQc.bat
| MD5 | f90613b080e8cbbb71f86ca318104e14 |
| SHA1 | 1887624327602b802a58fc0f4b977dfd46c3934d |
| SHA256 | cba805cdd2ce8489bb9175a85002d017af256cef248f20df17bcbfb651c9db59 |
| SHA512 | 820d76dd38efb97e403f97b6774f399db7978cb5b449141f94316358fe6ab7cb7b2b0bdf8fa432652c699ed903716bd83fb15a3d1a47ad6abaa2a4f4eba9ec00 |
memory/2200-59-0x0000000000560000-0x0000000000591000-memory.dmp
memory/2200-60-0x0000000000560000-0x0000000000591000-memory.dmp
memory/2288-61-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2816-70-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BmAcwUIw.bat
| MD5 | ef4423c2665df05f77f83e4cd6b5fb2c |
| SHA1 | db5ad51bd1dfbeda4ccfa6b9afe304a9903ea21c |
| SHA256 | 5497acf739c98d4fd178081b7dc4e20a5db68687bffb53cab1165133e63c30c1 |
| SHA512 | 82ac02098a282d6ed91b94f7260fd2ce2dee50a7ec63c6c284afbbe75bfb109e32c0355407dcc4568a1702b305aeaabf8a1b5f14ab83f4220de07e023c3f153c |
memory/2384-84-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2288-93-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1664-83-0x00000000002E0000-0x0000000000311000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xcYoUEkU.bat
| MD5 | 33adc7f55fa86dabe0862893dc434457 |
| SHA1 | bb2a454fbd1263f0a7cfa1327e86dd5a67b3f8dd |
| SHA256 | 67fb3d2010879a1d1973537050475a400b8abc69f5ee1a63a263b9c5d903906c |
| SHA512 | ffc82ff2ad7ccc03cb3d7fa34cc48910ea6aa079f2f0a7957b31347758c892fefa2655f9e9e67dd8972213ed2fcc1b0ec84984e4280c16b45054fdc3470c9de5 |
memory/1652-106-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1652-107-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2384-117-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2820-108-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lgAccwcQ.bat
| MD5 | 854773339b1a0e36113a4b5f0cae6bbd |
| SHA1 | 980377774017320ffc166e44353d30fb6c5481dd |
| SHA256 | 63fda7700090a71ac594a6f5947a56b4bff21b9126cb664137e8d0c30f2d6e37 |
| SHA512 | bff1741d4eb4f93a4919cf284fa2080aeccb0bb7e3260893134836c3815ba02f64e188b14df64c442e5cd654776e6b02e05a565ad7d343f59b791ca6cf2ef419 |
memory/1592-130-0x0000000000860000-0x0000000000891000-memory.dmp
memory/1592-131-0x0000000000860000-0x0000000000891000-memory.dmp
memory/1336-132-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2820-141-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NusUYoQA.bat
| MD5 | 830a8fc547955efa0685ab717bd119e5 |
| SHA1 | e4d001282325ce9b6dcbe7fe0d7d442ee232b8c4 |
| SHA256 | b0fd5772f8ef5a625bd6f234e41152f654fb45094ff560a0270327204fb1be89 |
| SHA512 | 3d35c23b92728f58a50518a9d3ce3a2801825af92ebcae56a6e2a3435a8e3e4757bc13473874456c127b9c2d288c2480832b6d8577975b20986be8a6f39fb7b6 |
memory/1692-156-0x0000000000260000-0x0000000000291000-memory.dmp
memory/1692-157-0x0000000000260000-0x0000000000291000-memory.dmp
memory/3064-158-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1336-167-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UOoEUgYs.bat
| MD5 | 826c3f40f339cbbd3538a610f853254c |
| SHA1 | f9872f06d9b03f8f4d8bec35bef7511264f0ec3f |
| SHA256 | f16b719c361b46444e76590b58d616a42547c6a01b14992bc4f95c76b3d5cc50 |
| SHA512 | d424a911340b07134f273d13aa0f46705afa019f0492a292a7bb342688efec6346459c10114b705dcf82b2538834cb911313bbe6285c4b87a4a88b0ae62fed5c |
memory/2704-183-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2704-182-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2548-184-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3064-193-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YGkssUQk.bat
| MD5 | 2b7d88fbb652a1759e44b0508c6b6daa |
| SHA1 | ab26638ce1c57b9bf086a0d8caf7e8bd453404c2 |
| SHA256 | 67a5b16718632ec73cbbbd85c27f759e932b8c5b79b4e888d7079ae115406795 |
| SHA512 | b2db28f046eece1f92d98c911a53f1cc35c77e23d1f85a71c3a02314cc5741adeecaa4ddebf2ca3e3dee92fc6c057076c46790a988a66804b4f99570833ffae7 |
memory/2668-206-0x0000000000260000-0x0000000000291000-memory.dmp
memory/2548-216-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2928-207-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sWYMMEcQ.bat
| MD5 | 581d0c9e41a13da743398a6a542b5bc4 |
| SHA1 | 9d6724e7bd85aeb861fc5e2681dd3526c563da02 |
| SHA256 | a25e251b05e49b1c1ae99451de20a73866edcd8e93d07a2e32d69262c7238970 |
| SHA512 | 6a14032440868b7aa89b28de2d3e69c89956706bd168f8abe8b702c95957246b9363c74537e7605c01d7ade40a4d5dfa2678dc407b0df0388b30f4cb9bd915f2 |
memory/2936-230-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1244-229-0x0000000000410000-0x0000000000441000-memory.dmp
memory/2928-240-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1244-232-0x0000000000410000-0x0000000000441000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gCIgowMA.bat
| MD5 | 2ae858f1e6686a7a5847a89e5e529d8a |
| SHA1 | 4d8fea4ebbd0b3663ebddd4b04e0c7f372fade8f |
| SHA256 | e60328d9d498d30e9366a30ec5e1c263de6383e1f052dff53cc76ddfbe116efa |
| SHA512 | 41d22b4bc1d2eaa263d4baa4ffb9ea3f78e1b66c93a0d3b30ef06d2c868eb2cafff8e859cada6215c5bbae15ef2bd3a5d7eacbf53926020d9e67bb08c83d54a7 |
memory/628-255-0x0000000000200000-0x0000000000231000-memory.dmp
memory/3036-256-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2936-265-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tqkgQkMU.bat
| MD5 | 85f1afa30771e3e0c5c02bd5d1ab4416 |
| SHA1 | 5b8de7f9f0953687175118d3d0395b0ca478bef3 |
| SHA256 | 18630207c25ae0709dda123fb6a8a46f2cc94e4a3943b1a14b5d7cc435ccb477 |
| SHA512 | 547e38d7e9d51b189b11cc3bd04ee29939e8b17113e408a415711399751b7773119aa968cb48804634f525a2f842073e9236236d649167ef217b289b10958f5e |
memory/1652-279-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2068-278-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3036-288-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hQckUMoY.bat
| MD5 | b524f8b2fc81e0e3cd33a1adafaf8f2f |
| SHA1 | c15e2bfdfb81c33a94ebbc6043b0878be5862f28 |
| SHA256 | b1b4fbde2f12eb9a0856ebca80e59fa3a410f4192d7aa77148e91b97c863397c |
| SHA512 | a3adcf30e1986342ae8cd87d6a86e1e6611ef19d345cd190838c720c87d14cda54e18d4dd95bb458a2ac308da7b5ec4cd29e557774b3d8b0ece56a542ae5577e |
memory/2868-301-0x00000000001F0000-0x0000000000221000-memory.dmp
memory/2868-302-0x00000000001F0000-0x0000000000221000-memory.dmp
memory/2988-303-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1652-312-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DmYIIIQs.bat
| MD5 | 91eeeeec92db99501b3dca70dc92e92c |
| SHA1 | 799507898b91f1aa5779bccb9825f21f2f1b588c |
| SHA256 | adb4a6682f6d469ce651d42a3bb5de9827f60a23409a11a58af4014055dded15 |
| SHA512 | 228936deae8f2a206201b9a5a9e91883f8a553f3a32a4bba3214c84530805a1de5ef14150e9a980f96e1e4368ae20a3a6a15f70c42faf3c245d1491785ad6494 |
memory/2036-326-0x0000000000160000-0x0000000000191000-memory.dmp
memory/2364-327-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2988-337-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xEAQwswE.bat
| MD5 | 2d76b73bddea2f01fc0410dfd4b55a57 |
| SHA1 | 1b8d4c9dcf1089bc5d4b42dca003aae1d6b25d2f |
| SHA256 | 0c565452055b73ae1bcfbafe193727527f9af4207480ef9ee5c0fcfdf735f257 |
| SHA512 | a907ea0ed2a1960e4af65744f80c0266ecc892f49e658f2a705cdecfe37c7d98cec026ebeaea01b91c3ba10479bd0c8ba482f2cc59c4e286fda505680ccfd889 |
memory/2784-350-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2800-351-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2364-360-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oQUQwAUg.bat
| MD5 | 062e8534759c2dfa174b689e351932c4 |
| SHA1 | 604cdc343b1638bece848ac4855b0fdf8eb5fb81 |
| SHA256 | b34abd5df611203c9d74c31617c9e80b27c2526ed9fe06ff67f4a73cc9cc87c5 |
| SHA512 | ee4c7d66875d2a2d297b0e0ca4568f6a69ab28e630112677eb817be4948d9590167556a870af2e82c9c88fb55f283449535d664449db2a4140d196773d77feaf |
memory/2668-384-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2928-375-0x0000000000190000-0x00000000001C1000-memory.dmp
memory/2800-383-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2928-374-0x0000000000190000-0x00000000001C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wigIscAY.bat
| MD5 | bf2bf8953dda7e431d985e17b299f68a |
| SHA1 | 5e3fc6eb53a0425bb05b9ef890bb3aa41f390532 |
| SHA256 | 97f4a99789e9dd3ac95c64a0284c1349ce17ae198d9257e0800274b9113b7275 |
| SHA512 | 5b8bdc8d9fbbeb3d10f791de30be11d8efbdbcc508a9b394c923432aa59ea37659f2ddc533bd6601f60295c7f36235b699b7119f1cb3147b7b1633659e9a39e1 |
memory/1296-397-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2668-406-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yQwgsMkI.bat
| MD5 | ca1f3f1da1edddc89dea738232aa52cf |
| SHA1 | bda5c75f5f2f6cde5b750878336d12c79bc9c937 |
| SHA256 | af3530595ba7383b0bc6d25dc5502dce1a9a2f5740ec42ee9aa20fb2e428f341 |
| SHA512 | a317c9c348fe0ea60ac82f5d35cd75eb5d1ea699d799b01e3cc3fbce481397dbf346329931f2698bda71973da252f60255e1226f546e2e851d314043ff4bf158 |
memory/1980-419-0x0000000000170000-0x00000000001A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMogkAEw.bat
| MD5 | 37f6fb5191d53f5e6e5c1fde616d71e3 |
| SHA1 | d2f245b8d3eb4f035d9b07c1bbeb3903624cb193 |
| SHA256 | 977b12de14848ee7aac18d59ec1feb94ffec3d449790067f988bb620701049c1 |
| SHA512 | 8ec38d1b2994ecedeecda327f8aa87bccd3adc204fbccac0742bd9acb233432379cccb5fc44f5673bfabee64fe0569517968b6e98d11a65937f1ad20c9d723e1 |
C:\Users\Admin\AppData\Local\Temp\pCYQQwUQ.bat
| MD5 | 284fdf45aadac0dd11bddf3cf7e80dd1 |
| SHA1 | 6fd0a4c12361e2fa354e18bc38a2b5d48c0dbc0e |
| SHA256 | 8375565c53c177dc75f0be8f7d6536dd231c54131f587a6a6d04181e07842a74 |
| SHA512 | 854d4e6ada342dfdb711b695d642a18b72b0c085a064d09553dc6db2215274e6fc10de6c8511b2def1dc5e6c1689587da53f27da653bf8df5bb73f16db0e16bf |
C:\Users\Admin\AppData\Local\Temp\nIIUgQQM.bat
| MD5 | 8d60d3c57ee54267c6672a8c35edb513 |
| SHA1 | 176606024e468d32c62b17eecd993844ba2df099 |
| SHA256 | 0948ad366ef315403de9b2cdf9be96d39f3b67a6df3b038e0fb6a9d1970f1606 |
| SHA512 | 99781f9b4e08ad93453ab197cf00f09faf10146a6fe4f030d6fc8cec7efae179b44e126fce51c94148e9908649919ead0f40c0e9a113ebdc7f3bb814819341ec |
C:\Users\Admin\AppData\Local\Temp\TOwoAEkk.bat
| MD5 | d6260cc1ddf56a79a96a41966aa1c045 |
| SHA1 | 2fc5dbaac59276f8c918c57a1b095969c43b6bc4 |
| SHA256 | f587d2337a8d2200b9278598f9f6a330ff8f2fbfc736244df8aa47b7b219cf5d |
| SHA512 | e6ea00542e7ec48e30646d5814f7499e86479fa4a7588df5987cd23949c0a47f6d7580a59395e9ec3518302e1e98bce314afc026b2e1a6d34c8c6d6022cc6faa |
C:\Users\Admin\AppData\Local\Temp\rAYYEcoE.bat
| MD5 | 8de4128fe43be9f5241089675e2abd23 |
| SHA1 | b4e10388c7cb2cf16435087bb3e017f390a89ccd |
| SHA256 | f8cac417b8e4aac879eabba51424c95ccffa9a8a0b8ccc52fd790f5d128e4bde |
| SHA512 | 131082095166b045a3b9debfd0ffbd0c70b14582432b16c0437abe0ed4503dba100dba939a0f438f6a28a05938e9bbd3506ca2fec40c16df210615134d862e76 |
C:\Users\Admin\AppData\Local\Temp\iIAkAwEU.bat
| MD5 | 2c54564438ace8802344432b85d154bf |
| SHA1 | f93b13ed724b2837286d0230dd5ee500af628fb1 |
| SHA256 | 86939ffc6ae527741f723f191bc48ab44cb4e9417bf171127b9eccc2be06becf |
| SHA512 | 285fa7db557f12f838c87824c1b64cbe7c6429a3ba1d70d40a9d126f215b3092fb6fa6553f55fe773685a96cf47489892734fb0c4941c3ca77cce9fee2d893d2 |
C:\Users\Admin\AppData\Local\Temp\OOsIcwIY.bat
| MD5 | 3b49143df7f5542cffe1a9a29d245466 |
| SHA1 | e885453bc67300e37eb34d9ef3b23e478a4fa3d2 |
| SHA256 | ae186a2ccfc5781efb454365b2b306c0917739740d5ee689aad45bcb9d0ac643 |
| SHA512 | 70a7c773be0d23691b2cad24ce28b66c6dcdc36b9a1c66144b7dbf9fe592fd5ce00fb82dfdae7f1a66ea2de7b414e9d6444ade775e8184e50bc7307ae3320830 |
C:\Users\Admin\AppData\Local\Temp\GiQsoYUY.bat
| MD5 | 7f722f83cef189e48fb3666cf82b6a18 |
| SHA1 | b0ecbdfde1965ccdc606eb46c24053454c141198 |
| SHA256 | 024fe570f51277e77154fc52d6041930542ca13222cef0fc93a15adf06bcf0be |
| SHA512 | bc5b98edd22f0c490b96fc8e1aaaac63ac5a6bbc6fb503a8b0832fc6d0085424b3137ad2a42f82486110f376998c71cdbf2cb00b519c64ac3ccda2edec849df8 |
C:\Users\Admin\AppData\Local\Temp\YCAQYwcA.bat
| MD5 | ee8bb3f1eb8586fd1eb87d2a31ecca02 |
| SHA1 | ed95c8115e0f2e9efeed71c479da5e252464d088 |
| SHA256 | ca378bc3f2a9c357c958d529d549152c296726ad0a00df29ecc48ac89dd746f7 |
| SHA512 | b47a4a009ee1d71c1b4f7d5cdbbf079a5b6ba31f7a77af458493d26e3263c45f8ae295011cda1b8c29ae8c845876758bdf51c0e7dea6a535963d2025a08d056d |
C:\Users\Admin\AppData\Local\Temp\zsAkQcsw.bat
| MD5 | e96438f789b925edb9f130c7519df0a3 |
| SHA1 | 39be1c0e421c1e10036aaa65046b50c8e772a231 |
| SHA256 | 48e0fcad919c90b71f7d470b525d13dc4b0711beb9313fa67f8791d220563c04 |
| SHA512 | 08a30594e83b3b6c192ddf711a746b140ad15310b4d250224fc05a242751ab944b55ba2da12cd2e3d79576ac4d0608d4dcd756a0fde8f35fef998497416dd3fa |
C:\Users\Admin\AppData\Local\Temp\dWgMcAkc.bat
| MD5 | d6e415f77bf4b5fd111a48a290ff2ed7 |
| SHA1 | 1451e175d49d27a286656a7d5a4793d9dcfd1f0b |
| SHA256 | cab78fa08f0adb3143c2f2311a431bb991b9306fd6f7e0ef114ec01f0d174f31 |
| SHA512 | 595ac9b6b3792bdb3970679018a5a4537a6195cf0f2303750bcd30df8487390d9f1290fffe9dc0343199546ef68e26da4fd4dbf8e47e22c9c02a4e3bf62265b6 |
C:\Users\Admin\AppData\Local\Temp\vscsUQAY.bat
| MD5 | 3de70a0a55db72f1fb457a21b1fd1e64 |
| SHA1 | ef07823733d5f0631c3a81e9cde2597063ecb39b |
| SHA256 | a232cb3ef1e2300708a68b6ba4e078541613d0e4faba012aadbeaed7aefd2ba2 |
| SHA512 | 4af1a11ec1402ea143d791d48b8c81a5669adcf09309c54bce5e8a4a8d501087af2276cea3097f06ad7c0ce3ee6d67ad79b66d197dd48412fa9d2bf577d44868 |
C:\Users\Admin\AppData\Local\Temp\CMQQ.exe
| MD5 | dd80b08aeffec266076b3fe485b90ca8 |
| SHA1 | 698b970496aaa3b149feee7ae81fa7b6a70a059c |
| SHA256 | 1461a0cff216d89f6478cfefda8552cba27e5c3d4d5ba4b0965e4b3c34c5101a |
| SHA512 | c54e994d8ac7a5c1556fe6636e5298e0b1f1c5d3a6dc56cd9e541d2609445181f2e82063bc27ed17b5b6607249e8b71132fd4a9cf4daf84fc957e0a7b59d7246 |
C:\Users\Admin\AppData\Local\Temp\FYQYMMoI.bat
| MD5 | 9f4213246bae1ac362fa48644bb6167d |
| SHA1 | d12eb17bd33051c6563008828471aae6b88e5ff6 |
| SHA256 | 5ff83ce87e87662d0e4f6242611f15a48f4a147a4ca45bd859b8174156787d4f |
| SHA512 | 2243bb2befa44556a6ffc5313dea66c6a68da36959c6f361cbc8bf0be0974d8066720f768d5d623bb22acde67a00c8899f9891d2d9c88212d5a45798c577ab57 |
C:\Users\Admin\AppData\Local\Temp\cSwMAcEM.bat
| MD5 | 2c54588c9a844dc1b278583991ed0a1a |
| SHA1 | adbe6996547ec83059ab0ebe92546a4c7ea2670d |
| SHA256 | 99d6943f69050d53a88b72882ae4f4ef89c982c74e4143300abfd32ad165b90c |
| SHA512 | 089908ecbe2671de3185c85dad150643c4ccbb419357af958e8bd5f4a483fb15e090947b0da13cec3f5b99a36e17586ea5d21adaf8994c9b85dec9f88dd2d7a9 |
C:\Users\Admin\AppData\Local\Temp\qOIsUcsU.bat
| MD5 | 9ee77e006981742f0306fb40798df73d |
| SHA1 | af93b594d35737f17f635fc1dbe89cc40810fb73 |
| SHA256 | 03a2bf1313beeda083799d7d7903159024503b1a9045ba986fdcddc977979a77 |
| SHA512 | 8ccf0c9344b8ea483f2b3a9eb6ee23f2e3bc0d1b0eee6492c38c00ae8a445d5407cb85f899f29876526dee74c6258362dec29f325d9cc2b058e0b82bcc56b9a1 |
C:\Users\Admin\AppData\Local\Temp\ywEkAMEc.bat
| MD5 | 57b194138938eeafe297fbdab3bd297d |
| SHA1 | c7c778ca922de2bea52a06a3683dd144691b16c7 |
| SHA256 | 3f1bf750852c0171712792365dc63b5475f7d65c9c3b54206479667e8f8cfdf3 |
| SHA512 | fb9ffb007df04edf4189381f73b844cbcf72db52ec18571b6c8a3203b4bfac3e88e1e89157b47c7fd5b4dd34fee07976d4accf2851312a0077fb3b58df509062 |
C:\Users\Admin\AppData\Local\Temp\cCEsIggM.bat
| MD5 | 95d762ae39b749f0305ed098fcaecfb6 |
| SHA1 | caa346017aa17cdffec5abb132ef7b8aad1a8357 |
| SHA256 | bb12f46c9520e1695763bca1c5bc0e800207f91eec8e605aca4bfa666209f871 |
| SHA512 | b553fa8c1810410274bddfe6b5d9bdab78e1f4a890ef997351c2f5d531ecdc59f7d12536b7d6d45ca189a2c4bca81be704cc84f147ff8cb03615dd4e4dcd779b |
C:\Users\Admin\AppData\Local\Temp\xgsgMoYE.bat
| MD5 | 1b0ba0929af394006a552dda780d038b |
| SHA1 | 8eac10c6ca683f31960b4914ae92052748739f89 |
| SHA256 | 08c3a2e21647b1af00225d70e223bbf3b1a1864a7dfd133d16471169106b88fa |
| SHA512 | 880bcbfa090cc929ab768b7d2420b2d6d43e48b0db84cbfd5616467a4fffc4a5f1d9414f8ecab8513cdcb772894767acc238192ae4b94e3c53e3a4bd9817cfab |
C:\Users\Admin\AppData\Local\Temp\jmIMoMcM.bat
| MD5 | 39553e84b389f5d77afb1daa54909286 |
| SHA1 | 1648c1c83b760d2021528aa3b6d41453be7867ba |
| SHA256 | d731fef6e0869a52842f4724279fc42777f77121346d3cee0ec0c79f0fd21485 |
| SHA512 | 6ca2dae9e02f3b47c9e322ca180bbd8ecafb0e23ab802e00976245299f4eda44b7be521ed032c3735e117afc148c410977270d234fe9b4238200cf3207b01337 |
C:\Users\Admin\AppData\Local\Temp\dsoAwMEw.bat
| MD5 | 6645e3de07a91f2132f398380e5909bb |
| SHA1 | ca4ead15392862d4f7fdeeb215e2fcfb21b37bac |
| SHA256 | 6f718383ded2c3a3066daee095e9cf07df3888f7506a11c7f4844ca01145ce3c |
| SHA512 | 4c075e134143aa2ef4519e0eddfe0f35e32b77222acbbf8f6eeb2f2e90668e09deb3be1c1c9b817b33d10447408c70da03e2249a8b8507a37edec2e4ad191921 |
C:\Users\Admin\AppData\Local\Temp\xYQowoAQ.bat
| MD5 | aa3682e1c56f918fd52ec82a02584c5b |
| SHA1 | aa5421df59af604aa140c4f6a5ab1f223ea07b46 |
| SHA256 | 38849f9c90e395f3163b3500c33c6c8a72e2e5e43d5db7a0d4323da65c31e8e5 |
| SHA512 | 193c586649f94972330783851c4e629f1c708ef6998900848d1483b557148b96dfb773fc9c0749dfe802487d1f1e9037507d23d7d1822b499615d864ca82114e |
C:\Users\Admin\AppData\Local\Temp\xiMsgEEA.bat
| MD5 | 286ff0d64db5a9cd3d55b4292babf6a1 |
| SHA1 | 543be165679a611a4aa3706db7fe44d49416054f |
| SHA256 | 15ce793a2cc1d59bd69a03a3ea218d367822e7a63e51c980b6d902e4327b3022 |
| SHA512 | a3b316d0eb5af31ab93f1f38e3484336575ea98c5e537a8c6bd70f41173a6a060dd84b2ea7ce6c9809cd110920dbed36c3791df01ec742b67e0fd986c7776797 |
C:\Users\Admin\AppData\Local\Temp\KwMQMYEM.bat
| MD5 | e55dd1a908d6ddf319bbd635e7ef4774 |
| SHA1 | 8eee82b54b9561419df1e81adbbc52a7281b6575 |
| SHA256 | 6bcd18694ac81f6b07c1f0b3f82b810a8a26504eae2a3fb1518464b9bff3b906 |
| SHA512 | 0e99a7cbc99710fc0a06ab2f85a7b0f11f280a8025b90b56d65a3e0936c7944833db9cffb6e306732179ca3dfcf59ef6829c7320f7c96ac3c9d1423b6c3f26bd |
C:\Users\Admin\AppData\Local\Temp\gyEAwowM.bat
| MD5 | a4c7abc40687d7861de04f0916b55f61 |
| SHA1 | 3117050e83bd4f4d109e0961808276e9bbcdfbd7 |
| SHA256 | c6949d21015dd096eb47f01a6dc03bdc3dfea1130da84d53716d808e1e13c232 |
| SHA512 | 189f471cf5207cf58f45fe6a54a90a4191e1892e531c5fffec44879553c5284f341cc8530b56df770480b6658e4c3e944e060b7e5e381067499d2300dd0d1e06 |
C:\Users\Admin\AppData\Local\Temp\OEEMMMEM.bat
| MD5 | 5519876aa63bfa48aeb3a2e468741101 |
| SHA1 | 7104c6ac28b3771788fbdbab6172e85f4160d187 |
| SHA256 | ea70b8ec0069ba7bba750ad45a0c1f4702c89019639f4bcf034e0cf78b0f05ef |
| SHA512 | e7cc33341266bbc08780d48157e82ca6b28f8bdfd2427bcc005e94dbe41c7157eda0b804a1be4ab8cf3d140278f01521356f3ea3e783d57b526e1d268405404b |
C:\Users\Admin\AppData\Local\Temp\PeAwsQIA.bat
| MD5 | 8a47c381abeec854771b55efc34f92d0 |
| SHA1 | d09afebeb0a342acdc2a63008807ea1a30b882c1 |
| SHA256 | b3a8f8b6626521f5ac4b25d958df16cf962f414c93d14c4a6432940bb44da874 |
| SHA512 | 9b47e53de03d8e7e8327871ab28b58b36f3daa6a0abd8acd24de1dc5600aa166cf3ea0472dfab0e1f6191097f5488f1fa2325853254d8c4d31dabff8a35b9414 |
C:\Users\Admin\AppData\Local\Temp\LEwYkAAY.bat
| MD5 | 17ef549a4b82d9f4c1360ac67c61afc4 |
| SHA1 | 6eb340ab1152566904ceb29fc904b782acb95bb0 |
| SHA256 | ed805abed22f11347d16eda511fd1d0ae1a10060583688fb4121bf461d4e1ac8 |
| SHA512 | f063704e1fb5f783d3d42960f2df4b2831664968647c8a45f4b76fd44f7a31e47322be2df4dd3b9bf14526720681597f2da15024fce6f0b812c0051efdb42ab5 |
C:\Users\Admin\AppData\Local\Temp\zskQowAA.bat
| MD5 | d2553867470d3b886e1047e192e22875 |
| SHA1 | 1d99efc23200c14a535509767c36efa82690e07b |
| SHA256 | ebc9899529d79a280dbaacd4b6e484bc6215fda739f111d27292816dc5759a8e |
| SHA512 | 830954f82f7bbd2675b8ba55a1698e0c9243009e0963db9be79b3e6a33f772510d0e7c47b37c99b0acf3e2b01f53ce6e3a57adda94c258592b8b3bc6bb22df35 |
C:\Users\Admin\AppData\Local\Temp\pAEAsEcg.bat
| MD5 | afeeb8fc0f4fa2b1ad58a183d7306865 |
| SHA1 | c657948e1cf41b4c9c27bf2918009f4cd8d43337 |
| SHA256 | a2209add46891a8394796f6e314e54161441930ed9343998ebabdc123bfab1e0 |
| SHA512 | cb3909e9923ef89904ae4a929ed36cc8737a876158759233e8d98866fa47b85a7e1015decf17050bab6403793a01c886b0283bd84bba543c3179b981d494aa34 |
C:\Users\Admin\AppData\Local\Temp\DGYQcMAY.bat
| MD5 | cc6c31cda4e8e3b231b1b6044c15eafe |
| SHA1 | dc2d7d8245505834911938450a0152b0ac5d2e4a |
| SHA256 | 8fd552b51efe361eb57cf022de1ad58bbdb7aa5b60b5b2ed1564bf4aee6f161d |
| SHA512 | bbd94ae1eb39868f605e93fdb3ba2f707681d9070427c38f75736f8287c46acb48ec3f1725fd2569296dfc9b3c952539ed7e6f6c6c5d6a19a736ce57da9c9a74 |
C:\Users\Admin\AppData\Local\Temp\UCQkkwUw.bat
| MD5 | 4d94f4524da3c39053efd52fe1297232 |
| SHA1 | 6da19753817666750112dd458d5dadf53b3b6e6a |
| SHA256 | 976c621a34d9d977b1db48e8bdfd994bd1292f70b858f04985bf2cd4bca13119 |
| SHA512 | 1c420a53c7a73d65ce14f648447cb3375d5b0b2fa0972e6543459f04070fa65fb3cd21f8c1e8bbe5e547cdba0e6eef5d744b964f19f6767549496c6a94ed2db4 |
C:\Users\Admin\AppData\Local\Temp\CEwi.exe
| MD5 | 933c4d2ed3f98ad07f62e4042cde6b16 |
| SHA1 | 611354e64388ab0f094ac6d9e68375688e998e67 |
| SHA256 | af310de37d420bf6708fd7e089b7e75622f77315524ac3f288e6e5e857238dfd |
| SHA512 | 42348a32db90f205e30ceb4353ccf47e1f8d42afa54687de5ef18f41d32c532aa13ed8d955462b11e8466d1d2d5f6bda3e8151f76234a027fc302408aa1f98b3 |
C:\Users\Admin\AppData\Local\Temp\AIYw.exe
| MD5 | 69948d322be2eedf2e73f842cc82bee3 |
| SHA1 | 22a4546e0c537b122e0f48bad3468e56768bdce9 |
| SHA256 | 096e268d9bc6ec749b696fe7d1e9834f47e015e3240ad8a9a0e4a50e4b27b475 |
| SHA512 | 3405ef54648542c43c82189ea28dc0ee5b9dd4246714ca3f682eedfe69af35c5b70b18ebd4e06d8f96d6ecdb53c2049a928a2d9d00e0d7064d2903355f5939d8 |
C:\Users\Admin\AppData\Local\Temp\owMo.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\eoYk.exe
| MD5 | 238b27bc19bb3d50358729a9f5814620 |
| SHA1 | edbddbb3bb1f6b4938192d1a8406581bbffb2ee9 |
| SHA256 | 58286f7468996165ebf41162c69af9fdd21f5b65202cf57c00034b2508c3e9c0 |
| SHA512 | a3fd745720ca99ef2f9577ee8ba54edc45d6b4ca40e12de0fb592f906d6106bae476fb9f73ec3b25ceea43be803b9ca090267d7b5ceaae3cf5e46edf5b8170df |
C:\Users\Admin\AppData\Local\Temp\cWgkswco.bat
| MD5 | 764ea03153b22120fc5a0b8378f69fa4 |
| SHA1 | 94e41e9a3a698af2d5add45d35faa57899f35a32 |
| SHA256 | 2346e69c1b794dbbb0a58bd1b308938005e3754548982feeee26544107dde007 |
| SHA512 | 26564b1efecbc42bc2efc6da2b9612aa30a340e2abed94dcb0340f93b42de2f08bf5fe42324bf92db502cd61ca0da1ef49f27966a9c3d7bb131a84fe60e32a53 |
C:\Users\Admin\AppData\Local\Temp\ykwo.exe
| MD5 | 07142cbd852e409c529f76dbcbd22b5d |
| SHA1 | 8d4f34b90c6d04be72481da8921f43ac8ea92a5e |
| SHA256 | a7a9f5c55d09c48d2b9178f08ad062d1805159c3f7552894aa37e25ec952893d |
| SHA512 | 3278c3e0e273bfe0ecef243c455f91428e16c3748668683e36c72f53b87a35eb9c818d0ec489b9d22b43495c356efad83be82ca17d4cb6ae2536ade813d72132 |
C:\Users\Admin\AppData\Local\Temp\mIMq.exe
| MD5 | 7e1b3c958795a3f3a1d4d4bf796c6a02 |
| SHA1 | acf11ab5f59f07182226913c28ff226c58b33376 |
| SHA256 | b0b550385f6ce3e88beecbebf3c382f12deec7ae2ad0e63e571c5612fb351a99 |
| SHA512 | a61869be8eba058c4a503a9cd6e2d9caca01d103dc88db039d2313597af8bb4bbdb0cb474b762b33f94be8417536deb904b3883e5ddb8813c420aabb30d955b8 |
C:\Users\Admin\AppData\Local\Temp\EEku.exe
| MD5 | e8b402dc6fae5135d3a160e9d315e01b |
| SHA1 | 650a139e787ab658ae358767eab567f67a9d19f5 |
| SHA256 | c294cbf4152a4fbe7762eb8af47bb4beb307e7ebc5fa760c1c39f0962c14a403 |
| SHA512 | c8227b0d6fca620482057344def54c1f0faa2ee1c2e7eb8cce00fa77672a907c03c2600ac73a35358c73e4de76d1da23c1f67af9cd09b19dcc84b66e4acd7334 |
C:\Users\Admin\AppData\Local\Temp\mooM.exe
| MD5 | b2a219cdb266c50d94036498e60c312d |
| SHA1 | 333311d07013c5257b7a229b11e87086135290fe |
| SHA256 | 2bdd1740f99c7d8290ab4610d8efb34d9f58fc89d8771dbe6ce7c4e6b8ebc170 |
| SHA512 | 0077361b29fe2cddb80f08d72d225283731e90f6fad4f4a7914dc48e01072f09f91856ac69cec0693785bbcb6e2fbf18be7741c0206cf01acb1d5106d4482a3f |
C:\Users\Admin\AppData\Local\Temp\QiYoQMwQ.bat
| MD5 | d158fafa9c5109646c76b0b1974d3d4e |
| SHA1 | 98eb6546959d6546a4460c4cc0ca3587ffacf3ab |
| SHA256 | 4e68c926a81e256dda6d60007907acf6fc4de5f87be3ed6fcf0ba04be5ae3f65 |
| SHA512 | 1b4fb0f530925611ce4acdfd8deda8d1a2384e63aec7bf57ff6710d913ad8c185b27dd6af1cee17818b7bad4966d40bc549d367cdc94073c651b68a94389ee16 |
C:\Users\Admin\AppData\Local\Temp\mEQY.exe
| MD5 | 7e6d697c86b78281abe0ccf04211200b |
| SHA1 | d1b513d974120ed0e7aee3b7b52258be07e5c1c8 |
| SHA256 | 449a7c8e4772060d747320671afa4e2e24e3d95b83c2c8438d0ce06c5a390129 |
| SHA512 | 31f5cd35a8ed7134a89a10d9c5b422ba4dc0c56d653868317447ab4fc27d09e7c67483a17d2ca5cba56821f093edba16b9ea675c6494467d1cb528ec38057d4f |
C:\Users\Admin\AppData\Local\Temp\yEgi.exe
| MD5 | 5680915d7045b6c6fdae48b4778b712c |
| SHA1 | 9802beedd1f2b180feca789ee012c0a9c77bf20d |
| SHA256 | 31fc5a9bf7c602cbddb3c1a86fe690d6a85f5c45e9a9393733b90ac1dca587ee |
| SHA512 | 69d336f46a4c9f54ec674a35053e6ce511a6baa304c94f74425d03b15586fb8f891b1f06ed3728d47fc23ce17c6d46b709ef27e431a6772940f01949ec94b569 |
C:\Users\Admin\AppData\Local\Temp\YYsA.exe
| MD5 | c192958af323139161dccbd47a2586f4 |
| SHA1 | 660dd105e3d480c8e597c3e649b5cf35ee7f5332 |
| SHA256 | be82f19c39d7781ebc41598abaa4699ed7a0321b469593672ffec322bf39e381 |
| SHA512 | 7da5ded6a7250c9c3846af07b9ce1a2febb6a4af656b1666cc0c9c472c80433930f74ee67b7836e7e7115167367d2a6b6a09ba130d5f44cf37881ad7a1afc531 |
C:\Users\Admin\AppData\Local\Temp\OcgG.exe
| MD5 | 86847387642d94b671bc82874b87b6fe |
| SHA1 | 1faf66f81f5604787e0cc7d32f9ec3b6d9665457 |
| SHA256 | ec2c2c974a1693fd17f45bdd788b8b78a5f80293ad23669d40ffaa5f50719373 |
| SHA512 | 3e37d52db3cbd7f23fd42dcc9535391a46be78063cd7725a066370d10320a7f26b63f4219a02423906a32dcbe309e0a0dd1f7e0aae398c0b98fb24154d24f2f4 |
C:\Users\Admin\AppData\Local\Temp\SkIa.exe
| MD5 | c0ba2a537aefdb8d3d6110f8cf3c76a5 |
| SHA1 | b852cfab9651a28619fba3726070ca4ae81f0afc |
| SHA256 | a97b4700ffb64d6523675e1da58f79977e8502e2e26fee40bf5e010cb8820bf5 |
| SHA512 | ef09c0b82df01cb9299f3f7026f94dcb5ebbbd24bda1c808f74b542c1c39174cca4f872a9a959cad977c5438d51d81b66764cd4f917678277caf7d6af5fcb721 |
C:\Users\Admin\AppData\Local\Temp\eqYwsAYY.bat
| MD5 | a532af482da7d8c3e22e9810f49bd15b |
| SHA1 | 95e64b9988d7e57b5869106ff9984c356ba31c99 |
| SHA256 | abf4599d4b570dd6f8229a34dbdb0e6665e8a64cd0f6f66d86569102688a0407 |
| SHA512 | 4a490935a7c179632336f64861af33e068072e37ddeebfd3f913f62497a1a723a67a2020cbc4408fb48862a5e083a5a91d546cdd71ac9609c2d98d0c8cb4a27d |
C:\Users\Admin\AppData\Local\Temp\sAEW.exe
| MD5 | 459360f75bb33e149719b1f222e71e7d |
| SHA1 | 6dc346b9619052f50ad5e82450cec59cc22c2e3e |
| SHA256 | 84bc286c6cbb4564c691dc3f6d5edb2d98a32b03144277d0b159f76001eca8a6 |
| SHA512 | 558fe922997b093f9c54d399101fab7a81df120b292a12a0553dba0319eec7a956a0e4ccbb0367be0f0793f601005d01dc298cfcaff307d5042c0b43b1b0af40 |
C:\Users\Admin\AppData\Local\Temp\EIMe.exe
| MD5 | 4837944c8f9385616c24bd540f4320b0 |
| SHA1 | acb18f9f2ae49d862447528d50690295d175df73 |
| SHA256 | 4ddd2bb442e313bfb9ca070764b2afd4c16892f3e9650661400fa8f96f482ec5 |
| SHA512 | bbf6de90893b0b00e1fe3ad2c1c243ce4a8d47edd4143bdaaf224a7fc3e29854ce81b797ccc149d05d4ac3367b2d98d279c0802558cede378a719ee3906cb949 |
C:\Users\Admin\AppData\Local\Temp\ccAo.exe
| MD5 | 9e42a535c9513f257e6ed67f317cd47c |
| SHA1 | fe23092fb6a9d2c9f4e37c9c432d8632504480fa |
| SHA256 | 65c1ddb03b2106bdc50eccdafe17b82fbfd291a95964ee9dcef161de26ef4db0 |
| SHA512 | d4d71a0294c518fc3db989a38fec18c40337f54262392242be588051d4b481581ceb795bd86b218cfe25757328b0050dfa060c7423bbb505b59444ad94dea637 |
C:\Users\Admin\AppData\Local\Temp\aMQE.exe
| MD5 | 7b94543fca082bc4ccbe9ce647a26240 |
| SHA1 | 3a4622d504187416591e04e071f419fb14103bb7 |
| SHA256 | 1d0701ebdea2edcb10e997c42d8e49893253966a25d19c0143eaa8d6cdf8412c |
| SHA512 | e09c5bc72b9eb74fece1fb75fd0b2fbb7324f814a2f225e35b600b5dec184e23789cca60e327f242f02492b29489fadff663f8a657aec6cf33ed25c582127f07 |
C:\Users\Admin\AppData\Local\Temp\sqgEEwQY.bat
| MD5 | 86cb53af1861808905599850969d67f0 |
| SHA1 | c57e0db20373cc41f1d9e04bd183f3b9d00571ce |
| SHA256 | b6d0239f1f0ab1dedf2d96d1f9409969ff2531c0df41a4d4be74264a88eaac62 |
| SHA512 | b5c53772321b919fded9ad8d9fbb24f2e72376094d0c95d568d4ab0deb07dbc775e1cc219f03e455c906288e1435e3b950e23e076b6eab6bce4ffbb781ccfdeb |
C:\Users\Admin\AppData\Local\Temp\qEQg.exe
| MD5 | fe61063a854158d6ab40a8bdcc05d5b0 |
| SHA1 | e8a6098b206b68256f1f57907a1e1ab9b7c37b89 |
| SHA256 | c7737dd58e1c344150a2a5c521567e6a7a7cc8b62393ba63360511582ab637b3 |
| SHA512 | 24afc28e95a8d7471ae89d75f9034380af355f22703ee3b67368502428704a36ba0292a9d4d58f253c2417d5e38043d5a61b639a4bcbef7fadfed243176d7960 |
C:\Users\Admin\AppData\Local\Temp\SUcK.exe
| MD5 | ee07e2ea00ecb876a9c901ffd4c4fbaf |
| SHA1 | eb1c3e87c5ea24686e127a43ec2149936e52a84d |
| SHA256 | 2fea6c4e27f44be713a1906bd3fb2682ab702e80d7809e4f782c5a49907cbba0 |
| SHA512 | 37031ae3359ffad66b7cdc5590d998871ff1af6927b6a12e342341aa431eb434709d4dabdb3efaa30b6093c27e7c7fdc52e8ec54a041640a7fbd2d0e9212ae75 |
C:\Users\Admin\AppData\Local\Temp\wQQG.exe
| MD5 | c34167cc50e1452c89aa9b20b60ae379 |
| SHA1 | c47648423c0aa4c7a13bcca70f1b6b5e0a801888 |
| SHA256 | 30495cd01e9b5baa92f5e91b4bb8f55d0cac70a217c822e94b7aa17619332883 |
| SHA512 | f8a9aaa41878eef93e473146a17bcb74fcddcc2f20a23037341b43a14dae1a0fefd6f135a0e17a3cc7a297b4a39da75c0014d58cd2005f2268cc874942307fbd |
C:\Users\Admin\AppData\Local\Temp\gEUE.exe
| MD5 | 0b25ae697786fc34295a6080ce8b8b7f |
| SHA1 | 99495723400d5a1b717783123e9833ccb88ddcf3 |
| SHA256 | 9fab197e87762b18ae7c01052af8d26a46e9aae91e11c0af45790a2a4c9d0858 |
| SHA512 | 273b6a89b13dd97d17e2e2d28fef6896d758a59cfcf98ff7dc28066e322c22e3e8700d200099b9b506f34597f95c6392292967fffeeb2dfa2989f8efbfc791f3 |
C:\Users\Admin\AppData\Local\Temp\aIgA.exe
| MD5 | dee29596774a19b77e36062235497cba |
| SHA1 | 425ab4910ae6e2b2a5b96c49092a0989d7f93a1f |
| SHA256 | 0a3ef852adc87d1b85028ba6d4ae27ca1dbdb690c77f76d56501e1e6e3bdbdb0 |
| SHA512 | bd196b8767c3303626d9f25fd4c12e38ec5b3195e93f5ec2b18931fb4990ed5510cd70e0460cdf2efbfa52d892af995db09a6392f731c18831738326faf62396 |
C:\Users\Admin\AppData\Local\Temp\BIsUUcMw.bat
| MD5 | 1434dc81fed90d3229debea0522c4e87 |
| SHA1 | 697d87ae36870f071d584b17e655260b0784cda0 |
| SHA256 | dbed67ff778cba06304aa756a479cfe78c10505f64adc8d1c44d8d147fb7b0fe |
| SHA512 | e4d8bc5e4306de826526d02db6488b44bfc945ed043940ff138765bc1590d4ac3ab033f7c03eddf3c9c782a150c06f5feaeeb33d079e97f53279e8a05ac7587f |
C:\Users\Admin\AppData\Local\Temp\KYkI.exe
| MD5 | 474d89711bd78baef13f095be68bd946 |
| SHA1 | d0798c2f2dd86282772211e7741d8afaf3149c23 |
| SHA256 | 7a15e8615a2e05ea28b4b383ccce6b7939bd24accea903ad6768cc4924abeb99 |
| SHA512 | a2e57765e33385712de1576aeeaf5d4a28d6cc7818c1b9489f41789f9d31e67a69387c1e0c46af6ec3645327b201df3ce110cc78d52b5e6b32ac6cb789820058 |
C:\Users\Admin\AppData\Local\Temp\ekIi.exe
| MD5 | d2b89ccdd1f50be7617144627539db60 |
| SHA1 | f3e2ef536e1f359311027d394a844d393f500afb |
| SHA256 | b11fd3f6890685e3f8260e44d35f2bc5bc6990145d669b75a5d245cddb3c6156 |
| SHA512 | b327fbcb901a1379c2beb75ec0cd8f2418e115acd6f97c296cdbe64e9d097e771859df645444b1af6d867956e52d70c4378c4512343af71e5c7821d814caf45d |
C:\Users\Admin\AppData\Local\Temp\cAIa.exe
| MD5 | 2f483b35194e5c631c5d316c5062e4ed |
| SHA1 | 8c87885a45c06d54b55b1f2443204dc2e8cf1f49 |
| SHA256 | 7944e8d5fb39b39c94ded8d599eb1a85cd6c936a92116f0b85022b61ba7031b8 |
| SHA512 | 9e33b0f43800980cf8cfd2c3a03d136991dd20b11e166f4b1966c9e9ce0483cb2ffa92229fcd700d9d0e1b21e43cafa08168313be1d36b96286c83e89ae27f58 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | 2db47a788e4926deeb8f3c1538a905f4 |
| SHA1 | 9880e219d7d94c7d3b8d8f7f406160874ff94a85 |
| SHA256 | d20f6259b4fdcbb144438f2298d8aca716c744d780277d37efb8743394cc12f0 |
| SHA512 | 2676cbd919e5f428434ce3d0e5adf208b84bb818ebbf43cd48c61c3eee1e07ee301ec3872b9d384d2815787edf14a7fc76d48612426bddeb41f2ab34ed41fc78 |
C:\Users\Admin\AppData\Local\Temp\mwwM.exe
| MD5 | 1f88aa514b9280af1c4857a5b5c3144f |
| SHA1 | 3ce915d6a387e318bf250149763e238af3604175 |
| SHA256 | c25e4a9e38458d9f575d1ee5dc5ddac7444406b4fd94af34923ac2e01ec05a14 |
| SHA512 | f1b8c3efec26b68ea124faac7f9ba9732392537412a5059689b479219429abe584fcde6bf3ed013153640cc551042f7faba5dd1be8d725f92883a13f6a76b631 |
C:\Users\Admin\AppData\Local\Temp\agIc.exe
| MD5 | 221b58aaf8bfb9d1e47c5cdd3e24ff53 |
| SHA1 | 2a508e188de8cda92be09ed9cef1d1c143ef2537 |
| SHA256 | 5f7b6ac103bebea720d483e4c0b3260e67b13d5ae9e8bd44a587a61b0baf64ba |
| SHA512 | 22edb275832d2594f42ba9c92cf72e755fecb68d545078c4e00aa23b0ce4bcbc74388faf5871a9938ecfaf76597d3e6fa6a1f7d0016a558039ad416e3aa245b2 |
C:\Users\Admin\AppData\Local\Temp\cgIq.exe
| MD5 | 3fd092ddde8bea2effc8c5cefee7f950 |
| SHA1 | b0ff12bf283c7fa16b20643106905034b4b82d8a |
| SHA256 | 596791efeb7dbf752769e120355be605d26ff8773963707095eacbda03b051a4 |
| SHA512 | 2ce32c9584f09ac92b20f78f68e8d4acb9b1476c2edaa86fb89d3fa70cd9e4202db25ae6bd7c1b6b89efe074a7936c22e052d5028d65a33af76b33516409e072 |
C:\Users\Admin\AppData\Local\Temp\aUIe.exe
| MD5 | 7be88adb6cacaf11411df5247aaa6e6f |
| SHA1 | 7ca9924aad40771de41da706c99489dd35616f65 |
| SHA256 | b01266a09f8837e8fd97f6cf6b87cb7bfd9eaad771e0d04e6254eb294ee628c0 |
| SHA512 | 8978f50164b5cd2278ce4f86e1e2737e58e1e45c31c1ab90998be06ea3989f28274121737ade641c928c987025af6afaddbfb6b5bb245bf94beadef79f71e480 |
C:\Users\Admin\AppData\Local\Temp\RosQgwgU.bat
| MD5 | b61bd150975db592409a6cd9ad1e1b23 |
| SHA1 | 3fae4ad63fa8fdb889429318a2610ee1c2cf39e3 |
| SHA256 | 285919baea5efac73a12abb066b3795b4c7d9a69ddab1823e6d192a146bd7c85 |
| SHA512 | 41eb0e310f54049ff1d2eeaf096edfda7b8ce372076eb2c10e34ea4c9cec235d10fa68544f456ad925fc67d5111c798853cee78321a85cd7e8198a8f9e788641 |
C:\Users\Admin\AppData\Local\Temp\oIcE.exe
| MD5 | 1211b6f852ea41858fa1967cada9f3be |
| SHA1 | 1aae4bc59b624fcd5b218be84dbbc4253afedb69 |
| SHA256 | f6a9b9ca9b23fb74ae40266e92afb456e2a3cdd5dab56c79c4ee2bef54453829 |
| SHA512 | 48633d34e3d5de380aa02059055d865b82d901d29b691ca2d5522bd0a8dc24f32264902b743d96dda5d50367235f6ed523e39822b1bd6eda4b22d0527db5e8cb |
C:\Users\Admin\AppData\Local\Temp\qAEQ.exe
| MD5 | 352e941779d3002174b1357b1152bc0f |
| SHA1 | aea2eb91c0081bb68c6c7eb6ea0a1326b2a84e21 |
| SHA256 | 641a5dbf5a13f08b10c1bfc753f1bbbad4d501701b2556b2a09535742006531e |
| SHA512 | 0dabf29519b82e3e61c380ef218d9d745700178edb3e5a51c47059194b947585a9ef073bbfb5c42436ffa4a6c8e2609ca89b97850c9a5b519f91906b574c8c83 |
C:\Users\Admin\AppData\Local\Temp\Qwwk.exe
| MD5 | bc519cbd4df208f6e74c3892ae97775f |
| SHA1 | 84b21f631a6318e20d8f998ace3f2b2d128173a3 |
| SHA256 | b9104e271ddd5da24c2e30cd14d76e67fe4f63aea74664c3d28e6dfd2bbe65e6 |
| SHA512 | 5693702264b6915a7a07b91273ad27a7f74edcf05d4c1490540594d539633865cd4e9ad0a0b18096fec2cbe7b6c6ae3a04a364d61dde7d4046c54a6681276bbe |
C:\Users\Admin\AppData\Local\Temp\icAW.exe
| MD5 | d0385189244e0b5dc32069b91c88ac09 |
| SHA1 | 6c6be249b7c9e3b11a6d942064b2fcd8423eb89d |
| SHA256 | 91d0de5e82b16e2f864bc8579967fe292f29bc59e44c5b82123ae2f76c4335f3 |
| SHA512 | 63d2fc5005988a9bcb5554879cb4cef99a16cbc281c92dd5f1e4550dfcee3342fab87603be18d238e3ed61850ce885f3a4f005053d56f53d78a5ceea60171751 |
C:\Users\Admin\AppData\Local\Temp\Gkgy.exe
| MD5 | 4737d9c42bbb96974a260632afd3da61 |
| SHA1 | 5c54f7d952cf165875e6b55709a603bca10e2df5 |
| SHA256 | 049230d4916f0ad21dde183efbbcfdb3b6ae1e392c8ec7089faa9fb6e624c317 |
| SHA512 | da714e3faa651340c447938f9b7b5e27f105d858e60be1103ac991502370230989b8a78f358ce22f15c8e5df4865dc3994e772b63255a2a1a0e7af9dbf859a22 |
C:\Users\Admin\AppData\Local\Temp\mYAs.exe
| MD5 | 9fed94cc09b661c7b57e563b8c98813a |
| SHA1 | 06a350954ba58362546d6fb4f6d8b3cae551e821 |
| SHA256 | 53f30391df3668cb8993dbb3b6ba7fc2b9ad6d9026d314f165810b833b7aa5bd |
| SHA512 | 794df0b066e7a375103e1b7e5096e84d23c2bc2496cac31c7be0b5d58f7a1f40e829bd0515ab520de8ceba31137cd42808832990cae95c1e6e2b7211bc539727 |
C:\Users\Admin\AppData\Local\Temp\HIcEYAsw.bat
| MD5 | e88edf1cef364433ba315c87eb9740c2 |
| SHA1 | d529da9b3f4a9c057d6c6d38a2e387844e51f395 |
| SHA256 | c5992aee43a0b92666b5167e17d65205cf5d32044a66642a1524dee8dc308865 |
| SHA512 | 703ed01b50d7327f045c279a4c39591491bb9f653f24a0874d4f833f05b6c424d9d2f9b54143a45978f11d2b57375d01466b29bf0c70d3657b851ab7f851757f |
C:\Users\Admin\AppData\Local\Temp\eEYk.exe
| MD5 | d4edbe5d442a4e408962ba40f3c81590 |
| SHA1 | 07739707120c4049cad985252dd16ed20d638598 |
| SHA256 | 57937e6cba9602e32726aacc4aefa2bd86bfb774f2eaab6a8639466ef8671035 |
| SHA512 | 4fd12f20742d58fd622139c5d55823d053cf818a7c03c5c47b6c9572ad3b39e5bf6d87045f7abbbfb17ff49b808cfe4ee74c20f87fd15a85979f5eaf47531844 |
C:\Users\Admin\AppData\Local\Temp\GcgW.exe
| MD5 | 20c217ca32e37a56ead9b2ee7766ed7a |
| SHA1 | f464f8fa548fa34d70d59d878c4ad70f76dc5d54 |
| SHA256 | 9e6de94e1730f1ba8d07f9c8b7674ce6f1d6cfd3f3061138a39c1080072e4731 |
| SHA512 | 2f153b1f44f320567e363077ebda0cbf3484be452f83baeb4fc741527efb61e897ec93bb1b4e6606671166475419482d0632b2225098dac9f1219e5601eafef9 |
C:\Users\Admin\AppData\Local\Temp\mYYs.exe
| MD5 | f7d2dea669ab1f3f3ddf19b481e7d496 |
| SHA1 | 86ab5b65c35139e79b800d1000c4f4f888e69de3 |
| SHA256 | 1e28f820e703ba97a166eeba7ec6019560e5b5e5e9c7b992722af12ebb6f3c37 |
| SHA512 | 3c6dab41e339ad8509fdc63d5645b5b320d5443ec193e78fc496672bd1ef017ebae62852f9132bc42bb54e28444c517168ed3286ee6bfe8cf7022250d187bd55 |
C:\Users\Admin\AppData\Local\Temp\woEo.exe
| MD5 | c54dd2b2a93b5802d5efa8c64d1cbd24 |
| SHA1 | 1a7c6367019c13b90581af2cb48b6ab09091a44f |
| SHA256 | d5d82dbb2a553b8eca628524d568808a8619e0efc3634dd22f4d186b19683205 |
| SHA512 | fe6a8e1cc7d9a52119c2f8f6737fac54743d9cc94f679b9667223719f435e0cd0a48d9ef11fe2939758615633976a008aef0b76d7e5824e94fb50448a2c46b7a |
C:\Users\Admin\AppData\Local\Temp\TSMsIkgM.bat
| MD5 | 16987691a3621056119be923b7562b66 |
| SHA1 | c4c35bcbc897925982d66c331c2b22a4ed805236 |
| SHA256 | a1447af7a780cdca3786c220d77c5d8b2b5cfe989f674f854bfd32594c3f22f3 |
| SHA512 | fc08c307347a24337648175b21bed5374d99a6cd588d372cb77fcb97ebdbf54af8714b951d9fb9e4af424d5eabe1d78b83c8fe381bf968f7683ff3c76fcec435 |
C:\Users\Admin\AppData\Local\Temp\mwoW.exe
| MD5 | 8765895ae7c7f6744317db47812bf14a |
| SHA1 | 45f62b9598a7a7837c40d03a46613a6b9818be54 |
| SHA256 | ce5426e364b2a06eecd0fcdff65b1bb56b718610dd4bcd43e56b301e2d42a2b6 |
| SHA512 | b60d621deb714ef185ceb34309db04fc8d083032384351eea59cb1583434cc280e255d30ee8060baf8b8d2d11fdc2a9af2fa8fa63dc96fd6c7f8652db0b4d31c |
C:\Users\Admin\AppData\Local\Temp\WsQi.exe
| MD5 | 91cfdeb0be042d0b6be4422e8ebd64ea |
| SHA1 | b9a11884e57d8395ba12653592dc00714f43c153 |
| SHA256 | d942aaedafc23e0cc307243e780034f4c0759e375e3941be81b8298eb65efba7 |
| SHA512 | 4b64963681ddeacb55ccbb541e4c070ce1e0c346d386accefd57ff21a7f072228f84d96248c237d7923a1b57a3c1582cd060b9672f81681e7a0288788e91a9fc |
C:\Users\Admin\AppData\Local\Temp\KMUu.exe
| MD5 | efcbbd10fc45b93841e2e31263fa3a8b |
| SHA1 | dab8500790018decd14954a995be71889645eb4a |
| SHA256 | 2c040fdc55e2a818064aba7c2884e7c40a42df5f748647774a246e6e6179911c |
| SHA512 | 0227aae4d9f91c633f29d528b35c13aa289688957a6867b811ce3e697a89f4ff7218226ccc615b6860fed125785f66a339e9962ff5af212d90583069fb6eae09 |
C:\Users\Admin\AppData\Local\Temp\sAAo.exe
| MD5 | a90fc691b0aec42ebbb0895962d6aedc |
| SHA1 | e739ea1be8c2909df78e465a2f3a22559bd24a67 |
| SHA256 | fa3970c82490604587307cb2c82afbf10a2fb015bc11c0375474a94e7a75ba7d |
| SHA512 | 65a61ee00d409851c123ceef40b32b2bf81150a6ad6728ac592a97e88a4ef94818151aeaa622cde13adca111afb2c3b488c21f00030fe842a07273f4a072cfad |
C:\Users\Admin\AppData\Local\Temp\aqsAgcgA.bat
| MD5 | 2a7302f1038c8b8f057a86b410ca2886 |
| SHA1 | ad12d28b9fb3b747cff12ccfed201652089c6961 |
| SHA256 | af867f54fe4c1b824787b61e7ac6cfbe4c63e373f012411529b78e0d19bfbb5d |
| SHA512 | 10b269e8e54cc32089d4bd25ec606c137d38ac45eae35a77073f9f95e869be9adae068e507d95f3a98cdaa338d01dee69d71c2fa84771e37cefca050076548a4 |
C:\Users\Admin\AppData\Local\Temp\qUIE.exe
| MD5 | 525a2a2e2e2fc732d0c78f2a1ec31ac8 |
| SHA1 | 8c23dd61ab13276fea6a78fdf17700a7cf4ce155 |
| SHA256 | 0ae8b87360b9d95590a05070a38cbdb9e55c750411aee4cef221226eb2878036 |
| SHA512 | 8b91c4a042882076094befca5986fc742d0db43eed8c89d9e68dc2c6a79efe29181e31381ff9bf7fe0caeeb7a1a32986f2796b570b0624a8261a16ec91c07868 |
C:\Users\Admin\AppData\Local\Temp\OEMa.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\SgII.exe
| MD5 | 375d3e728fbfe15f253e2375c4474bd1 |
| SHA1 | 8e1fe13cc88088b1a3c5a8972829857f4bdca154 |
| SHA256 | 6c085c00750cc8ec525146217a48a0bb51cf8794784eb532bfd4804b20440106 |
| SHA512 | ef36a646555e796d51f043efd4fa1c9b9722c66afb5c8ee26a0ef1b594406fec2575e229107ebd5607bf004a1b4811e171119393c892ba862a230a3c7cff0795 |
C:\Users\Admin\AppData\Local\Temp\AQQK.exe
| MD5 | 8c6b40b9b625b070c40ca9c24fee335f |
| SHA1 | 0ef2aa8d3d3fdbcae2b55d1906a6f3bc156a4b85 |
| SHA256 | 29192b82f596c756067f8d1b47244658c5a4a66754b26b9b5ab331e0a24edca6 |
| SHA512 | 246d88cc24ebab1323a8a8a18a349a4f0e3bc1cf0dad0bb76c985eff8240b74391d1d09370f4dcb9da3ec400ee3951ec249e50bf4b25e2724e9141739a93c154 |
C:\Users\Admin\AppData\Local\Temp\uEAM.exe
| MD5 | 1b393f98c000cc56ba0edea3289e7b73 |
| SHA1 | ade9eba57119fb51ca155a51f6c9678ec1a9105b |
| SHA256 | 0967cbc58acb8fa8fa4cd92fbee44d6c081749c25cb976c89c73fd70cab3619c |
| SHA512 | 7a7a86eb073dc728e09a83ba9bf7a22e8abd6a14b2264dd958f4a3da0a718bd63c8be5e55731fb24e3e6bb2df1b298094733ab884d626cff01b65cc16e0f0cda |
C:\Users\Admin\AppData\Local\Temp\MQgo.exe
| MD5 | b7eb5472510a7d3288480edc1347241f |
| SHA1 | 8101b8b0a478ca072f9500c481fa8636cfe09a7b |
| SHA256 | 1be5dfce73a03e0734c7d74a3d8bc1d602477ee6124f3b7ceea9ac03078388e2 |
| SHA512 | 68eb528587fd0aa1cfa94b153c560f07751498c61863c3286f2de40d056a89aceff9e381a81a1c0e423735f0ad97f8b8eaf1491cc1f361d8cd191158fb0ea129 |
C:\Users\Admin\AppData\Local\Temp\WUwkooEk.bat
| MD5 | d0d4ad423c7602b5ddc24755b3a38df0 |
| SHA1 | 67276c3fc47a48a644830f7b5400d2ec1ad6ed41 |
| SHA256 | 7c644c41429bad234e8354653df66ef53ea87caa42d3935aaf4ba33774f30d22 |
| SHA512 | ff950daa7efddc2c59d0ab94a8609d8ddd42f022c127a6514d687441b23a4c3dd0a83fed85e8bda9dd301af75be30557ca437763a03f407f3bcb501c5c670cdb |
C:\Users\Admin\AppData\Local\Temp\oYUYMUYA.bat
| MD5 | a14844712201348cd0e790751fcf204e |
| SHA1 | 1a16c3dba62fb0fe2d63017f8093e4dee29a453c |
| SHA256 | 68d6c05c2936e8df3711c5e21f6da3e7b5395d085811b478ae760a8880125ed7 |
| SHA512 | d89c7c4a55c70c90410f6777a92b80808454b4468f3ce85a3a6b373e166c6dfc49b5e852e254ab3f52e64679a7fe3563d73d8328a7eb8babe96ef0e6d0c37d7f |
C:\Users\Admin\AppData\Local\Temp\euQUoQck.bat
| MD5 | afa6f0bab3e855952d667156fd0d9236 |
| SHA1 | 2e44afc8cae4d6131d5af1069fd8074ad02be11a |
| SHA256 | fba1e0b23bfc80ae8ce115e3edc0b3fe3c685adfd64514782e7b59062da13a61 |
| SHA512 | cf0c91a8d5f2351df9acd7f01008535ce1f338fc3a9551b486d792bfd2d959eb56701b1ba1250b89953a0871df2126c3f1dc45652f6b75c91221405bc3e72f96 |
C:\Users\Admin\AppData\Local\Temp\ZmgIEoYM.bat
| MD5 | e220a14e49c8128a51e4cdf6df013811 |
| SHA1 | 86301a8b0d5516486f4db3c661bffd91ee8e4275 |
| SHA256 | 61ec81013fb26fb1bebe6314385067610cc1fb5659de47f86947b99d6f76c555 |
| SHA512 | 0221b707fff2a72b734c83abe1ef5e1b887a3e73af6dd657e235a1d2044fd6f96c7b5615a2ee1a3aad9d5210c6a275a9636b399ec2f5a9f2b3eaab701c70659a |
C:\Users\Admin\AppData\Local\Temp\jcMYwkoY.bat
| MD5 | bddf4052460302d5783738cadbfeecd6 |
| SHA1 | 4b28377c828aa498cae5217756a5b233aa28997d |
| SHA256 | 3c3c123c359b8e4893877a3f6a582d3f9589b841f9d880b60334c61066ba8ceb |
| SHA512 | 140a2adc5f933eaa677ef6c3eff0bf6848bb491aaccb1f368ad0e6e4ee266ce113862d41531f465b0bb01eca0fc876e830161dd686f3ea347ad97d360b0a0bdf |
C:\Users\Admin\AppData\Local\Temp\RyMIgIYI.bat
| MD5 | 0dd725a8807de4b0ced908ea822475cb |
| SHA1 | 9c23523569f62aede24d25d6acd234dd3772ca88 |
| SHA256 | 772dfbbcfba90f33bc8208749a28677696514c707e55ad78ad4abfe077742242 |
| SHA512 | c6ce9bce2dccb06cf63026592d2fafab33d143f3fb1b3425572872aa04f7172c58c5056b95fd15c80e4785c630fbb7cf31481c0bff51b01fef07360b4b41b457 |
C:\Users\Admin\AppData\Local\Temp\nywQkkkE.bat
| MD5 | ce4738c7de628cb07439d19e596268a3 |
| SHA1 | 0af0d67f02167d1d2fae714c166dae8a3de60731 |
| SHA256 | 9e24a5ade82e0b9cf48681d0b3b5b908b07cb7bd73c5b4a4c8390a49294bfd2b |
| SHA512 | 0d83197b9b053a7675455972513845f0b86d3b40cb1a339d78a85fef6cdc52b1fd07715d5d89a640863596bdf530bfbf3354299e3b8a8bf89f9d7530293db4bc |
C:\Users\Admin\AppData\Local\Temp\aEQwYUAw.bat
| MD5 | 35b029a12fc2e1685670e38225ed1b7a |
| SHA1 | 7dfdef3f2d792f66ec788090dd16ffcb646125b5 |
| SHA256 | fc3efbe1eac6513ad30667d43480c3127ff34a8bc3b82b0ab1e23de1e0e46947 |
| SHA512 | 0297b9675746a9759928aedbf87f9fae4e1f66f8ad9b4fd18984357617933b85c8822c6224adbc16b46ae90c55fc5e6bc1fc214b984a74ab83b095caed44312c |
C:\Users\Admin\AppData\Local\Temp\zescYIUo.bat
| MD5 | f5eac8695f5d5b95ab495f66794f2efb |
| SHA1 | 6dbfe18bad2fe0ba366cc50ec329b718cfb374bd |
| SHA256 | ed7dc54245206e7685fc20d359150dac5443da0644cf85cee0600ca3e149bb1c |
| SHA512 | aea72a11969b101f0ce9f829dc20eadc85870bc1330a9d0ec41b7a23d48b76bb80ef19e37a54b99ba8cef88d7a89140b605089b6451c4d3d76631ec6d1b045d3 |
C:\Users\Admin\AppData\Local\Temp\iOgwQcos.bat
| MD5 | d932b0224931b71a997ef87ffa58828f |
| SHA1 | b1f23affe532ad8b3f8f44121d1c7c00805090fe |
| SHA256 | c1d651639f28ab7377637a2a66821c43cd9102244578dcf3ba14b8284c65a631 |
| SHA512 | 336d61b768e9d173fd5a21238c3faec25f8a601e8730c170cadfb52c571bbb2d52f0b96b34f07ee408daf7301a6513a942f6d0d24ebe05a6a4347c9ad8558485 |
C:\Users\Admin\AppData\Local\Temp\UoQM.exe
| MD5 | ce2c8f6462f8ccd8591fba0c6364082a |
| SHA1 | 2284f36c9912a72741588070e51bc3238e275636 |
| SHA256 | 214292f4e8ec0a5afcbe89d6a89bee671c6cb02e3a5e34b2776c33e79bd5d6a2 |
| SHA512 | 82be3cbf3900eb5a03563dd5e2d0c746fbc64ff87987a6193fc6b0b78148eda7501b101780f451f0a17dc599909a63afb76355b745896df4e29c5f2d84e84a07 |
C:\Users\Admin\AppData\Local\Temp\kQQW.exe
| MD5 | 4a706857769995d6f812f39037fec916 |
| SHA1 | 6734a8e314f738297d49f15953bdc1a8364127a1 |
| SHA256 | dd1823aff07d82e90417bf296be6afc7560b7714d2e2c58b91171015fa980d7b |
| SHA512 | 08664ff0fcc1bde3fc5074113a5f0fba26a43e007468db82adfad2b70819b8a844f90e72b74e18428536e4ecfdc2292245756da39796efe351b197e3ff92f683 |
C:\Users\Admin\AppData\Local\Temp\zywQkooI.bat
| MD5 | e0161dc16ea80cb7ea6fd8eed50c0cdc |
| SHA1 | 55c9263f7f9ece3caa56a5ee3c5b554191745f05 |
| SHA256 | 4912a4a122426b465fb615baf71aa388b82da6593a7b8686b074432e2aa36e6e |
| SHA512 | 64711bed8dd9ac5b32b1b66a682dcb1b74afb79f77589e255a45653b9f5c3cdc6ed89c9ebdb97a8d75c03c68c6055b3d37cf6868db6c7119fee53eaad7e38b6b |
C:\Users\Admin\AppData\Local\Temp\qIow.exe
| MD5 | 8bcec61a7125446cf50322e37caa380a |
| SHA1 | 89586d5842740782c4753dee1ff96ee779055b38 |
| SHA256 | 1632c96fda041fa91afbff72653c2b6cb523faf2769c71edd30eb7a3bbf64d49 |
| SHA512 | d3e7bbe8979a3470bf15c508c3e57c787bfc9c0b3ac157d1713570e5d90e69db244e44a84d45cadb8cba1113834686f142c7419c840b28272fd186973d5c6ce8 |
C:\Users\Admin\AppData\Local\Temp\sYom.exe
| MD5 | 868f53ec1b82d8316acbf884bdef8145 |
| SHA1 | d2c04c9b987ab8678e89087cd2236cff54182f5b |
| SHA256 | b539a9f216010391ec591e01df931b41bf069a9788e4effdcc5be0e7d8851f0b |
| SHA512 | 93fe2bc3e0b16b50eaa6610ba995cc94645efcb408fb4af906bb37ad3a4088362c42bb1daa963859a19bfe6fab72c125a48c43856da12da5dac5cd3a32c177d5 |
C:\Users\Admin\AppData\Local\Temp\SUEa.exe
| MD5 | cd2889ceb594efc226f7f6fa0cabc65b |
| SHA1 | c52cac379744eb302feaea97cd5205d5ee8f68b0 |
| SHA256 | 9b8876502ffb6f6984d5c230a8e5c16e6d47582106ebb0a17814e2bab061d6e8 |
| SHA512 | f086fc9360cc0ede213dbf9240c499b1c103f2617004b45e399b4767470b943d21956550070931fdd4dfdf2d14b5fe189392219fe280ace7ecc90aa89d20cafb |
C:\Users\Admin\AppData\Local\Temp\fQwUsYks.bat
| MD5 | 08c906f1dd96501fbc2374150372bca6 |
| SHA1 | 4763d9a44f687e25eaece640ce009b887f4b2d05 |
| SHA256 | 0bfe62d0d3db61d325621ef351873df529a672e82ebf4c930bade0950c35a61f |
| SHA512 | 8108a71b80021a59d37b48e6727069fe9e18e5111f9abe7a6baa41d05aafc749a1a0d39ea3b8fd5b462c9e6aaa514876534e6310b142c0fc94dddc841f78f729 |
C:\Users\Admin\AppData\Local\Temp\SswQ.exe
| MD5 | ea3d85358f4d3027d0cf9c556c4097ae |
| SHA1 | d2da9832632fe91af3bab070526021aef02b8b96 |
| SHA256 | cce1eb0e0cafe490c0c010da22936615f74c7609b6f059d665680f6f71d7d86c |
| SHA512 | 177dd11973d35973ea43a5db298a3e28620da330a7e1b0e27f017938aaad24be49fa772a55c28f769c3601a6b735b1cb3dedc12b4f8072fc730f1439fb82af19 |
C:\Users\Admin\AppData\Local\Temp\QkUu.exe
| MD5 | 66debfbdfdb3a13a389caec1d53eae3c |
| SHA1 | 98f8adce41d85b039bc39701e42c93aade058fab |
| SHA256 | 65177719210e180dea5376efb2852d05dda6771fd567649b61732f8a3e13e4ed |
| SHA512 | bb07a9aa912df4072e13d0573aa645e34e3a0e2b3e22c53c513d7fe0a107212eb210a32cb3d3b8f6d8e876486288e3f832cfa58a576aacf4c7202cf0057ac0d0 |
C:\Users\Admin\AppData\Local\Temp\IUQw.exe
| MD5 | 22ec7af946499c696dfe4aa0d60cebf9 |
| SHA1 | 0203d5cdae1e7b13d9c47ff4952821976ab2e01d |
| SHA256 | 78902d67b89f2a9e5eeaf4f4464311c686681a371392770aa9b7063baf175a06 |
| SHA512 | ec9bb46b8da4a5a384bd56159a1bda1b34dd7290aff846c6fb0567f3a6de20bfaab994cddfdf684d14dd135faa76f913e1b92c9427be6a7591c4134cb5eb1271 |
C:\Users\Admin\AppData\Local\Temp\vMMUwowc.bat
| MD5 | 25fbb76271e87df08ad60bbbdbe5006a |
| SHA1 | ed94e8843cfffc11a5ba3043cef75fb7dd94b45e |
| SHA256 | 1bcae6bd5f003437bdddd4e020e1bffcb4b13074aa556f055be723df79a5d461 |
| SHA512 | e707991bce36de78d0582e44f7d48c0546eec31ec4fa303360aeb7d4acf2dd6735cfdf056647d36363a2942381d57f3400139fd9faf6aeb9cc195dd55c3c0dfd |
C:\Users\Admin\AppData\Local\Temp\csYy.exe
| MD5 | 62e598d405662595e2fb44ec26763d42 |
| SHA1 | 1b9ce5bb700dfa83b9a9f02370c047a28614d4b0 |
| SHA256 | 77429c5cf51801833125bc1e75e4e943f8d1822052b9db2e17fb76c54a889659 |
| SHA512 | 80d8f10fe894a303996c8f24340a5323529bfdc88f211f335773c8de80c2e2550aa4188834ba5daaecaf36f0370f2808c69953bae5c50846e86fc919b25429cc |
C:\Users\Admin\AppData\Local\Temp\OEUU.exe
| MD5 | 0e1a6955cce39d7a9234172e140c4942 |
| SHA1 | b9c820c2b98cf2016c9c8764c10d9bdb46ce4d41 |
| SHA256 | 28dcbcf5c718dd663d4f7077790527026b84b8770f79fbadb176dce123e5f95f |
| SHA512 | 2eda4f18fa1c41f699d7fb4c1f4bb336da5bfbdd28c3b60ca836aa8a4ead050f60dfabffb139372cc489ea974c412a2db742cf325b9e15afe6eef403abe61c87 |
C:\Users\Admin\AppData\Local\Temp\iEEYIYwI.bat
| MD5 | 2d1f91fc310f7f10a848d2b206114470 |
| SHA1 | 251c31e47b96ee57e150b968ea707fa23d849e96 |
| SHA256 | 85ce31b894d2882d978f8e142d6945f1dc7ab205d696cd1d42fe0c12c4c54e3a |
| SHA512 | 898c73943da0a523d54469f1f17273f3accbe28490e4a6a97a589d7cea2f713b683a9589f21bd7c1bd76001e0624f1ed3b24844e79a137f615d87e99398fb750 |
C:\Users\Admin\AppData\Local\Temp\sGwMcQAQ.bat
| MD5 | 1ad102a5dc5fd396f17475fdcc8e7c54 |
| SHA1 | 1bd32bcd44afad188eac8c0d5e7996d68283b86a |
| SHA256 | 3591a012570d4ced9d67cfb4732080498c60925fc4d985440ddd2205c8174f31 |
| SHA512 | 54d9bb33e292b0799ecf783213c1a30c4886b6de6321e1ede8cedf454ba6bd6ce603db61551149ff22cbfc3f0e3b8a74a4d0011c4b9473ba1389507bbdcd7605 |
C:\Users\Admin\AppData\Local\Temp\XgMgwgMY.bat
| MD5 | 6ebda6eb09bd09b4eee616c541b21011 |
| SHA1 | 34b98452ba33e3307fdf952d8244913ac7f915d0 |
| SHA256 | 357efb1ca10f0c7e411976db342052e37bb599f845e995ae2f8d807d250334bb |
| SHA512 | 03dbbd40c7a33baa48647f4cfa5d4b0834c73699de5f84e7469ada6eebb1fca28a820458b922cd889dcc39fab43304faaa8c556f3017ba18bad84c1e8e7e9ddb |
C:\Users\Admin\AppData\Local\Temp\wWoMQgoI.bat
| MD5 | c082a1758e2fe14bc09b37e0cab632dc |
| SHA1 | e442a54c53b30efeae05da3cb18cd4ec88afbcb8 |
| SHA256 | e193c1cc129b1fbbec4133a50a4258c2632f1a05fe213e13e7abc095e3021f0c |
| SHA512 | 6a55686a2030da1b4c719834f2b59df244237b9910f1ace707a13537eb56289bfb2aff36c072c3242ef7ca84f146df9ba8bfd914159d58811a9a96f604008dc5 |
C:\Users\Admin\AppData\Local\Temp\wkcg.exe
| MD5 | e3ec24ae8b59da0b7c04d055a7032818 |
| SHA1 | 63eabf1357ae9dfe9847c67645e7d33c295d6f43 |
| SHA256 | f5d5e755175e390a8cc44a6a3edebe19b6ffe274b0902b8bc9316ca35cbda3da |
| SHA512 | 2b8dcfb738bd3ce299644d1468fd234de35104d34c6c0d1cb46ba690fc0d7f70ca877e2870fa07b305c50532509d767aec8a596b1c38e247ec4ff8672ed8b5a6 |
C:\Users\Admin\AppData\Local\Temp\icUO.exe
| MD5 | 81ae30a076d44c80a0451826672b0a96 |
| SHA1 | 79c9c0796e51aeb0b517fc72b719d128f5917636 |
| SHA256 | 8824643fef11023a846e8636acdeb25ecd800754d247249ed6eb910d2a27cecc |
| SHA512 | d7db2752420009dfb996de8370988a608dc100f980b9c37e03d85a8f99dfa1771d4a0cc269c2ac5b50157d51bd957632c76ea731955bf966b99f82035f45a372 |
C:\Users\Admin\AppData\Local\Temp\zGAgwkUo.bat
| MD5 | fb8217909022031467ef181ba5c5a39e |
| SHA1 | c73086aba4e80dbe825084c7e557ac5620e73cef |
| SHA256 | 4e23a477884b82a6cbbfdfd81ff90ca3b07015ad9c55486668902e8c15b7c779 |
| SHA512 | 5fa8e546e2415cc820dae811809d67df198141fc840ad2dbccad956e27e78ba9fc24e001ed99d7616389f37804bc19c72292484a2f06443b10de9e82aa8f86b6 |
C:\Users\Admin\AppData\Local\Temp\wIIK.exe
| MD5 | 98997fba9121b376aa8d875750fbb143 |
| SHA1 | 8e9181a6aecd05a6a6a79fc73d641b1bb0a22e39 |
| SHA256 | edce4a3394e56b83bbdd76f5745d6fc4f3e4e7d2e3fed5b237f23c0797c326ce |
| SHA512 | 31b5a09d0b15b331fc11e670a6b12b0066a05e38de1d541dab52f972660945fb425732afc9a2a2a926cd0f6468fda715f800678b1887365bd1adfba2781c5dc6 |
C:\Users\Admin\AppData\Local\Temp\EIwg.exe
| MD5 | 07f0460493ffc3ae587377884afae7b8 |
| SHA1 | 9081d3355cbfa86f5415928f2c9f197a52759104 |
| SHA256 | dd6b8f3da00f721069b7208d922258f166a763d5786806734e9cb440f8c8cbeb |
| SHA512 | 460b4f808a1e301628d9132265b87e2f81427f2d4a1e93f1479e5422235a1363e9ea0dbb2247db95cf4515a3398ee1ec7ae798e3de071945d8591585c012b8c2 |
C:\Users\Admin\AppData\Local\Temp\UokC.exe
| MD5 | 511bddefa7f17c821de79e2e44695be8 |
| SHA1 | e168fcd36a8947479ca048017b0da9f3cafbd882 |
| SHA256 | eede5d38a5353962f69ffd688d86944009603b5cf2519f7afda75735631ab247 |
| SHA512 | 95d252083c30c7744427ae79e42bfefebd41178565f639d49b572b09d58b622c9b81d7d74ae7bb92ee5656c4e3dfe0d8c2202b1476e64a2107359bfd9a6bf0d6 |
C:\Users\Admin\AppData\Local\Temp\ciYwcYII.bat
| MD5 | bdd8e67c2817b06366894602e660a5b6 |
| SHA1 | 8a9240a2f87de39e5f03f43332596c8848a0803e |
| SHA256 | 274f74ff3f2c936030a4807fd3d7e59224c4a637b9bb586bc584c8e2e9328a20 |
| SHA512 | 419971aab055380d014599b8d4730904ff16e55c657d726855ef9d9400c972df8b4609232b0ddc25600ea3d890d04b7b8686760410e1b6201e37880395d80630 |
C:\Users\Admin\AppData\Local\Temp\swEk.exe
| MD5 | 459a9af42b5f0391f75d3b10733a6e23 |
| SHA1 | 762e86c6ff9134a3fd3fd813ca0ebb178578bc8b |
| SHA256 | 3fdedd568837ab0383118572161093fb4a07fa27e7ea5efc6e29ce005b2a9029 |
| SHA512 | 40f72f9b21f6e704d59d202860f70844b457ad3eef950af4e3fc788f53de2d62a2c35c934f018cd722578a2141c113dc4bea3affd1dbb617734fe855eb4da2ea |
C:\Users\Admin\AppData\Local\Temp\awAG.exe
| MD5 | 15126f606a090e593c48a98c4a7567e3 |
| SHA1 | 917a4c565cd188ead0bb6baa12425b0ada0db225 |
| SHA256 | 1fd9dee16067becca2567fb44c0584b5743bad5acd4ca345225610a202e8e305 |
| SHA512 | 34cc68937c315da8941058e62f2f0d8ae7886fd54ee78f1419897d1545fae8082f84dbe6cd68f2121d9f2fdd34f2663a15ee3d034ed3dcf84d538cd7ad5194f3 |
C:\Users\Admin\AppData\Local\Temp\AIgm.exe
| MD5 | 441f8634ad1f035ff45b0ec5849e3f37 |
| SHA1 | a99358fb6b73413b0055103a569d1c3c0b00169d |
| SHA256 | 4cc045b03cf1ec9f4a9837cda4a2f7394c617818c722aa28c8c745222fc86bf1 |
| SHA512 | 0d1153171afed2de7105b51a6aa864844b5325fb6137aa88bad2f2a09dca384758288098614fc686cee65aeb50c37ca05667918090c469a23667665f586b3c3e |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 4020bfa1451aa50683dff52c4a3b9c67 |
| SHA1 | befcb31339786097c7d6b9adcdafa139ed08a831 |
| SHA256 | cdf9c127a7d5148cf542944520acf8c795b018fcf46763e54423b3a296cd0357 |
| SHA512 | cb22b3f22565ff722d18a1c8392c285a10e662e83bbcdee12af373469ab01140375f8bb4bb40b78dd5968ca6aa9faaca9060fa667a3bb52e1d96ae48a74ff0e0 |
C:\Users\Admin\AppData\Local\Temp\KEIw.exe
| MD5 | b1e0afa1eb0defb5e1f73d464601bd8f |
| SHA1 | b3cc38fa9a36238d3c328dae4d048366784332f4 |
| SHA256 | 2b6c8e4b595990a409fe7c04f689ea9890489d75101e42c09d31f9b52a655929 |
| SHA512 | f36c8533ae68a52ac429c7dc4a7df9a5854d631909c43ae13d0d0343c5cc1bc435c2842bf29f6496fc97411c001fd4a8d64b775990c814aabf2f8846d536686e |
C:\Users\Admin\AppData\Local\Temp\uwkK.exe
| MD5 | bba2af59805f41cf52934ce09e82ffee |
| SHA1 | c977496f42d78bce51d797b5795ea5356c8ed5b2 |
| SHA256 | 5099cc77016473e966f1b600e13a5b6e6a19bee13a14154ae433524855608e63 |
| SHA512 | b2571687575360d29671e0c6e4d2064190bbcf9da25244a22edf651d413a41cb7002df026327defb58b33dbebb6345505ad9e2cce5c8cf756c46ef0fe2768819 |
C:\Users\Admin\AppData\Local\Temp\MsAM.exe
| MD5 | e2a9defb3e77421c6f3cc28fbef8b314 |
| SHA1 | 36167ee663596583ab2a377ff4e1193318b75e08 |
| SHA256 | 294719e05a8a1923c1579ab784dddce0cb3fd1372fc9ac910a7d685bd3221cd4 |
| SHA512 | 97caf1c4dbadd582e05d6bd3b25b870063377af740d61679184f7da8ee3fb1cc83b6d479c8a91f35b3f7ae520fa4d7e0fd08f8fb219cb0d80f62e5f29e6a277a |
C:\Users\Admin\AppData\Local\Temp\IUIS.exe
| MD5 | 27dcd6758d6fd56fe75ede9429210d82 |
| SHA1 | bd71b78ff237f1cd40eebdda22c57e337785c616 |
| SHA256 | 55feebab765ba102c43ceec591781e3222efa7a7d8e4ace3408196e3dfd06798 |
| SHA512 | fe54f0799f5c73d313c483cf797c4d6b877b4b1df6856e15b1ffa827b2a0fc6ecd05bba2307cef6fde5ead725cd3ffd5acdaa4d13f1e13e42bfbe15b87dee634 |
C:\Users\Admin\AppData\Local\Temp\IMwy.exe
| MD5 | 19195c1e7d98c7669b9a13dc5da0d810 |
| SHA1 | d5b93cd7bb4c91a6795317c415d1f48b321d8362 |
| SHA256 | ff303a8f26b4375666cef62383cce99e27bd1ecfb143f27b78b713fe28330b8b |
| SHA512 | f027799b99d7f33e6b25823d6c47fba0ca84829d977f5c9c9e04dd2d25d9db07c2dd1e5632606a125059e4b94d0650f32c3299eba080581fcb2c69fb02557961 |
C:\Users\Admin\AppData\Local\Temp\rogUggEk.bat
| MD5 | 89187feee5c78d65893dfcb92250fe7a |
| SHA1 | fee5e1b84d1261f64a157b1eac8fdc7f29ee1b8f |
| SHA256 | c79419b86ace6417551ab4d1695f39255f1b06e622496a312e9f9bf152b82051 |
| SHA512 | 2bb6815f22018c8c7f6f986d53a7e57f9a2050cecbd0f6fac22c0545163575fb63c0de8e21846f088bdd37aaa0bcc479f303410f67d5a92603c1f7fffb8a4949 |
C:\Users\Admin\AppData\Local\Temp\GAEw.exe
| MD5 | aad4782f96a7498fe3ba2d9044a291d9 |
| SHA1 | 79ad2d7ee19854d84fa99a41dc424eb03d916aff |
| SHA256 | 9c3a0a40506da0c2e2ac302e84843b9e79025f13f00d9fb32193b3f5fb76d7f7 |
| SHA512 | 39c2606805f51328b119cae62e900163979a3f78e5e692af2d340c3dfe02145ac3ff037bc93d43c82b59183a24b370d33ae85ed7b03d4c5e3b5a585bdf733475 |
C:\Users\Admin\AppData\Local\Temp\GokI.exe
| MD5 | 4acf3be732f0817f92ac61c5b195b804 |
| SHA1 | d17f0ef97be05b4905e5db22d5fb02fcbea27dd0 |
| SHA256 | 0e56e307e1d98ce91947464deaf556d12954ac050b8c83c9195caf0bb4c0462a |
| SHA512 | 2c5f90e763dcb73aff02e7d70797e45d58e03f8d055d029888467b9704c6bbe9dad57e79f0cfc1635614521d74c8dccd3f71902ffd91bac57ec13cd9e8c45c39 |
C:\Users\Admin\AppData\Local\Temp\CUQI.exe
| MD5 | 50d6a40afcfb401da0d0120cadca6161 |
| SHA1 | 8da10ce2b0bad2a822435f4e30a86e3eb36fe04f |
| SHA256 | a1a0560a98b1faf5076625bd254b5529eb0e33b06a5a6c686f4316853e3f829b |
| SHA512 | d74afa4ada187dfdf902793ecd3a2576838dbe968a77e61843a90b2b93d293f9340d0f761a1507fe61a0cedeac3e7cf4c7392507ad9590acd5e8201118414aab |
C:\Users\Admin\AppData\Local\Temp\WUMC.exe
| MD5 | a46de4d59c83039263ca1f78c97a6590 |
| SHA1 | 8afbea5249e7109d1f9925bddcc28b0f6109cfd1 |
| SHA256 | 99c0bb21b1e9f59957d8c81254875535beb162a221947fe2c12d1ea18c49e204 |
| SHA512 | f854045738ac9dda56f64ceb20c662d84d568248262a2369005354bf698359b4e9113254b98b5ba3d5c2aa13fcedc321dbe167fbabb7cbe9d0852d225995773a |
C:\Users\Admin\AppData\Local\Temp\QYwW.exe
| MD5 | 52eca6b7493a390ecd8e6e1f5d19660d |
| SHA1 | 922ccc073ff95b7a619f04d8fd9b6da3a26c4a05 |
| SHA256 | 1dda952a2e4cc521561e5291352e3f162661b1c3bb8f7884484f13eeb30d47c2 |
| SHA512 | 1721b9966090f6da300a48d38ca4f2d87c4bec0b597c840b34aa8103009eb14d50d7240bab8d7a86ee59b670466a2b7130022b7adad9b557c129a78d2081d699 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 8209db2005264f9ef35bffe15df6244b |
| SHA1 | 84c4664d09e129e1729aa2d3870adb9cab471f89 |
| SHA256 | 1ab0028300df833ffdcb75d93c72a5abdaaa857b8fb61797edf35955a020c803 |
| SHA512 | 478f6fde9f033b7c5891dc6e241110b70fa77ba07db57bb4b9a44019244de81ca5ae02c98e8b673f049352d6233d00f2a18cb7b267100d2aa75e3524ec09657e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 03e906674e922ce95510de0067b3c8e3 |
| SHA1 | 55d53699e73e57e1537862acdb1442ab766d1533 |
| SHA256 | 973c0a78a5d62e96c10fae813958959520a2ab85882d01cdd91ce4cc8e5664d3 |
| SHA512 | ab6aa8d5b33d28203bdf991d921d33dcbd5a7f01ab3ed9520199e9c412fee5942369deedf2cde33b449951163b8ef9c10af1386ecd2dcf5d7aeb84cce4c36236 |
C:\Users\Admin\AppData\Local\Temp\GmUAcoIE.bat
| MD5 | d5c2bc76f790e4da6cab7f856548c703 |
| SHA1 | 2fdc07b5848994bc91679cffca96cde9b26dce3e |
| SHA256 | eef0606ce9393a616a894c619818d0fbf3ca343a0b9b143cecfc1814f26d53f9 |
| SHA512 | de4faecde51d9928bc279a39c3fd2bd06387bdd73de621c9671e7a2b8b15d1f3edf8bcae4faabcfde884478961de17ce9e676f3ff82760d93a3849e4433af4c3 |
C:\Users\Admin\AppData\Local\Temp\SEsa.exe
| MD5 | cb13a57eec8acc33d6da175aa0c94216 |
| SHA1 | 7728d9ee650a5c7e51379eb8f839f67ad39c74d3 |
| SHA256 | cf705b9c5dabf9c535ab0b77fbb8d22e724baf6d3ade8afe8786680fc33922fd |
| SHA512 | 57154b841018848f7842c3cf8ea2eb5dc8dfdd6199f941c8ee0e0e58189bf0f70c59ab7f7710c96f6fc540d64a14c2879717b4a63075e774a55dcc4484bc5bdd |
C:\Users\Admin\AppData\Local\Temp\goMY.exe
| MD5 | 266b69cda149fd05126aa047ab841046 |
| SHA1 | 16eaee8d71d9e300e1d0128ae916926ece97d0d2 |
| SHA256 | f3e842a552bee61d0e754398d565f2976f5289da5ae24550d5b08c5597d32014 |
| SHA512 | 45fd5cb55dceb2938c4f9270139f1acdcb9fd42fec773c6a5e6baa3370dabb6559baa88f0ebd33ceb7aabf1a2b51a41623654cea8ba1da5dbb63f1525ee7c859 |
C:\Users\Admin\AppData\Local\Temp\eMYs.exe
| MD5 | 2c1c122210da722db716dd5faca74755 |
| SHA1 | 1688f48310a3d93a88d1efe57f0a88f3b3660f4a |
| SHA256 | 338655ce31976cc37c8a54ce28966f98cbb86c54690c63091fc9464d0ecdb150 |
| SHA512 | c01bf4d8143ca2d9a85506a21e58e27f03185db170f5845b1a368a99de1415f7260b3dd40e02f350f5f4a9d464049357926a3fc9a221928719c94044911fd794 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 92255ade2c8371aa5be2efa98a90fd7d |
| SHA1 | 0ad8e9c56b4191c8b7f5a5d0f348fd8ae9e81389 |
| SHA256 | 2857239de088311435868e75eda9c49f5bdb6409e4a9d5a9f5dc43f180d585f9 |
| SHA512 | 0a37610e276062068c7697caf80470270578a14c51f1d6a31f9500a64bcc1e35c20730245ad30f7e3a07e799a8eea663e033fa9b31124178fb83525eec50d949 |
C:\Users\Admin\AppData\Local\Temp\GcMQ.exe
| MD5 | e8d335dd3048551d7588256d6c90ca6f |
| SHA1 | 155feeb8e12276caaac6df1c90e42774ef6b2cbc |
| SHA256 | 1f847a1a6098ec52ed24d842687b4bdd9491938f3b1726d43a2ca45ba8db9af3 |
| SHA512 | 34e2176b830976a32e3f1f70aa3ffa4b0feaa708e9814cf86663bc659ded08941a7ef58ccef8a1292bc8059261b4a5fcc30385b195c1bd7fb98deb65224bbc71 |
C:\Users\Admin\AppData\Local\Temp\YAQo.exe
| MD5 | 83a84d0c110f1ac23c0bd2128f5419bd |
| SHA1 | dcfa8888b6467630cfbd09a9bd103c44cbbe527e |
| SHA256 | 591a28233ea497890794cd919d3ffe96da8096b2854c337179383e1af2a22dd5 |
| SHA512 | 7088c846bb7a9a1ebe3bdb4b2f4c0bc4bab47de9378130671575ca09eb28428bbc5eff9fadeb0f98b949225ea03b90624b64d6ab8a6e428974369f465c92a516 |
C:\Users\Admin\AppData\Local\Temp\mUQo.exe
| MD5 | f5892ca47caa62ffb45927eb4adfa4a2 |
| SHA1 | 07a02a73bdb39279995ecf9b28b7ebd2944c6cf5 |
| SHA256 | de4b6f4bbb4535b72d8e51335e7af5a914e6dbe451b635b50bbb05169c8ff63c |
| SHA512 | a14c537ecdd036fff7809c38d993279af18b352849bcb2e4a398e7318a2b9b460d664901a63b7fec108c7faf5e3a64446e6b4a64169185b6b84537daf72401f1 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | b492e2cac7ca526fee532f2468f900ad |
| SHA1 | 0d80d14abe18fc76a20e8aa556971d2df284bf0d |
| SHA256 | c723263a254d118089f478da0822aa201f651f12bb928fa4abd684004cbac984 |
| SHA512 | 0f4636a9de14f7c2bda1a04ddc32f1a8852e6eaaf2ede753aa310f386ed4dc9c0c0edb2416deebd1c52c8eb97742701c00ae7c66736f6215139364f50a824539 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | 89dc16fb80bda5f6266589ceec2ed60c |
| SHA1 | f53e6d4a048ea82725e80d162e82e95a46785a33 |
| SHA256 | 9363939014a55957d9d0edc00b05eca3a372fc2bc486327ba9c89cf027c599ef |
| SHA512 | c78d7375ce59922b971953fa11caba0741cb687060dc28fa2b873e363510b49890591d3cdd2360d950ac726a4e11f4b9ec9d9384b53e1785cb5f1acfc58f48d2 |
C:\Users\Admin\AppData\Local\Temp\cQAi.exe
| MD5 | 052fedb0e209e9dbb353566d2ecbc173 |
| SHA1 | ea0549cb7ab10df8329c63edf7de1287557ecac5 |
| SHA256 | bb3131203933f222f34f270457a73dd4c57b3b51f4f30b6cff6f55dace09e238 |
| SHA512 | d630aa75d3af7bc43ef3d35c48cf4c62cea71c91ebe3cae17cb17478477c315593ac962d106310f5c9ab3d1d64fdd49a77604d4a75a2ae3e3192e01ab0851363 |
C:\Users\Admin\AppData\Local\Temp\ioQA.exe
| MD5 | 0076f6c226eada0dfd2d72563e0e0799 |
| SHA1 | e891edeb287a5064b9167d4a7f3695d83b243e0c |
| SHA256 | f7309378254ce87c0041fc385721cdd32b7a44a19093d0ceb8b4fd397c9f79e1 |
| SHA512 | 1408a4b0d4148cd8fb08af2ecc8f1d21ed38926fb53c796b3f2e5cffd416ae383d53ecd06076b45518a18301b300d1169c8c508f797a3cee71637e35caf3c193 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | d524cd68c28b431986a80228773258df |
| SHA1 | c80c642050e36df29f5e7c8d8691f1bd3376279e |
| SHA256 | d8a8ec5fe819efb85199f479429dad61ab3d1a1b4dcf4cc9ea1025969adb8a34 |
| SHA512 | 9eaeb1025450d8f014a2a4d961b0561a4d4b949cd66a8b2e6d7caddcc5f4ac53b3a22e5513c563df34d205afba8c1e9365a521903fed075bf65626ddc4c5dfe0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
| MD5 | 487f2d8f2649a4567cc9257a94e1da1d |
| SHA1 | 0bc6470ecb419d8291a6d41458c7c72cd6548ef4 |
| SHA256 | 8cc25f3651669814be6dac13b07f75c898bf0c920c569e82d4b98e6134b6beef |
| SHA512 | a315be54a2b7086dc1a2bf28b31bdc428e6709cc0461aacb71c45c637f00a671ee5e015f27f5032fe3f45a602d9ad39da25dfd5996e8d4c9c634513734972e63 |
C:\Users\Admin\AppData\Local\Temp\eIsi.exe
| MD5 | 106ed7cdf2beff1fd68c4d0ce1e03271 |
| SHA1 | 457ba2d021217de707ede0ba3258af727dd665dc |
| SHA256 | ec0c304818ebfc6d487bf985b099f70493536e70feaf75e8fab94f055573dafe |
| SHA512 | 7931cdeff01e6b4fa803eee1c7a2328c2fb3c98a456ddf50d557cbb910790100ae855d69ff5815236ba50f374694111ef9613f3c99c5e49e5115b91689c0e099 |
C:\Users\Admin\AppData\Local\Temp\uUYm.exe
| MD5 | 48dd81682d0b07f2386361df33a56556 |
| SHA1 | 66f6fc10c73b12b0bbb57b9d1eb102cff997c725 |
| SHA256 | 448b62632a55efb2322cbd4440003aa28062270bebcd8cae598be245be4cf018 |
| SHA512 | 5e3180b48efa15b4d3b5046b8bf8a7311fa94ae093d6ede751f4f3f4fe1161aec7eeadc193d4491bf24562501d2b6cebbcf25865a71e36fdde91a00122d34df3 |
C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
| MD5 | c57f4c9f5a2f39f6b5931b2cd6fcc6ec |
| SHA1 | cb77c004219b99903eda9b43522706392bd643f0 |
| SHA256 | 89bec74c4e2ac71ed0552daf36f760e22261ac2395cdb48ecac30533436a343d |
| SHA512 | 617a9c74c2f46ec3537cb9d464f3f9687e6a599e88b0bb6cb5dad9a48c4537665ae941d0d7cf7a7204cd2d44a43496f0ea21b39a804f930efcfdcd7469d6678d |
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.exe
| MD5 | f579b764e0d92c243e207058c0565a63 |
| SHA1 | 76c5780ac772742f48e9d3ac5818a34943d3ae54 |
| SHA256 | dce06d121c2dafb6cabc6952b928755da744b445bbc7bbfaa745c4cc49d3ddfa |
| SHA512 | d8699c0c479356a9299aaedcfa2a5165776ce82e59c068a39a298c9f3f77c7f5a99095f392086a0fbf4f00fb171364f66aa75efc112f64f5a13cc161c85c04ec |
C:\Users\Admin\AppData\Local\Temp\sosa.exe
| MD5 | 5987392c56d2c794782e1acf724786a1 |
| SHA1 | 0edef26738179a78694342b594e15be06991b3d7 |
| SHA256 | 0aa1c981f20e000c2f39cb936e52aa710a7ca40081ea9727eae7c3f7882a71d4 |
| SHA512 | e31e512d73e711293e1300c05e59f991a52e29be69c385512ad0e30da0372fd6f44eea9121101266fd18569069d378540ec355779592ea6c0f89831cbc398c96 |
C:\Users\Admin\AppData\Local\Temp\CgYu.exe
| MD5 | 49879f369f31d065975e56b9980b4982 |
| SHA1 | c8381b41893ce625ad52b02938ba8595a0fad420 |
| SHA256 | 4ee4439df610db41704f4dfd8a9cad4031f5df0f632cb753d57dda232e8eb218 |
| SHA512 | 6fc298da26da0254df75d284a635959b0233c561947520f8c360486c04f5008ac7d9689d698841031d78bd305325d50857bcc847eebebb231ff2f95a4e693fe2 |
C:\Users\Admin\AppData\Local\Temp\cAookoUQ.bat
| MD5 | f46e12f7dc06c4214448678f4b65d089 |
| SHA1 | 8042a73c63f2c5e7b3a354555c8b3fd619ee0fd1 |
| SHA256 | b41eeac1cb3a0302d1b9b5811c4ad240a4753c38796e07d76aded284a6b5c264 |
| SHA512 | ce760f2a8dc086cc4c136436a2ff55e8bbb6014762c2a7c251fce89507f70ea17de6cb48650db32b8f76bc6f8c0499f9e0cb235ce7b60a7e179dfd63c2bc595b |
C:\Users\Admin\AppData\Local\Temp\YcIU.exe
| MD5 | a2adf80df123a7f0c7747fcbbda2396c |
| SHA1 | 43ec0632218fbf45ce9daac89094f35fb1aac92c |
| SHA256 | 793b9b684cfb9f4e26b3d795e169942be3e6539c6dc602c59eeb146ef83688a7 |
| SHA512 | d4f7758665529bcff111cce1508cf53894ddcf025f6bed727edacd654abd855e37f27fb5b1830d6ccc3cec6d7317d0d869d54749aba1699e45d17af709ff1d3b |
C:\Users\Admin\AppData\Local\Temp\EQsA.exe
| MD5 | de46a1aab096bc00b6926b12887bca24 |
| SHA1 | 48ac679d5fd042a5265354d28f380a9c92ea655c |
| SHA256 | 7565a5b2a80bae0e0a0c102f5e95c994403d743fc44a405b7b17a3d661254a49 |
| SHA512 | bff8950f18bb6a71ce083e08af19147c442d24f6bb26f0ada1f489638b814b8cf498f0308520df9e682d33fac8d58b58c9b19c259365a59cd1c954154ac500d2 |
C:\Users\Admin\AppData\Local\Temp\oIYo.exe
| MD5 | d0a63c1bf3614788b223eb01628d8bb1 |
| SHA1 | 40bdf1afa0ec6d086d722e5997adf63c9ee29d80 |
| SHA256 | 4eab549a59fb88090f166856f3e319623551fef1ff02d9c65657a8cd53b0fbbd |
| SHA512 | a8f9eea13d5efcda8256c25b69fe5d9cda16c99bd0ac5ebed228b95951a3c9d3dc5e1ceb6d362e0644974232447ea277dede954ce9c26c4f84e05b380f075c87 |
C:\Users\Admin\AppData\Local\Temp\WwUM.exe
| MD5 | cca3efcb6d0cc559ad744a65e2b05922 |
| SHA1 | aade262d91048607e9be80427aed363ec3cea72f |
| SHA256 | 50550058a3e96fd75ea19fcd187e79c7db1c649e70109940a74b6ceee2a18330 |
| SHA512 | c190abaab17586491a08e639c69e191074fb83b76d9855eae7ccadb8d45b67c0099ba058531397b9069277479239325b2cf9eed3bfaef2a24f7da6118a3dcffe |
C:\Users\Admin\AppData\Local\Temp\UoIG.exe
| MD5 | ba5e0eac0c2a8e97d6c2845886f45dbc |
| SHA1 | 8925369c01729aec36233eaec207222cfa8cabfe |
| SHA256 | 28784ba1c8b4abe2b4df6ac6c0d1f0dd869b64ac355b31ed89a9ca94a2d9f2c4 |
| SHA512 | 6c15facde2a30c87b47041ec3c5c0ffa4b604eccdedd06d24615c74d6b891ee9e6909b096b6b553a39c6f9f79da5d57c638e97566464813b353d76c811d435ba |
C:\Users\Admin\AppData\Local\Temp\XYMoMMsY.bat
| MD5 | 06f2a62ed38405abb0b6226f4096a259 |
| SHA1 | cb149d1b3dfe5c2146c3d026d6a6e139ac40af65 |
| SHA256 | 210e48e4eefa0d9f2c51e25582c290e81519b64d93bedf699f527bd4c0d07e4b |
| SHA512 | 8a6777570840d10c888fe42a5d404346e7a039505697ad0791300793fa2888aee0087ac1e69973012a5e7f12bf0af0cfd480876a2da3b2cb046d1c93812cd5f9 |
C:\Users\Admin\AppData\Local\Temp\TwYcggMM.bat
| MD5 | a2bd74b5e5181b7833394ab30f71947f |
| SHA1 | 4fb7f4f0f0a52a0c4e0454a38e0eaad19dc18056 |
| SHA256 | ec59c64042d2d968a8af0804c5b15aaf2f973d2f770ac2f7b89d210cba5c75e6 |
| SHA512 | de94b9a63682b7544572887192e0cd14b0ac7acf9179a0513f54014ccca907d977a6999e49c1b52a8e693fc8ac98b02e719c5f1d85fcdb826b106be0e37a5b6e |
C:\Users\Admin\AppData\Local\Temp\HYUkEwUw.bat
| MD5 | 1b4d58d25158998dacfd3175ac7a4f91 |
| SHA1 | 198d4bd054b3faee01ccc407034ef66d94b30ff9 |
| SHA256 | f2afab0c4026babc400e109f1e843964ad6b62591a59f2e0119a5ffc5dd6015b |
| SHA512 | 4a0a79c55a3c4e918fc7ced6e3bad10d806cef384992f7595216246979cbbf8b66a5610cb32048bb4792e8da0f25eeb3a62b93aa76d498a8fca4094fd548054c |
C:\Users\Admin\AppData\Local\Temp\ZEEoYUAM.bat
| MD5 | 44c8ee71f654234a8591e878a218f0b6 |
| SHA1 | 8e4191aad15c963fc8ff65fad405edf86cc74cd2 |
| SHA256 | e657f4d4b34981e65eb662e17792348f77dddde841cf05009ae595caf65e95d8 |
| SHA512 | cd96e85107de0974f2854e29dd3059e884bdd960ba65cc9c6f6be42221c947cfc4b3583b0da354c845124d1199ebe3f58f5037bdc4dce65393d522cbfb759ece |
C:\Users\Admin\AppData\Local\Temp\caEYAUoA.bat
| MD5 | 2961f87c5cb839ac08d51f6192b522fa |
| SHA1 | 0711b1946619356e52f36a45f25a721c27d186d3 |
| SHA256 | 634f223fdbafa0535bd825c1e14505b7186ee629194a56ba4880f1a1d0d47bcc |
| SHA512 | ade26b8a938cfff1e3bb2c62bd7c559cfd2ab3cfb122b61d2206667f5b2d6148e0763bbda25a83c1c0d8aaca1d1812da3f924fa660eb8a4b60862a3359bc2fad |
C:\Users\Admin\AppData\Local\Temp\MkEAMsYw.bat
| MD5 | a187d90190caa7a440ae732488fcf061 |
| SHA1 | bd4fe22706585635a60b5353a6cdda7eec2e8d5b |
| SHA256 | 39c39f02dc8e7601de066d42cd2abb577b2820aba60dd61cadab760c4c8baca0 |
| SHA512 | ee445496792623715943fae1b98c6da78ed41db48f7c401273374805dea3cd6e5f6974f126fc3f093829d73d3d8b808fd43298728246d795dbed5431b4be55ba |
C:\Users\Admin\AppData\Local\Temp\HOEYEwgs.bat
| MD5 | 2cf9ed10b7f6a2c44dbae5bf217b1577 |
| SHA1 | 38f5568b08d3bab17ffc04043475d9a668fe9935 |
| SHA256 | 1837119cba31987e44a23f059edb34858254dc155f3464dde11d014b398ba81c |
| SHA512 | b4864d1ca2be1178557d18a5529bdd62f0ebf09fe348a1f2e07b57d13cf04c8d8f61cbfb71d76d5491fb5f6c339fd760e154b4a935b0bc91f4d91ce123a547f0 |
C:\Users\Admin\AppData\Local\Temp\tasYQUMY.bat
| MD5 | aa84f0ed798be52562fc5e665cc51f5c |
| SHA1 | ff7c6ff33ea003ebdcd48caf99abb899fbde1401 |
| SHA256 | 72d67fe5eb474825eeefdc3279ed108793fa61693d5d3a739b86ba857ad00df4 |
| SHA512 | 7dce4f89f40704a898bf9e4fa630c8768fd71b93bc17a662c646bb2ce5256b6c4f6a4be08762ba2beeb8fb209a6af2258b4d11a4e72003f294a388a2bd6118a4 |
C:\Users\Admin\AppData\Local\Temp\oiQAQQkw.bat
| MD5 | 69e45874ee8f04636825dbb90c981408 |
| SHA1 | 363283f4bee990852399dd1be715a87586925039 |
| SHA256 | 81350a1c3793b8d61a075aaae31e86697800dd6a8c6f34e4ac8dafe64a5554fd |
| SHA512 | 136ba51582a497e7716133dedd2f7d886d8ab40ac2fc2a7a09f05eca6810646568e51f16439c5eb53c0eaaeb99e525b072221440bd4094aca6ac2dcac8d26299 |
C:\Users\Admin\AppData\Local\Temp\SQUUMoUA.bat
| MD5 | ceb37a3da9c5c039c71262b1811fe797 |
| SHA1 | 0cc2d25cd793d08bd156892d3e61729e33f841f0 |
| SHA256 | 15954fdf1ad6e4a331e7a1adf4456fa57a1096da25f43162457aa81d76c24af3 |
| SHA512 | a675b721067cc6de7753b8ae06f39f0436c181a67800fd203a256754a74b255e97ccbbe27e9675aefe03241b24dee2be6a3e261444ef566d2a3cfc29aa9fadab |
C:\Users\Admin\AppData\Local\Temp\NQkkoYgY.bat
| MD5 | 2250457fa2787d9b5fa11ffe8964ca31 |
| SHA1 | fdc37992d50b48dd94c52562777479673c71a6aa |
| SHA256 | 1e5a311bad65af57a128e649682200ee0e750be1ae3fec0021cf6668572e03fd |
| SHA512 | 7ff2a6225e9914150e28ec5096851b8ed72d1ced1b7e226d9e2ce74100f9e2cd874b741d557174d7c987e199e1de9a6aa13f4c2bed15c4a3a846234fd70e3bb2 |
C:\Users\Admin\AppData\Local\Temp\LosQocQc.bat
| MD5 | 6ed40e377f4ee34f60ab1a6805a0e762 |
| SHA1 | d6e8dabb07873c0faf1f58f8b624cb1613601167 |
| SHA256 | c40fdeb575ae228d61e3a3bf29b768c8e8c23fd61d9d1e648defdd307a73146a |
| SHA512 | 235817453a2d9ef73fd973b554352c8446787b8fec37e48d5bd07563a15f194ae5761a96834397c3f8694b8711c013b147dd90bd6d77b5a4ee576bb06c9a8315 |
C:\Users\Admin\AppData\Local\Temp\loYAAYsw.bat
| MD5 | 496777ebaed6eea6c81120ebbd30ed31 |
| SHA1 | 59792beb5a901ce217b4403bb413f8f2fff6d015 |
| SHA256 | 71b8f74308f939482fe7ddde8c8820f52c0fbe2e57709b1c2e75e58eaba7e32f |
| SHA512 | d8236ad170c943bf14ae55cfdd0605fa098df018a528c5c027dff9651ef8d8b4703713e2e8a3d44bb00d93c7e16945dbdb9aacb520425be50d7fad553ed426ae |
C:\Users\Admin\AppData\Local\Temp\mMMcgsEE.bat
| MD5 | b430c0ee2f6f56a15dcab7a3bb04acba |
| SHA1 | 4360fd84d589e44714ed79dec100437a79311f9e |
| SHA256 | 79904658aebe131d11718813c17840c78f0e167e8a1a28dee19ba92966a6a673 |
| SHA512 | d7d8ea9b16e5cd3cfb220f711e6a5ebfc17556d2d9abc6ed68fcef94cc6652598d9d4c6ea9c51fbe1d4cd9384bd72e9eef5ff545703bbf27134f446bc5f2bfcf |
C:\Users\Admin\AppData\Local\Temp\MYYMogwY.bat
| MD5 | 7fbc5d660bcdbcdd1da2ce87d8963100 |
| SHA1 | 0c7a39c9099eeca86526c61928444f585d8f1b70 |
| SHA256 | 1cae172a553e2a6d6415e01c0de8107b6845036a1c308fd2d7fa85518f55ee22 |
| SHA512 | 9f1a069f3685c9f49f28c87183876a7ddef2483516f02410f1fc2148fb61864c6f77edf74b713e268bfbd34aafb39a049e676098be7b2bb0802a3d565b66e968 |
C:\Users\Admin\AppData\Local\Temp\nGoAIggQ.bat
| MD5 | 5abb0aafef086696f66357407f0cf706 |
| SHA1 | dc14a2c653cf8b76ebe50a90b6fd361cde774f1c |
| SHA256 | 47e55365c14dd894467fa6d73bf7f551282e6d6c8d5c2210df1eb43e31def031 |
| SHA512 | ffe69a4f2151de8f8f3a93e1c7bc1c562c1e72100477b9ecdb0236be60f2dda60db5ca12bcab9d0cd629a7db4797c02e167d302013a4dfd271b0a36d3be70842 |
C:\Users\Admin\AppData\Local\Temp\vAEgMwoM.bat
| MD5 | 2b344d93928c185f0d2e3546b81023b4 |
| SHA1 | 0a3158161115bcea8f23170d9c77fda237123616 |
| SHA256 | 0c1d4fdf2c203b094ad6c1f743ced6b7ba4e67b1370b6f59d3c064bd0fa283eb |
| SHA512 | 30430ea53b305113cd10a91e114edf84ea136082e6c0c20bc2c9d42f678d307c58ada6e6f920bf5f95256bdd8e49eb97513254c687bb5245723c4aaeb1cb476e |
C:\Users\Admin\AppData\Local\Temp\vygAcwIY.bat
| MD5 | cb033a00d15b16ae5e64168e7ad4c8d0 |
| SHA1 | a91cd45d20ae92a15866b3b217512ad0dfc6021a |
| SHA256 | 683198b28fd7e6299de3d540d7821c08a765bdf14376eb2e394826e3c71846df |
| SHA512 | b12ac35396dda20f103428f4356352b1c687246120fd47c112a9363635a2d34d1d13dd892110ff792b813a94a585a1eaa5b5ea452a3045b353b86d95dad22ecc |
C:\Users\Admin\AppData\Local\Temp\iWAskMQw.bat
| MD5 | 9cc7e7aca484277d8f9c1c326eb03c32 |
| SHA1 | 23c24912b9c4250250ef14bf65a157eeebe5ed0c |
| SHA256 | fda444a5c186bba4da17b2b23faa0221e77eb152e1ca92f24fc57e51666c0cb6 |
| SHA512 | 9bb0673d0f7030ddd27cc016975ba7e2862cb006437bc7c026f03d2299a07bcd51377cc97c94ce23a983cd5ea9d7707470a51f8dac0f3d71fe9b4838bb3943e1 |
C:\Users\Admin\AppData\Local\Temp\OSQssQEA.bat
| MD5 | 273e20742f63a5d29e0da7060d72a2c0 |
| SHA1 | 6a2edd15c42af2bb3cf09e30b4b2ee54ca22dd92 |
| SHA256 | 0f3e5007bdff9e962cf0513a118e61ebb187f637b1fe6bf2fb8494cd207a3a0f |
| SHA512 | 1feb28cf9a91dd1e37a4b3d4a0c7c027c68b912047ac3f15640a5de61909e159320e5895a712d98938c1253c86c459cd7674044a1c5378488202b3257f9546a8 |
C:\Users\Admin\AppData\Local\Temp\iAkssoYg.bat
| MD5 | 9a1ad6a9892f40ef76bd91aa13ca831f |
| SHA1 | 26c4bb58eb69067ff0bc0d786cc94cc73f09b5be |
| SHA256 | 7c44e5e041e9089106511ed99b2c78a4ab1f8330b344cbbc865b3a8a0e2514d3 |
| SHA512 | 764ffdbadf4f7f95825216c633562d92bd7a57700b92b7fcc62820806a026807de3d42c497d263069b5d3794b99f4fdeeca9594c4de454244c643e197fd8097d |
C:\Users\Admin\AppData\Local\Temp\mWokIMsw.bat
| MD5 | cf93a6075b4305f066b338e5cf2a8f2e |
| SHA1 | cf88bf7afe22460b17d6a1e50045ca85c50ad441 |
| SHA256 | f72e873f5ee7bdddc22ede647d29d568170a7ea51ceaa8b756c49a1bc9b236dd |
| SHA512 | 688e9133210a47e6803ba137ee0cfd0b88ca68e0d7abeb764ea07af8c008557afc8d1a6dcada5b808918c038ab59abe2b3f60de878d854c4601581d6614a9212 |
C:\Users\Admin\AppData\Local\Temp\hOgwQkAc.bat
| MD5 | 5825c74e775e7b021d5f8af0efe7382b |
| SHA1 | 73334df0e2a438e3c00744440969bbea65a7d5c5 |
| SHA256 | e756a1920e79e5577f57940d8c127b1328e5e935d27787afdca1b56b1d47c595 |
| SHA512 | f9697d9900141c18a7b25588e0822a6edbe1ab6f27abaefa235ec9d702a5d6cb201268e0ec99762c49bb1e145edd2ac2316507fb3a6c5b67285db6b3b5473a92 |
C:\Users\Admin\AppData\Local\Temp\hggMQocY.bat
| MD5 | dc8abb54f042d284820eb6c12d436b59 |
| SHA1 | de641c15d625cd53574bf3f2b67f981465bd20e8 |
| SHA256 | bee9aaf05d4d386ffab7a95a8f3026fbd491a5f0f8a288b72934f56fba6be80b |
| SHA512 | c82b4933d50ba6cd98ae0654979d1589411285529c082670b15c82446091a77cc817a27b4b0c2e607c8865fb248cf9cb38c8e029a38afcbac92d0335f814a07d |
C:\Users\Admin\AppData\Local\Temp\vEQMUowk.bat
| MD5 | 531279bc18d343e32d889b1a3b2cf1ff |
| SHA1 | 07da0ca9903050a16b02b024cfb77a99474e4e9c |
| SHA256 | 1fa558b83b12caf8d51d894c98938b7b1be89b73949453d2b95fc6c8d9801e02 |
| SHA512 | 223c85ca5106ede260981e9df011676dc841c06efd3a1ad9f0fa6d7d24387beab2205cf224187dd3db2aa02b454dc01b6771aa14973f3d6cbde4b5049174ad3c |
C:\Users\Admin\AppData\Local\Temp\OoIk.exe
| MD5 | 57522bec76a7f94d967ed97f028d97e6 |
| SHA1 | 7ce0324c36e6ee3ee9f0de001d898991fb2a7476 |
| SHA256 | 9dbd2d826b4e324f6e7ec3486e672080cd97193ee5df02f4cb519e8089d480e9 |
| SHA512 | fe93f42fe165c939f60df4f7da9f80afbd1a936811b026daa0bf963a0483bcb27e3811a1a476b70328dda5f27c9c312f14f68013b48c2bd48ea49bbfa8346202 |
C:\Users\Admin\AppData\Local\Temp\iGgEMwMQ.bat
| MD5 | 7442508577de1510f3630b91f20c2d81 |
| SHA1 | 1358685a7b4c6c19c45b5bd06beab8c68f3f1258 |
| SHA256 | ad6021d831e75e6d07eba4d69146f2b47e171e3fa5b4f66918f1127559704bb2 |
| SHA512 | 885b7d691c0d1146481a81c646b930ee1ca7a8d3038b614e5bdd0e6b63580ce3e1d8ce91441ee8092814189207373f94c675904a085b472c2e0ce2948c4be262 |
C:\Users\Admin\AppData\Local\Temp\QgYk.exe
| MD5 | c9d3341dab08a02b9e63ae768bb302a3 |
| SHA1 | b8e43d4ce01dd622e2d01947be893f0151a7e8db |
| SHA256 | 4d2c7a210b37819825608ccf296b00e4d621c9af7191e727205d93ca38c45731 |
| SHA512 | afdcb588d8d39178a9ff4c2594ee788d695641c5650121ed48ee33f8b9e145f4c23432938a87e2430e55e2d62415052888e1c4e907dcb666a4beed2784110096 |
C:\Users\Admin\AppData\Local\Temp\KyAYIAsE.bat
| MD5 | 0e1a432116a05940cba3e44c70c7da0f |
| SHA1 | fa1be21894bdd51334747b6c56c1666c3c580007 |
| SHA256 | 5ae32e5e7220806416abc85642b63a99f80110f5f9b07385764b392d02db4062 |
| SHA512 | 4bac36b67147c0d61a8543941ce35fe22ba2c0f5b0f6accb365d5146415d22a564f5a0488dffae3d420e505152804671c5bd87313b60fbdb7ed75a9c6e57be6f |
C:\Users\Admin\AppData\Local\Temp\ogAsEwgE.bat
| MD5 | e25f1c6dea16ffb9ddd54fae8440348e |
| SHA1 | 5cdf682966892a8bbd2e82f2a21a883287aafe7b |
| SHA256 | c12718fc4c94cf1665ec04587cfca382bac444ac9e99b56deb1a42956ca3db17 |
| SHA512 | 91d798e4a21acded915f6cdbbae150d7b69f27f45883ade9821994f5a697be9130d7519459c10e15c2041b42775160d27d73d0ba64ebe572305da0a3babb7332 |
C:\Users\Admin\AppData\Local\Temp\SwsEcoAU.bat
| MD5 | 60d57dd02ae606b1c4dc3bf7dcb4bb5c |
| SHA1 | 88e8f99d2ae7c9b59019d8238cd7127c65de928f |
| SHA256 | 9f429807283a2bb8733d451fda1923842d78e0b3e89d91b5aed3fb92c4f73f1a |
| SHA512 | ea6ab68d8a985f51abb85565b3591ce3abccf7f22982302114f896821b05f8671f2640e0b6c106e183f4f7ffd439b4eb070f7669a1597de329487a02a9125bb4 |
C:\Users\Admin\AppData\Local\Temp\NkgIEooM.bat
| MD5 | f8b60680f2d5471db59d4976b8843162 |
| SHA1 | 87b5dbcfcb98a6486bc774fb243dccae4dece11f |
| SHA256 | 8fe325d53d0bca7b57d7f325adc8a34027eb61e9d37ba8b526bb3150229d38be |
| SHA512 | 20bd0fe6fe4467c8bf5d247312c6024f956d194d09ec83fa62a3b3ba801f54df9bf94935e47a0bad35ddde65026b23826a5a88754c791a55521d9fd9ee41beb5 |
C:\Users\Admin\AppData\Local\Temp\JQoIMwks.bat
| MD5 | d86bc584e7e120affe51269407d93321 |
| SHA1 | c56ee767fd02b8b3161feb6bdb50f29dae9ad7a0 |
| SHA256 | 740f57d5b979db0d70aa9d6db7026ea8d497d539ebabedc9b8333f2df1cccad5 |
| SHA512 | 89dd812864baebd6629e23b941215ebfc153c714c0935eac2287baa70a8b92e3811038e82d1ff7ac1d0f69cef9589477f597cd9e7a2aa3a028e696fa9ea7b185 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | f96daab60251bbcb5912d4f0cc497f16 |
| SHA1 | 725e7c4e1bf14183308480de2d6433bc28f7ea0b |
| SHA256 | c5c9c1902343e366c9a59d1830fde13d9f4ce6eaeda812019695fedc5698756a |
| SHA512 | de91909981d2e31c1ce892cde3d10a40abb083ced9a0dbef40da1efcfbd63694c9552d9d603920ddaac86a8abf552026183aacb9b82f0f171c7b98842e85e1dd |
C:\Users\Admin\AppData\Local\Temp\tkMcwAsg.bat
| MD5 | 782ec6e6bc75cdedef1e3c3120390571 |
| SHA1 | 790d69101e492e6bf2c15cb738e28613dcc00574 |
| SHA256 | 8b64cc1ce54974830df5b25c60f8fd4a30764b13096985898aefbcc22ab71092 |
| SHA512 | 1d5ac108bc2356ef3ee73629c3f59bb1788897f719cac92b28728bcaa99544cce31ea259acdd56c2cfd97c1c300c25aaf29e63c90f092c7dc477d04a353491d0 |
C:\Users\Admin\AppData\Local\Temp\eAUO.exe
| MD5 | 3a98bbf63dff5aa22ef23c0e381e347b |
| SHA1 | a8462d4d4bc23aa73435c15b1f0d044451bb4acb |
| SHA256 | 628b645987769185d2e7d04d077afdfd1a7903086bf6e441b4129c75e7ad356b |
| SHA512 | 79f9b8b618554e5c21bdd793ff9bde6a25cc118c0ab935368f61e5620c873c4ad489a2b465f56e955afa173df3e2a3841a597e1115ea6605abc7a01d023f2835 |
C:\Users\Admin\AppData\Local\Temp\xuUQYMAc.bat
| MD5 | e358fc90f4f7b722fc0f39045e99dc3b |
| SHA1 | 011669f5b86138353c481875683b21b2efb9f73b |
| SHA256 | 4732d072083096edfb894df19b7f2cd352e931490f6918f577abb0fde32d5441 |
| SHA512 | 258177e3f80d4d4123807e06b4a8b331faae7599287718208e53a3500bcc389fe45ea155c5befe9aa5b0507f8111a4b6644a72c1f0dc8eb5742cde6263e41a4d |
C:\Users\Admin\AppData\Local\Temp\GYgoAYwM.bat
| MD5 | 3f63fb8146dd978912511cf4032cc5ca |
| SHA1 | 7a1866ca10ba3b157cd5c57e0289ac4b677c4c15 |
| SHA256 | c7fe672515a07c088e88aac125594758fb00bafa97fb0ba1207a1b3cce66b682 |
| SHA512 | 9201a9d17e701f8e17812132f668e2d3030f2e91ab68e3b2f4062f8f4562619b991f0e8ed07bb754395aaaffc59ad23edcd95e910a7534c8ba2bfecd35b6fbb5 |
C:\Users\Admin\AppData\Local\Temp\UwYk.exe
| MD5 | cc789b39d356a9cd9a3d674f77eb01a2 |
| SHA1 | 76655c925e4f7c29a40009e2478b75e1154d039f |
| SHA256 | 6862003beba25509ce7defcaa441f2ee7b39b0649b97045ff89ea1894883362e |
| SHA512 | ca01a0be942ba850775691c75a947828323b7f3ad265c0cb56c6c48f6d03a3b92a352e4b08b66bd3eabf7dc87002f8470e9e10f2102c3287c5594e9a823479e1 |
C:\Users\Admin\AppData\Local\Temp\CmkMEgko.bat
| MD5 | 89564a4d0c19289026ab24f22f20e6d1 |
| SHA1 | a687de20e72b18b5f9ab41ba922d22dd96c3d0b5 |
| SHA256 | 8593da5d0fdbc92865316c6c7e1ebe8236fc55fd2ffdbe5992c841288c1beebe |
| SHA512 | b5ec22abe43b561b0f81b9d7da53ae83c2e9755ffcc98640498b76ee9210bfcbc17347c7d9b87ca9477d688bd7ad1ad7f77b32ed06951871479bd0000e09030a |
C:\Users\Admin\AppData\Local\Temp\UQMS.exe
| MD5 | 9a2f6d017f873f7706da819398445854 |
| SHA1 | 83fd23e34904a79f07778c74b02661707c94741f |
| SHA256 | c20e90769b2e5bea6aefd9983225752bce33dec9435ee413a4b317515cbfd9c8 |
| SHA512 | d5e627ea2c57f6223f70e4051d80463f434c6de0ed39ea711f79ed288b42b7d2b87b668549f441d37b15e3db74fcaca4097e859c2a7d3b4cfcb4ed05feb4c514 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
| MD5 | 972aed2144c1754415029b24bbafe3f2 |
| SHA1 | a62b8f3f545212615204e9b75909a0ae54330ace |
| SHA256 | af077c6e706d9380019e47b49a2110e7597106239d44cf6844bdcdd67733cbbc |
| SHA512 | 3e7ea915d70cb7caeceeda49c459898e51c0d279146903c3db72175cc5af8e898c1a89b99c25e86c952a355d7fcf94c598d9b7bde5fc1ec5f7823273a670a5aa |
C:\Users\Admin\AppData\Local\Temp\SUgk.exe
| MD5 | 936e040e6ac7a197a0e1ab4f3c8a99b6 |
| SHA1 | 9f0eb91ac5fd1fb7580bb316954d0770535562cd |
| SHA256 | 93dc3f2ff9029c3f1b692522769c99f6ea7e2dc4e037595696735f0a7182b31f |
| SHA512 | e220a8218d0ec19ff4f234d4bcbf0b04b2c20b116ee829c189958d00aabe65b6d39b7c275c54b0a579afd5c2d5dde671745e0c6a5144b46600a8f08bd945cac0 |
C:\Users\Admin\AppData\Local\Temp\ugsYMgEs.bat
| MD5 | d91641c2d6dddc09bcac747dd7d75d13 |
| SHA1 | 4ab044b79c120347c0f127608a86c4ce970c4605 |
| SHA256 | 1645a86b390e808b0e4f405c4f21ecf6f0e120ee53e1d4d29a366a5d8aa72939 |
| SHA512 | 5a161c4ee2a6e0a159866b3b1b34bd5077dd7713993d1c2cf48e96479d26ec8a4a3a292541cd66079aa2d0ada417de633cf016e626db84ec640be8818c0fdf01 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | 822c7fd6c7fa4beff2b6667c211ca0a9 |
| SHA1 | 83fa86c3ddf1ca8fd9ffee3c9383812e540456e9 |
| SHA256 | 1bd7fe41d3a407fa0c33c503c95cf6195167c48b48cb68c6f537d6015f27625e |
| SHA512 | eabf8e52b1eb8b88ccc87ae4e65d2b4d08d319f34d534afc84255530e59520651ad0a38713c83ebe44dd53d31064bf2448a9c179bb93f1bd93d4067c78fb5be5 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | 5ebdeb8449c22800854dbc304b821f02 |
| SHA1 | 5c44c30a976bacae2f0cbcd83e3e98fff27336ca |
| SHA256 | 19967adf59dce587c324f4c989f44f233b7d4e33da4b504cee903983800c6e77 |
| SHA512 | 91c9a11e80f45af06ac7c95c53b271c0ad45907ba00b5362d8a78bcd21f7a1524eec513a5066e940805ae941bbdca79839a0dbb563f26303d5dde355e67de28c |
C:\Users\Admin\AppData\Local\Temp\CkQMQcAc.bat
| MD5 | 9de2f04a9683d9b722853efbecca2440 |
| SHA1 | 04fc0202bfc11d0c050bd9726802346a1f9c77e4 |
| SHA256 | 5703ce50b7851ebfa843925057b901707f5c5649dc2c2f370cd574f8d89b4607 |
| SHA512 | 33cd8c41892942d8a7bd16a513b1c61957de3cda43f7f177dea2afa6b2317a55cce4a8267ba0ad79f8068b1a50ac13f91295f16e4029b833fab29f15daaa26fe |
C:\Users\Admin\AppData\Local\Temp\FqoMsgMI.bat
| MD5 | 63a8fb8fb5a7754b0cd47270ee7fb50b |
| SHA1 | e0181e199309dc8fe0d64deb8a7ff5ede0689ffc |
| SHA256 | 77fe41f24520b2d293ed739bbdb0d99a356b097a4055b771b1c8cd78363eb6c8 |
| SHA512 | 2c551ece774105b82b094b519ec774533c91dd818c2c3d5bb3507317f393177a6ad9f2e85e8d627bf3251ffb26cf62f1ebe0df4a06aa567662200ff07fa908e2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
| MD5 | af55fc979093749d8ec443303215438b |
| SHA1 | d1223b5dc10e1f7db89fb9971f2e87e356892ca5 |
| SHA256 | 99d2d496361277be7813344c8a51b3b13b2692436969360edd8a775cbf40f079 |
| SHA512 | ba5ccf26af45a269a11ebdf557c06dd67df95d8a4c978ed2c54090a577dd2b24a10ecabcef2bb971b059073af50af492499012b5bbcbb9d51f3d654f3dafb4f5 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 92c7160609fc4f6923ef6cf88ce2d940 |
| SHA1 | e058d4a3952b11ff2a82aa274b0f6db5592019d6 |
| SHA256 | e7dcf85f7a14643d1871584236e03ffddada85e25642ad743d38ada7919d6c38 |
| SHA512 | 9146eeae9f355d9fc47c560310069a3b8a039b40c05c858475da2d5120c654fb4f4b0bb95f4e4d1ad94eb6713e5ed7b76afa83b2e2ec3970376c05b4997a55df |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | 494a08789cfa5eb7c534d8ab32b07694 |
| SHA1 | 8620225bc1883aa729a2cf37837cffa9508c3acd |
| SHA256 | aad322d7155843652fd1170a6da228d09270d256e5da26dce160ebffbf4c308e |
| SHA512 | bc39e5616de1274db69573f177726d57443bf950ac325512a0f5b4408e92146a1f44fd0e0523c18f04b1b96ef857ce63420091fbe1fdc7681726e20098db2867 |
C:\Users\Admin\AppData\Local\Temp\nEIYgsEc.bat
| MD5 | 5c9e6c336b3dbe5bdaa0eabd6b9221d1 |
| SHA1 | ead98f3324ca9e1539a71c6144b2863b40e9ba90 |
| SHA256 | 6250a2b3d0c6abe107d9d0010a615a516405c3c3485dac868b1c2aa6815978f7 |
| SHA512 | dff03877366f9c722056be1b746297071998a1f26760a5b72ee50a55ae133cc69a36223ad521499fb629178576281a848059d775f5ea2697f321138ee4e7c822 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | dfb386f193614eecc6deecc690ab1232 |
| SHA1 | 8668b527417d6f3d6e866724ac09bda0c588cc7f |
| SHA256 | a86c0331a7aa60bc380ba13ba3e81dc8d107b00377e66244f0eccacbce24feac |
| SHA512 | 22613a1e5a9bbc45cccc52be18b78717b929fe238ed61d8fc9a04e20dce2f11354dff01ae251b43d82a5f486a0d02127d356d4f2ffa4596937b789521270acc3 |
C:\Users\Admin\AppData\Local\Temp\nKsoEgUE.bat
| MD5 | 88d5e787fff717f5e29dab6c06af57d1 |
| SHA1 | 2c245acbd3b4e09de5771f39de30fa23da4e3801 |
| SHA256 | 52a38b0724b054253f44488537d8ec8d5b31656904c5c973c18fe3e1dab7a0b9 |
| SHA512 | 3369cbef6555eb4ed8740f67250ebe80b5da0db622a614cf3dcb457f2333926198c3a18a08140b84cd5607fc7bfb55df8b2b056925ee163a411b320071717ac4 |
C:\Users\Admin\AppData\Local\Temp\DIYUkUgw.bat
| MD5 | 2e919cc7ab18fefc7bd1b92cc5928082 |
| SHA1 | 3322558454a02e7063449305970c58c5c6f6d048 |
| SHA256 | 0c928b8014083f4ea71aeff86ea029f3d0aaa5d4a9e1531decc4116980decf91 |
| SHA512 | 1911261d78e8f8aead4cd3b9bb5b835e7eef05a70cec0702deef81e7090fbca37c624a39489adf0dc6dfe43953cee09b4ee3218a30ecb47e140c56006b23066d |
C:\Users\Admin\AppData\Local\Temp\qcIO.exe
| MD5 | 4666c336394a81f651a3f7fa59561895 |
| SHA1 | 7779aae1448132e03ec7b65040e1c1e930f7c251 |
| SHA256 | cd6538afd099855a4ecb38a3b5d83597c65f767b65f82e1d54c5d6fe0abca915 |
| SHA512 | b9449f8146b04bfb4a2975b25ae5f7f36e165d0be03a6f914a94ea98278fec50def12021f3f8d3b101b888119f438ce1a9df9cfb4e1cdf433cb3c51de22fdc58 |
C:\Users\Admin\AppData\Local\Temp\AQEg.exe
| MD5 | 2c2d2414a847a079c5eace02a1301baf |
| SHA1 | 4879f875e41f8832985c00b6765bc6222502b664 |
| SHA256 | 6877e4045d9c6d63c1b67292a9c1765b7fd15e918dcb08f723f53f9f94f97e4a |
| SHA512 | b37e8373fe1a6b2faa5843252fdb84b769785be7229ff0dd3a62e5c49b8a5191cfe8a31180f1b1146de08715b99eb3eb936856b5cd98f533330925a842e0f627 |
C:\Users\Admin\AppData\Local\Temp\CYse.exe
| MD5 | 0726b5aefc97fe9a2c1d30c7db3376d9 |
| SHA1 | 351c6a997e8b71e9125c423d40039caaa54b5728 |
| SHA256 | 903960cd5831771ba354c7b4de754522e0b3fa51a3618d1d35a6159537b181f9 |
| SHA512 | 990710a170749dc7624318bb3bf963545ba1cc8cfe03390ad6142d3dc1946bf6dfd79f9bf66261455ff01926b67c366a926c0762a3a0071cf298ffe7bdd1fc2f |
C:\Users\Admin\AppData\Local\Temp\koMc.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\UYAw.exe
| MD5 | e0d5967151faa39b65de61e968af4d6a |
| SHA1 | f21367accd5110bacb40627c82fd5b8072995a7e |
| SHA256 | df45ceadbe4c7fef41d462c6f642b0b5859eed6be9da099cc50edebe5615a66e |
| SHA512 | 30f0f9aaf294358d548c23fa2a5ce1fa8342db8fd4041a3f59dfd943945fe38facb6c1f887080bb806e84087513bedc9f560508fb8d4f10ccc9fb0688dcaf242 |
C:\Users\Admin\AppData\Local\Temp\Cswi.ico
| MD5 | 97ff638c39767356fc81ae9ba75057e8 |
| SHA1 | 92e201c9a4dc807643402f646cbb7e4433b7d713 |
| SHA256 | 9367b951a0360e200345d9aa5e6895e090fc3b57ae0299c468a5b43c0c63a093 |
| SHA512 | 167328960c8448b4df44606d378f050ca6c24969fbd7cc8dcfe9ddeb96ac7ccd89e507a215b4c1debff0d20a0a239d547f1e496635fa2f06afad067c30597c46 |
C:\Users\Admin\AppData\Local\Temp\YksK.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\QIwy.exe
| MD5 | 01b50f2a06dfe3cc296ddf2e554ea58a |
| SHA1 | cde5cfb30ea92e6231fd98d86b2fe709ad5f73d6 |
| SHA256 | cd7fcc4ebeb629023a127b012a40b1e76c7df2041006ae32a4567cc0c18fdbf6 |
| SHA512 | dfc1bd2c632188f23c2707c83f24f4d925b3d0a0adca7d89361db6c3795b485a3e86b5a02eb595c8b604012b152429d934cddece4f84df0b660a1262e7afe2a4 |
C:\Users\Admin\AppData\Local\Temp\eMEEQIkQ.bat
| MD5 | e73b81a110b1def1cb9f946c67f3c308 |
| SHA1 | c4f42e07e72f1c6c75e3b27a4150c2b0f5ff22ae |
| SHA256 | fbcb13a7f2b39857eb19589d227493752e356fa9cb888a364ebc50e6f6b39e69 |
| SHA512 | 0a911da15e88a2741431b40d4c4111f82d42892b0f5bd1d9aefc100c15b29c95be6a8c43de6f59cd28f5ecad69ab4d553bd7e65dc83224790c814bbca0db88e0 |
C:\Users\Admin\AppData\Local\Temp\SkcE.exe
| MD5 | 6ff42735744a19d319e9df0b56b7c304 |
| SHA1 | 0403b42b55228bb3ef27470da0ea9812c02bc006 |
| SHA256 | a943b013b062483b9c3fdded9b57ea55f0bc326f18b08d7e2a2a7c16ad0660ca |
| SHA512 | 478befee83d938365706697740affd307a49ef006ad20b16c74d125d8830abd0dbd1e6f71a8cba2ea546c13a374ba653beeb853da5c732185481b0fb4e989d4d |
C:\Users\Admin\AppData\Local\Temp\CIow.exe
| MD5 | 15b07da7bd785cfe4db057791fad9164 |
| SHA1 | 63adafe596b165acb9ffae545a548c2a9bb4963b |
| SHA256 | e0771ef92ddfc70473995e4b818cc45b03ac65fc3c47bf6c8f50d326cf411acd |
| SHA512 | 4f6f7ad4a1bc88098f9db5a7310ca997c6405b8ffc64bcf1577ea6334b60bb6d5b923b9944a2ad90eb9ba0097ccfbcd286f9acaf72cdd4721221c5afb4719504 |
C:\Users\Admin\AppData\Local\Temp\dSEwIYsk.bat
| MD5 | f8113b970513f39cc81d5ddac6ad9497 |
| SHA1 | 580a80012a5c6a9dfa03ae207f85842c5e3d96f8 |
| SHA256 | b690dfd88f76daf55374020c94d0765fcc5b8883fafa8e6a26460c87b7172796 |
| SHA512 | bd27804b88448f3551781e08e7973aa6c6c1c6eda003d066f0b93d2af19780418953bc1fcefb506278220559051fddea5fcc9069de3c81313c04d938aeddc0e3 |
C:\Users\Admin\AppData\Local\Temp\ccow.exe
| MD5 | 69fe1a941b0aeaae33769dc6da4c98a0 |
| SHA1 | 97de1201040511b6701e73a21aab2f8aaa6a5047 |
| SHA256 | bfb64e870f70e8ce93691165ac642d29c286c4421e70a7e920e1f13cd90d3da7 |
| SHA512 | d9b6410d1cad2a2898318e3db95c33b1ae9502d1f29a655313b0a76c9c927654e476e3ef551c045cd145ecca02991e7fc5f009a95ae51e6deae50d84244f700c |
C:\Users\Admin\AppData\Local\Temp\IMsa.exe
| MD5 | fc86a0b94b59fde995931870470e470d |
| SHA1 | 20d298e59e4604ee47c2974cf2a439d10a2afbf1 |
| SHA256 | b0ba9db3725381053a8170d01f5a1a413b789b589513e01c5392279b19900a5c |
| SHA512 | c7c0da3909e4725c3f4cc466a69227cfaa19441c4fa30d38ea9c2150b91428e78d215ccb354044563380842aa6457f1fbe74e14974b049b5c6599307064bb1ca |
C:\Users\Admin\AppData\Local\Temp\uAkK.exe
| MD5 | 9eff75dc51d17ba154b530fa47a2b881 |
| SHA1 | 7d4aae38731424df448d9a8334c00e59c1d17e8b |
| SHA256 | 065c33da59db9856b00f04694cf12489792b15ab14cb63edab8b091fbeb39363 |
| SHA512 | c3e5e57ddcd5142c4477f4559ccc10120410381219e9477cf155bd424d0f56c1741ca310f9fc708a0ed9d73610cea23da084d33889c8cb51574810239c83b44c |
C:\Users\Admin\AppData\Local\Temp\AsQM.exe
| MD5 | d071449773b066e8aac1c3629745f3ee |
| SHA1 | 19feb38e43470eab1d6e834b057c3e49451d4f3e |
| SHA256 | 14ec8ada67283e50d8e231b07a9d2822832723eee4f38635fb22f53fecf94184 |
| SHA512 | 836b0c2f70c50ca00cd79905c98dead6756af516b06aee5b7cbbd7a46673ce2e65e91a56b75d10d3ea24dbc23fc8d90c453edb0d20412b813b5b1b31996cdf90 |
C:\Users\Admin\AppData\Local\Temp\qKwMUEgI.bat
| MD5 | dd527e1a6c87707c0683bf51be0b4407 |
| SHA1 | 8fd28d2aca47383649cd4afa1e40eca66670b01a |
| SHA256 | d2992f60fe03eda5d5af01df85f22235df6c71abc73b1170c10514d99f398561 |
| SHA512 | 8719f4ee6853242cea1054508e71304e571a48e26baf77529e85a7a68a7bae9c4faf94d287691374a17dca59d1f8d9afb23d1d42a5ce9e955caaf1ffe5331e46 |
C:\Users\Admin\AppData\Local\Temp\pmgYoogg.bat
| MD5 | 0db1ae947dcd4b2f6892d29f61dd604d |
| SHA1 | c02c1345a6b3de065dba02a984695d8101102f40 |
| SHA256 | 818c913e6feaae0a11e8033b21ad96ee615db199c70006554cde94fe4a184e19 |
| SHA512 | c13eaf4201ad506854653b57aa75c948e27e27f0dab0f8af3f778ec769f0b524f1c43a96405d86526adbfe3a88ba280db69267f4008dca11d805371de9d93d33 |
C:\Users\Admin\AppData\Local\Temp\zegYccMY.bat
| MD5 | 9943521c272d6d959431dae56b06daa5 |
| SHA1 | b428c8b2718b0bd65bfdfb557f0750b5ddaff46a |
| SHA256 | ab932d108662f2fd39bcc20b04a8fd6860e5330bc051df3573337ebb4e622aa5 |
| SHA512 | 11701d9058e84cbe353d34d28e9e1e820a235227b1e8e740691e76429637ac47136bdf9508d26614f8209254d747e389be255a2d3cfaa4f4f9f6f1cdc8c6edd6 |
C:\Users\Admin\AppData\Local\Temp\DMQgkcoM.bat
| MD5 | ce08a3c40ea48937154220367a699b1e |
| SHA1 | fa12efbb8f62269ddd57cd9d2035faf4c154cb32 |
| SHA256 | 72dc65ce9db72e0e858f81bd260862eff49bb562f1afc31cbed7dfadf798988b |
| SHA512 | eb9bee3e5fa320dbeca52f0605c574a2e603f12330b11669409fbfd5b93b8b893ddcb3f3d5d2a872a276a8b911163170633eafd6bef76371b185a8fcb7f4376b |
C:\Users\Admin\AppData\Local\Temp\yQoC.exe
| MD5 | d2d3bd973abab943ed2ccf3d557819ce |
| SHA1 | 3be1de814305c6c747fbbaeed69e95ec663bed1f |
| SHA256 | 767b7e6030cde98648fe183d6f05e13ed8834d7ac09ad789a36579756ca143a4 |
| SHA512 | 3b66368b909914f3bda5e13f7347fa78a670c942597e92919a417ae8a0db8661998128557e51e697653c2a9e69ba568e067af6937dfa28ee6ab715a32067c9b8 |
C:\Users\Admin\AppData\Local\Temp\QoQIgEIM.bat
| MD5 | 3f2176e19b7cfd310780fc59498dfecc |
| SHA1 | ae183aadd46a02b268b229965144f3d9d4326b45 |
| SHA256 | c5c3720be5e903819c2fd6329f76168677f7e2e0d3c1ef82803d36598720b1c4 |
| SHA512 | 15a121e637fa0deb99872a85b499f4318f0cba6b1752bef21ba08f45f807e37973deb055992de2020a6fc3f53f192ccf5cacd6d47af108c19657c4840d1cff78 |
C:\Users\Admin\AppData\Local\Temp\sosW.exe
| MD5 | 9926941ca535684b40dfbb73ee68c77a |
| SHA1 | 6b625e2de262271d0ea1318e25c338bfd09aa5a7 |
| SHA256 | e414393a63b4d3da5d1a403e6c3f627373a0452e6ea86157b6c8747f07f0f255 |
| SHA512 | ec8c569d00b607fc9acd51d14ef2a07be352c1911996fc7697a314c5461aaad08257ba975f68c439a2d24cfc5a8051b96e4de3df3806c260566c5360abe53556 |
C:\Users\Admin\AppData\Local\Temp\Iowa.exe
| MD5 | 1578e25a4778b45956d55b4418b96118 |
| SHA1 | 9e50767d5784788e6436257642db699df785a356 |
| SHA256 | 264d0801f58af42da28e29734a69a7532f19ab537440fb5e2d3636797f51837e |
| SHA512 | 2e8f7e9cd8cbb2b1d20570edb5eac66e040b6d1e872fc81cbc44d1becf81164805f2ea4152496544238b3ab7f7622eba9be8649e365f15895d7fe35bd79303f8 |
C:\Users\Admin\AppData\Local\Temp\wsQe.exe
| MD5 | c97f5f26b31c26538a04fcc1babab890 |
| SHA1 | b0cd314ceb1015518f594359fb0749c2cf65ae47 |
| SHA256 | dc7c48579f13f6cc6c0c0a70ae9a8e9ce9c86ffb57a9d212ddae366fd6733971 |
| SHA512 | b5e8be9e28127d759396db925494d1f8762396485b9e4139449cf67c5b058ec7020bb5ed526f2888752a51e08d40f8ea993a7b1e0f42d3f69487fbd0c23f00b2 |
C:\Users\Admin\AppData\Local\Temp\eEQM.exe
| MD5 | 5868735e2893d3c1b598a9e2a0876da8 |
| SHA1 | 2dd52a7f6d2bbd78033af312ab56434b081f860d |
| SHA256 | a28483bb876a1440ddd4272974325f2538699694c591686d30334e1e2181f90a |
| SHA512 | 41690ac4ffaca0329b94542932b2cae8754f9e580afb5c2ea37f068ec2e1872c9312930d2cd1ea8afc54ad20c020e9f42240aa628bf9f89d7ea09008c485c6ab |
C:\Users\Admin\AppData\Local\Temp\CaMIIsog.bat
| MD5 | 9cdda6c302c89a42b4ff9a9bedec189f |
| SHA1 | 2e4d5d55db84f7513aa64b5d3cef39719dbc1820 |
| SHA256 | 54ca05e8b6c4343cd165387d2f4d0291a57afa38dc3791df00a9901f0b8afc6b |
| SHA512 | bf2d64d71da16a77eab6f036e9cda1e953cf2db21017b4b178bb6aa7a8dd79d41262b197a96aca2c1d72e8219c50ce8a316db1196c6a48ea0f399fd37a8a6f63 |
C:\Users\Admin\AppData\Local\Temp\wksO.exe
| MD5 | 60749dba7cd7bf1d41165c125b41625d |
| SHA1 | 32873f30409c989471b0e666690ca930f27b8d47 |
| SHA256 | 6d7c2b229062e2f72541d6e4d0a4978313f428c37b820903b1a98500eb64337b |
| SHA512 | b779472ee27c1597054a604c944bc0d24798160eb5532312b20b8a5fe24ec034e1df9faa8939977a129bd4ecc54bad642dd0714e57cb20ac03945d1f0ad3e7f2 |
C:\Users\Admin\AppData\Local\Temp\roAcUAgw.bat
| MD5 | 3004040c401308e81fa56767f86e1bec |
| SHA1 | 95dafd7032c8214cf3f50f1ef3c2c299b261b05a |
| SHA256 | c0c955ec773f58b25140b236fac44ddc5888b4e61705616dc63b1f0250e68b69 |
| SHA512 | b0a8a3f6e9e38a805fd875cebf784e86abb72cf355aadbdf898c88a3dcf1a75112a77c9da147c58a0805962331707d78e31af685f3f7748507d6026acdc821c8 |
C:\Users\Admin\AppData\Local\Temp\kkAE.exe
| MD5 | 0a5b876f248f93395957b6c40bbfff6e |
| SHA1 | 3de8f5eeb55915632573e0f05e955072fb932c2c |
| SHA256 | 74f7234f970973617fb8482f486fef0b97f026e1430c358f7026647c7766e266 |
| SHA512 | aa278b9582e77001c8a17616c7574e242bed897d85bde06e3783ff3ed841eaefd2652379056fccb892dd93b588fbe6aadd88630b63847463ec34df530a80fc05 |
C:\Users\Admin\AppData\Local\Temp\kAwW.exe
| MD5 | 7abeb2d14ed89fa982115542adff96c1 |
| SHA1 | 6c39db626f8134f8dcc213cf3b4079ccdc6e768b |
| SHA256 | 47315b55d61effd466058dfd7d67e38efc33439a683a1878f5be4bf9a820dec4 |
| SHA512 | 36faef7cc0c919aea509b21dd2874ae6814eff60c7db4f867b6099124b9e6d236b4dacc5268d8c8d4198c929882c878b6124c39b999362f18515e0ebfab96391 |
C:\Users\Admin\AppData\Local\Temp\oaAcEkEE.bat
| MD5 | 584cb49612aadda706113070b1a8baa2 |
| SHA1 | 9d79ba4a70a6d9eb59776cde59df63b0994d8b0c |
| SHA256 | cadc5e80a0beec70f3e6dfbb054172e05e0a240547b4f46a6b7ba06569472595 |
| SHA512 | 78ab06e09af73f2d4e86f5be047d2cc6cdac23261c0c0ff9bddc17551eb232bf8b218a6dcee10bbe764b8d65de2d7122883c907a7c9165289d69f0ed537410c9 |
C:\Users\Admin\AppData\Local\Temp\MIQc.exe
| MD5 | ebd142cb5e78a332806549de10f4a166 |
| SHA1 | 06b4444cd3bf26f1308b2b9518ee0d2ddb5d040b |
| SHA256 | 5c2c0294098f4979c4fdf0ca02dda0e86968d377f956d8161f97bfd78be710e7 |
| SHA512 | 8b67bf29f303ef55bc2887421ce97a3dfd6df7f95c4c3c63c627c6659a270a02dc15cf4920d255e70f8ddd03f6e653812a061988edab8481e9cd9b98854664b6 |
C:\Users\Admin\AppData\Local\Temp\sQME.exe
| MD5 | d2000a34c2e966d2134cfc60cacec32c |
| SHA1 | dbbcf35c9671a9e995179712a8f4033ea0e5e234 |
| SHA256 | 1517a38aed170fcc61aaf23b7a827c02028d1e2fa68c58758e8fbe124c57fbae |
| SHA512 | 763111f7aee5fd0811644b43d969d450f1000c39478421e90ec927b749a8934a6f1d82a3ebdc9bcd29d8c1bc72b3896f0234567909bd60ec2faacf1365fec511 |
C:\Users\Admin\AppData\Local\Temp\GMYm.exe
| MD5 | 4d14ee455f1eed6296866f1c5a3d66aa |
| SHA1 | acbb37658a5eb1c657f4ec49e44e4716972e917c |
| SHA256 | b8b1b255fcd1c94590812d8c968794ca3b1cb744752e01fa9c74757a0be95a62 |
| SHA512 | eb757b53e99907607d74657f53a8d4f1ac4c1c8e659d9dcd459fa47e9ce71a04ed384dddb4f7287176f68806c4d787d9b4212ca95635c840aca77ef8ab809948 |
C:\Users\Admin\AppData\Local\Temp\mEgQ.exe
| MD5 | 5b0540aa2e1d93fd6ba84211b4e5251a |
| SHA1 | 5b8726f0f40b9572770b71241cf286eaccbfe6a1 |
| SHA256 | 2866b5a6ba788813dde12eac3610e0b0640917e46339ce3fe61e6d3a3867344d |
| SHA512 | 37ad79a304377df3083e1a1e1e0f261e17ebbe55d37f7a3be95c45da99dc123ec461499b6b29c7eb032a15852154a5b429a969b38c457709c6d3911bf61ad6cf |
C:\Users\Admin\AppData\Local\Temp\mYUu.exe
| MD5 | 23fe9585296ddd76c440fd4d669a28be |
| SHA1 | e49a5f3ff735df2ca5f452e799242ababc44e83b |
| SHA256 | bb45ecb521923635ca128f12f3ac4690a16661423527ff8f518789e82cd9f272 |
| SHA512 | 5bdba1d14cff0852c66db3771e3954974f109b1131f232ae7929720e92c2e44e7a780d7d735248822b03734ec824da0408df5350f3f33d9488ad1c8bd2c6b8a1 |
C:\Users\Admin\AppData\Local\Temp\Ewke.exe
| MD5 | 311726e7d11a442e8eb4571053a3f71a |
| SHA1 | 6531bcba6ab96966161937ba8f9b02ce3af205cc |
| SHA256 | bb94463715e09b4e80263b045bb29f7a5ef035d39e41e3ed6ef0ccd1f779c034 |
| SHA512 | e8d950a56521226da9ae2336f1a40b499405a499e22098b2cdcbdaaa10e135a8a8f713b317d7887c8364c018e1dec37201f026aa06bc10510c1fd56d94d20a45 |
C:\Users\Admin\AppData\Local\Temp\IsgW.exe
| MD5 | 6a0f195acb6359b4de30a316ef7d780e |
| SHA1 | a02820fce466a793a5a3e2ae9d948addb2abf96b |
| SHA256 | e916df3251c4a50acf427141fb2272dda040c93fb61ab77aafd53e8f3539b6ec |
| SHA512 | 90e077f22542b9e4c586240a8b629a66695076a7636e23847340ad8573fb30830745b930c115aa5d91b64e2c70b7f495e3f770b03743aabe2983f63d9d29ca39 |
C:\Users\Admin\AppData\Local\Temp\mEcO.exe
| MD5 | 4d57d15c788c070fa1216fa3b8786f83 |
| SHA1 | 8e50d3f00cebd75ea9b5b4343eeaa0aa4ce55b66 |
| SHA256 | 3f1adafdd2f14e88736cd988b94c7c8d2642bd61ccbd1c523fae6202aea65229 |
| SHA512 | 30b9cbf21f19beb22595fc1207e84683a8cf8759c9d9dbd6fda927907f8013778ef2a4fd1fbe6849702f5f6112a479e9198c36c3b3baa7d8790bb9536c3ef4fb |
C:\Users\Admin\AppData\Local\Temp\KEsY.exe
| MD5 | 4b7eed1194c11b6c89bd0fa5f8d6464e |
| SHA1 | 925ae317e8dd1d3ef4b66f8bf0312e1eac80004c |
| SHA256 | 7961cf6d99cb70b98a7ef5aebf64125c02b303ff10ad5eda6f85f4351ff5461d |
| SHA512 | ac4c312f23d2991dbaebc8f69ad23cd1a76a8b625de8ccb4ad79045a010b2da0f2f0de00efd120df9ac2f41edbc1eb5b10b83cc705f81b61aad908844f66b498 |
C:\Users\Admin\AppData\Local\Temp\gGAgMYAE.bat
| MD5 | 90ca7031dad9818eb6cf4289b70476e2 |
| SHA1 | 1bcbf3f93853793a3df6327ba4e861384edcb990 |
| SHA256 | 3de6cc2edd16e0395a48fec0255882c44969d674b45454bcf7110e61094d69f9 |
| SHA512 | eb5ab28eba6cad02faeb5122fefd324b1dc42044db038070569124913503dca8984f4dee16a35b9f3cfb4ff6b185fde7f37877b91b65239327f74e55a02cb223 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:29
Reported
2024-04-07 19:31
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (84) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe | N/A |
| N/A | N/A | C:\ProgramData\aqQgIgcs\nugMEQok.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wOMQUkcA.exe = "C:\\Users\\Admin\\tqAAUMkU\\wOMQUkcA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nugMEQok.exe = "C:\\ProgramData\\aqQgIgcs\\nugMEQok.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wOMQUkcA.exe = "C:\\Users\\Admin\\tqAAUMkU\\wOMQUkcA.exe" | C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nugMEQok.exe = "C:\\ProgramData\\aqQgIgcs\\nugMEQok.exe" | C:\ProgramData\aqQgIgcs\nugMEQok.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OCAsUwkM.exe = "C:\\Users\\Admin\\VYoQUkAQ\\OCAsUwkM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rIIIUMgc.exe = "C:\\ProgramData\\iSQQoYMc\\rIIIUMgc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\iSQQoYMc\rIIIUMgc.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\VYoQUkAQ\OCAsUwkM.exe |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe"
C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe
"C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe"
C:\ProgramData\aqQgIgcs\nugMEQok.exe
"C:\ProgramData\aqQgIgcs\nugMEQok.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWYQYMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\besEoAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fCMIwIQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yaowQgUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYQQQMow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QIckwEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WAwMoEYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgkosEwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VwQUYEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gagIQMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmkYAEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\icEAkkcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VYwIIEQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmAsIgIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zyYgEAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QsEUYMUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAAcYgwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DKgAsUEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aagMEUQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKYMUogY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pMccgUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WGsMQwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUkkQMQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKoYgUwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oqkMsYQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQAksYYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWMQsosU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KksUcQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cUAwookY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\keEkMMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEgYEgkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oaoIssks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GUgwkskM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OawkMAIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\poAgYcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QewwAwgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LMwAoggY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQoocIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GwwAIQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\muQAgkYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqskUooo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWUEEIMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekQUUEUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hewAkIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sUYQAEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kQcEMMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vcwAosQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mWAEkoQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BMMkskIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uEAAQooE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uQUIIAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOscUUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DecUAcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yQoscUUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CyEkUEow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hioQokkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqIAQgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riwsAYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymgUwEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ySEsgkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QekcwkEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dyYUUcEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWIwIMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GawswAMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JwUkoAYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PeIMUkwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FowAAgcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiMkwwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsQsQsog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeIogEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uAIEoQwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OAQQcUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cacIgcMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIowMMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqMUQUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsoskUkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DQgAcsYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv YPSmr23Hi0Cumo1Ks94P6Q.0.2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\coMscMgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AKkQQIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LeYAkwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKwMwMss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUocIUAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fOEMAcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSUscokE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWUkEMQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sowkwEUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lgggIwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\leckcwYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xCAUocQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAkwUYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIgsUcQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lIAQAkcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKkkgQYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kagkYAsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IAoMAkAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OSUsMoAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FkAwYEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsososYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oiUUAwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VGcMgwUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\VYoQUkAQ\OCAsUwkM.exe
"C:\Users\Admin\VYoQUkAQ\OCAsUwkM.exe"
C:\ProgramData\iSQQoYMc\rIIIUMgc.exe
"C:\ProgramData\iSQQoYMc\rIIIUMgc.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dskIwUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEAwQcAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jCcYMwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SgQosYcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TossYUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgYUsMwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MgwwQIsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hQAookEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUoEosUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 932 -ip 932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5000 -ip 5000
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkIYUwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 228
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 224
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUoUscEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| DE | 142.250.186.46:80 | google.com | tcp |
| DE | 142.250.186.46:80 | google.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2692-0-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\tqAAUMkU\wOMQUkcA.exe
| MD5 | aa00012833b27e6b07b6d2eed3b916ae |
| SHA1 | fd083cabc62bff9381351f34eae3be178a35cfed |
| SHA256 | ca1171393ffe73ae7c363b677069ae2f3fb141c11e07485b3c58fad6adc7d976 |
| SHA512 | ca6d280bed3753186f93d050ef7c5ab650477d5da8737d3646f7a1e2dff9d2790ba06baa2adbd8d4c64814a6c44850bd0fc317d9ee75d579381b156b1d8074bb |
memory/4312-8-0x0000000000400000-0x0000000000430000-memory.dmp
C:\ProgramData\aqQgIgcs\nugMEQok.exe
| MD5 | c3baefe3d7f5349c6198769455d158c7 |
| SHA1 | 4a37b3485b4e1b12a5c7f283177dd7f7ff6f4c90 |
| SHA256 | 04d7e9cd4dedcf7e802c3b135fb08e3ab0c053c84435e059eb7d0bbd08caad21 |
| SHA512 | b2a8cdd5d4bcfa8268fb1f135550d403ea99e6ae821970256c577f0351b37529fed1bc5e4f0c92a19ce028ad9ef39e7781a66dfc74cf938a537230993eb3fdc0 |
memory/1488-15-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2692-21-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sWYQYMUY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock
| MD5 | b7a1b79ee0aa71ff5c2704e112482771 |
| SHA1 | 4695cedee75846b343188b9cdfff6b443766df32 |
| SHA256 | 319296ecd18ddcfa1ac858cd0604c1a22ef1b39951806d93ae04906917481b1c |
| SHA512 | ddba05c444613efc4c2b932e44b39275fc8596e571c95e3e5de8ff02881d45deb4df84a10104b768d45136c0aca4505278c1cae0e67088b08a97ee74c585a729 |
memory/3908-32-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/736-43-0x0000000000400000-0x0000000000431000-memory.dmp
memory/492-53-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1588-57-0x0000000000400000-0x0000000000431000-memory.dmp
memory/492-68-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3056-80-0x0000000000400000-0x0000000000431000-memory.dmp
memory/956-79-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3568-90-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3056-94-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1540-102-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3568-106-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1540-114-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3544-117-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3544-131-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4252-142-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2236-153-0x0000000000400000-0x0000000000431000-memory.dmp
memory/116-166-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2592-178-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2340-177-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2592-189-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3480-190-0x0000000000400000-0x0000000000431000-memory.dmp
C:\ProgramData\aqQgIgcs\nugMEQok.inf
| MD5 | c6ea4278c27e0f7ced246600a0acde46 |
| SHA1 | d805756d92b8e438e60ad5f00ea5f6e738cdb8ef |
| SHA256 | 961c408809939c3c5b6e059f9aab50b1ef559ac364a8c12811dc2be43353138e |
| SHA512 | f4f6f6201c2f508304e87eb5ffb87d532f1fac5c1f2e916196451bea199fd37812dae5d5cef6d0fe8c82c8ef0f6ea79c1ed3d955db1d3f2c1443345de1063fdc |
memory/2584-200-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3480-205-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2584-217-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3736-225-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3604-229-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4924-240-0x0000000000400000-0x0000000000431000-memory.dmp
C:\ProgramData\aqQgIgcs\nugMEQok.inf
| MD5 | ae5fb469ad56675b918d0825b41fb857 |
| SHA1 | d849ec78c35071835f8cdae69ebaeac651f39b78 |
| SHA256 | 62e7a596747e8d2c990e358bbb5784f58c712ce6d9e7fc7a491fe463b99fc049 |
| SHA512 | 9e7e86f43fde8aff227d61fd7c12c2a378cbe2ab986343fe34006849f4adbcd0c1c1ce1d83bc0841e2b0197a63490e6518b7edadf6c7b7ad7db92522463c3be6 |
memory/3736-241-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4924-255-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4428-260-0x0000000000400000-0x0000000000431000-memory.dmp
memory/340-264-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4428-273-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1468-269-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1468-283-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2500-291-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4288-300-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1800-299-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4288-310-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4236-318-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4228-319-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4228-327-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4944-335-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3396-336-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3396-346-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4468-347-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4468-355-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3020-357-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3020-366-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3936-367-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3936-375-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3352-384-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1124-380-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1124-393-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4680-389-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4680-403-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4504-411-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2436-412-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4328-418-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2436-421-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1476-429-0x0000000000400000-0x0000000000431000-memory.dmp
C:\odt\office2016setup.exe
| MD5 | afdea8b8da1f77f06878b1d420280b35 |
| SHA1 | fba62006e8151942fe4c7827f22349729d8ccc66 |
| SHA256 | 6a8b7b37ef99b9df4bfb5c172811b19443be34be770d8b00053d7bd301c85249 |
| SHA512 | 74633bae95b7ff1bc8951fc50402e4cbbd91ac72645bff9adb89d34bace866f2ca74dd6dc6f628579905e66649042b9a12274268d4be0b1882fc965e7b1b3789 |
C:\Users\Admin\AppData\Local\Temp\YccY.exe
| MD5 | be638632a05253b57c880b977cf12ae2 |
| SHA1 | 2691f0591b1bef6cd0c08323404665563f6c0e03 |
| SHA256 | 8fcad6e9f2c42e3ea0fc71056b25bb121ab80f4b2238b75d80f8bf58f9419314 |
| SHA512 | 6ae7afc1d8a0b1e011d0d80154d427ccf8d48e554af3b98a5f7e05f685df51c9abd64fbf49c38c63926691c8f8907fd443273b8032dd77a9c36735abdd00a518 |
C:\Users\Admin\AppData\Local\Temp\SYIO.exe
| MD5 | 0b85d26ab94c6653556f46d8432e4aab |
| SHA1 | 0bbcb4e63cf8d0dc9774ef5a4e912c1564f726ef |
| SHA256 | 04d8e58b4bb0283005d9cf5a11877a5655310938039572c06155159daee53daf |
| SHA512 | 5b0a1f190a314723ad730f6f46f094eea3f94788c7232a0cff6b13155d9780fba8fe89eed88a2414eb41dfca132bcef13d2866d0da0ff8a0d07d70875233d80f |
C:\Users\Admin\AppData\Local\Temp\ewso.exe
| MD5 | 7408322a26fb4f5302254c32745c6b98 |
| SHA1 | 5e825031360d6ee1a1bb9ee7899d8e510e3167b2 |
| SHA256 | c13e3800c603405491d62aa918fa03c3a8b06a1593ae5bd56c175d52b71a9adf |
| SHA512 | 071a08104e47ca9d0e166e897ef2297603863a517006ff56e452990129eceb647a4738299734576cd67e15ae47b3c345fdea494b31e9ecaf35384d61164147bb |
C:\Users\Admin\AppData\Local\Temp\CsoG.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 785a3fab5c7d710ebb5c5c47379f0a40 |
| SHA1 | 20b0fe2b74a87b638d449d79c6e5a305e98f8b83 |
| SHA256 | dfecef086bda5199297700ff9f60bf5c672c5c49e65f764c7226525042948701 |
| SHA512 | 7bb8a497bcb8070c051333ec42ed8ec9fd452ea7a5c621cfd566c6497181800710fa28917774fafeec1314dbb49fa8a9942d82bc3fd5b67f1666fd379aaff05b |
C:\Users\Admin\AppData\Local\Temp\FMEO.exe
| MD5 | b9c21c6e8253b8e01e6fff57bb23e382 |
| SHA1 | 6740bf4965c43c2b6ae90cd493c166b37d1e34ad |
| SHA256 | da4889f5d7b9b5a671e2b97deea038091213ef48766b3b0467fb71d6cefd1052 |
| SHA512 | 0c4be051c6eb72a4d9043369f62b79ad3c83fa5b5a9a4a7a825a1bdd81044b1f0b063b59405043030c750c98e40a56eeabd84316761566d08e6e64c180cc7785 |
C:\Users\Admin\AppData\Local\Temp\IAsg.exe
| MD5 | 9c83431be3d5112e4cfe25bbbf727771 |
| SHA1 | d7b331e29379477182271dccc0f1cb48c227f305 |
| SHA256 | fa66aaae771b8bdb9581f6c5b037bf25baa4b41ba5314a0669c4a5dce9169302 |
| SHA512 | dc56909e4de37238edc3767f7bcfb61d08662ccb2903165b4772d3068b9147331e7a63542a681b7ea78c9ea8dacbdeb41f1c796c3ca1273f101aa8294965d877 |
C:\Users\Admin\AppData\Local\Temp\mEcQ.exe
| MD5 | d91cbae17f2e31987cef1841deb5ee04 |
| SHA1 | 022c05d10e241d3b3ed37026897bbbc9036bb3de |
| SHA256 | eef8ccf277f2ded6832c03338265960f940667fc65d47550858291ae1ba51fac |
| SHA512 | b0774f3a3d8a7278b78a1647f910e83ccea62ca435213c2fac4d8b09abda5af4d92556396d82375cedf35737c3a91727ee069282da5152945ccf7d8cec8593ad |
C:\Users\Admin\AppData\Local\Temp\BIQU.exe
| MD5 | 00aa23b86e714a5ce5a1ffdf44482fc0 |
| SHA1 | 75b704fcb7a8cc64761e41aa2285b5bd47f12497 |
| SHA256 | b576724563155189af9ada221cac439ba6eb9ba5810e05b070f5ae8b645a9ca2 |
| SHA512 | 1e8d844e46504a8d08a907ebe171eef2631500bfbaafd93b70c27bca25f87431f0091823093696eeb080402b35687aa3b6c0aa4405b22afabe5beeea8ea68ece |
C:\Users\Admin\AppData\Local\Temp\jMEa.exe
| MD5 | f1dac0cf30a8b040a3ae32a5ecf29431 |
| SHA1 | 01f733912909dc4e02db5955d18fd24829f733df |
| SHA256 | c6d55b124be0e4e6cf92780a6ce65ce8b6c23971873ef6f4169925062c29d2f5 |
| SHA512 | a4a527492e03b1df603689cee01f527cb76d033356063d61d2591332105bc626a23cef3ab073ef87987e2d11d746ebdfbb4283a04444b585c274a7df6ed53d85 |
C:\Users\Admin\AppData\Local\Temp\iYMq.exe
| MD5 | 0f45a5ac66cc11183bf6cc957e2a9953 |
| SHA1 | 00e6c86a26c8fe0d3a1d2578ef2891a6ead2fd3f |
| SHA256 | a0230f224ab2ae3aa70418a51c5027fcdf44b4fd36bc473e9efbab54f81437a9 |
| SHA512 | d99a4e53600d63a2c254736220a2ea13373ca947ee552e6e7d64dac6757ae3fba64667caaf6d60508eb3a49e7c19097408d574de46ff8ab409454f26fe1b5250 |
C:\Users\Admin\AppData\Local\Temp\rsgS.exe
| MD5 | 668e0e70d51424dcf8af610f2fe222f0 |
| SHA1 | 8ea684f56028097e387c92d51c4fee6f2b7c1232 |
| SHA256 | 859c96eb74d8d7ac43fb1c36c21f2ea766fae56598a6e71239129489bb50b134 |
| SHA512 | aa037847700eae7f5df57618f85e5f46bd2c0afbac9a1ed44b26894f6047bf3f34ec6782707473059d452d556e1825ba1da9ef6e6d3e134ca07885f75eb2105a |
C:\Users\Admin\AppData\Local\Temp\LsQk.exe
| MD5 | d356a5cf14361d1324c27c453254c441 |
| SHA1 | 82bd1da8bb37a876ac764b6c8561c0da2ec2015c |
| SHA256 | 3916db2f61b4e481c3f6b74aaaaabeea1b47d6f367ceb2e259ad67e324df9e00 |
| SHA512 | e5cdaad44b430c39d4c0793702d3e04f57c6ed10c24ee6a3b9a7f57e290336c1cb8c9b4fb8da29d58f9fa65f67f0bdfcb7579b3e06bfa08404a47ed7cc0fb974 |
C:\Users\Admin\AppData\Local\Temp\ZAwK.exe
| MD5 | 97014d053cdff38b66b6bca37a66b37b |
| SHA1 | e5bbc0cafec69869ea3565ae4a2f4ac6e75c7c9b |
| SHA256 | ff92f6cfef22aa5d9d680c1c83bc9de9cddd6e770279119268e8d5b2048eb717 |
| SHA512 | c1604de7661da2d7988aae8709bf7dc30df5eb7482d96d0b131df81d752ffa772b44de305421e99d80bc5427e3ae5b302b7d65bb8b199e0bf327ff16a639d62c |
C:\Users\Admin\AppData\Local\Temp\kIEW.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\XEAk.exe
| MD5 | d71439433923621a1b1bbdaea3461846 |
| SHA1 | 46f665c537b276b8f366a0c9f8493f9906e2d9a5 |
| SHA256 | 89c7bd6e99d35a99243b3aefb3180da5fbf950d58b36ee2e53d5ce83fd889372 |
| SHA512 | df64a5e0608a5c9fdf3fa24c78d8021aadfc6a773ab63d333230fa3c2ca91a4f37b3b38b4b094bb7522872f445fe4eddd1bc1719562eb0b2d40aa2417af53ac9 |
C:\Users\Admin\AppData\Local\Temp\vkYU.exe
| MD5 | 68ed83a0e7aa3f1d8ffb8295eb917ef6 |
| SHA1 | e56e052f251d3b64387c0baa2a714c16f1f31ea6 |
| SHA256 | f2aae5e3c4ad0ce0f8c9b0af8ce87b7a2a5350633cf5e440f9ddd251410918ff |
| SHA512 | ed18b955de2ad2a96605a7d5b0fad0d5d1e926377c1be20134379dbc02345f84cc718c930bad6e47cd4de33ef80a94d29daff57a1331ef11f3ee5e751bb0f673 |
C:\Users\Admin\AppData\Local\Temp\KkgW.exe
| MD5 | 0f4f8907500ce6061a342446b004f4dd |
| SHA1 | 31b097e686f3ae8046bbadfa42e461e1653a4e73 |
| SHA256 | 7bdec7ca030f9febb3b1a27e635436cadae98a28e48ce60efd89d397de099368 |
| SHA512 | 5b398aa6bca2dc30918274bdf101fa0f1ee12adab6f8e8c652479ca5d0e1d6e6f10e463c9103a2f25c461aaac24aaaa4d3d613087d15f424b3ade101006b34a4 |
C:\Users\Admin\AppData\Local\Temp\hAAo.exe
| MD5 | 7f0d1304568aec8389915cf891dcbd38 |
| SHA1 | 929bdc7a7dc4b804ec2b03e844bad48b8cf172be |
| SHA256 | b7c40e89aa50ae1b9c4d060026f6a4574159165668fea9dba0053d710336f236 |
| SHA512 | 664e1afbcacc7bede9a14fbfc4e0ffd5a8f6693cb3680c22990e8206a7751b96f0576704c49fe76aae81fa317d46146007188db8fb77abb804e0dad3c19f426e |
C:\Users\Admin\AppData\Local\Temp\yMAK.exe
| MD5 | b7481ddf055608ad2f42519e06027c5d |
| SHA1 | 545c4923ac3fa1e4d40ad0f29330273658f7397f |
| SHA256 | e3f9c245dd501a5f32eaa39a72a42d69f2fe4c83957c79bcc59ae1a05e746804 |
| SHA512 | 1ce67e0ae5867328d64d914bff5e9047b18619379ad03bc778a7008c7323532a29ec106bb25909cebce6e8a24d1c1e9766b0d017664583a803226e5827cae3ec |
C:\Users\Admin\AppData\Local\Temp\eQYe.exe
| MD5 | 9fee7d23a907b64af14ef0477926033e |
| SHA1 | ac1b99eb48798332e5152cbe153b50ec04849091 |
| SHA256 | 6d99ecf52d445e023441f2d72088514d0894567763dcc6c68e248df2f120ff98 |
| SHA512 | 2a6bc9f15039403502141167d33e75ee57979d2097c0c177047b085a2b631116140f57e2b811912c054f4ac7b68019b711cafe76f40c32daed21bf5568396eaa |
C:\ProgramData\Package Cache\{fb0500c1-f968-4621-a48b-985b52884c49}\windowsdesktop-runtime-6.0.25-win-x64.exe
| MD5 | 0cd4925b6da6a94d18472adaae4cf715 |
| SHA1 | ab334e8ecaff1f61aaa0be5d7abccfbcae41ee87 |
| SHA256 | 08cc003cb5b07f63582c370ee85a9474da8895455c68dc5af11b3683fc2d69c9 |
| SHA512 | 809654c22b38ff313e159e6180fbf659cdff020ecdfff98556fd9533285e2fa8849a8c36e2fa186075cd200ef8a698d6b1fdb0dace7cc061ef3fd46dab08ef7f |
C:\Users\Admin\AppData\Local\Temp\QgMY.exe
| MD5 | 0fbcb35ef77cb93e012f90c41c9cd547 |
| SHA1 | 7298afe46d069089256fd66484573d55a1c6d9ad |
| SHA256 | 27c7e9b698d4c172c62781812e1ebd1fbeeb7e8e40d59d7f8aa214d7bfd1a9b0 |
| SHA512 | dcfe7b0b0d0493a8bdbefe4a7eb17346b036a7db59728e92f719acd1395e0ca583ba29ba2dbbfbc01b034bd18091d9783af4a06ac6746c216a6c870f6860b5d7 |
C:\Users\Admin\AppData\Local\Temp\CkUW.exe
| MD5 | f8d6a86dfeff1b41427c728840d9e811 |
| SHA1 | 855abf8484c61b17eacb1c8197740b462de51381 |
| SHA256 | b2c45f72f5b03bbc236d353b5c1bbf5206cac4a38ec0e9eed5840911697a30c1 |
| SHA512 | 9460ac84a7015fba4e2a4f6008ae7edc4011b94a78f1865b24f637e3c4101bc7df1cc0d87952b8a0a70545f05b2d0222d785b698092bd1a74ec61a28ab56fa33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe
| MD5 | 0f9005076829dd8927277031579937e0 |
| SHA1 | 238de94fb25abcff9fca8352926051de6544b4ee |
| SHA256 | 609a52dc1c7265efdd511e6c162c4f2c253057f124dd67feb2f52e0a2da9425a |
| SHA512 | c8536e1dce70c659400a297aa48bed35ae7730d7335867d4d9a881691e92104ea20c03d16b4739941c5f68968741cf85cec1da53917eab63a533f0ddfe0462df |
C:\Users\Admin\AppData\Local\Temp\dAIS.exe
| MD5 | f3511fdf5e8f9d763dc44f36e0144ea4 |
| SHA1 | 1967abb6f5eeb7a1d3d17573248655dc66c8a0dd |
| SHA256 | 6a3683344353619ab921c0d983a4360d58c17bef502026b82ab362dc905072ca |
| SHA512 | b4f0527aa26c1376241e8b8716c4b9a1d2c26431fa2a0876950142812424f4478147e5f8079a0182acb61c7ed873a30612c0121e84f8891b22515fe698df4494 |
C:\Users\Admin\AppData\Local\Temp\SkoI.exe
| MD5 | cf11e3a1c7b53bf9fa87316be2905fc4 |
| SHA1 | ded1b8a85c611cd0bb26ed0cb2db73188dff7de1 |
| SHA256 | 95f8bf9b75a27e587951b85eda758ab5e87fbf9cfe1efe1e2700624d26768d0e |
| SHA512 | 96745e307408fb444097d2fe86738917de530f44e5d8334bfbf2d30a350e918794536a8122c93191eddc49859feff0b05ac260dacd992c036fb33c00b1e5e987 |
C:\Users\Admin\AppData\Local\Temp\jAkw.exe
| MD5 | 60892ac6f1a893a6865aa12eaab65458 |
| SHA1 | 150238c23484129b2b533bf91f412de6f3956db1 |
| SHA256 | 2273cae04ecea6ec76db068e25ac7817978615592c9ec86fc2245d7068de4276 |
| SHA512 | 837a1a7e5776901b07b5297b56e4d13598e37f91b72393380e1d086f5dc30949666c1ef28b4626b5d0dda867dc2cb14989409cbd68dd6df160f3e522666140a7 |
C:\Users\Admin\AppData\Local\Temp\cgwG.exe
| MD5 | 263c508670ba7c6fc2332e3b42e5916e |
| SHA1 | 0bee0884d1d3e41f0b7c4eb5f24d8a1020f92e3d |
| SHA256 | ec347d8d61b1a23696b95bf6c57b876a9aa2f6a7b418916c3e1b9789dd4356c0 |
| SHA512 | a2d786db75edb5e8836049e5d20591e9ed2efd1bb74c9c17bada7a1212818ecf7a427ed658bf4e7df737c3a118315d54524ae2bf854fb176d4bd616a54c41e97 |
C:\Users\Admin\AppData\Local\Temp\AowW.exe
| MD5 | 858c09bb8efe1f39b2fbb79c55f3445e |
| SHA1 | 8fd848dda3db701124168e01a241afd367626296 |
| SHA256 | 31997c6fae32fa99e47f8c720adcd95c94c54f4d263165a4bc66bfb98dbae1eb |
| SHA512 | 273d61161f9713ea48494ff3129c20ef8c0bae5cdce6d9708888f7adc537b9b143f81b6ddfc60da04aa29d387e38babc8657f058e946a52fb39ea506b104eae1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png.exe
| MD5 | a4c142a50b51a54f075bbbd4104b4b49 |
| SHA1 | 6a6caa9740de201a2c0538110085ff999147714d |
| SHA256 | fcdd0f54231ece69d615f856b2fc92f8eaa2d98cda5c7100a22b1cf58f0ebbd3 |
| SHA512 | 2b958e7dd18e7aac9defed4dca64fcd610980ddf442268ee9e4c43ba928a8b5e2dd15d60db758c6d23e32494174c32ef184c3fec71776357f0e4dc17f96c786c |
C:\Users\Admin\AppData\Local\Temp\HAse.exe
| MD5 | 90aa7a7e65697774860a923230267f9e |
| SHA1 | 9f060b7a8f8006a706feb8f928091565824d5cca |
| SHA256 | ed435f45336bb8a45f615bd1ee834d59013747c6bb709977dd4ef791eca82c71 |
| SHA512 | 0efc33b11561788507783f8846d106a1eb537b813ea4e117a7477aec923ef6876b41acb5a5219a7a68a9e42b71c4d63022f904891c9ad7c80dd9d83f0e8d5e54 |
C:\Users\Admin\AppData\Local\Temp\hAMC.exe
| MD5 | a1635862e65359d711a506ee02349681 |
| SHA1 | cb77ed674adbcfaf16088d3ae69f099534d80193 |
| SHA256 | 699314f661c56ec5cb97dea8cae8128950d3d80bc349139e68044ed53bd20088 |
| SHA512 | 601dbeae78f3ccf354285b83f5e86c2e4fcd49f1bf0826d6ce1cd4ce18a86921594b0d5a390ebe20bfe974157f1a0a22dc2e8e95805b670084a18cd440b9d3b3 |
C:\Users\Admin\AppData\Local\Temp\DAMK.exe
| MD5 | 01a11ee8eedb0056ae61591f2ed0c619 |
| SHA1 | be69ccfc4dd3d3bd9de795d76c3b2921fc0e0932 |
| SHA256 | 580a734c7c66be5a76bdb4ada0a2ef6727f557bec03d307505ef46b1cf283d3a |
| SHA512 | 853c20ee1274689a2332c1cef54c1bad5139b1e57d0af492508fe9726ba9cce25e45c31ca298ca23685da7cc6215816cbc96b87e8dafd4c84df0df3454672524 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe
| MD5 | 881966e9a28e89ffdcbceec77bf9482b |
| SHA1 | ceddbebf200c71be6cad194bda2d95462457d200 |
| SHA256 | 953e6579ea1e66a5bcbdf372059e18bdd65ed64ac0875d2065279563ddd78f21 |
| SHA512 | 0896f8d135f6df683db14ebf5fcc5a6e053d670d4319099b989ecd9388b0a076310999e5cdf3b6936bf12d65704293363618b8b7d5a7e45378ab573060049a1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | 060c859a46fc63b3469c6a163faf562e |
| SHA1 | f6db0f3199c2ba03c17eb6d9e3ff4038f0f7d850 |
| SHA256 | 2bd77cc5234f4c9a908245379cb617005bf62fb24524cca2b27c105d5d5e31a2 |
| SHA512 | c7f8a63177c784a5e19e0ec8d2fd09cc2c3347a9c7dfd8abb642efa3b4351ec9d83d0cf3b875f1735be8d5b7bfcf3ddfb111dc33bebb98c95989e54506809c55 |
C:\Users\Admin\AppData\Local\Temp\AcMm.exe
| MD5 | e2832b8951a9828d2d7a5a8483dea351 |
| SHA1 | ee268000b5541c48f7f6b1151dd86b78ca0c9071 |
| SHA256 | 8515525b064ed4aa72aa6a1f1508f383db62077578053f5e8e7b2e212c57bd0a |
| SHA512 | 26b95478ba5697c0b733222070c399b393722eb1fd8fbc08efb07a03c41081ffc158fa0bd6248f1b12ab69eef386e3fcaee9c22e15f32ace95b27d64066a8ea9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe
| MD5 | 0efc7a7f204b9f10e581591e770acaee |
| SHA1 | dc0dcc1a4302d2f1684ac0427fabd536f631ce97 |
| SHA256 | 5e59bf54ca77182f53baaa1678f91ee106c724dc2287c61dc43bb9655cbbecdd |
| SHA512 | ad7dbfbeb27ff4bc91d8e5d6b0e5783c2da23040b711313d95d8c5624cc8573b674e632ea40b93c09bcdb1d4fb6102328dcf1e4ab874ea60d78dc7c4f9ff17b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\128.png.exe
| MD5 | fbb8d3948f532baf420d53c52dc44100 |
| SHA1 | 78462fcf330f1545d7b68e48506f5783e0e8882f |
| SHA256 | 81e757ec949ddd26b69d0852e3969389ae700f3695778f3f3c3fa64edaae5096 |
| SHA512 | 2e806dc92fb9eb0978732ada15f88df4916f0379bcc33cd1d3e2f36205f5a29414d1f58d95b05f5eab613a1225a9640b31bca76fe44a10ec085967463c4f3081 |
C:\Users\Admin\AppData\Local\Temp\csYk.exe
| MD5 | d208f4c12d8ee23e2ceeed4df1037c00 |
| SHA1 | dbe172808f286dc3a08a7f53a1988166e7e762d0 |
| SHA256 | 20dcf47d3459bec4249781d07e662c8cbcafb719e1efebb7fc826343506f8112 |
| SHA512 | 0b7db1388df3c55461da565cdfeccbe3b01a615302be6a53b85e94eb2b27dfb56ad246eebfee3c570815f7bf8f0519508f13db72b2a90992e1779f5cdb3c6585 |
C:\Users\Admin\AppData\Local\Temp\lMcg.exe
| MD5 | 1310b88d0bee2e3a1492394f93bd26e4 |
| SHA1 | 21996b68e17c68b8c1423c60e5b89f7f64be4214 |
| SHA256 | bca2a814f8e919a03ecaa9605b740dbfe9b1c31fc6f4d1ad3e2ebd92b18f6e19 |
| SHA512 | 56f30f0de0ba1a78551ca2c1c2ebcd3a22568c3e36b3e798432e3b0e2797796814efb404b287a052d8e8811ece988ff7fd748ff121bd7394cd1fc3c037aabd65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\128.png.exe
| MD5 | d78132b9fc3b166a3b8293bab55cc5d5 |
| SHA1 | 16c140d13fb27ca76d7b66af61c685f7038ce94a |
| SHA256 | 07cd6d966f3b3b479fcbc341b8abf9d375170c851d4b5d7dfde8861334cbca45 |
| SHA512 | b3fd729a81e5ec088dc876de165bb103bfc2f974d6bf7bec425750a242d84b5f588dd9111a7db5164ac0bb7712d2930d0057f9fed1bdf2dffd02a6bd3f2d3978 |
C:\Users\Admin\AppData\Local\Temp\Hwge.exe
| MD5 | 8a01295b40abb5ec9d1d565d12ad9e68 |
| SHA1 | 1927fd04674f9c603ef6d25a1ba3c78154cc4853 |
| SHA256 | 897e36d649cdab94ad4167815d15c20f86d680a8b769fd2cdeba6c0af08a4740 |
| SHA512 | 1b06a8bae872a73e2a6fcbb251e8b5c4bf71acb7dd3d5d5d5062e5364e799fd126b3efa3b3f9c5eaacb5e1751f49e9bc63386286c54e39110ed7898a16c8fcf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exe
| MD5 | 728bc5aee0c7440a0d0a353080ac6861 |
| SHA1 | 02eea1e87851bb0930003ae0b793beede1d03a19 |
| SHA256 | b77b881de55c4f9422cbbcafdade21a73ac17a8f48c002eceae54228966acb1f |
| SHA512 | b23f66b01df55f5aec7eb6941ce092c1b131d832be78acd09e7185e0c1f0d8df961452daf60c84fc2b9975e9729f1e6772644546d562c6cd1af8c0053f27a0ec |
C:\Users\Admin\AppData\Local\Temp\OcQS.exe
| MD5 | 2617e96bfdbbaf12f7381c24b6c0f90f |
| SHA1 | e9bc74b07ce3f099f9f933927fe598d4011fae7e |
| SHA256 | 5566d9533d5f8ae5b6d51b8cb85b9ab5420381ae3e68ee42ea68680bcaad3488 |
| SHA512 | 02bedc2684ef6ba404c3cc3af0742e2b43beaab97ddcd9eca924747a32c60caf2515e58bacd09af2648f1d21b1b3ddb1eeb50e778b1c6d5562e14a3deac1bae7 |
C:\Users\Admin\AppData\Local\Temp\LYgO.exe
| MD5 | 9c64be5cb04b2a7933ecc3a9db1dd09e |
| SHA1 | c8ffce5e1336a0b769ea8770e513ce20838e25cf |
| SHA256 | 187b21be7f6cd8ef6b6be064861a2399c52fa709bd8f39fd7f211a91c854e983 |
| SHA512 | 6cdafeb7b512c40432288db417777d137d3fe1fc87a72bbd05cd6343c44f01fea5c6960befd49c1f26d699f92c14fac77ac4ccb54eb4413f4b4d63e9b8a712e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png.exe
| MD5 | 0373f459774e33a5336fbf851472f461 |
| SHA1 | 697fe8ad2730bad0b7ba24b2c099ac65ab9a1a44 |
| SHA256 | 80fd034941e4a4551a515f6e238c96784b8d2629b19078333b4168aff729aa75 |
| SHA512 | 1ab69a557fa997ebb3062dc7425573b56014f0246f8c4e47341635639be1ec106c530eceaf7c7337ab09e73c41cca7dae1feea5fafe9adf7980a7ad66987172b |
C:\Users\Admin\AppData\Local\Temp\hwkS.exe
| MD5 | c3f45e1d50e1009d5853ba8e2c2a52e3 |
| SHA1 | f1b490371ab342da8871d5a96fd82051a5bffaea |
| SHA256 | b7f9e9a652efade528c8c85151ee41412d2802bd62f27cfc1f1b627833c96685 |
| SHA512 | 10f886affa4fc170d5f7e19d9d578e8c3bd24568e8911e8725a51b4b1c6a0ffcf1e6d30242783387f14b554d669ab380cab0419632f3d408cec4e08d16523dfd |
C:\Users\Admin\AppData\Local\Temp\HwQA.exe
| MD5 | 8dc1106b19966d2f7272e2d3a27bb32e |
| SHA1 | abf12c8eb357f60f4d1635b93ad7d8d4a550082c |
| SHA256 | ca93ea9afce383144ac75fb4a1f18e6ece4149ee87cc2d0bfeb1d228a035cb27 |
| SHA512 | 7812f27dbb7c57f62f4bcf193b8e3657fb898de6fb43f0b7c54d3b2fffcd9428b40d306b9c2bc3472335dd92f1b93a137dc5fe469f0a5daad95147b1f9b66ea6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\256.png.exe
| MD5 | 2513d1f6428e5e9ebdb8d045ee1b057c |
| SHA1 | 9d7b2a4bd9d749cc7e061b13fe57d169c911edbf |
| SHA256 | 0f17382baf5d704cf5e7847ca0be2e9d4461b1a423ce03548b9da32244cdbbd6 |
| SHA512 | c26b1dd67c8744a5af3ecb9097579a05acbf35be3e3a4b92bddec56bc5687997c8e1e52fa045a1b9fe154162aadc5ee33224774afa7c9470b2a5690e5f378a37 |
C:\Users\Admin\AppData\Local\Temp\noQi.exe
| MD5 | 55e21be01ce81db386e654f085be53cb |
| SHA1 | 9b9fa2a49a09a3712f8ff8c72030bf4c733a46f4 |
| SHA256 | 0844d4086ffbf242518c72746dc027bac00f1db4ca7cf1779bacaa8828812564 |
| SHA512 | 28372bc40df4fe989d8c0bab61b0898063232ee3f0b30a6b80f236075923794dd10fdab08e128f8679531742e30ea5b00b03fcfc9d9186daa06e9b5e26e52273 |
C:\Users\Admin\AppData\Local\Temp\eMsQ.exe
| MD5 | 790b645c6409f6948518cdf4e69b471a |
| SHA1 | a68a8c469e8708f4a296d2b211142b2ed4cbda98 |
| SHA256 | 7d1af9a4de35ba3cf2094ab71639609e34c45369746d6cc0d0ddc097e8873801 |
| SHA512 | 508707d6c4e2e24cc83fc60ba81c8ef2dbdae5dc88637413d296285c9ed7463c1e3063e2bb5d8b9f5bbaec56ea2328e796a2a9cc2294cee06634a603de9d9068 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppBlue.png.exe
| MD5 | b897d310546792135a4e0ab7439b62ce |
| SHA1 | 43ee6903b3316e0dbde04e6af856b8fe1b4b324d |
| SHA256 | 2a57c888277539011fb819e50ee5e06e9e04c3f2a2a1d0380d37130fe2d079d8 |
| SHA512 | 172b5b811518c31681db6685b48ba2ebea60d41979f26b67e076d4211574409a2b154496f6678086c592fc60d770eecb2f8b24b55e6e3a2261f271c7d03c4770 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | f2930bce2ef3e186c6ed02973c25a142 |
| SHA1 | 1137bdd7a3b8646da6ccf0a1c5792780ecbdced3 |
| SHA256 | e252ccca9bd53ed452482406837646666551682d09d920ef4677e393caa920da |
| SHA512 | 01231852f76f799a932fb2623774e56491c3b4fed1bc40bb191151eeb5ba727242b8ebe16d575c8fb346b5af18f26302bb7ba5ea8c7d3a1fb75f945ff1487684 |
C:\Users\Admin\AppData\Local\Temp\WYcY.exe
| MD5 | 80d9a96fabe71977ae7ce63b37ad1f13 |
| SHA1 | 9c683bcba68560d26dec8d34d6fd24e939c0c2c4 |
| SHA256 | b4934b6082d3f8d6984bcfbabfeb0940b357fe6e59febfb6f10db4c756f56e7a |
| SHA512 | 0406ed058764cc9408dcc3e0da92f4b215f9e50191fddefc5c1dea1a0102ab95f1309bcca32157d767bd72a3eee7c6f52b893ead4e6259302f5ae45eb814538d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppWhite.png.exe
| MD5 | ac6dcf3b565fb6e0c7d7f9ec903a889e |
| SHA1 | 6a79e425483c7838799eb150823bc239a4455453 |
| SHA256 | 1f4f26101e565e32de82a6253f3b7524132d13afea400eecd06c4bfff575666f |
| SHA512 | 592bb29510710fccff1a39e5a7e0b2aec2cd2713e7175cc78fb3f4527a357c24c46a698125fdc5d20fe93b75310430c322a251445bf9b0d8352194a65e76f827 |
C:\Users\Admin\AppData\Local\Temp\bQsu.exe
| MD5 | 3584f757fecc600abfe56f9b75d8329e |
| SHA1 | bdbabaf9c840ecb639b3d7f21c66585e06e8e1a5 |
| SHA256 | 51ed88f6807203024ab891df3e479bf89cc0def7768acd516f62372482bde29f |
| SHA512 | 101ca5bdd1a9d62f0d12f1f5812fd42b03c70275da75077a125beeb0dc56412e6650bc3d2671bd8bc31b162af96bd71f17445be611407697abf1257a430d6a5c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.png.exe
| MD5 | 77bb03e79df67efe5e2f97fc19dccc98 |
| SHA1 | c0afd8b46fef9cdda38517d4f5cf95657b79b56a |
| SHA256 | 3d16c48e66331989327a2c459eacafec1de614ccc48bacf724cf14b058b8d28c |
| SHA512 | 91cf83f031aa49198da23d957a61f2729036d989c9dfd0c9a2b169de53b46b8097e070a037aa704d00984d60ffdc8793d20c38d2598994bb9d080abcc04aab9f |
C:\Users\Admin\AppData\Local\Temp\GAUg.exe
| MD5 | 1c523adb1bda0b387d559f8adf249a07 |
| SHA1 | 3f61c18adabb3e4173fd76e5aa111391325ebf5a |
| SHA256 | 38c521dfc947065cb3d191cc22431abc3bcaaa1386633346ac0652ff946a7f17 |
| SHA512 | c8478c12f3427e5fd411eadba1ffc1306cf8ffc88816d0e578c6d230b6a27583515f56af0c2082166f2ce7626a8fb2d462ac120aecf9dd1358f19518a05f91d6 |
C:\Users\Admin\AppData\Local\Temp\OcUE.exe
| MD5 | 981256df1f0c43ce8029c5e3da608211 |
| SHA1 | e10e17bd01c2cb05c7d164300f789909517fc83c |
| SHA256 | ccfeb3379ae4dfd011450dd244dd00f728cc714e20a271e2070acb6faa24e7f8 |
| SHA512 | bca88cbbb633a4c16d3e8f3599c24935704640e51a8921a0c8ae2d6f9db6ccc0223a8ec47a2c80481f28d96b801de8d71de6d61036636319ac2ec81aa7a0820e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | 29b7b50a31a536a08721999d498695c7 |
| SHA1 | 2e5f00eeb55a30fa6be4d164db7391a542a82a3e |
| SHA256 | 37b933d7505de2920f1f20d88e204ff3c8fe93f64d41e0744d2965c20fe82686 |
| SHA512 | a634f23ceb77ee599160de34b057e45a3b4f233a114baafe5c2c0878c7cd27d247cc7e73dc45701c1a4592f77f3aa85bcdde9a0dedd4437db7ccde3750449b47 |
C:\Users\Admin\AppData\Local\Temp\pUUC.exe
| MD5 | eb94c1ffeebabcc8c0593fdcac7c36f6 |
| SHA1 | 3243cd6a30f760ffbdd2fa9239ba04f9dbee1474 |
| SHA256 | 24f1f6f9a2dd13effc4af16402a89ed24edee795682bfdb801779bccfb0fbb01 |
| SHA512 | 5d54b27e6fd20bfdb29e0e080bda19e829157497cb4f4111f86baab3b47fb32772698c00b47f3c446ed0dc31c6a62f1253e662ce9991ed9f370187bac51a486e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 8056765e5e2053efed826dfe7d18e63d |
| SHA1 | 0954c3ce4de63066c09ed6854ecb834fdd64efa3 |
| SHA256 | d9ce5dae20759c14191be38644a788683f992308d734658082657105ace3bee3 |
| SHA512 | 55b3aace0274881179609b7885419763b114dd78b071bd18119f2c953dbec8ff30781b2cc5d941304bc53e8d41a93fb19228ee511a94f829183abb95e1a68559 |
C:\Users\Admin\AppData\Local\Temp\WUoC.exe
| MD5 | 4e3db7b0ffdd4a6e1c61e305c7749da4 |
| SHA1 | 8f88b184b4b9168af4937f1c416e0267a4762978 |
| SHA256 | bd003c6f80e0e44341c55dcdb49ddcecf2ad28f3c23c97212ca0aabbeb30e41a |
| SHA512 | b7ab735c6dbea399ff06700ef83d502cab3f6b32bc3f25063163cbe80fb4b9cd04a80be6554970c39c94f2dcb93e761e3a54b6e8167d89a14cef50c4fce9e3b7 |
C:\Users\Admin\AppData\Local\Temp\vEEs.exe
| MD5 | 95d5396eedb1aa8a20849b302697cb92 |
| SHA1 | c7a7e94b14850214237bcd4edad6732e6891fed9 |
| SHA256 | 27a5e4111dc3ecb4207ed33d91c978f5735b96969fac4b030587f78dd812ab07 |
| SHA512 | 3278347a2f71a94fcd1dd59eea586cee363bd5e08f69679074f1f8e718bc7c55440557a1b13314171f13761a745db9a0085ff689be14e0b1284e414b6e13ea81 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaCritical.png.exe
| MD5 | a4ec9b527cd14be2dc6145c1ecaae3cd |
| SHA1 | 44fdfca6a321df1817c1c63adb61fa5f341b92f2 |
| SHA256 | 609127afa18c17765c7d5203a81147b1571be6bbcc90d63256b1db8cec93af18 |
| SHA512 | c192e256848f68f16987f70403fb39c2cdcef1297d76c21a6122859a62768f046514903fa5a6d3a5c40202375cee43bfbc968e57600b062682aecae14748907e |
C:\Users\Admin\AppData\Local\Temp\fEsc.exe
| MD5 | dab9a68ee710996c6bb42480315ec6b2 |
| SHA1 | b2678ba142a5c5745e79f6ab04280f4e015df2dc |
| SHA256 | c886e1c63e6e9ae5bd16ac6a40a3975a4ba18ff1cadf0ac2fc73541c13def724 |
| SHA512 | f5211a52f22712f5d9a1adfccf4b374f2270d39d194c9c7e2b6199e51df5649b22080479be69ade7fbb62d97a668b30da53668ac0ebe6259523f82510c4ae460 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaNearing.png.exe
| MD5 | 70efc62d8aeb285f63c15eb6ec63f68f |
| SHA1 | 0de8c34103436ab3da4bcf9e54fd3aff34fc88f7 |
| SHA256 | 194d33e258dae46841e0094bf9912be6cdf50c1bfe347459c5fd8cc759d645c7 |
| SHA512 | b7a707f4fef2f6e851b2c8447d1d1cd84d10954b9e2643ed12c5945eabc25bb00d826185ab570c7da5071f525e693d9f3e8ee4007c2100a5c3e63721e48e8bf3 |
C:\Users\Admin\AppData\Local\Temp\lsoO.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\xQoO.exe
| MD5 | 78d5f8ccb32093ac1c2863eb850db411 |
| SHA1 | 82a6a73729a7e9eb8fe5a932558ba14d19ce0da1 |
| SHA256 | 8f8b847cca05901847eab81fcc097a61a381a2cdef33568c0d4d65f5748c8f58 |
| SHA512 | 34709c96f15765937ed5d46d2ff45e2bae656f1f232672cdda1e97582429e4cb1ce589db3631656c10dd8a4ce0adeeb9d65aca974a2bc23ad5d2579a37f4c907 |
C:\Users\Admin\AppData\Local\Temp\Xgss.exe
| MD5 | 209c21b7e148c71d9cc946d6c19f2578 |
| SHA1 | 6078850fad66957aaf25a2f7d61a2d5ccceb4c24 |
| SHA256 | 1b36305522da37849f34425ce3812dd267df8cef9d7e18f6e51ad25932912870 |
| SHA512 | ad73a1c5bac314525b814b0e732cf12e663300a4bfa79584663bc0f4dc6dab75b980462b3b5676765431b88a04cdb492c5c79698c71d0dd6ec19ea1a4b7bf846 |
C:\Users\Admin\AppData\Local\Temp\hwca.exe
| MD5 | bf13d8da7ab2b133062e9224f651b3db |
| SHA1 | dca6c221cad81406d8a8fa7dfeb91a35bb00476a |
| SHA256 | 111c833f305e93b140952c29679a9723360a8d2f67c27117f447627f2ed7a0e4 |
| SHA512 | ed222ecfa2b1f456a1660ad81090a036cc52f87e357e381c9bc57674b3847464bb0efed2f2791bafce3192f0b1da271ed82e67df5bb0fd00a36c09d37583340b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | 6e490e6da4fb5344c495397fedaefcbe |
| SHA1 | 557817fb05dd9a00de42abd5bb748f7ca2b3f37a |
| SHA256 | 1137f09abacaec9d27ae78e7c31ea14335d8e64f79044020cc07a66c6e013db2 |
| SHA512 | afb2f173ba8879b1b1d8ed8948a0e88e3a67bae77ed88cff1650ce353ba45da9a8a1e25b7d0fbef2bce0693afd256bd7e1ade6c4c1b548a10570ad34286c1163 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.exe
| MD5 | 5e8724beb5b04b565747c98c2bd59567 |
| SHA1 | 3a4b40f94844716945575bdd787db2033b497e6f |
| SHA256 | a8b1e5eb27c15ba12100e90c7e0b7c9c2a8a6fbe057943e3306fe27ee5689b5e |
| SHA512 | 224f353b6c1fceb9339d014397f718dfaa67e0d14355897775de86d6d9da66946a44e2509d28082889eacb003d3bf6f00f015b6554b287f4676ef64f99241d2b |
C:\Users\Admin\AppData\Local\Temp\JEUK.exe
| MD5 | fa46d907577bb91ab5c1a6a3025e9aed |
| SHA1 | 8dec7f07dc4cbb05188e8fc15e73ae355c38ae86 |
| SHA256 | 9e1008c08ebc8f8c76ccec8c9b8497649f731c4b472fbf697d316ea39adbe971 |
| SHA512 | 1ee1fa884ec0c369ef79e2906238dbb9312e7aed60f1aebc0728ef6682b06feba05a6046e0df3dd57ab5ec1300369aa8bd6d684fd412cc7c775204b5a6fa9bf4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe
| MD5 | 347459d56b759ed5b28cf1d386646a2d |
| SHA1 | f2e8f07b4e62adb1c914d8ed922f77b081996761 |
| SHA256 | 96cc317d8bbf94493959222dc69a6802767bba1ec93be5b9c7c1bcfef9e7ad15 |
| SHA512 | a78f15bce99ad292d2f8521c83e5fc65dbe84c98d889b07ee18384047201d1abc32738fecd9a5495d8b7ccffeaa5898e5bc89099e6586bdb4666b431fb639725 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.exe
| MD5 | 68038fb1ac89536447f3f7eaa78a215d |
| SHA1 | 9d48088f0fd60bdd089661869bbceb9a1540abd8 |
| SHA256 | b7e4c60f1aa5b0291bb697f393c78e6db69993e5334e78af56952f7f554d447d |
| SHA512 | d30d75efc9b0b23ce0e9c0ebd43231997cdf8024b224693cf70c3d2a495f78ce2769463fcc30d89b2f29e9d8f2034e2841f5f7b791d9ccd21cc4ef65bc6c109c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | db6a97da172924c88128dd82ab8f2adc |
| SHA1 | ecea98969f7de33405746839bbca860d8863b6c9 |
| SHA256 | 2e576bd79f150bb93260e745b0097e0e486b498666232cc125feeee14ad12cdb |
| SHA512 | 82e6f6c213e6ef59981d7cdf27dcef2e79de26a7ed8124806c21009027858389bea1796ed467c3a0823f36e122ecbc7a68b77bccfc11648ba2592f2d9b45f8ba |
C:\Users\Admin\AppData\Local\Temp\koAa.exe
| MD5 | 1bc40382ad3c92d98ec45adeb4274291 |
| SHA1 | 272f5b4301b464d12cddd57a2c0b64dd265fcdf8 |
| SHA256 | 46e4680ec112da7dbe9c11c6b067ac1b11d1ddd45c29068b9ec35c3af3171181 |
| SHA512 | 0893f20490d5d2200d557e6c9aff0a014aca9b4ad9311fed675f0fdc20ae3e987a867e62d82b9232566bef6d17a5e40f964d176bc8e2128dcf872399c78bba70 |
C:\Users\Admin\AppData\Local\Temp\PUog.exe
| MD5 | 77f777743482ca23f6a772ccb8148ed1 |
| SHA1 | 6cf109c8b7f15f3152dc4a8289822d7294fda230 |
| SHA256 | 59a423a267d905893e0d97192c59a137b0d5d2a0a7ca10e8230c58754177286e |
| SHA512 | b55fc2b099ec999ce0498248cc4da87ae96aa65df9184ce941220e1ac128134bbe908ea0be1e496b246b2d10e6cdde39785e537395a6518d245e050f0a539bf2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | bf90d204003c295005b54ffe48a200c5 |
| SHA1 | 81e7ddec8645d910a3e0a04deaccf07914f87b22 |
| SHA256 | 2c72a5f2cca1c53c46fb1ddf774379a5e8fd271568b8ab290ef6ec8b69f94d56 |
| SHA512 | f3117d65f8f833a63c820126bbcb14a7023b954e2d2c54898b9fae7116a2d7566693bff3842b1479a0a2c84a24b02f52f9921e14821ade06c91c1be3eaff2d27 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png.exe
| MD5 | e4e060bec59bcb7457a479b95f844547 |
| SHA1 | 8c39b8f04867a792a19776d0ed2ff7eba2c5dcba |
| SHA256 | 09f2ac1ce4e016bfe8f394ed2e9bffd624d6c0e6f0b17b6cdaa80f6a10f5573f |
| SHA512 | 6b4b928908807ec699124c0fb2fc32dc0c89c36839618d2e647086bd5f9ba7fe83410c0f702e1378d8886c03ee66a29cb2cc7c30351a8569360a710903597258 |
C:\Users\Admin\AppData\Local\Temp\IkgU.exe
| MD5 | bf6c6b045a259a963717405ce625bda4 |
| SHA1 | fb1bba7fe919248df5e4d060c0ad02e4129ae4c6 |
| SHA256 | 8d478c1553427298d45b370310a7891fb77979b0972f972b9a4dd70c895258e7 |
| SHA512 | 1a11dfef6b6d9da7a811e696ea424a0c4a934cece644b69aa375b9658ebe88120d98165902e14edf08de978769d4cc9d926c72f73b967237b89d9465e1b5a93a |
C:\Users\Admin\AppData\Roaming\AddMeasure.jpg.exe
| MD5 | 9f242d43042c7c25c768cc281ea9998a |
| SHA1 | 0c20c0eac081648453fa4aa945c21f06dcee04e0 |
| SHA256 | cefcf480380af7617dcc360788b56c5c2e604b0dd4ac28bab5dc620c6ef34a89 |
| SHA512 | 4b61e96fd432a925fc0b9b9d6c7058cb717d5452f027af12c693f26f8ae9abc98e7c04eb469d1dbc372a31969c51486d2a05dabae1b386235d637331c3c229a7 |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | b23a4d916d2ca2b929adf4826d22bd7c |
| SHA1 | 3a659f58bc88aa04c868502f5671b1813a898feb |
| SHA256 | b82095a1c44cf87a241b1ee3606fffa0d92175db8d4afe544815f7486def3d6e |
| SHA512 | 9a8ed6999559a8c1778d62c814204d6730bcacf745ac490fa2eddcfeade00b2a28dbc2045dc8ddd5aa1c829350df1262ea6263ef48e6e7f07357d5e8281b1d6a |
C:\Users\Admin\AppData\Local\Temp\tIUy.exe
| MD5 | 7cac55d0b630b1b09ebe65131062da41 |
| SHA1 | e1c191bc3af0464d315369d3fb6b543422c4fbf4 |
| SHA256 | 88b8da855f1dc717e4567ebd3cafd59b1bdf4d5cafcf18c7425ff14d504dbc04 |
| SHA512 | 47de8460582eca2a21be875e8a46d4a692517624c6494a7fcc83982bd9d170d839e8136437ba6ad5eee69d2d8a7f26ce3cfec453b3aca8c6a2979663d26adf58 |
C:\Users\Admin\AppData\Local\Temp\bAwk.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\kUEC.exe
| MD5 | 7ceedea1b103d054d6054ef34258aab4 |
| SHA1 | d0830ce9cbe3ea80d37ef6c437137483e38e3757 |
| SHA256 | cc48c18ecb71cedc4ee6789fe8b1508da4144de58cae5db175daf0e8de4011a1 |
| SHA512 | 7d03823675adc93a4ca9abc9407421c94fca53f5a0a135674249be7a19c979857bf1b9068be934b03856477565ec5fbaa8a2ccd0a02671abdaa23183bfc0a0a0 |
C:\Users\Admin\AppData\Local\Temp\NAcg.exe
| MD5 | 755c0ffe25c46cd6131b7b92fe4ccf08 |
| SHA1 | de8e2da2796a174ff0843ac67219e198ac9a870f |
| SHA256 | 38ad94a6314b82247b5e0c776ed7dd6e7902ed925c0d394cf635ea7bf067401b |
| SHA512 | dd10259213549bc1457686d17be6a5812e04157ce59d80a1ef0395e428d947e0e17b1370e1f78287eb4ccdff34cdb5d888936f6e69da1705a8d23c5f02190282 |
C:\Users\Admin\AppData\Local\Temp\fEQA.exe
| MD5 | 42b74ad4348c95e18f55460ba7d83920 |
| SHA1 | 0e7d09944a28d198b2a2433010dae2b4b5ad8745 |
| SHA256 | 979e1518f726ffbc6d4e5f89d415c5cea3fbf9b781f4dd87f033a1a6856ee893 |
| SHA512 | e51826a44853e2ccaec145335015bbf955770cfed5652a20a681f446d6e95feb4d184118712aaed13e02e456c089bb029a077a61d6c88f30641d0e30d7046dc6 |
C:\Users\Admin\AppData\Local\Temp\hEwY.exe
| MD5 | f806fbeb1f2d90f6ea5bf476b6efcf73 |
| SHA1 | 378070a3f911b67a968e5066ca9f098c30350871 |
| SHA256 | 4618b2e1773e3662f177fa52d1f9b907a99ca1582c69de320a8a663b2c92fea3 |
| SHA512 | 67c7cf77d73aab0ee63382c919726300759956a82822130602589a78ba62c8f5c550e223bd3238b3fea845fb88e4e69af74833d0d8bcfa78b95983d056fdedec |
C:\Users\Admin\AppData\Local\Temp\NwAC.exe
| MD5 | a31633dca8fd11eacb5054221b4dfb8a |
| SHA1 | 090cab48273e197958adac09171e6ee596da1eaa |
| SHA256 | 51bcba6c6ceae66f1c6e88e9752b95e246b37a309b6d659b6e461028ac612366 |
| SHA512 | e71f712c9f0ffa82967f354ff6a67ace15c1c8ea0b2c8f08c8d0fdc6d60c78504fcf971a331b4f8c3f2574c770a9e01d253eace3391ad159d5c1d4f728b18f4d |
C:\Users\Admin\Documents\GetCheckpoint.pdf.exe
| MD5 | d67fb590435b6a19efb4e9fe8d7e3f3e |
| SHA1 | 45388c0f6057e42bcafdb5548afc2980fda3e89b |
| SHA256 | 87f800c972aba3765573064a6f40e7b2a644f571a83831844ecba48ab4cf3e6e |
| SHA512 | 0675b93831aad1f0bfdb6d5d6011358e3414c5e3d3e732d5c465a44f41fa8f8902633ffc20b96d442a517442f2e0e04b4eeb6da462b4f6dc6e5a53079f4f3300 |
C:\Users\Admin\Documents\SplitDismount.doc.exe
| MD5 | ba43ce1d827ca1e5c96e2814fdb9f866 |
| SHA1 | 57cab643105f71547ba8a6f14f6ce78e912282e9 |
| SHA256 | c8fea85fdc7520895c0a6a897637275adb2e9782980471d3059bec330178b5d0 |
| SHA512 | 582f08bdb8dbbb8e5282b15524ea55ff6f5bf32d047f16eac269f82dc27a5b9c784d6d8da206c3376a41d7366d22d98616d8aa54c7dd2531209df8378cc4b134 |
C:\Users\Admin\AppData\Local\Temp\ekAK.exe
| MD5 | 67c902f298ee965969ec82fd61726667 |
| SHA1 | 0db5c89f0bf8e89a0f8082e8ec96103f3ecfbb34 |
| SHA256 | b654a7b481cd95ac0ecbfc871d12ba807ca1709cede2ad0625a3176f107b18de |
| SHA512 | fb7321174ef6f62c8371e873b52807cf4879c20ed92f2ca6868ac6d6ad6c6182e1c67260526ce1babfe841cf0b5565787994e9726e2c1aa415b74fa9f8720e89 |
C:\Users\Admin\AppData\Local\Temp\iYQy.exe
| MD5 | 3db10087906b65e6184e75d63fba15f0 |
| SHA1 | 3dcab988e0856ac7b5cc7c4d7e1382d3b3fc3e68 |
| SHA256 | 07870bcece1e1d1fb23016882151ae712a217a3a9622e42f6ca3a350dc704700 |
| SHA512 | 6a2e1392b80f64c4bd110182955b0db97a263e7b7833e2136dec1b51bfdf7e34680c64513ed33a6d5cf8fbd16320e1f461e48a37f8452f0ee8becab17a2bbdf0 |
C:\Users\Admin\AppData\Local\Temp\owYY.exe
| MD5 | 9e70afc61489bf5adc2381b95049eb7c |
| SHA1 | 7b83105dec5cc80b9f19081993fae74046581bc5 |
| SHA256 | 4b475a16ec06fd37bcdaef0cd9aea84bccfba857d67b576b32f78d1fa7c1d0c2 |
| SHA512 | 20eda55dabc4340c57fc547c40f648699bb16125b1ca30f4d07d4c498dfd2c09adb3a3cc892fd6577fa04b24da1c8fe446df36b50942a86da81bfcd6bcf1dea9 |
C:\Users\Admin\Downloads\ConnectGet.mp3.exe
| MD5 | ac91b95c5b681523a8bf7967519e5d0d |
| SHA1 | 47aa26b5241d833bdc32b96c2f56f629f92d951c |
| SHA256 | 6c0b80174f75012ee6f49df9b68563e3eafaf72d3046e9307dacf51f61ca08a1 |
| SHA512 | e71d171c21cdce025c548e813503830332426ba67774dceb30e9310cd214763765aeea21a93bd1d7441cd4764dacc737f0eec68fa6095426bc119b3934bb91f2 |
C:\Users\Admin\Downloads\DismountExit.zip.exe
| MD5 | 9a006d06089d502990b81af471f69fdb |
| SHA1 | 849e5bc395339d41a4bf5f28804820cb8c6a3726 |
| SHA256 | d33d32f69b493779cb0197b2ac9db87541f8fa850b2570e2220834a6bea851e7 |
| SHA512 | 5c8b8cd3f695e0aa7e9a386b1d917f9dd9bbc9d5938c36b0703c9a625a28c529106fba22cd5267b23b461e67c1372cbcf181e9e1c0ea7162f54244e1a054fd89 |
C:\Users\Admin\Downloads\SwitchSuspend.jpg.exe
| MD5 | 98bf693f38900552b8aadc0ef85a5ef6 |
| SHA1 | be1130eaf7fe7e787431dd60db95e145a7f015e3 |
| SHA256 | f23d23cd2cd950e0683ca2a9e5106e6c1eb1fcd567dca50e5c3f9b2fdcc8d80a |
| SHA512 | f792f7642751ecf453bea3df18be497abac6c2eb7deb23abfca932afc636c1e5c56a9705afb82a136c7850ddb491e43b9968fe24585f7b92a3b370732b1fc6e7 |
C:\Users\Admin\Downloads\UnlockBackup.bmp.exe
| MD5 | aeceae5230bcc0819b3c8f5d8489971b |
| SHA1 | 6fa4a82c6553e5cdefe47f05a987d0587eed8d2f |
| SHA256 | 5c586f3dd79648099a9eceb546fd942ea096bbb0a8016d4ac109c3f33cf086ba |
| SHA512 | 9fd4a39e5ee510e4f22e13e87a093b01b7604e29e20969c3b486267a12787f20e74ac66a484dffc8b362bd83fa56eabd9918fd1da3140053d5abe65d3d161df7 |
C:\Users\Admin\AppData\Local\Temp\UYMY.exe
| MD5 | 396c2633ab80bf7d4bd526ed853480c4 |
| SHA1 | cdcbc5650dfa94ea43ad39e5258600aa5f7648a3 |
| SHA256 | 1f3a8d2eb7042762ca79fccc31f3ca5f810eb5a485d5f693d9e98e90b8543e91 |
| SHA512 | 5abc5063174f2fb99809d743ccf68160bb3d68b9abb097634e3b08fe9401386ebe24277ac85fc75a00ea5e5bc96e82ce8ad1273dd2d87127c6784503f0cbc997 |
C:\Users\Admin\Music\RegisterBlock.rar.exe
| MD5 | 963789dadae500453f565e7bb131d8fa |
| SHA1 | 8f85cf7c77e6f08e2294156086b7580a67f5b118 |
| SHA256 | 5a344591d346eafde1fab3cb29dbc00f0464bd73fab1756acf83a91d779c3c93 |
| SHA512 | 24c73e8193181c695ee119aea9b77ab2cfc871dbd1427a6243ae7759622af5e172f8016516b91a53a9ff8a049a758c4a3de47e5ce5f72fdf9858a7514ec2aedd |
C:\Users\Admin\Music\TestApprove.gif.exe
| MD5 | 337efa8d194d3f64a0466e8cad7e4a70 |
| SHA1 | aebae7e6fa8614c478aca8412a1916087510e0b6 |
| SHA256 | 5da467fe52f571bea97761587b914b22b1b9c8a9ca4b19412327ba15a0400531 |
| SHA512 | 1c2ddf1cff55fa454255e61035590103cd428e8d813e53e16cf16a3ad8863c7a0d6d88809f9df4ce2d8b7d2308c02ef9771d795de60661e84cbf4d14934a619a |
C:\Users\Admin\AppData\Local\Temp\cQkA.exe
| MD5 | f9fb922aeef1ebb8149c3a66a45758e4 |
| SHA1 | 413d6f7ab47af58db095972059cd019e61e8418f |
| SHA256 | 5782748ab2329a177693e5be26d7cecc21b2d56fa023fc8ba59b5a75c3139bbb |
| SHA512 | 7bd8b7e58cefb0507ef157e0674e014a65e4037fa308ef6b7fd21548eb99ae2979e487c62b2f6ed9e5f4159418a45f347f1d2f8a87b1f643097e9ec39fb28834 |
C:\Users\Admin\AppData\Local\Temp\GEUM.exe
| MD5 | 3ff3626d8604369b4d499b9af2d46803 |
| SHA1 | c468646e301eb325f2b17c38fb370861250e449a |
| SHA256 | 48dc8e398dd37d85f8ffc065b90c7550c8af90f6bd98d1efb43fcec2be9a0c31 |
| SHA512 | dbf636c1e59a9ef77812cc9bda9c3b8c3ff22cf5aaff37e24dd35a534a5dabfef3619652cd20ecf1e7933713594ad6fc4922ef621d74c2b2f777e9d1d3025326 |
C:\Users\Admin\AppData\Local\Temp\VYcW.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\Pictures\ExpandShow.jpg.exe
| MD5 | db8fc61bfe916502dbb1fffb5ae880f8 |
| SHA1 | 10133b60188a570e487339d02c67ac90899acb7b |
| SHA256 | 404f53c732c5991ee68449746ec4535e931589e589bc67d83b4b07a3dd3eee9d |
| SHA512 | 9846b57ea1b195826eede2c94d20924c3707e6e870e2bc2b8a1b6c6022e5033ad016a9c43a1cdc3e73f76cdb1d7128a791ab53f84658b068ab2c5fe5aa2697c3 |
C:\Users\Admin\AppData\Local\Temp\tkow.exe
| MD5 | 16d32973d2c9e8f305d0c10276228f0e |
| SHA1 | 51cb85e034b01d073d8ffe165f8b9cdf7cefc77a |
| SHA256 | c06b1dfc83bdc0b1b0317d316986923f2be68e159a1c2643f682e84927bc232d |
| SHA512 | 9dcbbbe55989f9340b5c2fe01e7d2bf49ac6a740da4f19affd6ac7e17140b57cf567f49bdce7fe5df8eab9d5ebf415ad29bd7e9fd1331bc7ef5d0461c92094a5 |
C:\Users\Admin\AppData\Local\Temp\LwkK.exe
| MD5 | e1a0f1b0e5eb33236b887e16a95e80b7 |
| SHA1 | d7e3aab73cafaf6ebf451820b5a437e2c88ab3e0 |
| SHA256 | 2b85efd7f423f2da347a0ba53e17cda35d5170054e9aea441b810e38692573f7 |
| SHA512 | 76a89f225f007c00327369e08123d2793839ea0be13649a1d003fe2823fc74adf4592fe48e2689203a5189ffe0c5a6fcdbfc8c25d55ef1c90021ea08602bab25 |
C:\Users\Admin\Pictures\RenameConnect.bmp.exe
| MD5 | 23b0114a63109b8113539b16107d72da |
| SHA1 | 5f706c6a9cdccbcb9e22ce371d9fa43c41e6afd7 |
| SHA256 | fe20510d7d31233a6b7053fae4ddc8e35f1761787bd1a1e7d65048e7f899edf8 |
| SHA512 | 71fc1043472765d0b111518f66280d2a76f568fb4b470d6dc8915c9cbd72f2fc60a36e1858072bec276846369e52a68d01e26291afb387c23eba0f62369ee76b |
C:\Users\Admin\AppData\Local\Temp\Voom.exe
| MD5 | a95c8fcec89baeaab6eb98d72fc25cd1 |
| SHA1 | 7fc57c3deeea371ddeafac31c17f39196ad8b311 |
| SHA256 | 0783d270954f3adb4543da3b2fc6f3d3745268ac7f2c4a7a69a5ce54cd043fc5 |
| SHA512 | 8cfbae01c639814ad31822cb50df482604af2883b17489e9b3bc42bfb3ea6cca8e9f7c322a53efd6b9d26d2ee432fe9f64e4ff874bad0174d852ae5651f22b0e |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 2b8739a7b423ebc585d32b8aebd9ad76 |
| SHA1 | 47950bbb0c95a1b82868fea6678c596f49172b82 |
| SHA256 | 64973059eb88f317dffe8c7aa9508d76ca33b1211d06ebca6c9d288f765c2b77 |
| SHA512 | b171f34ecf289105230af0b711b66fba9c1cd8fe519d3fc2d7f5c0b32cb30165f551a0e25ecae9172c3406cd0dd57777f01ca16e42e6af2bded205adb8a01d61 |
C:\Users\Admin\AppData\Local\Temp\fUso.exe
| MD5 | af8c1a87fc4a71555d16f80a8ea25f64 |
| SHA1 | 7e1cfe5b2a7268f039e85c107d499957a3d3222c |
| SHA256 | 58c8b1e79e3e633747bdbcfbedc3ebf6f2d90f4e328e0d160e36659c68575871 |
| SHA512 | 581a0632f81e179ec96d0bc177264529b31ebe1aee402d9040ef29d7d0ca55894136f9bb68f65438344f781af932d399d91f03fc3a952baba224f2084cf4215d |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 334d18575b3c2b1ada275ae9a5de6504 |
| SHA1 | 6c3aa32dd36798f09c4bf4b25add037ae2c7d61b |
| SHA256 | 688d0b18ccbace343bd6780db00ee5f912a497c127fbf33fc12126f8ce55ed8a |
| SHA512 | 7911ae2909c723e939042c1692e949bc92fe9a1f20a6b4502b3904c4237879db006f3b33be0137bcf98da3de529a2d3254a9a0e7f7c9e3c0f24ad7eddbaf23d9 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 7414a08597ee8f30c34b6efd119623c8 |
| SHA1 | fcf9285a7338eeca6eca77fefa24b20bbdd92e83 |
| SHA256 | 3bbd6ef77ef590db17edd78190eec388e65303a089c50b7d2db33032c4a41e96 |
| SHA512 | 5879ef8bf6a14c0ec9e790a596d60df587e6bc1220ba41f8035fb0680370fb790d83f4bb990a7e7b2b2e6b0011b10ede6c7401005c7061a9888dff7c7adcd387 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 901087389152fad0a5a2f6977e688a83 |
| SHA1 | 68ebc49e2a66d097813259125c66bd2c8ab35b09 |
| SHA256 | 39c4f66847ef8ce161dc93107f4d9b635aa4efde4b7700b541d3b3f9653b919e |
| SHA512 | 8d9fdb676329107fa5227ef0d13958dcf736805af2409181218df0894806e68a94123f7313dd156ea4cd460e2fa552f2e164c9cdb50c8fd1c87d5f69d8e6a4e3 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 4689dc6b6ea49836b6279ed5224b946d |
| SHA1 | 08e2a8603221f4ccb081b7c6a4c991144b915044 |
| SHA256 | d7233711f59b97de7ef55827f907e7ddbfe7982e6229e82b414c0295370ac049 |
| SHA512 | a905766fb8c558169618190b3e2636ccec58c8ec58dc6cc8412944913ab99bccd400cad2c37cf25e7fee63e77ddcc80d58fa8e515f8ce43c9de8fdcd1c94deff |