Analysis Overview
SHA256
dc1c31aed64946afa7cedc15497ada98cb15b20b28db91bb5dfa3a08915b934d
Threat Level: Known bad
The file 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (78) files with added filename extension
Renames multiple (61) files with added filename extension
Deletes itself
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-15 10:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-15 10:41
Reported
2024-05-15 10:43
Platform
win7-20240221-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (61) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mmckAIYA\lgUcsYAc.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mmckAIYA\lgUcsYAc.exe | N/A |
| N/A | N/A | C:\ProgramData\VSgwMYMU\oysAgQwA.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\lgUcsYAc.exe = "C:\\Users\\Admin\\mmckAIYA\\lgUcsYAc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oysAgQwA.exe = "C:\\ProgramData\\VSgwMYMU\\oysAgQwA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\lgUcsYAc.exe = "C:\\Users\\Admin\\mmckAIYA\\lgUcsYAc.exe" | C:\Users\Admin\mmckAIYA\lgUcsYAc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oysAgQwA.exe = "C:\\ProgramData\\VSgwMYMU\\oysAgQwA.exe" | C:\ProgramData\VSgwMYMU\oysAgQwA.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mmckAIYA\lgUcsYAc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe"
C:\Users\Admin\mmckAIYA\lgUcsYAc.exe
"C:\Users\Admin\mmckAIYA\lgUcsYAc.exe"
C:\ProgramData\VSgwMYMU\oysAgQwA.exe
"C:\ProgramData\VSgwMYMU\oysAgQwA.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wasoAoYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cekkgIoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mucQIIow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\guIIAwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pKYgYEkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xUkAYAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RSkYgcEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WucYokoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EmoIMAoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wgkkYEgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aaAIAkwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lgkQwMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZGYoEkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XMMYEsgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vOUoMcow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QSYkIQYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iQIkwQYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uWUsMUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UCUMoMIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kkAQsgow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\liYIMEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DyswwYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lEYUwIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZyYkAIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kWAMQsco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IUowgMwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IwgkgYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Wkskgkow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\euMwwwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQcsgYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RawUIIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOYAwoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SIsMUAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWkIsYUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gswAsEkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QYAcwQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LecAEooo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VuIMMgQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSMEUEow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wgEAccwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GqAsYoEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GSQEYoUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\geswAkYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QuMMIwEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nGgsIYMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VmEYMEcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lsUgAMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsQYYIYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ockcAIAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QsYosQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ewMkAwwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KWEkwAIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tycAsMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dmUAgAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lywQswsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zooYkkcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GiQUUwAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UsowIsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkwMoIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YEoEcggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NmoUAMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwwEYQQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BiMkkUMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fysgsIgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uaAwkoIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eckkQogU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcAYYAks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WggsAAoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OIowcgks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PmUYEQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lisowoMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsYYsMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FOkEAMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\taIYcwII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aEskUIkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsYQEsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yWAIYAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zYksYgoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NeoAAkEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HmUkwAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FgcYosQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SQsscQIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YKEcckEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MYMEwUMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAUQkgsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QmAMUAgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rmkgoAEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nuUYMQws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lQooIIYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAwEMMgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gAUkAMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EeYEcEEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgYMQgoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AkcsEgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UsQMYEUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmQEsosE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZoYMccwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VCkEQkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TeAEAcYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqcUkYgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 172.217.18.206:80 | google.com | tcp |
| FR | 172.217.18.206:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2256-0-0x0000000000400000-0x0000000000433000-memory.dmp
\Users\Admin\mmckAIYA\lgUcsYAc.exe
| MD5 | 5fb392b01a6269628efa194c77cbf35b |
| SHA1 | 86c0e867d191e0079fc58f783fc9a412d7a40c0e |
| SHA256 | c7f76bec9b445ba8c78c2a69473f1d27273ba4a2c4a9f32e705f9286b445c51d |
| SHA512 | 76edd648f56662536b5e1b09e2733acf0d01d1bab9d268c07bd40d2596439b8b88147315ffe27a06c2b66ec8abe0e51e4741273da47ae372278c58bc37dbe1e5 |
C:\ProgramData\VSgwMYMU\oysAgQwA.exe
| MD5 | a1f9d0b209b2ee3f6e68c737c4a9b266 |
| SHA1 | a082edb75bba20fd95833451f50deca0ec2dcac8 |
| SHA256 | eb2112332e166c05cc21ac87ff81d5993ebbb35f86d1bb2747f567e7f182b1ff |
| SHA512 | d6f8ff2fdb1b824bea8aeb27a2aa411a1568c5ec66aaa421b3d8a7cfce611034d7f89f0767baefd451bd1d9948176c6264724d62482c30bf8c09ece2e3e4f41e |
C:\Users\Admin\AppData\Local\Temp\YwsMYMIA.bat
| MD5 | e0ff941122ea2bc7eaa3b05c5eceae5f |
| SHA1 | af23d5d274467c1d69d0282fb66e7f2790667071 |
| SHA256 | 0997d0e2801ef5f1e0661650f60819791ea6fed32c967d219669babbeb66a61a |
| SHA512 | e1f2eebe2780bbb56057e74313a7bbe2328f47e8e148f9fe6b2d786e577bd27400174ccd5a34bce505a806c1db1a3d2e39b18a144b03847905f75b1f2f5feab5 |
memory/2256-27-0x00000000005D0000-0x00000000005FF000-memory.dmp
memory/2256-28-0x00000000005D0000-0x00000000005FF000-memory.dmp
memory/2604-31-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2256-30-0x00000000005D0000-0x0000000000601000-memory.dmp
memory/2944-29-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2640-39-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wasoAoYg.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2256-41-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2072-43-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2640-42-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
| MD5 | ef625f28a5fa08948768d1836c3227b1 |
| SHA1 | 96a6f727228c1ace18c93c9b6117b0cfe7f66a74 |
| SHA256 | 9074d2d9e945ad6999ea143b7ed0a3d0007ed71c2fd6703253ccbdf5238ed889 |
| SHA512 | 0a72a13de0ad7e0bf32771d0c3c6483f5878bbc39393f671361454775bb01450ecb0a3a4443102fd4f76e26a2de58e720ea705465464ca376a8b517e2cd91635 |
C:\Users\Admin\AppData\Local\Temp\wCwwUggc.bat
| MD5 | 8d4d2ee33df7c4c891e9ccd00d638ee6 |
| SHA1 | 0ba914d534c6ce8ea51a9bc8923964e6d60ca041 |
| SHA256 | b84ffbe4209267f193f45487113b17de8660e9877703791834d1c1e4e1475f95 |
| SHA512 | 26b376d88b3c699cb418b513149073f25337253279f9ac93fdb7a9e44feddea43a0513cf0d65998dc121d82981b70f1988051f62755c66434588eeeb43e37719 |
memory/1628-59-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2696-58-0x0000000000260000-0x0000000000293000-memory.dmp
memory/2072-68-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UKUEoEgY.bat
| MD5 | 3912f8be5ce04a39d23ba2efc9a46208 |
| SHA1 | 374e38c065c1678b5c1909a331474b1abcf31332 |
| SHA256 | 8f2b12510343da8c7d6da1d7efd74c2483122947ed7bed7010a1bfad9c4af837 |
| SHA512 | 137c82e319efd2e56e6aaaa0fde4f8bdab3316710c04be773c38502a6ecd06918c925a8a5dc3e33382e6642e51e57ff26e6eb2baf430fcb1c36b760af0b92825 |
memory/788-82-0x0000000000400000-0x0000000000433000-memory.dmp
memory/780-81-0x0000000000150000-0x0000000000183000-memory.dmp
memory/1628-91-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OEMMMQgk.bat
| MD5 | e47a0466016b5f7ddba99f07393cb7fa |
| SHA1 | 8701d0effe0cd9203d50969a3d0e5706119e1ba6 |
| SHA256 | 46b783c3fe08d907a4d75b07fe33ce8b54d1bb7fd13c31699a4174605ecb98f6 |
| SHA512 | 2866e7312cb4ee33645586018d7978b1a097826cc55fededdf5ff27260507feff1ae70a127c06c8fa50942e677a9a316c3c11e556314024a1a64e198bad28e3b |
memory/2224-105-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2768-104-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/788-114-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XKAEkkwg.bat
| MD5 | 080c6c1f994a18abb221fc57b88f8bca |
| SHA1 | 10b9171beba874fe15d3118e4ab29858d3905043 |
| SHA256 | 5c272bd53dd15fd77154840d0744c4919cbeaa0c3293bb8c1df650e3f90d3bc4 |
| SHA512 | b981a5c856af44ecbafe51f072d1ba25835bf1c4d7a7a007ef335063bcf6456d784578593c44926d4d2054c9fcefa1586c8b04a705522619cea40b924af4d645 |
memory/1476-128-0x0000000000400000-0x0000000000433000-memory.dmp
memory/876-127-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/2224-137-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hagkgAcg.bat
| MD5 | ccf034bd2c59f2b2493f445cab175626 |
| SHA1 | fab8783c5d12c1ce4a717db3028352be74657ef0 |
| SHA256 | b8d3d2290c06043902b1275630b1a49648ecc05590bda70eddc3ba5e96c05420 |
| SHA512 | eeb101a257def4e68c5879b5c28d3badea169b0cd0e6d926c04a30113aee92808a9dc32e0e18d148169ed7d5c5c1bc6380efa505eee9696afbdc9ef3a48675a4 |
memory/2920-153-0x0000000000150000-0x0000000000183000-memory.dmp
memory/2920-152-0x0000000000150000-0x0000000000183000-memory.dmp
memory/1476-162-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCYcgYYg.bat
| MD5 | 7db97ea16e4c26833491bf4463f07c09 |
| SHA1 | 6208a325e0d260e1ec5903016d06d5dd7b6ac7ac |
| SHA256 | a547b956b9c6bf60dc4999a1f5f0cacaa36430d5d264217a39f35ba3d9c8e836 |
| SHA512 | 16efae322e7cbb325d68feb42dd38d8e929e582fdd0e1621ad797ce93aa13873b65b48e13e56bb9b8047ab6d61cd381defc62058a717db60f7f2c0b338239405 |
memory/2660-177-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2420-176-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/2420-175-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/2012-186-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RkQIgQkQ.bat
| MD5 | 8d757c19c95fc8eb3f20f31ce3227cc5 |
| SHA1 | 8b784a7e5c992b92fdacbf43f3dba85a16165797 |
| SHA256 | 9577814ad54de7d7ab547dc6915bf8bd60f7c2001482a6bf12237505ce2235d2 |
| SHA512 | ae7f7bdd4fc9b2325944571963d0d57c7d1e4ef86653d4815b9e18f3582fb5870ed57c37794c0b6ee6f98740588d6831ff40b03439117f6870c35a1c89e794ce |
memory/1536-200-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1716-199-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2660-209-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WOskQAIU.bat
| MD5 | b75a7443bb60b17de85c3713b91e249c |
| SHA1 | 2b0baed8348f1b2d30b84d948ce390bd87ed00e1 |
| SHA256 | af5652c66fa1d141ce66bc3bf3bb632f995d143b02a5360388160d7665e0ef7d |
| SHA512 | facf784622e88524a04da7fe2ca560a54a7c6e23f3faa4ff1776d4b30068b3796db75fca8d9cea8f3842c4bbb77ddb97feb3eb96ecc3da5d85085cc9ed24ccee |
memory/2796-222-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1536-231-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IQkMggYo.bat
| MD5 | 400ec2f7dc3cc59f3a8cfdf51389f45d |
| SHA1 | 975676db4ea4534a770fe3c9b9f417db4b2fd803 |
| SHA256 | 23aefa34061a29a2ba7ca0c9a356ffde1fa98f72a4d45e3ec9c68f36daa730be |
| SHA512 | 1f2378067389fcd0119a015616a766250e8f04fbd58ca7edb8b2cc52387a49337e193c2785696536da2b6802d80b22855d1541ec84d03986cf766e44566dc36f |
memory/3068-247-0x0000000000400000-0x0000000000433000-memory.dmp
memory/636-246-0x0000000000310000-0x0000000000343000-memory.dmp
memory/2796-256-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qCoAwIYY.bat
| MD5 | c1c6e15de1061e5476634469eae7ca16 |
| SHA1 | 6d192cdcdb87a3fd6376568ea1c0849e6076dae4 |
| SHA256 | 310a280bc201adaf840b237bfd097382339ad2281482327bf4e65b8c02d8c0d1 |
| SHA512 | d3613312b91430b241968d00e966e8067aa3b9ddcb73e65ca7111c143171cc34e9759fc16769ed84a7c351c521c99a7594d13c18b497a385f2db4be0497310ba |
memory/1052-271-0x0000000000400000-0x0000000000433000-memory.dmp
memory/472-270-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/472-269-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/3068-280-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qeckkoUY.bat
| MD5 | d68c60ef6c9b4e372afd569761822fc0 |
| SHA1 | 96ac35c9012bd0b821c85288def00cb411cc528f |
| SHA256 | b1419f0a757cd1e9b2f476e6a217d16e747e33a3bcc4a9789f7e0ca1fed324a1 |
| SHA512 | 49f320bfca1a6088ba6a6ed6f14891cbbc2298328d57433d823bf7bcb21ed8849a7dcbd894805b94c4bd90913b7b596184ff7f40e50f92f6d6cf1e046edc42a7 |
memory/1284-295-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1788-294-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1788-293-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1052-304-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NyYEYYck.bat
| MD5 | cbce38bceef6517300fb5432eca40a16 |
| SHA1 | f72f35c0d2b3e795341009efa45d4b0acf67ef7f |
| SHA256 | 2c4d5b9bd728ec94c31a014a3b57a2345e921bfd8e9100229f788c4f9a68ee73 |
| SHA512 | e3956b44a9f18169719e2ebcc20d3205bb4cae86b2331e8a6a85e035fbbb5be2d1566c5e2f934ea06ce016459a0f3a1c00d84505f195d24214947e31d38d5ccb |
memory/1188-319-0x0000000000650000-0x0000000000683000-memory.dmp
memory/1284-328-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BeQQosgY.bat
| MD5 | 3dd65d04b424c1a5d9a835f9a987d2ab |
| SHA1 | e02a9b36900585df14b628430f566513ef7df356 |
| SHA256 | 6dcd0bab84f0d6f5027fee795feed9dffa33d7f5ce1ac0f986d1523f5df20643 |
| SHA512 | 3b7d57a53d37d55f3153b4f3b6d8365fbfb4591126d644be0790835f37222e7ad5f2af49ae6b8b1360afd4ec93a27cb55dcd4acb37a949b08ed285ccf8b95bc1 |
memory/1868-343-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1748-342-0x0000000000460000-0x0000000000493000-memory.dmp
memory/1748-341-0x0000000000460000-0x0000000000493000-memory.dmp
memory/2836-352-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZkgAgscY.bat
| MD5 | 297d32094643b5eca040e1a5b12f5d03 |
| SHA1 | 4f7ede56eb364f4c0868ed59c543c002fed7127d |
| SHA256 | 6bbacffbeb8185606c11b501b956a94ed01899416c7a055f5e0d18de4e98f8f7 |
| SHA512 | 5f1871dc1bfa101526f4d6abb507b4f51c51df5bcb6f8bf041b3b1f717c0e7e7492428b6bf6c4974f6c70e6b72c529cc43fdd293a0c9322473468aaaaf99e9e6 |
memory/2772-366-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1716-365-0x00000000005C0000-0x00000000005F3000-memory.dmp
memory/1868-375-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HuQosEwI.bat
| MD5 | 8f410a0a47e0f59bfeec973d42d3637c |
| SHA1 | 9b5ce65bcf4596c596a44f42317da6a6d5cb8439 |
| SHA256 | 504b4f17a9cafe752c005ba47cb7e44a47a3312339147ba0b0548b31aefc128f |
| SHA512 | 5d2628f87be9a08613345861e1e393266d7d8dae30f23d35ec9ec3511cb000743e25d00703522ff06c8e39e7a073c7c8201d6ab295de2fc3dde9a41fbca30c02 |
memory/3032-388-0x00000000001A0000-0x00000000001D3000-memory.dmp
memory/2756-390-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3032-389-0x00000000001A0000-0x00000000001D3000-memory.dmp
memory/2772-399-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AAUIwcMA.bat
| MD5 | 78c9445244919e37d71bebf36e947334 |
| SHA1 | c78af49327ab9d4ca92eb3f159166a9c9cdb6b2e |
| SHA256 | d6d413af84f31aa83ab576c728f5cf773cf5a4a10fad16bd4dcb464c379dcc53 |
| SHA512 | 9212c4e757daa90b2cf24abf7468648561ce36f9c8a55210b7f8f111b9af4eecb1f7848759ce06e61621f939158b06b18b1ef7d767a26b9e7b421b706b9cf3ef |
memory/2216-412-0x0000000000160000-0x0000000000193000-memory.dmp
memory/2840-414-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2756-423-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UyoUAMow.bat
| MD5 | d830a3c5413962dcde8707cf22aab36d |
| SHA1 | 9d0a240e95be8270f9be62c3d38cbbb14f7aa2a6 |
| SHA256 | a2bf9a5c4c9d9bc083233fab84debd42bb53e609bc9f2729bcccbc488b90baf7 |
| SHA512 | 6aaa6cd8569c92eb5fcd4b2f2ea5d39b70fe8686d215b6973a237245742e885823390cc165215860f520227260b0ae612080b6f77b1e7057f27bc291ac8325cb |
memory/2656-438-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2488-437-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/2840-447-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YoUAUMsI.bat
| MD5 | eeb9ab1c2b925715e65e51f145683dee |
| SHA1 | 896fbf9c0ec455827fc5d3670879e56228f95da6 |
| SHA256 | 6e16fcd9ef015673b68d05a282791b6d5231ca358a156692d7692ab9fcb0ee1f |
| SHA512 | 9a38b5d2a556b71384bb0a30e522a48092bb439624257895ccbc64e7efb863022c1a95b3f9496058fcdbc21793eb4bc44ae9214e0ca1baaa851816a786a90e19 |
memory/2460-462-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2448-461-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2448-460-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2656-471-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MiwAwsQM.bat
| MD5 | f962800a18cade0a7d0b2fc1c7ee54b5 |
| SHA1 | ca8e011d2f250a76a7f36974f38cee0c66eb7bbf |
| SHA256 | c0978c6ea0fb9e0890205c76d01e22347b065ef0ab527c52ef8e887da72f3408 |
| SHA512 | 5419447d46796f2de6f2bf3a3e6ba7d121a3de3444c53dddba5f3f8d3a8e60ab4395e1d12ad7188ad0133fed2392be67841d8b459e4a05ba54296d17fc96807d |
memory/1188-486-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1576-485-0x0000000000210000-0x0000000000243000-memory.dmp
memory/1576-484-0x0000000000210000-0x0000000000243000-memory.dmp
memory/2460-495-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vyEYQQcc.bat
| MD5 | d98fe858f4c8df3ed41720beb3a4171c |
| SHA1 | 0b5579dc90e096465d6b3b531336f1f74fd5a3d4 |
| SHA256 | 445afb7a2a9a9f29eb890d38016bc57d453819a313b5147e9681f1e94636476b |
| SHA512 | 6ad54b513c7ff7cec167e4a5ad3cee40fbc301d6be71f6ec7a4ff0841c765bfae0cf9fbc7a3a3481efc2d6650bce6f1f36b9990cfec028034dc5ccd4e9d55240 |
memory/1104-508-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2812-507-0x00000000004F0000-0x0000000000523000-memory.dmp
memory/2812-506-0x00000000004F0000-0x0000000000523000-memory.dmp
memory/1188-517-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zMowoIoE.bat
| MD5 | 948cf16a2358c0e6f72e798f756bc8b0 |
| SHA1 | ec1458ab8b9a1faee8241bd57a61d46ccf6afbce |
| SHA256 | 256b3b36fa51fddb168966e59d49e2a812c3a433dd0b02b42e0eec8a716904ce |
| SHA512 | 2ea8c9fb0b7d16c81f61c3964189f043f890661b24d66a17660be2db9801f0464987aa88610fbdee9bbf81989b9025f536dfbfb585c74a7730ada87f6976a585 |
memory/952-531-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2376-530-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/2376-529-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/1104-540-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XIQIkYQo.bat
| MD5 | 9022225e5268a7d67e5231fcf1d55661 |
| SHA1 | 1bb03ff42ef43d055f9cbb20636cc64c1c730c74 |
| SHA256 | 077bd9c75d36fd708880e7051cdee93ad20ea3a0399eee94d92715bccb846d56 |
| SHA512 | 8aecf1a532671c505ee4bc3f448cabbd0f3eee92f74bc6a1e84fc7fb0aef955b2c51a952074ba87816530f26e145614a08e61a38d8e13b28762e8215263362be |
memory/3044-550-0x0000000000370000-0x00000000003A3000-memory.dmp
memory/952-559-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RGQIcUck.bat
| MD5 | d55d9023758ff090adff660485178d16 |
| SHA1 | cd62e7ea72a7c4ca345d91dad9a4a398cbdfed5a |
| SHA256 | 8ea95e65829cefa364f8f5195e2efe4333ef4c179f57fd7cf40908519f99c6f0 |
| SHA512 | c6fdffd55e1aa684cd3257b3e0d9fd2260e093fae304ee91da3075a7f122985ea27de54e36009a1b7521c90a0130d5bdd79f70f9783453d4cc892e90a6b5f824 |
memory/2868-570-0x0000000000180000-0x00000000001B3000-memory.dmp
memory/2840-571-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2868-569-0x0000000000180000-0x00000000001B3000-memory.dmp
memory/1648-580-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QkgoggQs.bat
| MD5 | 3606d2ab593568631d7fea00d72270de |
| SHA1 | 17390fc4a835334a8776a159954e326f886226d6 |
| SHA256 | 1d90e4f5d91e08772e0abe6950886acceab17db1b0dd7243e6ae724716fa5f49 |
| SHA512 | 86d4d16c535725522f41094335425ba124f5f0793fefd19872b318e9eae22436fe188819faa936fff10a9fb21a9f5f4fd2b223ae42a6e8fceb2e28c313bde7e9 |
memory/2176-591-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2524-590-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/2840-600-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gAAsAkMU.bat
| MD5 | 63266fdf07f96c2e432b57c6e1e0fbd3 |
| SHA1 | c903fed6ab7f54e84c1272f75d6f71394f2f0344 |
| SHA256 | f363c08456d3f2379e104c3d7b94beeae0c7d20a26881060d08634202eefca3f |
| SHA512 | 2aa44257fbd9d5d02e9135003c6ae32064f14074f44109240280e24cb965c96db4b521f495b7d74f20358d0e709b5dffba4e6dc5052aea4db79acb74f7650cec |
memory/2460-612-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2704-611-0x0000000000280000-0x00000000002B3000-memory.dmp
memory/2176-622-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OGcYYsEk.bat
| MD5 | 92405d58585c291fdded46233e822c77 |
| SHA1 | 2148355a9c8bea25ea0ff89cdf575093515b6d23 |
| SHA256 | b1bf6744b64cefa9fb894973b008a86cc4d07a4abea14d97c7a66f4b6bfdc5ca |
| SHA512 | ab9c46463fdb608d6617f8862a5d06326fdf10792c1a181065a3dbedbd04447445957f4e0b04de7e486f82769e32a68657bfa146f48cf613c842f91638bc5c08 |
memory/2252-633-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2460-642-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2492-632-0x0000000000120000-0x0000000000153000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IgIMccoQ.bat
| MD5 | 7bba8f1eb9871e07ddea45ba58fc5ad1 |
| SHA1 | 156d37f1221734ced227f645bba381a35f8c5ea5 |
| SHA256 | 9f136ad6ecefc6cfc6c79c2bcf09851f6ba8db7de9e541529fd65672baade7c4 |
| SHA512 | 8c29927de6e7cc009b78a901394c2be78d698bfcfbeb9adbafd4d0746ca7c2a9ee20e76940cc0bf7c9203b99bdf160b4b1655587a9a1ab31c0b6fd9778271884 |
memory/2252-660-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WaEQskEk.bat
| MD5 | 2744f341236511b57dd08182c7153a62 |
| SHA1 | e9f5a38560aff7b362d0ba57bf1ca377e3222d93 |
| SHA256 | 3502e1f8b9cbeddde46a1c057b225ae68cac0615ba306ea11f2cbca69b55b230 |
| SHA512 | 27a41c4a1526b645dab262a3819df03825f2ad196449d67a1f801d311ea3b0b44857a473a51b821b324196ee87f6576b80b0a761e4900826e3d734a201a9239d |
C:\Users\Admin\AppData\Local\Temp\TyUAUUsE.bat
| MD5 | e405a527ebf1d9174cc69e149249c47d |
| SHA1 | 05f489136094a4595cbd40d2385224fa10793e65 |
| SHA256 | 8357e8686cabf580b8796aa5eb9fb57440d6da358e79f535392ad2e706b338b1 |
| SHA512 | 67fd8adbeb6126b0ef36ac474811934a29668d35bc12276d4b63259bb624c2e4d9782aa4dc6a04f28da24df1dc70c6a3bcf991362dc8e5c5f51fc21f392af835 |
C:\Users\Admin\AppData\Local\Temp\GYou.exe
| MD5 | cddfdaf9548e09f750562c639ee75953 |
| SHA1 | 89e8a2a0f5a20533465f09cb6d25a3f80d76f42f |
| SHA256 | 42e3b54c8064126e091a86439daa140f85ce015d65d24d38b3390c422628f6c3 |
| SHA512 | 05296d21c849fb8000a267d8bbb02105d45de264753dccc8e420317db9cbf85c8c6e396c9390016f5d3ba19dfc51d0ac89897a11d8069fa2cd91a973d749be13 |
C:\Users\Admin\AppData\Local\Temp\BmIIkAUU.bat
| MD5 | 7df5064b73ea2425ac3b9a53080e58c3 |
| SHA1 | beec8dad9969f260c1206d66af1e91c4f6ee2f52 |
| SHA256 | a3074611ef72cfbe62f1d534db460128d11a03620141fad088878c396cc6a419 |
| SHA512 | ea2c3549819620ffbe1153061d30fda0b6e26da99fdae9575974af98e291a4876993b0d33bde8143e94884cd7c8ade20d1b3232f6057017d1cb4fde62a05569f |
C:\Users\Admin\AppData\Local\Temp\TmkIosYc.bat
| MD5 | 73850864a857e4fc8a5977a47fc6b9e2 |
| SHA1 | 319775335a04188df42721228cb2d8dd390bc05a |
| SHA256 | b2a075e9a2cfe23aa300ea9d69e3b4f0e04dcd42a543a59cc64bdf9626a03374 |
| SHA512 | 67cbc9b913052c91590d9632f82dd34235bc08e1d382adde08a0a8bb355fcf160adc7b37241d54afca6c91be08ccad478b0055d36948948ba13fb8883c003979 |
C:\Users\Admin\AppData\Local\Temp\QmQIUAQY.bat
| MD5 | 7f33ab286e457b362a7701ca6d6c80df |
| SHA1 | 805607a5d3de4b3e7e57b0a525333e8fbbb4ac1f |
| SHA256 | 061ff137717687966b7d7b30b0135cf444db76c74a5ad13fe44630b05cd0ae75 |
| SHA512 | 8cfefc904179d2dcd291150657ae51431b47c5e9b8116f2d6a2d799530c50f06b3e6feec2c47e171544133b88c3d52460fcba3a56f93e5fcf74d7efa61909afb |
C:\Users\Admin\AppData\Local\Temp\aaoMgYUA.bat
| MD5 | 3416663f9815970939b99afd7c1239fa |
| SHA1 | 193a1ac137b0009c989feaa02f1e0d00407cab5a |
| SHA256 | c0a4637cf217d6efc3048414720fbfa51cf5f05a651b6b91eb1850ed55d32e5a |
| SHA512 | 2e5f91b328684f043fd26d8163e2823e4feb8590a5338b920dc09b12e76a1e90360b58b4a9c67357738ebe9a752b248e8a47817c3fe160eae1ccc586310df80f |
C:\Users\Admin\AppData\Local\Temp\uIMwUcko.bat
| MD5 | 563476148ae023561c181f4eb05c365b |
| SHA1 | b104ffa54b590604c577e214215b4367e77a2a7a |
| SHA256 | 04a1a4ec61aa309aaab314f1817d708a475ec8bc35fdcc0104cf28e5f9eb6d66 |
| SHA512 | 9d796654cb7941cc243c5b271813a07b9fc399a1a94a2fa3acf53c090e56185a8d29c663255eeef04f3fd01bf8910f3d67651f1a903783251ab27c6fde4ad003 |
C:\Users\Admin\AppData\Local\Temp\YUoggoks.bat
| MD5 | 5b8878ba5e682a91852df86b1546729e |
| SHA1 | f481b5229aa72fc51a0eb474dff2e631ab68b348 |
| SHA256 | deb46c1fcecca47747b5f3935150ac66fbdc03b85655c70da546978076050047 |
| SHA512 | 40b7dc564a9088c0c1d2505ece9a1fb899c771f7fb27a4f1b5bc1f15dad8b4ecbcf4a3616182945e1621e967ceaf7c258a4f3619f74d79865a00a997580876b9 |
C:\Users\Admin\AppData\Local\Temp\hIAQwgUI.bat
| MD5 | dbf7953f7f3c456054ccfd16b1c4b6d4 |
| SHA1 | bbbb986d93414a8da1c8aa370697f0b2b5e000e7 |
| SHA256 | ebfcf321eeeb71640586d7356bcda0198dcfff5985b3cdb5ea3359e9c3960498 |
| SHA512 | fcfe7fbadaf392f49701dbae8ba7ca853b7333da872da6adffa31551de739d8695fbb0f3cc91caa75524eca3b77d10315e1cdaab2a2932a3bd1112194cae1083 |
C:\Users\Admin\AppData\Local\Temp\zeQMMcQk.bat
| MD5 | e9e697ee40b1cc4820d40e09206c5822 |
| SHA1 | 2782729b4775915c7e8dfa79e7bcb82580c7c936 |
| SHA256 | 9cf865e41b335fff8ab352023cf5ad0b22ecf40dc3af8302d96d88f6a373ebce |
| SHA512 | e2a051e81137c60fd499edfe1360067fd62ae05f760464a140d4c819c3e3db5c75482e35382dda3ba655c13d83206dab14f689b51c3c227cd4de13405892ea0d |
C:\Users\Admin\AppData\Local\Temp\TisYUosQ.bat
| MD5 | 4a1b726fe82426d310709f0df7a8bd00 |
| SHA1 | d78f20579078e84b6b7db46cd060b29b539fe51e |
| SHA256 | 5dd7aa1aef34a21c2eb8cea61d68c22525385d552f4281b669879036cc476f51 |
| SHA512 | cfbf0ec84fc0e44e3e2084bb07179350027e2be9ce17f34420c5a54659db024bf4f6c0393f989709cc197da988979b087a1043088a69bea0aba43c4198f5c6ce |
C:\Users\Admin\AppData\Local\Temp\OGcUcJEh.bat
| MD5 | 23e102916a540089cd97b1fbc0080d3b |
| SHA1 | c3f845b221d3ce2910d18d70db2357d47d89b091 |
| SHA256 | 6f6b8c893a49da45052a0ca24f45e7e2ca778cde66d3c6e1b4aefd794444937d |
| SHA512 | c42f9878e98dbe228ad563a537ac936236af76e4f83d59d69e596b4134b9c3eadc5724f281f52523757a4436009473c1a0b49460e0d65bda236d4cae937e5fa4 |
C:\Users\Admin\AppData\Local\Temp\mMIIAkoc.bat
| MD5 | 274664483e16421f7a616cdbac247351 |
| SHA1 | 00270ae02cbf3a25455d50ac88d8b8c09da0c2fd |
| SHA256 | 11e672b9a20dc90bf6d921a013292bbd6908fc0baa1daff847cebb6100f55e9e |
| SHA512 | b3b76605a00fa867cc5306c1d4a0bc8a9b7831789ad8e402bc59bc17ff148b0787fc57eb00e210c0f184396b0c3e864c763db01f070f96b6799e85a76dd09023 |
C:\Users\Admin\AppData\Local\Temp\OOwAIgck.bat
| MD5 | ae85339e5237eea385ed84c354beada8 |
| SHA1 | 66f4ef37d8081ed0a8a7450116a91a8e0b5a6ee3 |
| SHA256 | 61e834b6dfd400c0150ccef699d95e72c794965f73192e98085746cbe3c63041 |
| SHA512 | 25488c2c280aae3bb18d7d07149c67f28b80d471cdeeea25d44a84d9dca4d4ea939ab05c431bcba0984e34e910b70b6c29b066698ff10a10deb84f8f7c2a0e93 |
C:\Users\Admin\AppData\Local\Temp\gEIswgYk.bat
| MD5 | 37d1b0280825b7b00c5a4a9de4ac205b |
| SHA1 | 4384df42fccdf9a909e2df0e52c48198743c6dc7 |
| SHA256 | 87bb46d18949810537f17a5f4552c73d1879a95410ccdc6d3443604cf4cf19c2 |
| SHA512 | 7040f62aafa484ec22b7d623ac11cbcfa7a9ac6d46a1f8acc614802f55284c05b94f848d3fea7248f7b42590f34ccdfd196a23fad8ff97ff18042ff1ad8ce2fd |
C:\Users\Admin\AppData\Local\Temp\EGAAgQkk.bat
| MD5 | 4c790883a417ccda3d0ec8fa66aab2dc |
| SHA1 | 71bf463a818a25cf758af82755c39d345abd0c80 |
| SHA256 | 98643dadf0122786bfea4c998b2b646779bc107fa1e536c5cce598ec305db62c |
| SHA512 | 910481559bca87214a6e7fad17b2dceec4b769538e334d001a2266d3d14afbf9b0f4fcb362b3ad1366cb239babcdffec2a5e727dfb2cd753c2ce1d9ed9a9b395 |
C:\Users\Admin\AppData\Local\Temp\huIEMQcg.bat
| MD5 | b24b37c0ed7af9407d0252e50578b64c |
| SHA1 | f133009ce5f963cc32a267a24d8962cf7d50a975 |
| SHA256 | fdcd23a1adde57f96039b68e28b71746e21f072d7bfd23dd62b08d3bbc60ae9e |
| SHA512 | eee1d3139ab8b73bea933d49b04b4329bb1bb6e051c362a4269dceae710f5118d0192fbc4b612c9475b207ccef5f9ce7de0524b603d6cf7d2e971f9d6fd542c8 |
C:\Users\Admin\AppData\Local\Temp\DYEkUAMg.bat
| MD5 | 14b441957e084344c99988dd792e4f66 |
| SHA1 | 2ff007f801bbc575704a718a12da1c545f76876f |
| SHA256 | 38e9684d45218536db4f39953c4571c2a6c3e6d374b78f3887f685231294df12 |
| SHA512 | 3a8dfaa4d3397233d93d35766010d39611d3805d4d9fb28c093f3042c3904ec731c74181bd335ab9e509cca85cb7ff7eec0f07603778389cc56397a9249247fa |
C:\Users\Admin\AppData\Local\Temp\IogM.exe
| MD5 | 17fc3c1f2a819fcfe86ca78dac2b69e3 |
| SHA1 | fb48fcd2e3987a766f3016dbb8b92029e94f9db4 |
| SHA256 | 0d2ff1ef3b8d829daf80bc22873066a0cb034c98950d69cb2b574dd8aee565d6 |
| SHA512 | 22d863fce05dc033c5b574bbaa9f773058762457d91a0d64a8ba6f60ac7d54045f382b7122fc988a5a56a21ee6d330162b30457df0e160be3f298ffd51e8cfb6 |
C:\Users\Admin\AppData\Local\Temp\MIgy.exe
| MD5 | f0625f1cecc2c2220e60a7faaed1bd06 |
| SHA1 | ad3f8a806dd3efb406a61c282688338fe97bae0c |
| SHA256 | cccb37f2718b43e04781e5033475b6b2895fc04c9e35bb4f3374a402aff6ce0c |
| SHA512 | 569a669ff60a28523fee065f1c9f7d909946bbd43383d25cb7e0360a8b5f2f29904ea105384ed0ef9d57e01dbb1225a00bbd390c78dbc7eda2506cfbe68a34f1 |
C:\Users\Admin\AppData\Local\Temp\iUoO.exe
| MD5 | bb86af392c9d6aa70943bce7fc89958c |
| SHA1 | 0d3189a7ff1885d99c84b597d14a289b36119027 |
| SHA256 | 1006970635f2b169c832c1100c75a3bcdcf02d4ca3c4f56743bc73368820662e |
| SHA512 | 57054eb944d34e02d80d3e4b426be8b8c1d18e32977a4b92351e81694d44ff9a0dd5cd358c2a9153ff34781edecb8b3dcdb6dd4c0de6b76e8180f517b7288bc5 |
C:\Users\Admin\AppData\Local\Temp\OAQG.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\xCkkkMUE.bat
| MD5 | 2578848fbffdcf83bc7e5b637d344aa7 |
| SHA1 | 2e0ed6ec57df9e2c30581abef13aa873c207d8c9 |
| SHA256 | c3e4146ed0f85cda3a4fd4c49f7c0e9af21324f34f13e5331296a338a8645641 |
| SHA512 | 298890938d60b1c9befd5c2876c3cc794fad0757c108a3c3ebcd3c6eb3107902751537e96d4a91637eaa59c8b972431d53c393618631bcf1f75a46997e8cce37 |
C:\Users\Admin\AppData\Local\Temp\aIsw.exe
| MD5 | b028c295812790f0e25ee04393a940b9 |
| SHA1 | 30465e8f27e538834189bc3116ff4f820640f594 |
| SHA256 | f75031a049239e446e6e1f43b9d21f1bc1091ce05d8b1f6c1f543f4c60e58fe9 |
| SHA512 | cb5d48ac8a8c3e2ac73eba3f9f0374cec015dd06a2725e30591e2ff6baa9f374a2d60786a091f4757348fef985e36cfd443c9d4db715400d56f572f00f689a02 |
C:\Users\Admin\AppData\Local\Temp\SQEi.exe
| MD5 | bb16c0c6b8154c24d8b74e71503b4d29 |
| SHA1 | 7daf3b0588d7796fdd2f9990fd3923104baff29c |
| SHA256 | 6d5f8bdfa2c2e873b1ba86c50ef63bbc55cbc01a7f94485af1791ff92057357b |
| SHA512 | 20cb83d7fc187804a6543e72920889e1d1d8fabcf1d714cd89628ec3443c4914075ad8aa7e10b52904e1824e1cb7c90e980ed6efefcae71f963af49dee5fae45 |
C:\Users\Admin\AppData\Local\Temp\IAwC.exe
| MD5 | 776415b9572165f3c592120a162bbc24 |
| SHA1 | 87e7c2d747a070ea9f9572b8c82ce54436622724 |
| SHA256 | b46db832b93bfccb5709f4f6b98b096688daea9ca20db7b204a7b261be53a251 |
| SHA512 | 703a20c1eafb7f18e83c3b3034bc0eb177313594ca74297dd39acb2ef812ba52cbc663e8849f743115957ca0ee2989ce329f9ec049183d1262ec6a95d73781fd |
C:\Users\Admin\AppData\Local\Temp\EUkE.exe
| MD5 | 48d71850d59ab3368e51f9ffa0445e64 |
| SHA1 | 63aaebadbcb29bf4eb469d173c8da87c025c68dc |
| SHA256 | 2f8e89229cdde34fdd3ecf6dc5e09617def21acca8e52017d1cb2e2607a20522 |
| SHA512 | 99cc07ba49e49d0459c820e084e02d19c2dd13ea723c6d922e2f87183e25b94a4672b26aba9d3c29f07a3930b5b8b8a633dd61bf708f197118162d06b3f2c8ec |
C:\Users\Admin\AppData\Local\Temp\YcgK.exe
| MD5 | 8222250751d2ec24788f11437c36705f |
| SHA1 | 23a57f8facfa92b84b8184fa35c5a1754dada4d8 |
| SHA256 | cc6e99bdc8b8da6f082b11b7480e5c86a834bb340e0366a3c1170794a5f8b8c7 |
| SHA512 | 5023f6fa7bbe2d593903f4abb9638011fac3fd5c13e4937fe175045917b301c81cc22c38fce79629f72b18a1af76d127fff929d1e3ceb6bc93e783952d0b7e75 |
C:\Users\Admin\AppData\Local\Temp\eokw.exe
| MD5 | 393b5c9e986911a06a6fb9f203e036a6 |
| SHA1 | 389a0f5b2a4bad74a887223a732067dfb4fa6a83 |
| SHA256 | 1b4f38a24d9249837d0b79284ec45091260acc37ade162ed7d3a3db58767dddc |
| SHA512 | 87a0a1a14445dd22499089278db15d0f6164c4e2cf05f68fe7f612854f9f0dac625e88ed1676a2a7d0d7637ee15b96a397b122863abe3546b7a13ca0afce1866 |
C:\Users\Admin\AppData\Local\Temp\pcAUcIsI.bat
| MD5 | fda27849c90e9c24ecc642f77be8e5e2 |
| SHA1 | 06c555001dc6825f92a3c7ee40a723fda4032d35 |
| SHA256 | ac197b29e2f981d170bc13bff4ee37a882b7454ea44ba832abe29fc0030b3869 |
| SHA512 | 054114989e4e27f398263e1a7fdecc85e72936cc4338f5b68e066241810ef072648bb76dd5157fd92443f74d122f56163e82e2adb34e13adf9bcc7d9f787c523 |
C:\Users\Admin\AppData\Local\Temp\WUsU.exe
| MD5 | 40c4b016c2499b0dadffbf0b5afd0ae0 |
| SHA1 | 9548d0a0d334bb1dd931a4b7c9ac0e97f781f52c |
| SHA256 | 93563b672e883e9f3a23abcde738241e9043fee374942c3a17f47c61a7abe253 |
| SHA512 | 73db92dbf1b6bf142918b75688454f847e82a0acd224179dd15b2365708296721aef86c886edfc480588157e72581860d0c91e8f1ebc91e6b8cc2f651f4d1350 |
C:\Users\Admin\AppData\Local\Temp\MUIs.exe
| MD5 | a52da22a543779fc0589a663d6913a64 |
| SHA1 | 940e3c7355c13a9eed909acf9bf7945509aafa76 |
| SHA256 | bdb60d8144498646e96c6fb81887ce893236b2529ddf20f18541ef8fe4aefb7b |
| SHA512 | 610148c19a810fe1cf0eadd2e9edcfb0275c2ffded02f8bc47489504bf95e1a0452928a26459c6cfa3f8b304d6f848f68394bd2eda2486d0f226fc20735b0201 |
C:\Users\Admin\AppData\Local\Temp\aEQO.exe
| MD5 | cd48c7c1f2504a0b6404f6e09dd4f1a8 |
| SHA1 | 423fc377ad6fc6a6e6fc82bb5473dadc3889689c |
| SHA256 | 6bee0e9d25aebd5b462d231c97218bf59824041f13bb40eba1f5cef8a0b64331 |
| SHA512 | e9e805b3bc9f88b81677fa778cf63035f35440e34449dbe0ddef59b7db3145bd195ae80e700c17d1d67ae62d7f8a77628717e2b04a4e2432a3f4032c816a18cf |
C:\Users\Admin\AppData\Local\Temp\SUMo.exe
| MD5 | 2d8c9130463f8d676f7af97f68ce1906 |
| SHA1 | 337f74978dbe7335f419f10eb57da1dff741c69e |
| SHA256 | 38e7cfe746e6926bd96a430f719e009b93383207483c1c67963c58a34888f78b |
| SHA512 | 75f25905181dbc85aa36780f28e86bdf352e8733595e2366f708abb4824f1709a54050aff2e48998c74b1beecfa7d2d563bafde55bf19c4e5695b291b1847b00 |
C:\Users\Admin\AppData\Local\Temp\cIUwoMUc.bat
| MD5 | 10097a95bdc1933efb9e5825462fcdbe |
| SHA1 | 43d0772b552f0aa351c15082733faec155e0bb68 |
| SHA256 | 606e77c7be461aaa9d07322b1431f89bacd80418558836b946647da376ec86e5 |
| SHA512 | 3b5dbeebe36a44cb0cbf8297aa52674fb4484e1442f7b4c9aaa7cc0316bdd517bbbe230f07a77099521435abd7f6fc695c6834804bef33f2d43e893ae8e30265 |
C:\Users\Admin\AppData\Local\Temp\EQYY.exe
| MD5 | baef9e7449e4d521626987a8cefc7cf3 |
| SHA1 | 20be46618df08b5460dbafb8a4cd804b7de7555c |
| SHA256 | 712269063293bb9ee23531573809913e51cb2882dd4f56485b3f47c6ff5a1ba4 |
| SHA512 | b29db1704108475c02657d803d89b90a9d85bddf2655db8937a5f0f154b7e3c8b6cec4095abfcb569919280f49538ee40569bd07ddcee9aaf86314bdc3be84bf |
C:\Users\Admin\AppData\Local\Temp\CoUu.exe
| MD5 | 3e3f74964623850b2abe0dd826ed1cbb |
| SHA1 | d462551b4cfe5bdec22ed25e39709c4a7c0e8a35 |
| SHA256 | df5ade339b6ce4e24861cf5ef5bc6a8acba5f0c4abb4d236566af15d88c0337b |
| SHA512 | f05406ef8d67770609a17f478039e3e6fe4c89453fe7affc38c4290890d59fa444cac90d299442280e751d35a3f4941391e715b70e14533851fe170e8e36898a |
C:\Users\Admin\AppData\Local\Temp\EcQK.exe
| MD5 | 54bb75e6c6287948a3139d1b5b1660b0 |
| SHA1 | 76c066415949c9498753701649979a5ce203aa67 |
| SHA256 | d73736a96039fed294493d92c587c495ec05f7ed0be43120f1415d8d9e7f5086 |
| SHA512 | e473a5616664023a07b81388f7d3c7fb4c80cb5d12be90680e441856a4823484c8e4e48c42d6cdffaa6676800cc156eca86a553279e8e107febfacd1db207d33 |
C:\Users\Admin\AppData\Local\Temp\oUsG.exe
| MD5 | 75c8ffb450e67dc9915de35990b9256d |
| SHA1 | 819bb6c0f3378338b5f1aa4d918eafa976b4497e |
| SHA256 | 4bca497565d2e0eef599bbce54ab64695b114778a78754048c33d802dc275343 |
| SHA512 | b8a14ef9fdd3b24719c94b90d349b3e2c648b435e260e61564bb0ba4d44879b00140647cdddf6796d90de995e8135dd6565369f3c10cb69b4af4bb1781675649 |
C:\Users\Admin\AppData\Local\Temp\OsIwkYwo.bat
| MD5 | 45905336a6d18f29aea1f86c2abebf4d |
| SHA1 | 0bb6d841e401dddf37cabb8832fc00f30870a390 |
| SHA256 | 749843970c84361cd97fc1c70ec8e1d77bcbce0e6c5a4d84f9932ed6b733100d |
| SHA512 | dc403c61df4b35b078c130dd8ae3b47d07ab301f3f4d7f459358907d23e7339f9110641293c9a506c9ca2a558737475d480782e5437ac25ee91579af330c474f |
C:\Users\Admin\AppData\Local\Temp\uEAa.exe
| MD5 | e10382464f7633ebffcbe4c8b51dd2fd |
| SHA1 | 8f061eaacf98d5556bb26f57f0c2c3869ab25ae9 |
| SHA256 | f77e08e985740978b373db1a7e8b64e1725aacfc47a7005643c8944d7806eb57 |
| SHA512 | 7e9602b02ad0306aaa1fc1074b373c8741f8901af034d7633bf9f286b845c3075b1ee2014ca23d0f0fc7ea116e85a202a8e2c3227d27df86962c4880cc689252 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | a410c871ec89519ad4d97b519d1b8b60 |
| SHA1 | 23daa0fe6d70845500529f2c285877830881ff17 |
| SHA256 | f584859e2dc4310ec4b242d2c3e530b7e80db4c6decbddfd29c77ba380c408f4 |
| SHA512 | 2902c446ba656646ef56898d51c3975b05af2d4e14dd46892129cdc78a6877b2c6657c400ac465f29cc964db449b982be9f6c9186e2a5dc04bb009d085f58f82 |
C:\Users\Admin\AppData\Local\Temp\QYwI.exe
| MD5 | 7aaa5871030fc9283d44ea9e6b488077 |
| SHA1 | f3544df0ca5f4bcd321ac6be1b07a77a1bd4f737 |
| SHA256 | 5ada4f98522344d5f10402f9032b336248627782dbb64a51c6b3642ca3af59f3 |
| SHA512 | b56d6d16afd6a2ad81f38ea05d17fc73597ac3269c0d15c018f7fd0ccc9c8a254a4896cbe6de8303ff3514cde675850cbd3490a666488bd7a802120b5c37d55e |
C:\Users\Admin\AppData\Local\Temp\mMco.exe
| MD5 | 048e2c6dd86a46b09618612f9e7ec763 |
| SHA1 | 9b0186653473342ecd1f90204d6b577e1b7aa55f |
| SHA256 | 9584cbfd4663f9730c6c6162b9118a3d991b6d18d669bbbcf457df6754200000 |
| SHA512 | 774fd6340f67ce2fb0f9f51764b4e3402fe5d75b6a7f61f0b6f0958e677003afbc3aca5d586a73f98cc6645665d25afa0195af871238b6840d488b1094de1982 |
C:\Users\Admin\AppData\Local\Temp\KiMsoYAo.bat
| MD5 | e7ab09bbbc3c9ddb92cd0596bd52e4b3 |
| SHA1 | 608ce189f3e1fea76e30552abe4d3b484da31196 |
| SHA256 | b37d900be57d590d277ccb204899cc97e06f9aa3bb2b383f1e373d56412df1c6 |
| SHA512 | a5a04a2482c078c12d7f48d73f34cb000d89300205c857a9c633eff24dc23c8137bacf4032e831e705fa953dcf85452602985b810841beec59b5fde1fdd655a0 |
C:\Users\Admin\AppData\Local\Temp\wcIg.exe
| MD5 | c7db4cc451ca6f3cc56d2a2b3826d401 |
| SHA1 | 2edbe7fd773f5d7003052539b8254bcc02e68f32 |
| SHA256 | 5f195dece7a003a6bc12406c3bfff1d334bcb9e6862dac23f6cff88d2ac11d29 |
| SHA512 | 16bdc3231d5fae1d08b746a1e91a36f9236045816bb12f8d5dfd32fe419a52d396362b144f01402fd31399a571a41c10fafedecbf992d8da8847069dca2ac0b6 |
C:\Users\Admin\AppData\Local\Temp\mgUo.exe
| MD5 | 89290b9727123d436ad7426fd954fd08 |
| SHA1 | 8d732aa7d1fc322db8f1e3acb0788a91f4e6d295 |
| SHA256 | fc3ca9ecc07366eee673332d2597b2084f02cde2a7942e1b25e8c4b930bd389e |
| SHA512 | 8eab1c85393ec4104cfa49cbff85399c6356d23616467b0357ac66b050f65d0020b5f17a3b7ca7545e8d15dceca7d933521087466f8114ec28248010b92cfad1 |
C:\Users\Admin\AppData\Local\Temp\eAAe.exe
| MD5 | 70e8500f0c73bbdb7317b2dfe1fdb7d5 |
| SHA1 | df6b801a5e51aa4985723389d99a88f81ce2f5a3 |
| SHA256 | b9872b200e457ad35567a2d8aff691ac8fedbb59d0a833064ebb84c8f0f3292b |
| SHA512 | e20356d946dd0e654b407a860f4ee3b2c5bf04e068540af279e1268978610ac7e0da0db8d36f71894595866dcda696ad839e2395c7e21d29b235a72dd3eb9526 |
C:\Users\Admin\AppData\Local\Temp\oQcK.exe
| MD5 | aa8132a668701a87da5f63c1b831ca9e |
| SHA1 | a8633c3bcde5e0fac21d87c58860bdac7ade043b |
| SHA256 | fb79e7331acf9d6ebb02aecd5e3768e2e2606f4dc583948161540dfaebfbbf00 |
| SHA512 | f3f0a9ff3546a606cddbf47775956e1bb937052bd19b10740885990ca41c46cda6834be21e2cb44720967e510fbbbe294b8f299fccb5e9fb6f6529e782cb71f1 |
C:\Users\Admin\AppData\Local\Temp\miAMwokM.bat
| MD5 | ebea7b555523da0e9a4a72946bd65c0e |
| SHA1 | e8ea014a9329554fdb0ab76104448d1592a95ece |
| SHA256 | 0e0f4cb98c541ffe8a55fe65e2ee420a655a3903df00fbafdb5297ded0dd4a88 |
| SHA512 | 0084902313ce89577959e8cd9025999875b4081e05dbae0ef74bf3553fb00a55b0ed6bf844e0a856cd191dcefb65ade8e4fb3609f3094a5ee457159172d3ddf9 |
C:\Users\Admin\AppData\Local\Temp\AksO.exe
| MD5 | fc3c9c7c563f0ef28a9f68a5355a8481 |
| SHA1 | f440516c60df8c6bdd70919a89d15b15e9ca6cc0 |
| SHA256 | 79787d59461045e24cd2a38960f202a570707f95828ae4d2eefdf457e2c534ee |
| SHA512 | e2d61865e77c9294e9dfea9f76a321fe551e0157865f7146d5f4d77b20e5b5422180e83125793accec87006eb6fd53c4a6da84def07c59340960d2b244109838 |
C:\Users\Admin\AppData\Local\Temp\GwwA.exe
| MD5 | 6c8c6d46fee7a3a31466437a7e6a3336 |
| SHA1 | a6118cff8bcc91f378776d28330f065bf96dfb7c |
| SHA256 | 4e164355cf83955fc036368815af86e1cf3e1e4fda81bfd86f60b1cca0a5c550 |
| SHA512 | 32e1551e19ef9f6a0dbc10e46605bf6b2aa0e09e18b7be4925a2d3a53d49e30cb058b67d49fcde7a3fffbb479801d81b2396615d523ff49a65d04615ea02c675 |
C:\Users\Admin\AppData\Local\Temp\iYMm.exe
| MD5 | 8e00b5c1e2d7774e55eac90d937f3515 |
| SHA1 | 81b3c8b6863b68213f592bd984095c3b2b569199 |
| SHA256 | 8892213fe47fccf867cc3c33824fdf5bec10c63aa1df8742b21ee0d738f3ecf4 |
| SHA512 | 83ddf4488265091e7705603d02321a9566ccf5bfef9c6e3226c1210f1d9be875d18be035bfc8498574380d93470772154a23f430fb07ccff9b6c9664cbe06742 |
C:\Users\Admin\AppData\Local\Temp\aggk.exe
| MD5 | 31211b7480dee9bfbd0eb6881343f780 |
| SHA1 | e8ceb2cb98eb37938d902e19d02f992d524c824a |
| SHA256 | bcfa3612ccfaa179b80a98d6616addc393bfa9fc206b34ace212fd9bdb7bdd49 |
| SHA512 | 70e5c2716dfdeb3ed130b77aaa355958e5bb5324bd22e4a71aeefe457a4dec730bc4d2b7cd6b4d602f378e10e9df3be2191c1d44f05722f9ac0a30b44ef42383 |
C:\Users\Admin\AppData\Local\Temp\Goow.exe
| MD5 | 87802c78ac66fa004962f99ca9f797fb |
| SHA1 | 0cf7ff628ff37079054e0112f8a9fab537c992cf |
| SHA256 | 4fb62b88233999c02f1de5e7fd0cc1a8d5ea0ab3db33d5b328a992134b519f24 |
| SHA512 | 658c7ef32ea8c68c54c63b5833c06951e511dfdc6e52e8a88bb2c3138000933f638f5e215bb8cbf118bd647555b5f07c782ff3868e740f3d06638f95fb754edc |
C:\Users\Admin\AppData\Local\Temp\CEcw.exe
| MD5 | 9c0a202e1110b0c7d7853bfeef6230d9 |
| SHA1 | 8519a29c571e43826766d1cfed385e03af5a2943 |
| SHA256 | fb682fe6d04c7e75d421308a76c934814c428ad7742f1ad359d40ff84eb7282a |
| SHA512 | 3222ac6989e9fe893086718ad245e27147d7c4e1f4d8a851d4af1889a476fdc3b472e7e85d1ddc6b6c0006b88c6a1647c201e4f6f954832067012c266f9a21ac |
C:\Users\Admin\AppData\Local\Temp\mMQu.exe
| MD5 | d2f67c774073dfc32693e8e372003847 |
| SHA1 | 24242a5861c6736656772fe240b9a72d26f5d54e |
| SHA256 | 274256cf88286fa5c7209dac0e6b28fcf86a94173c5ae3ca171434479790bad6 |
| SHA512 | ce72faede904871498206fe412eaa54f7e09b193bea85e81ac145576b7dbab809ffe55393505e9227eb25022010b2a604420d0cde1bd52e319e821a0c7976877 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | e34b65ec586ef683c756e6e23b6a1d57 |
| SHA1 | 10a27abcd546a13b17ecb7206ab394c27132a94a |
| SHA256 | 43f1a0b44e81e40f83c65a0b4fb076c38265e03fdcdc7c4139002b0ee62805ad |
| SHA512 | 13d46574f2a4dfcce7b093cc39a19db9ada52ed7ef63e56d2487a86d9be004df637d065670a511f565a0ffe70d07a2153d34e23170da74769fb6b83d0be8ea39 |
C:\Users\Admin\AppData\Local\Temp\beEEkkUI.bat
| MD5 | b6b827a442c81ebb864098f90c454fb3 |
| SHA1 | 5a538e892b88e0929a3cae22255e0c660254e1c2 |
| SHA256 | e489955880159bdede8cf2425df8c3d3a3f54fa03bff66dadfd2e7fe97be7928 |
| SHA512 | ba0a5a1c3148a3a57051f02978bf1efaeadd1b6a5bb23da7d3086e50ff27f6802ef2a67eed2e3780f8c6db354612df0356f5e83cfb93e99798dff97a3c7f10a9 |
C:\Users\Admin\AppData\Local\Temp\aYwg.exe
| MD5 | 3da4b47f1c6485270c4bd11b8338e6fb |
| SHA1 | 92de3aa4ceb4a57cba021cedc16734795bb859a4 |
| SHA256 | 0b05086641a1cfc7fb2c560158f7bd3e40db36a42ed24fb47ae49e5bb8e556c3 |
| SHA512 | 209191fe64cd15324b45b38f15529fa18ece0b3e37c636b9611c0a3ba2b9b9090b4f9ad595a7b08b4116396f852fc0a3ffd788cf769933ced93e3c44cc32215b |
C:\Users\Admin\AppData\Local\Temp\ickS.exe
| MD5 | 8d1c7b52d142d2dd18d2bde2419c24e8 |
| SHA1 | 1fdc08f071a38f7983a08f723c66a9ad45d26a8b |
| SHA256 | 9693eabb4610a466d7d3421c8bf51ad25f5ba04cfbe11aa3d78ad17d8dd7ed9d |
| SHA512 | d0ec508f17457899b2e05e28385333638e3d86c41d0e53e60a8d7714bca713a8bc6b4d84b16c20f6f36391eb346234cc23f14a9420cd4e81454bb5b6eb3dbd3e |
C:\Users\Admin\AppData\Local\Temp\iMwI.exe
| MD5 | 4185eee451043ca6077f19cca49e1766 |
| SHA1 | a26f757bc6109e5f404d91e6249ff895e29fb680 |
| SHA256 | 970003c4d01de9b7a883fcc4c7ecd50778ee97ba823486fd17b04a08c1b8d997 |
| SHA512 | 8043af885d5adf6eaa3b1eb40fc42066ca136f39ab0ecf5b9346adb6e59c5ac32a280cd25adc3312695513f6a45b58f3eef43a20b59e1959da173583e8a03afb |
C:\Users\Admin\AppData\Local\Temp\UAwY.exe
| MD5 | 9391c7dcb9a500d39684d7467436d5c2 |
| SHA1 | 925821cbbfb1ed119fee3922e2f6f7dbb953572f |
| SHA256 | ad53f554fdd791aa71cb949655e39af4ea8080d995fb844ed066835d5c4c0fc1 |
| SHA512 | aca0e6b76ff3ae2a0d37b343b8fb40b2079d93ba90fdfc00572847f281a8441b0622f6a1c1b494c7531553e8fbcf4eba2f621398a9133a36e37c20403cecbd32 |
C:\Users\Admin\AppData\Local\Temp\PsgEMwMs.bat
| MD5 | fa65975f29f7eff3ea8623c18794b8a5 |
| SHA1 | 6d45bd2db7a67821fd46450653735371bf1ad7fe |
| SHA256 | 925e98eeff9a1b58c16ba91ed7a41a485c9aaa7b2e0d4dabd288495642c0fc38 |
| SHA512 | c46ddd5afdc0476619cb65a45a00e0e43a439880259a8f71beaed25046182f7e0900a80b11ef280f237086a87036f79aeb4dc57d076cd0f239c9a3efa57b9be2 |
C:\Users\Admin\AppData\Local\Temp\oQQk.exe
| MD5 | 096df95bdf3bbf2a541ffb899157a51a |
| SHA1 | afae74f08288fa78c09d84a176b4a2b323ed9882 |
| SHA256 | 88fe7bbb8abdb29ff273119f797ce2619488fd2ca80c47a6b80884459ee7e1ec |
| SHA512 | 1de06acdfbda2974a4d9e3aef6c8aa4bd0d5c7496e86149cdec678d44f2c5d4d42756b7751e5394f9b0f94aeb36c423cfb0822be49c63d126341aa8a2b15ea0d |
C:\Users\Admin\AppData\Local\Temp\akMS.exe
| MD5 | 39f48f45f6a53f3ba3e6dee96ca65c14 |
| SHA1 | 9abfafbf8d54c4e3626b5aea7f54d058bd2bd078 |
| SHA256 | 10b332efedccb776040fd98553493ee74131d3a9bb5b798a770a139650c696bb |
| SHA512 | daf4e67fe90293c85a10fea420b3e4eaf574451ae97b3aa41bbc4f5de9048b94e44b1b235f8018d553df2f0641171a31f0f48708dcf61fc60cb3f3fd1ce9ac0f |
C:\Users\Admin\AppData\Local\Temp\cosG.exe
| MD5 | 80969a51de924fa1acdf74ffe87ac1ff |
| SHA1 | 1f696ccad72a2f82a35c928bb65bce97485e27e9 |
| SHA256 | 5cd2f8eaaf8e4f3e11e0fba5706ea93acc32fbeab09d8a854ddd2b36cce8b68f |
| SHA512 | ee5eb85da91fc4e8a508d6efbd75d601ffc633cb80f8bb94050ccaf0b3db6a1d058aa8eb498d4230a3955049eb74c79c56eedc03bd0946ab5f0e20ef478bce94 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | 8a5bf6d3e08287e293b83cc84e5508b7 |
| SHA1 | d217951d63be3718b6dea7ab955aaff1110ddb6c |
| SHA256 | 97e081669610c39c4c441779cdbf7b596191a765100d278bb2f528fe5e3f50db |
| SHA512 | 3055be85b3f862c583288858438fc13b1520d936b4770acb6464ea5f29c7e1049435c6545b3e86082ce108bd1c8ed8697866e4d805130ad59b000dbaaa4e4087 |
C:\Users\Admin\AppData\Local\Temp\mQUA.exe
| MD5 | 66050d5f904c66a21078e05f209d081d |
| SHA1 | 0d42c572e115df4cb7963ce87eb34293d0b1b6d6 |
| SHA256 | ee089f57d54ff62defc71927ed2d2a6e6e1ec94199f7d227326e0c3c02b8af80 |
| SHA512 | e7f7093ec39e387a374c7cb0004da94049fd0a230b1f8fffdf10cb3130f2a49d14fc5227b3bdf75e4139a6bf2b9b02b639034ae19e60b81b2f560e9760dfe0e1 |
C:\Users\Admin\AppData\Local\Temp\yUwE.exe
| MD5 | 0dd977d24fbe77f8f9f056e15c0fc607 |
| SHA1 | b21fa4a38f22047ffeb20b4efaab655c8e083430 |
| SHA256 | f3653901d9f83c3b8ed2434768767ebf1942a50e7abab84959aef0bfffa61933 |
| SHA512 | 17852053bc05c1db6e953b93e514da7f39a209d45840f03762e3b8519dae3816a0e511934e4e55aefc2dcb935577916d4f52308d1162b00f2b46887ca0c4920a |
C:\Users\Admin\AppData\Local\Temp\qwQq.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 3fe366b227b0a88d7e9fac32f7cb0513 |
| SHA1 | ce25949d415a90ecc7801e5b84c92afe53886537 |
| SHA256 | f46adc5a897077d8d670d889fb2b1aa781139ab924a1349e15a873c4191b41e2 |
| SHA512 | 9938dfcd11b905463ced7a6dae81fddabf77b3b918f5bc567bf29c3634bacbf65fb5735040aadb6ef90222ab9fd395b5184cf2a03d646aba1302d72410aec25c |
C:\Users\Admin\AppData\Local\Temp\lSEcIAwU.bat
| MD5 | a42e9cf5ab31261265984a5ce87d12dc |
| SHA1 | e5a18d788427fcb53fae5d9a35b5998e496dd480 |
| SHA256 | 6694787b46bc0552647d17ced19ba3bd96bba40f44910710379a7e56ec17ac91 |
| SHA512 | 006511236736da51cf15c3573a3797151cfe2a4247ee604883abecb3b36d6cd6dad3e533f14bd695b05b6567c9c3720770acb92ba2c66e3aa0e8689806ac1d3c |
C:\Users\Admin\AppData\Local\Temp\osYk.exe
| MD5 | d19a840f6f8cdfddf75e188eb297b44d |
| SHA1 | e798cbdee582e982b22d67a49da5c3fc21895156 |
| SHA256 | 1796380e6a243f348271967c1767f782c9c1f35fdf0964b7db156cc90273aca9 |
| SHA512 | 970bd0f525d7f83688e744987fe05d771153160d0d66b60eff10e6466994d72301b6e2a055e544b811193f5ebbef759cd8c3dedfe03c66ada5a4a91ecba3a8c9 |
C:\Users\Admin\AppData\Local\Temp\oQQm.exe
| MD5 | b91d4ba696d6d88c3587c5ad3fa5ad3b |
| SHA1 | 253b1097a869be54f21a114ffb474bf762ff5d99 |
| SHA256 | 404adaee5bb719344e9fe8002e9aaa9aaa1f13f7ff2d2138b018f34050c113ab |
| SHA512 | 87aeec59a3368c409d0fb7a912c49e5a434361877a70680290c39f952359d2d3458bc373dec8ba9786c937d1ba121f3e0f90f22a2ad627895d2ba43cff978b16 |
C:\Users\Admin\AppData\Local\Temp\goAG.exe
| MD5 | f88e59e51401b95cf5860ec1dc80fa66 |
| SHA1 | 9931cb4fb10eda63f2f21bdca0d67aaf88d8f0fa |
| SHA256 | cac629d3b8b76fc3531e1506f32796bb0cbcf43089d86dbfd8a008902433e3e7 |
| SHA512 | f28017dbc86515ebb4b46d031dc24d59224b910df9b59b90efb1ca71d05afb3f688b80c41154321fd67e5b5defb2132d6dda55802343022288d691530e3bedf5 |
C:\Users\Admin\AppData\Local\Temp\FicAUAUc.bat
| MD5 | bd102f97baa2e2190f52c0c76e01d3c2 |
| SHA1 | d581bb586c265a36d3fc04dd150131490060a625 |
| SHA256 | 3b0cdd08956f02bc07d71ca6890e0640c8627a0b717392f53023985b5bb02fbc |
| SHA512 | 5dc1b666a5a586f47d9d2a6632eb51f75bfd1e4c6d39480ef7ebbfe7586bfbe599d2341256c39046eb950de0f43f87fccc5cc8ed3e10e0adb19618a98e101d3e |
C:\Users\Admin\AppData\Local\Temp\kgcEMAgM.bat
| MD5 | 709196e80b23e4f6838e0e50ebc43a93 |
| SHA1 | ac4a1e9ced7f3f82f459464c15ce85286e0699d2 |
| SHA256 | 2bd3f0b8ec80af5451bae8067e33b4109608683023312b24ee750983646c1de5 |
| SHA512 | ab2be29a1f234ef3ffad68b40f64bdb22b14f26be2ea0c51378f6e267904d63be2ba7269b5c3c28895d082c52049214e5641da2eaa9b4f077e84addceda5838c |
C:\Users\Admin\AppData\Local\Temp\MCcIEkEo.bat
| MD5 | 3f1ab3bd980dbdec70fde91568731f87 |
| SHA1 | f001f34fd1c5267698308cf88e4f7f4bde99e54e |
| SHA256 | 3e9323cf6a143cb895a6c010f16884b3cbaf3fee6158b39b5b34b3b5588c4a33 |
| SHA512 | 2a0c23df33dc65ea8629cc42c8047ea127519d018df88d6ad7067a883ce1707431f4bfc20407c461f64302a772beee399c9381fac37f029e179698dad3bbe79b |
C:\Users\Admin\AppData\Local\Temp\iMEQUscI.bat
| MD5 | 06f201bb51d37151d1759052d9339409 |
| SHA1 | 48e304610c1a7a1e559fb241c7bc63d6bfa53bc1 |
| SHA256 | 879256f14d73e2b00fd9c9d57c2c778e5787629918a6594615eff6469b3a9b1f |
| SHA512 | a61e365179d5ff3321fa09acbfc381afa8a023dd0883d8849bc3eea821fe8552e1633126582cd5e19106de94e555e700a68e017e3dee1133d67bfc1aea21708b |
C:\Users\Admin\AppData\Local\Temp\UGQYUwIE.bat
| MD5 | 328252c18718004361cb5ee8962ae206 |
| SHA1 | 2c23640fef4bbb26975aa1169e9af05506332629 |
| SHA256 | ea6a6efd6e7e44bcb69e954b5ba48f4f40e1b198845b5b4d18621a2c10b970c9 |
| SHA512 | bb3438413792c10c1e6508d869a56c9c4a69fbcece5c7f0ad3317a1e86ef27afa603c53c5c218409cf9270a80724aede96b763191dbe6d704cc31fadf84867d6 |
C:\Users\Admin\AppData\Local\Temp\MWsMYsoE.bat
| MD5 | 1666a7ef1f176f69d2dc9e936c9fdfeb |
| SHA1 | 6a2ae1b5d8234fa49a53e9df9d25657b16deb9f5 |
| SHA256 | 0c869144fba5575e778797009f3b4b21867b0efd42dded2736ed4008dafe7a85 |
| SHA512 | aaef91a235e49b7bfad66ab60af4982027dcdcdb7e9bb836830ba8323387d78c9eaba9566a609280369ede1493621809ec96e695a129e07ce135fe0dc3da7578 |
C:\Users\Admin\AppData\Local\Temp\xscIMYAs.bat
| MD5 | ba64a312209168a616d9ead96e9957ba |
| SHA1 | d7d25e1551049334146e5d158bd0d135503038f6 |
| SHA256 | e1cc5c2451e3ee3abdfce82b0165df51447bab880315b2f1454078c1076f802c |
| SHA512 | 3369e15d785c0b6ccfcd68e024355608bd21818665007fae5fec338ed82251174a0bf245cc20b8876a19928daa2a78551a6cee60c2c0124f2ebd920bb2fd9a1c |
C:\Users\Admin\AppData\Local\Temp\PyEwwUwE.bat
| MD5 | 1132bffc5559dce257ec5807ee7decb1 |
| SHA1 | 06f8697b0c89e0393e0c9ee2fb5f6d2fc1201fe2 |
| SHA256 | a35ce0e94430d30303cadb1b17b0e5721ab3ff40970d32b84006b5de479fe0a6 |
| SHA512 | 8a24a895d0e869fbae9d3630f8609e7a2b879cc2652aedf9254760eb74d83b92a567fc6c83b4bfcc3c47438ff5d22fa1804218cc68fdf94b1ecece5e62d9df66 |
C:\Users\Admin\AppData\Local\Temp\XoAIccEU.bat
| MD5 | fe69ab5cba191b50dd24909394117280 |
| SHA1 | 87b7c1f0f30a220f0a48cde782bd564146a0562b |
| SHA256 | 6ab3e3e4b0de09af1ae2aed44895ad9952eb360f8d19e94a03b6ef2bd78bfeca |
| SHA512 | 167c0db480278b84917048e3a7f0a013322dbe58878bc37f8158c79a1c42552b2c2954132aaafc5d53f458bf5715b085026616fab66bf1be4238d9f4c55e40cf |
C:\Users\Admin\AppData\Local\Temp\FiAEcMoo.bat
| MD5 | 579b516013c61972361636d62a9d65cd |
| SHA1 | c952075241d40352302b73d2e3d3b4822ce967e5 |
| SHA256 | 1f6e14cee89b306dc68e4561428a18f3a7dee351def5e555a6fc0900f79e18ff |
| SHA512 | f3f6aeb0b2e5f6dcad924f712c49a1b7ad15f5806c92e7e2ffae823408b720f7085665c1b3559c98a00032fda4c8b6658e63f6f81e3fb920d4769be26d885366 |
C:\Users\Admin\AppData\Local\Temp\EowEsoQM.bat
| MD5 | 0ef2e0541c466ec4120621f3babc8ec5 |
| SHA1 | a84b12d17ab215ccb56d74813962f3c124ec41ec |
| SHA256 | 0c416556d9740eb7d51e4f181ce4a244dcf955172771646241d5214b282bab10 |
| SHA512 | d1fa22e6d6e58be6a90217b59becf16d3860389e8f02a679a5ff51379f87cf8fa28a34b3427da5a3c31a98fe29a57f1b39c32b6d066ad4b63b4d909c62beac54 |
C:\Users\Admin\AppData\Local\Temp\cMku.exe
| MD5 | de84032a048929a0293389afc3cc7e0b |
| SHA1 | 7e9bd472ce3f602ae5156bfd348980d2db9d652a |
| SHA256 | 98e2788cce045bbd19e840a8b5d701daa6a3699b698e8e032ed73c55e9fc6180 |
| SHA512 | 972b007ea5de17167de2a754d1adb03eabe322927145aa1da9db15c357e3ecfafe4790367eff025b5d08599bfc21befc49c5896c4ed5122549933c010f955799 |
C:\Users\Admin\AppData\Local\Temp\QaMUkccU.bat
| MD5 | 2e8ccb2f08387b171cb7cbaf5faf37a8 |
| SHA1 | 6a165386fc975c63d2d6bfb27e46d3d20a1de8ee |
| SHA256 | 245fb80f2ab9a6fd05d4b544578a7bef29cab57c31238a4d9d9af70998d056a2 |
| SHA512 | 205df7a842253deabbb7ab14797e8c502f102c9b504359e8456027e15158ed98e08f318debe9f22833c88df0c3fc731bac78122d82ecf1dec05c21e796b41dd9 |
C:\Users\Admin\AppData\Local\Temp\cQIS.exe
| MD5 | 4c2124ed648e67ddb89b192ec9f5086e |
| SHA1 | 439c48bf043e875b5be18c1761d6365e0605b425 |
| SHA256 | dc77c09b5e34ab538d3c7efb79a98ecddc325e45afffa6a080ec32f2a63d0851 |
| SHA512 | 4b06c58b222429c32bbb07cf815afc9004ddf037b4e74a55ec0098bd474227997453b37656c8f1e8f556a1c193fd519e40462b5a41d45a16a637f4eaad49a762 |
C:\Users\Admin\AppData\Local\Temp\MAos.exe
| MD5 | 5fc13ae177f5368a716ae961ca862d97 |
| SHA1 | 798185f8d65e3ccb17b1b23f83100947b14ac1ca |
| SHA256 | 5d42272cf604667c9407aee749e649dbbb674befb56d8bdad319efd75a23b0bf |
| SHA512 | 7986e6bf23d4048e20728f3ef8d6f61ab860f5fbf7c71955eb30c6dc949b8090b0b1e029db02a55e82a603fbc9cf1e36cbbfeaa800cfed0de0cd8b03ddbf6479 |
C:\Users\Admin\AppData\Local\Temp\ukQe.exe
| MD5 | de2605cc3b3fb01afbf9258f28a50942 |
| SHA1 | 27388779b29a20b55c0040017321bc045169dbe5 |
| SHA256 | 6a2e375022f24d8559a9a3da42848c2c111623ea984147913a8d704b899dbd88 |
| SHA512 | 5570e8f60f448cea1525eae1f7847a9db67cf0eb04590301575e35cba53010f5c9d7ff020a44a910be66dc9e53b1149f27e0970e4ec6f4698b6835ae7180c498 |
C:\Users\Admin\AppData\Local\Temp\Gcci.exe
| MD5 | 86359e1c10deaa91d63fd46d0806320a |
| SHA1 | abfc5bed37ab258955c3acb1120fddc49e55a358 |
| SHA256 | 1844fdde7eb69b22c34d0a98684ce680deb12f2f781c65b90807a116eb982399 |
| SHA512 | 5e377f6188722a8a44d1c8757c5412c78e393097b14f9c12cece8befbf4665be3c093cdbc5444a0f96d5008bf510e241a016639b958e73ca17230ea583af5b82 |
C:\Users\Admin\AppData\Local\Temp\KqoUEIkg.bat
| MD5 | a1f5c537b7a52a57169e483d375b9602 |
| SHA1 | 07f466a7f8ed055b2e61d62031cd568c56d30f7f |
| SHA256 | ec48d7595213770cb37e4fcc3dc9d49f918fefb922a5f668b4062e2fccfec513 |
| SHA512 | 20c6d3870d9ecb755d45c8c01eeb897b1bba86dfc94325c44bc491c1f070c3e713039a54ad436b6bc31fc30fab790e8c0ecb7549ce80d7f66ed30c10a8fb9dbc |
C:\Users\Admin\AppData\Local\Temp\AIEO.exe
| MD5 | 49d7b0e40bfd78bc2d362ef6b467b72d |
| SHA1 | d46cb3460884e04f75198557510a1848e9d2d8a1 |
| SHA256 | de526c36c51977d4fe9fbaef4f93f10f5b31d1c1deee03dfa56ec8bbebf2f779 |
| SHA512 | 5c29440a1e8dfd08651f592814b5394eacf6ff41953e6cbddf6ea4795afa3c9cc7f270deb2a302f9c31ceb30b37c99b6813a7ec4165ffa56da8dfdcca448de15 |
C:\Users\Admin\AppData\Local\Temp\SYkE.exe
| MD5 | 61846d775edd817897dfda7a7e26502e |
| SHA1 | f365908ed951a98f6c4abf8eaa90f89e6db56431 |
| SHA256 | f93717c159fbb071abd9f22d3321b13e01716b2b639ea6812c8b092de3c86b27 |
| SHA512 | 50ae8048341dbc3caa860974f6ab921e291cf159910f7c98732fbdb0ecf53870be1e5cb0dea9e6dd574d1b72a2f64d057092783851016ff64abb676264aed4cf |
C:\Users\Admin\AppData\Local\Temp\sMoW.exe
| MD5 | 253e8b96714f28f5eed2e6f83a8feea2 |
| SHA1 | b62010869b1bfb80758a41a6f504fee92269a2e7 |
| SHA256 | a8d0f90b4bf93ea6663ac8ee0399701adb7261ef6258d1cb54588d58117bfe83 |
| SHA512 | f1b00de1dbd9a98a9d0a2a777c20597953d25ec18573ad608de1ae098bc7676f88316e5fd7a4582c2d8781a3f2635514d1676ba9a46efb542c8537771f2ecdac |
C:\Users\Admin\AppData\Local\Temp\KIsAQoow.bat
| MD5 | dc5764aecc6cdd90b8fbf887de628bf6 |
| SHA1 | 3c09fac4c434bb21e766ee7e6b50249aa90783c4 |
| SHA256 | a793011fac5d0eb4795c4db8a0243968262c442ac4e1929b07467b1b7e70bdd0 |
| SHA512 | 1dbb6433cdb78c68a9b6a98c7e930d33328042f93dfd090161519998dce319343c7fb1ae0cc5f3782728ec210f1e19de37262ab88be0be7312d4fd852bce45cb |
C:\Users\Admin\AppData\Local\Temp\YUYg.exe
| MD5 | 50bb42b32546d38bb6c46f0d30e673b9 |
| SHA1 | b9f53b0e268d0535c7ac5e77a845b1d45a139918 |
| SHA256 | d99005a43f2ca1c954143a60d11e969214f56ff06b1f6edd007522a2f813d649 |
| SHA512 | a19beb1ab84492792b659e0cdc7a9fb7ec92df5873ee2c42139d4fc360c672bc02df968393670179da262ed52b7264fd51193e1eb2b2f4502376dc180eec8a26 |
C:\Users\Admin\AppData\Local\Temp\OkYi.exe
| MD5 | 7baaa9d67d46f56af760acec9557f2de |
| SHA1 | 4666bb534b0c7b6f21464ce2e04e32c24e5a2435 |
| SHA256 | d6853e2b5476f906eb302ccdbe5faf8b12f466709f41e894995d588eff5bce17 |
| SHA512 | 51e91d876d0bd1459b0711b2dd1c552ccea94a1f204465bb7e2ade5e9291b01628eb4bf3d3bf8d30e66be62a66bcd4748775b5ad7db74f5b40c28b8aae82aab9 |
C:\Users\Admin\AppData\Local\Temp\cgIE.exe
| MD5 | ad31a865a81d493148ed7c610acf33b6 |
| SHA1 | 2d7d2ca575aca571273e4957004808a7e422fc34 |
| SHA256 | 829655502bcd73e908a8b3a724d8d003bed45af346d5e7cb803b3a1b43685166 |
| SHA512 | 5c726fc5caeedf55105d43ed437ecfc56208baebc37f554f4db165b40f90298bd847dd5aa5d1775d8a569031eccb56b436be734d8adc87a4cdf57e3400678714 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png.exe
| MD5 | 27c9e2c3aeeb81787122ad7e04664809 |
| SHA1 | 0e32dc2caebb22e972acd1e0585c6773631da217 |
| SHA256 | fdc4ebf12e5f72ab4e52a11ff8dc4cd8558a7d3c9e2ebefb3ac3aa2795b3646a |
| SHA512 | 7bd73e1f2839d32e1cf7cb21f5c6b87739f6fc7a5ad6c8d08dd90ec4de23687585bb17220c97036d374b3d39c1ef696c37591223bf5b311375d8701c78f6ff0a |
C:\Users\Admin\AppData\Local\Temp\HSQcUAwA.bat
| MD5 | 87223074b727a3fb05d091bd7f5538ba |
| SHA1 | 8f2b545aff93b306d5794242888f52cc5d47192e |
| SHA256 | 28264c6a7bc4a98b3f7484225b9a8e9864831644e08189eae1ca13d629a05a3e |
| SHA512 | 6aaeb858392f5cdc21f78468f64a2379f97c1c0dbe1f1b25256fb35a7b70bb856b5656a5e11045c80a97ea0fdd4bc5839723e39b3ec912afd64fc1305f28dd55 |
C:\Users\Admin\AppData\Local\Temp\OcIG.exe
| MD5 | 070c342bad88bc78766742b6a0da42c5 |
| SHA1 | 88b308a6452903ae90a453d2991cada47c06b1b3 |
| SHA256 | 144dc7397533aef9afaa4b499ec973f920304b3a987589664fdaa3e76d250edf |
| SHA512 | f02fc9a0f650f1969af0b202cd05ecbd9cfda11ed6bfa7c2bdb9f31ff0ed62d6efbe3ac36ff23bd1ea7636d9dd71bba1226adc143b2bfaaba9c72baffa10773b |
C:\Users\Admin\AppData\Local\Temp\KsQO.exe
| MD5 | e8eb43cde68ba3062c12376728f71820 |
| SHA1 | 682133239d9a6c628edb6ed19414029c94ccdf2f |
| SHA256 | 23f0eb7a8455d81f7e49057d0fe960c32bae175a217e76233bdd1fbf7defe3d1 |
| SHA512 | 51264fef4fa3b40f9f9be37f2b15c66a469f380c9c1f74db9294cac0467046eaaf54da89ec6885fb8b08ed6ab99fd2656e08bbb32f75f382912363108fd67c02 |
C:\Users\Admin\AppData\Local\Temp\accs.exe
| MD5 | 5885d996de99529073aa09da9898b708 |
| SHA1 | e3c39b437a3686442595142aa8c2e7bf6cdcccdf |
| SHA256 | 31b7ecd6fd34cd4ed4c803b0979ab00f1de01b724802d8f1f8241efbc3261577 |
| SHA512 | 64bcccfe2ac8dfd9ceab95ab2f97eb1ec74cf446a09b5780964d50c403b404909f9763e9b908b7c43a129b3923f9670fb785fb5161bbe669a646f70af2ffe8e0 |
C:\Users\Admin\AppData\Local\Temp\BuokscAI.bat
| MD5 | d49510d667d8e24faa2f626718869fc5 |
| SHA1 | 5e4c2854640d4692a3636a16ae8cb613438dcfb3 |
| SHA256 | 839a5cb544223b8ab837c9612c41bc3b5439dd5e2ede5c36f07bfcbcd11bf7be |
| SHA512 | a9ab05866a80a3247f7acfed70aebc36ec6c0503277cd29c7cc028b0a598ff1a57df579168f87ef3764961336b089065fbc5f41ee36acb98c6e0b122ff39b4b3 |
C:\Users\Admin\AppData\Local\Temp\LgsogEAY.bat
| MD5 | 5bbddc4af37451201b33644d6c13844e |
| SHA1 | 4b256fd1eb1f8d865e6a307683eec7304a6f0961 |
| SHA256 | d0d6b7a34656dc6f4dd0875ebdafcf8f1ae977de0a245673725ae1bc9643d1ef |
| SHA512 | 2fd3f144a28eb575e19085b62a286f04767a18af12e73e90aa0cc07b476490edb042ad0bc1f61d56f898fb93660f81608812090e13dadebf2a3ab001db4d2adf |
C:\Users\Admin\AppData\Local\Temp\sQgw.exe
| MD5 | 760159017f03ddb1d8ac78cf11714e5e |
| SHA1 | 42cc8c77f46e8702db568d58fa7c7fe998d74cdd |
| SHA256 | 9d1e2a047ad83a718ccf0e2a950111b336125976debf6038077ff29db5b305c2 |
| SHA512 | 4abeea458fcf5e2a765c971a90148dfa8ae1381feeb23f6a09978dda0513d086af3b8dfc9ce72d00c8f105ecd16e1572eadc5cb83ccf967eb16a13febaf2b618 |
C:\Users\Admin\AppData\Local\Temp\IAQe.exe
| MD5 | 023fc5c3381973838c08c88c6667140e |
| SHA1 | 72ea235f3fa8a2ab645d7158c7e1b6203b1b36be |
| SHA256 | 19eb5de6501c75b412c3bc8674ac4972b317e174ac4f22dfabbe349fd8a57477 |
| SHA512 | 2c614e751163f70392e89d31fe09341ea1b934372516e186ce1af3ec94a174bf2990d66fa6cbb464d1d28f13a2cd97bbefe6fd26dd119799a9c886692a0d7aea |
C:\Users\Admin\AppData\Local\Temp\sooQ.exe
| MD5 | 16aad260843e7ae44efaf3c009ec1208 |
| SHA1 | 09347398f49b876712999e0a98251ddf16719ec8 |
| SHA256 | 97d8d6a13dc5945d5fd77c6b74012465bb4f6e200b06d4d09f950d635521dcca |
| SHA512 | 7e873031a5fd2159aba821ab8d0c20c54d6d4dc68fea85b219b95443efc552afc69f6df0e8cf67dbca96a3fd7ec75c79fb26bd09913238e124548e98ef2908c9 |
C:\Users\Admin\AppData\Local\Temp\RMQoUEUQ.bat
| MD5 | b87416f41edf3dc3d803f5c76c33d3b5 |
| SHA1 | 62a2d7be0be249d7a2d38838300aaf965b744290 |
| SHA256 | da1fcc3ab97e68df000dae41efe40245c8afb35855291b04cbf90847f916a042 |
| SHA512 | d847d3312c9088f8f87cd9439efef5c0222be26b8148b928a1e3bea3662cd8a503455c107c8c729d3b393fdceb4056cba3f60a1e46a2e2f73365950bde6e0d85 |
C:\Users\Admin\AppData\Local\Temp\KwEu.exe
| MD5 | b8df7eef1a40e801baf692da6795bd60 |
| SHA1 | 77fe45220c5eb36aa198e0293488843f8573cdc0 |
| SHA256 | 2b9abd23d5d58af883e33b0333e7ea0e8acd023a8b7ff9a25ec34030c712bb6e |
| SHA512 | 47a3d7bbc503634996c46aa660f1f2589fa6820a423a550de0e1938d2a82ce9cfb401be094f30c89327fca0877801524d1787412b04aa64d3324eb736871cd42 |
C:\Users\Admin\AppData\Local\Temp\oAIW.exe
| MD5 | b797fa11e6477ce197b0ce23adf5e300 |
| SHA1 | 6bcc2e5359e27e88f8258efec79808f62e7688aa |
| SHA256 | 8ce6cc6129fa72a31939dc6bf9b9f1357aa89f15fd7ebc7751110f9f3c973e13 |
| SHA512 | 8dcfd0e6934db21c59ece3603817f51683db827b78dc65333309bfcc3c6fd77c6c919789f68f3951e29dea6b6e672bf67a88f2dded13a744fe250863b8165bc5 |
C:\Users\Admin\AppData\Local\Temp\kgQU.exe
| MD5 | 22792798e916b3a9b9af663cdabb20bf |
| SHA1 | 4451fcc4dfff4622841663a97c08b16ed4c1eba9 |
| SHA256 | 6e0fe6d9da8b590b4ecee238b54626c06a4221043da8ef337efea4988dcf38a6 |
| SHA512 | 9c0b2babd58584fdbdd1ac6d0f0d984537294c38777cce24b15a4aea824c5373ab22fae52c7b584fb4f637ec90ff54417531efde9a5a0dd99a1ba8ab2da52044 |
C:\Users\Admin\AppData\Local\Temp\LcwQYogg.bat
| MD5 | 7a62bd1e6cb810d9bf4624793521d91b |
| SHA1 | f23cda03a712bbe0402df6b19d62d98f1285568d |
| SHA256 | a088ab60ae1b70eb791e11b4a42e7b52b2b92653922c3b73f1cd9615837c3705 |
| SHA512 | 9765f7fa7bf9e8aa7f0d34fe6829eb4722c56d9ebbddb32dada2cb3b2a67b955582b71c1e628bbc009533207726781692cfb11069f24aead4af2732b576d73d7 |
C:\Users\Admin\AppData\Local\Temp\QgAG.exe
| MD5 | 8e739809e0e04753c26c730b6fc6e211 |
| SHA1 | ee44aa1e9fa59c28874513c25fddc410e6f0a97c |
| SHA256 | 9e3315999e26d8cbaf97f7884a430397a83b338fa5721fc2ae0fc4747a22db1f |
| SHA512 | 12ecd03cc7af906af09a190eee16fc8c2b48d615947f9d2ed272100ca10baee7ab05cfd40e6c0ba2b26672752814fed530547dae3c46410a87a23329c893723f |
C:\Users\Admin\AppData\Local\Temp\EscI.exe
| MD5 | 635014a3fc05b5efaec1941e3e844afb |
| SHA1 | 4c1f6529ef1028fa0d163e456d2c9d2c01c2d06a |
| SHA256 | 204fc5459a6458cfe8e1951e5c5a98f805d997aded57c7cda1f71bc971b18fb1 |
| SHA512 | 51a629e728487a5911cdf6fd7a74c25b426eae377d6106d613c57e393b534bdf42ad3d551bdb7a0da7a2f1c92477229b578ed51579b090d71bc801199e8dec33 |
C:\Users\Admin\AppData\Local\Temp\SAUO.exe
| MD5 | e6f73d39add4eb7af43d22da22c11be3 |
| SHA1 | d9b98c931dcf68f72c9db703bb067793854b4785 |
| SHA256 | 08a755512d00bf05651d528bbad665e5f0138cee5123aa04dd92f23b460c5196 |
| SHA512 | e08514bba2f2baf793cf6b92c21d9c39ba8724a03298eb850dcf7600b138cc503e7b52f3020ed25d281d758c0178702173f054d6416571df39712ac024cd51d1 |
C:\Users\Admin\AppData\Local\Temp\MAce.exe
| MD5 | e5d40591f4620396614699193b513d19 |
| SHA1 | 006a89b7e79cc71610c003d902b93e90f87a61ae |
| SHA256 | f4efede6f416cb0baceabfed02d268bfd02005077bc878d2ad8d48b9b27535e9 |
| SHA512 | f0dfe3ab487031ee20f3df2446311c05aa2148b130b62a9cd0c5f6fe5a31334a6d5a98d8fa6f0a9fd198a5563ea111dcd6d09f8f33223f6eb1bc434dc1c96805 |
C:\Users\Admin\AppData\Local\Temp\isUAscsg.bat
| MD5 | f26e5f0ea9dfa8ac789943cb6210f3a9 |
| SHA1 | a55f75a60c63c57ab2f93edaeb5796f8ae580f35 |
| SHA256 | 5ab8a57538a1cb8a0caeffd084e0c884f7fc44e72528d690c3ea5534c63fa49d |
| SHA512 | d38d5d12c0b78b1f640b6bf3f51e2b044a56908aae5f5761cec7bac42aef035d808d92ccab6ba9a8eecf97cfc65d6dce4715b277999f95558bd00d33bf8b85e8 |
C:\Users\Admin\AppData\Local\Temp\OMIk.exe
| MD5 | aab725a91a56e0feb789e56da0f4f1a8 |
| SHA1 | 530724248b687cdb8f5d0eb7d485aff2b51dbed4 |
| SHA256 | 4aafdedfba33a7dfa47a659b24f1c4c1cfd66264018c5da05d755638f257ca9f |
| SHA512 | c915eb751ec14cfeee341f4b8f7393eb1b6bf2110460d5a766a310d0962aa86aabf5b313e037a26f56ab6c5cb73a5c4f6604c8c7ecdbf024d5c1651340cd4899 |
C:\Users\Admin\AppData\Local\Temp\Ecoo.exe
| MD5 | 0bb2a01dc8235c64b057131e00f2b21d |
| SHA1 | 37c86ec46ee6c66174e3c3ed63ee168b49deab68 |
| SHA256 | 7757f300e66d21d4f5d55cf336acae76403ac3bc3f70f8df74254732d3e9cc13 |
| SHA512 | 5cf21547ed874652cb90888cc2b7b27ece0ccca267e95c8a8415298adb7c3a980a9debaddc87403809dbac91927ccdb7bc9da57b4049208dc23c5bd1d6a0b151 |
C:\Users\Admin\AppData\Local\Temp\OeoEwYgs.bat
| MD5 | 8055202ec72f60d9e83ca586c38f7c7a |
| SHA1 | 370af1b7494a0d1d3de26fbfe10369b38d525b61 |
| SHA256 | fd90bcd865afb4c01d034602981bc26c934df1053a912f0bc9f4cd5f1f334f97 |
| SHA512 | 5efb743ce3036224f2eecac197e6b90b71d2ef8a9a9dbd8c832a941d7af149329ac3e81747cd1dbb147150a51e527bb264defe773a97d1d74278df3a1111e2df |
C:\Users\Admin\AppData\Local\Temp\gUwe.exe
| MD5 | d12a370fcfc6b336cd2362ac056a779b |
| SHA1 | dab00494111f3ec59349098a1f38f740f832654b |
| SHA256 | 17b9ecff56cb65394a6a5d62cd90849b634dcbd840cfca7c1d1a3438a40ff847 |
| SHA512 | 4eac099ce14fe18eaa3615ba417c17de897b4c527122adeda568c883a538f174c3577e37092890c7e06248bced3e524fea0ce58668edacf64259b65161f0fc67 |
C:\Users\Admin\AppData\Local\Temp\YIoq.exe
| MD5 | c3ce0398c6e6b9a6b875ac7f7c9f137a |
| SHA1 | 4378ec82c191881feeded9277a85486d20558149 |
| SHA256 | c391c61234522f985ae5cebf1bf1810a0328ee47eafae20a3492e9a3cace8e43 |
| SHA512 | 8f1c3bae9231474192b1b8fc740fedd456274f44c6436029487ffbe4a2434a1b6059daa8b2b6a429c7811b9c92b5f3c4dbe26b5d6da5195703305fd97a58c996 |
C:\Users\Admin\AppData\Local\Temp\sUwo.exe
| MD5 | 960f128556f9c3c5f85a6632f46f7999 |
| SHA1 | bcda23e39dfe0f5322406d45470069103e4afa94 |
| SHA256 | 8d8173e82ab630ddb602ee88c7e1ce09e3f8f13ab2574b7c3072adb3c1585b44 |
| SHA512 | e406f68eeb3d7c0f848a89ae8d62d3db5be6064078a6bab03bb5da8818ae40793537b7024ffc0d1c637f9e8a55ee2bd6a35fe72a80d0b484e42a4427267d159a |
C:\Users\Admin\AppData\Local\Temp\ywQS.exe
| MD5 | f1bfdc61046245d4ba1a897ef26ff099 |
| SHA1 | eb0f4c9d90adc12462a1aad516a78e3837b590a0 |
| SHA256 | a6229d6e7da4276cd10eccf5340a0dfbe97b5c6150d83782cc1a6742a2e794e2 |
| SHA512 | 15a654bfbc3668d944d56397dbfbc317d1dc96e661b51ee38a44f773f7f6ab56038a4ce2284cfada34abb696b70e53c195716734247542ce23d3ac4ffa2870d9 |
C:\Users\Admin\AppData\Local\Temp\YwcQ.exe
| MD5 | 268e50caf68ee516a73dfe2a969c4aac |
| SHA1 | ac5d8924ca5eac191666a34ef68ff5219847b026 |
| SHA256 | 56c62b2ec0291e07398742de0b49c4efa18a3599394870f6d326a87b0cef44a6 |
| SHA512 | 0ae711019d9f2312d1d7e704aaacbd5de82231c379aeed89bad5f888050c5db163d21926d675cdc410ee6b025f26f98c39b3ce7611293dfae7a7e4ce850ad903 |
C:\Users\Admin\AppData\Local\Temp\OoAY.exe
| MD5 | d86346f5e7c1a8bb495d5b95380eb940 |
| SHA1 | c442c22913060658fc23099094e129dd6bdc2809 |
| SHA256 | 7f99cd08633a1ac3a56b928c483354e7378885459de9ecbc26a1f09358f9f59d |
| SHA512 | 37f954cb37a6f5c17c23b9d429bbe1a595c4dcba05adb5b21bfea387d0bf712b349209ad451f2f173715f5bda9ff717014bff4d894b98ac472952aac1d06003c |
C:\Users\Admin\AppData\Local\Temp\uMMYsQkI.bat
| MD5 | 5e1f5aa12b88e47393d59988bf2ee0d7 |
| SHA1 | 1f92bd4fc760c1532f2497e68ab61405f0b46d68 |
| SHA256 | 3a4ab79fccfb8d909833c0a312cb2bc4abcee8bc83294de0f58d1d0f6c8771e4 |
| SHA512 | 72a7810178f63e53cad724e58b6a10c7bedeb98716a4516db82fea9631ebc5dd5f15da43626964c9fa081a88cb7de2d2db0d2856978ba5fc0e7a890ade856f7c |
C:\Users\Admin\AppData\Local\Temp\MoEa.exe
| MD5 | a92919dc92ca5423d6ec3bc80526a388 |
| SHA1 | 9643e189aa7d622f879cbe046c6d50c25636c057 |
| SHA256 | 9c9697cd23f88f9f317a9199719111bed80b046743e33f0d38cac01a780e067f |
| SHA512 | d34606344e5f85568dc54510c4cf2f91806989f0ce45f37d67b7d3bd4067390b98572ebd91caa7b07f1d66e3a55a997795f6169bb4b2a3a7f80a970da764987d |
C:\Users\Admin\AppData\Local\Temp\OMse.exe
| MD5 | c466247c62640f49f1d865f436ab70e8 |
| SHA1 | 47e45b6ffc302f3858cdc2fa482689fe32db5d41 |
| SHA256 | 513522a6fe2b6fb6876fdccb789f62fcffdbd52421bff3f861189c9471aef23d |
| SHA512 | 2f9b487aed6c96c7c2176fb7be98302c5b1050fe56fabdfb2a19338072718e7de5adcbb503919e3135568194b275aa43e839f91823dcc3aeaebf5e443b6b3f78 |
C:\Users\Admin\AppData\Local\Temp\KoIc.exe
| MD5 | 3b8a836c5c5be4ca2c87cd48201c45d7 |
| SHA1 | 43761b8aed1ab6ee49565dc1995710e34807470f |
| SHA256 | ac0ac564b303f510f8038a3c56b1c7fbe2ac1be9817fe1ea528a771d3a409d61 |
| SHA512 | ae57837a3f1ba83bc938903863f50812c3b46d6b90a873827fcec4531113af38da31913396832674137f1e1225d89d227c34b85ca42bb5c2032f9a1f062588d8 |
C:\Users\Admin\AppData\Local\Temp\UosO.exe
| MD5 | 6d0661ee78421bb86bb3d04289e78180 |
| SHA1 | 38662413a80c2ec0eba2318ea00ca328cf994450 |
| SHA256 | 383dbcc29916d19ca4175961bf960fb5a5a707162fd360b79b1cda8a4c978ab2 |
| SHA512 | 8f69d2d3cb1d226c969d25f4583438c6e715956237daed0c1adf8a24a774fdb988a99c7a35c4448fb61df44b6ff79a3e9a3c3def738fd010eb37432a1a6695d7 |
C:\Users\Admin\AppData\Local\Temp\AAkW.exe
| MD5 | 91a71c8dca6406faf6940165c3a01402 |
| SHA1 | c149f855763a88a53a091f3b64038ff8ed1310f1 |
| SHA256 | 670bf3c474c4a42db5eb92102b7fd48f985e0fcd93b1ce6c2b58c1ce8b8fcd2d |
| SHA512 | 719afff3a8e295042c33fed914494006920dd3fb0a22e924029b9336f57117a15737260d8781bda57f898408c30375fc9cab29db35c5b84a47451d95c6cd89d6 |
C:\Users\Admin\AppData\Local\Temp\ucwU.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\yIsY.exe
| MD5 | 0dde2d9d36509ff983eef82dae795692 |
| SHA1 | 6e6478249877f9773252dee622578e55eb0be77a |
| SHA256 | db650572a5247bf856c90217e9c732476284ecdd3120be3b63199a8d9700c748 |
| SHA512 | efe27fc4ab497a352baf4f8ed18bbff77bc6cb469f969aa8068b17b5ae8e44ddaf98d8910575306467171b6bc073e1e9f932051fbd432e8791a4bdab1a33ebcd |
C:\Users\Admin\AppData\Local\Temp\gQca.exe
| MD5 | b82e574b03897c5619a69ed5da55fa9b |
| SHA1 | 8ba7921bb9b159dd42d0b813c0a77894e878c7b2 |
| SHA256 | ef16fe8c9c94ca70741b4c5375336d31f5424b5192d88238891c7e6f3ef2cd25 |
| SHA512 | 34d2f9cc59c453c74fb086a922f143841846770cf687735bf58dbc3da28e5030519a315c6ce8fb1900c7a19227c60c3ec124304c407e48a015488ae04a12ec2e |
C:\Users\Admin\AppData\Local\Temp\bKMsQYgU.bat
| MD5 | 3ebf22bb2218fceede8ad75e6f157885 |
| SHA1 | 2594aeef1633fed510787283e63a9d1bb7e6f288 |
| SHA256 | dd292c3c310fd034dd62758646cc576ad48a1cb02aaeffeb63c15aeec04e13d9 |
| SHA512 | 2de542fa10d813c8bbc222043893224604b7aa30c66e09a3d440e77fc52e5083ff63f07dca3408f94e8194b8c7e81a7ce89dc726fbfb8bc9a7dd26262cfb6e86 |
C:\Users\Admin\AppData\Local\Temp\OsUE.exe
| MD5 | 9caaae22892233d4bd930c1d966f0304 |
| SHA1 | d5616dcb526f9dbe5f9202c09570a69abd981d03 |
| SHA256 | e7505baca9d79f48fc4401ce28aa2f34a978927f139713f83a306d12cf263624 |
| SHA512 | de8682b90fe8c55fc7fb3e97c9f7005112e1903ac8e4d2e95646fce0512fd06d68738265d86458d1fe88d8aa57cbdd349d47fbebad2373a1d02c90fb0e4a2129 |
C:\Users\Admin\AppData\Local\Temp\MsAs.exe
| MD5 | ab26a25c318a23caa8820763bea830e5 |
| SHA1 | 46eadb40661bb6035ba9170d49446ab7d72f9730 |
| SHA256 | 9d60d3a585b7a65ba4eb0dff2938c5d0dc82bc310787ceb64d0c765a91aced21 |
| SHA512 | 1e4441134d2927d41e99aff5c82ee423245e068221d0b5c00f171770e515c05963c2b0b2357dfcb9b90b46b5595c0c5920c442a97b36d6dcca509069aa02fd61 |
C:\Users\Admin\AppData\Local\Temp\sIQI.exe
| MD5 | 9de7a624a08239e3d30771ce777ab755 |
| SHA1 | 2d56a3d44ed27b31a688b8e3268d50d43f81e7f9 |
| SHA256 | 3d15741cd9d180cb02816d4c4540175315289484f35b80a22040687a22aa9f3b |
| SHA512 | a57d06b2790ef5e1bc43db879d02cbf961354ba68811e18c413cddf8d2307fef837e1b2d507f63b39131923fefc50b61c992f1820faca31d137b0ee79507c5b3 |
C:\Users\Admin\AppData\Local\Temp\VaQsEkYI.bat
| MD5 | a2c1b2d030a930156b402f4add777769 |
| SHA1 | 1c814d33a85fcb3d6a446d9bd83557cde67dd95f |
| SHA256 | d7cd7b63848c0f2afd54aa0ef13f9e8911a0c3414327accf9b81d0971685060b |
| SHA512 | 49f00827e3c5e86f49dc59843056bbe3255ec691afc4ea4785435deacbca22ee09a14b6b90a61f6d3fc940c01d2e7ea305a8f1344f45ad5023a150e6a96f52ff |
C:\Users\Admin\AppData\Local\Temp\QMUc.exe
| MD5 | 6094ccc612f5574b06d04a43d071d6e2 |
| SHA1 | d4f579bd188dd8d700ca02c71ec6d1a4163bc2d3 |
| SHA256 | 3a3777c0de33c111dab458cbc1bdfeeacca253278453e1dd7d6013f3a86d5dbe |
| SHA512 | fb9ac13bfd2614c157a1b6ce3c8f8b68d02245f73fc6d4a11f6ab2ff1f7c96d229f8f2abe34846bacfc420a829665d25be21227bfbc286ff678a0eb54e5e88f7 |
C:\Users\Admin\AppData\Local\Temp\sEgu.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\kIwS.exe
| MD5 | be8c5108c1a56e94b1bd92c614e19811 |
| SHA1 | e0e5f5f7e00f2e6e771d994626a920a2bc662c87 |
| SHA256 | a65b14a648a21daac960acec941b0656b24d73d6248faa32b25cc17adae74490 |
| SHA512 | 249eb63abdd18330e575098cd9273848f6a32d45d9a37830d388bf1663e9c78a96eb95917fd8f7450c9321481785839f6a7a96ed138aadd3bfbe03bd56caa50c |
C:\Users\Admin\AppData\Local\Temp\ggMQ.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\EQAo.exe
| MD5 | 378c8a3640057566e696f9e9b825a008 |
| SHA1 | 29969c2f28d715bdb5ea8eadd7236a5f479bb1d6 |
| SHA256 | 407f9f6d279e2d9da40f89e16f4737f103542dd8c51812acccc669252cb4b7bf |
| SHA512 | ab6a084fcbf1a699acd73f36af62cef0902a69c6be4b78b8f8312d0341db1e4dbd7b99b7ca56ded1e196aba16ade5e910ab7959ca7a92f18a5157851acebae10 |
C:\Users\Admin\AppData\Local\Temp\ckkA.exe
| MD5 | 587563484a868707204a0ab80e898fa0 |
| SHA1 | 9612d1f6f8a452967f5e11103c964def7a13c43c |
| SHA256 | dcd376d8b280627ea99291dbabd55315d52b5044ebac47f0d0cf9b3bde1cd9ee |
| SHA512 | 74363ab725851534602a60460907a89f4f919e92893a00a647db6700d6caeaed30f9afc8ea4f96be1dc5fcd0a4a0ea58d0ca4d2a558919d0b788555829a24aa4 |
C:\Users\Admin\AppData\Local\Temp\PEwIYEEU.bat
| MD5 | be8cd87faee098ba9fb98c0361d14a52 |
| SHA1 | c6a8f0d8becd7a126128d89d9aca457e5e5f968a |
| SHA256 | ba342329989cb88db9a52709f2ac46ceb1ef74c2aa49f1a7067c07dfc990730d |
| SHA512 | 52e3540ba91d13d9e3c5089d6e8a04acf3071e2baa45f58007fa98ff1b9a7c5d154faddd24ecc9ec77befd1889258d3d567c99bcabf7bd00f7fdf49ef8905bdc |
C:\Users\Admin\AppData\Local\Temp\AUQi.exe
| MD5 | 23d5aea5a0e4e76080bd8a98161a340d |
| SHA1 | 1264e8c7a2a7e42ae1890fd180af899c029afe8f |
| SHA256 | eef169c3bf60a38e3971119b238eb8586524ee26d817a86fcb9d6a36b2835340 |
| SHA512 | 5d498816c2cd01d0898e85b8f5b284cc01da5cf8499def72f3169b4a3432bc4e0711cbd38098913fd811eda01d0da8e442e55cd7aa84672304e9a290e29fdf3c |
C:\Users\Admin\AppData\Local\Temp\AoMe.exe
| MD5 | b6f49f08e05e57e58d5012ee5a3d195c |
| SHA1 | e0c518d793f88df0801a68f3ae02e54a2bdd4e20 |
| SHA256 | 1a982764f565b27e5efa6bee6246404fec8a1feb8643fb36c70ff1d1dc5d3cf2 |
| SHA512 | 71df5bdcb521465f52c8c792e2d06807f9288395993efa87aba7f0aca19e10fcd44182072b277865ce418cfe07b34ec765609791bf7041c39ca928eb62b5d1af |
C:\Users\Admin\AppData\Local\Temp\ykYE.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\KIUo.exe
| MD5 | 371945c7f0b2d600c35d04beca97b767 |
| SHA1 | 959f241bddb850835c52346301cb11f9cf78ca86 |
| SHA256 | 6e20dca2d2714cd0580db3e2fb6bf51ff60a0ee9c9384625fdfcab49ca100455 |
| SHA512 | 82dc40e2d486ad83fc9f207357b6b1ca1d49d8ea935a474d53279016db49edf8ec14dbd7693e559e3fc38e5fd350eabc7218ed12237a6b35f4289868e072d22f |
C:\Users\Admin\AppData\Local\Temp\sIwe.exe
| MD5 | 4e992f048fc7679f8be929f6ff284feb |
| SHA1 | aaf3b99e3eadfe0e5119abafb25dbdf765e2b749 |
| SHA256 | b88e6c9e3194cb1f11fa43e5f9122dd13d691d4de24f069c5a7a9a18e50fe708 |
| SHA512 | 38a95c5c1a18df2b6ed297ba18cf16233fcec90e819bb614e4f48647136d4d4449c58ffbbf77b2090f79ac573aea91ab0880c1428df2fde2497b10e1b0c89205 |
C:\Users\Admin\AppData\Local\Temp\LgEgAEEY.bat
| MD5 | 972079f11061399405af4d14b49729f0 |
| SHA1 | 13ace32d2baeafa42a565fedf1f138684774f75b |
| SHA256 | e0400b4550654514597edc8975f1aff5dd8a78dc3524a0da99e3aeef02229c79 |
| SHA512 | e7e9caa3641bcf4d66053063d1b90c3984d35f18d3ec23a5d87d0f0225b6218acbbe70cd0747eb56c912c9a615ab4d51526f671cf5ff3b62303072f434d52b4b |
C:\Users\Admin\AppData\Local\Temp\ycEI.exe
| MD5 | ab586e5272ca75aac0b63f05fbe54054 |
| SHA1 | 5809d7263387f8f583f3a5a35cc9d777ec0ce5d8 |
| SHA256 | 174506e8de9f6d03eaa9885f50ed1baf0a3f9d045eaefc773638a46baf4d3237 |
| SHA512 | 442b91e0af0afce34b4fea1be63a99ef18510e73ea1b066a827a8c0fc92e01148b910c622dbf5d58de7212faf8b607201401d242f0985b90b97ef21836551d53 |
C:\Users\Admin\AppData\Local\Temp\EoMM.exe
| MD5 | da9b703af29e619423394325c7e961c9 |
| SHA1 | 3f9eb379c4ec39aef3e8542b10b5dc28e0450786 |
| SHA256 | c59bb8b31a3ec4df2f4e0225f010c85cdf479b9f075379ad1317b00ab41860d3 |
| SHA512 | 0d58b48895ee8f0ace14d77df7cd2160efdc5d426716efea6561482dc68850d36261e8dffa9b14c1b3340d99e8687b1b214cdcfca6a2e6a84b5cb1d1d4ecafbc |
C:\Users\Admin\AppData\Local\Temp\gccS.exe
| MD5 | 4c011b2f2feb468887147b280e7fac66 |
| SHA1 | 083535b57aae4863af820f469bac277481255123 |
| SHA256 | 3545ed0bf1794b02b418cb9c20ebdb619eb68e19b4a3e649d121fd5b6d5913c6 |
| SHA512 | 6d9af8c170ffe3b23fd2e1f8bb38fb27f163c106d184d115e4d9d41652691f327dae14ac2a521882e9357bd1e98a291fb443a5641136bca956ccee91e191e0e3 |
C:\Users\Admin\AppData\Local\Temp\HeccYwAY.bat
| MD5 | 3abe569004e18de5f41e3c887a30982f |
| SHA1 | 379939c69e5f5a23b8e250570d4cac7a5c9f8bf7 |
| SHA256 | 64e8c336ef88ae6db551e6054731e9aac347112f8be28a5b13495ab5c33a3dbe |
| SHA512 | a507f56bbcb0e0e5eae6973cbc1a3454714afb3883db33d0c113927def61f16e66efe3940ded569fb1c28e58d2b24fed27e696e10ce73d8533a1694daf1406ed |
C:\Users\Admin\AppData\Local\Temp\ugMC.exe
| MD5 | 289efbea8f81db76771886b8b40a640b |
| SHA1 | 4cfd898094d096cb6a0cf14a6755198de1d91303 |
| SHA256 | d1ffbeda27e0ba090ca1dada7036214ccdeb64aa2accd7a4fc3e62b8c8bd67e1 |
| SHA512 | b8be5cbecdf9214a3abe426c9989ea2a40431c7b5be84603dccc278dfe3ab5ddaed05112acb73b8ba008b1505cb60377a99da0d1b4e91be53f02ae52d506eb54 |
C:\Users\Admin\AppData\Local\Temp\kkEC.exe
| MD5 | b2592ccb5cb3f930e4e332a4b9e6a24d |
| SHA1 | 09e8883ef036c702699b3684f8e84ccca7610a01 |
| SHA256 | adeea8cb249f6024dbb381e51b26819e74219753a5ae05c54100b8b5cf82bd63 |
| SHA512 | 86b2d566658614fe20b9cebd36e10ac0ca1e57e9e32d40d32bd6b17eb9edfb57bb6cf882c13c890af09467c8617317bc26854287bf1afdbd7e844d4571a36766 |
C:\Users\Admin\AppData\Local\Temp\KAwm.exe
| MD5 | feafc5d62c387e54613b97767ca3214a |
| SHA1 | 52704ffbb712d4295733d8b08a169b1468b3b6af |
| SHA256 | cf50ea7f6d779543c2f36d69ce4b077c9b32a0c1f586b5f26a0f1240af9e9204 |
| SHA512 | e738670cb2400699975904f74092cd7f71f5fdbdde7c919833b6635eb2b2dcf9783b07dda92d4853114b287dceaee58904949bdbae85551e7c64f60ebd48db25 |
C:\Users\Admin\AppData\Local\Temp\oQMwccgo.bat
| MD5 | f6970fa523f3da9adee6f4d81d7109e1 |
| SHA1 | 3133a42c55a353c02926698d2e5ef6373fdd019e |
| SHA256 | 4c7d35e0e1fc0c688d8ed5f4b2557fe70cf228e0d6cbec955f3377d1ebc7e21e |
| SHA512 | 68c44199f5ceaeebf9e4659f05cd6876fbf400726392de53087b30436d7e35eefd0abf3b00b4285cb312749de8816008b4790fafce6af061d2f7a834fcbc9c1e |
C:\Users\Admin\AppData\Local\Temp\eAMk.exe
| MD5 | e85264f7e847b5ec2280a5b3b4530638 |
| SHA1 | 58a8eeab15a930fd45cd8a2b518e56cec2a04059 |
| SHA256 | 95656ca5912a4ff8093a748f7cdfede72097679ef8286c1205dec92a111edeb2 |
| SHA512 | 7f90f395f775aa83fc662089b940e3d0277e99d01f38bb7d51327e591c5da23c1359e8e2a9e78a2af143ffdae2d08476d85776458f3d6ccd8e1a976fa45a3e33 |
C:\Users\Admin\AppData\Local\Temp\gscQ.exe
| MD5 | 8cd8012c02aae5b9b03e167cdfed53f4 |
| SHA1 | f2afec1d895c114a717d27a0936048ca6b3c4c24 |
| SHA256 | 3a6fdfe168e5b229d32dc4de7a0715ebd1c7376c981459625e76df5115a8bc3b |
| SHA512 | 8e712ea7c543e9790ff4b55345a4a6ca15c62446482cede017ca52342904df7113b1e6417e875f8b0282163a9f016a0a3ea70e341057f2145c1dc69ae78049ea |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | 278f169c42e9c6ca4861641e21b56260 |
| SHA1 | d4700880904b2f67e04f3dd69a4b03fe7874883a |
| SHA256 | c9c7926e31fc8f110f925f1b51a43017cef950806b4b1d5f6f1f8350380b4315 |
| SHA512 | 3c0ab9e5fbb85a76a7dc059ce98d8553e52f06b62198d181ef3f830e9cbc2c8c77702f1fec2713c92e7a55f01e686d6f3d986350c3349f01cc06ae77e41ee5ff |
C:\Users\Admin\AppData\Local\Temp\MEsscAcU.bat
| MD5 | c023cf847a8946385d075d2f6d466734 |
| SHA1 | 8e8c2cf659878e5677ae7ef4d3ad3e0e241d9766 |
| SHA256 | af01464436616187ec2f761f663808a032c31a2f66c859de9a5d7fae9c362380 |
| SHA512 | 42ebd34b80ad343284fc9ebe4480b52c4acc5a9379412924982f43428f7b431237795ae60b5e5d3f3907f7b902be38442a92957bc06914388ff8acf6c2a3ffd6 |
C:\Users\Admin\AppData\Local\Temp\qEww.exe
| MD5 | ebac3a734089cbbeafca4d1edf2fa8a9 |
| SHA1 | cb0e1d718a2aebab3ec67ef5f6812e90ef9ed5ba |
| SHA256 | 3c70da00eb78a9d2480a041ee3c2e58c51686ee2e66977f23445e98aabad2169 |
| SHA512 | ab1d7aba452839ddd1e2f425c660fc07210faedf352ff9b15e8dcb5be3614ce174915b97ced5299165ef10775b34c4d8deea348ec511d55d18d3a80d2ecaba9a |
C:\Users\Admin\AppData\Local\Temp\GEUe.exe
| MD5 | 6f515b022154bdcbfbbdafee15dd43af |
| SHA1 | a38d22958abfe592cd4b8e537211721a2a04ad47 |
| SHA256 | 4417eaa74a208469fe1a3b40d6a85af6251fcd6127a0d0120035e73cf16e9dc8 |
| SHA512 | 268122ada9503e88f3e2feb4e2947c41e00e723628ffc2caeb45424c0dc672ae4a09dda9d76a346e05eb8510fdbd0f4dfb6c4c9d0581e60cca43a419a4ee005e |
C:\Users\Admin\AppData\Local\Temp\WSAQcYwI.bat
| MD5 | 26b276b3ba4af5262e8a809c3a38b38f |
| SHA1 | cade735f454fca507bbc355202520d2dacc9a630 |
| SHA256 | 9482b6847b38246fc64c073f6ae1377048739cf72a40b7b4ae37f68a1809a8b1 |
| SHA512 | d7a68ec6ee2bb7a450960d234988805cd7f1bd09801812362188deb6c476654645f8a3affd681926edc48af000a68962c0cdd3a0b3410b3b3597f21847f1fbb3 |
C:\Users\Admin\AppData\Local\Temp\KMkU.exe
| MD5 | d92d3105bb019ec48dd8a8a0c286e803 |
| SHA1 | 4a08f9d8dbdc1decc60447f76b9121b4126df9ff |
| SHA256 | 34f8ad08be99e89b8a8f30b7cb06d6405dde5bc0ee95a0d6b9b73db47a00f0b7 |
| SHA512 | 8bd690d406b97a9b0b5a496275b1b754d7188b85341c4e0325b2a64c073a81a1a3008b6d5b9b01b15c958578f8f05152027112e96cc4747e87955c8da9ab5a96 |
C:\Users\Admin\AppData\Local\Temp\YYkg.exe
| MD5 | d991bf9d607d29e016bfdb6a31b34bf8 |
| SHA1 | 38857bab75faaa146d97aa41984921eec4dc7b92 |
| SHA256 | abb238909062607b98780027bc60ee1e88b0f5f7215968110973c84c3406ce5e |
| SHA512 | 9be854503353f8616164c2b135fda88bb750bae8ea144b9aacc5b31bb3761b5431a18ee632cbbebabb6524b1079826b5af270d837c9be3ce84759e096e27e206 |
C:\Users\Admin\AppData\Local\Temp\igYscIYs.bat
| MD5 | f6144a3be57d1b667483817d149f5ffe |
| SHA1 | 87640ccb2e9247d617c13245028a03204b0a4275 |
| SHA256 | e223b31d0854776df1e9476063da9ed9d313e4aab6fc52e670596f853cf81dc9 |
| SHA512 | eb34bb29a98c7caf5085793c9977cd68a2e5552c7248e57efa6928bbe9fea0b30ccce0ebb8e91104ae6240983e61ee039be04ac33b9a222165b8fb115cca3a0c |
C:\Users\Admin\AppData\Local\Temp\AkcW.exe
| MD5 | 8c0a5977694a210870f56caf7084893b |
| SHA1 | f8e8e63b7f9f5c40b58f7126e2ae7268cbfb93bc |
| SHA256 | dc41fb636e056d7f9923dcfcb2235845e7af39a8df7951ed166d9023b4078c3b |
| SHA512 | c5e7ecfaff61f74fb81f75e45fbc98a5d9a963f7bf2b7870808f560628355ae3fa5eb80356e1f8eb98bae87ce091c5f342bd6e8f982cde2d30cd45c72162cf2f |
C:\Users\Admin\AppData\Local\Temp\UwMk.exe
| MD5 | 34788fee673922003feafd525bccd84f |
| SHA1 | 5208e8ff6b03e9addfb15727f69014a9aa6a6a06 |
| SHA256 | c2e1ddb542462cf3600b0861b2ffbede263754ee613e483c3b8fcde1f568e84a |
| SHA512 | 934e78f66c180da737c26ad615a2c992c806f155a1a86184076d1cdaef8bda872b68631044ef1fcdf4381f21ca5c306cf3a7663cf217b8cb6ee98ed47f642a04 |
C:\Users\Admin\AppData\Local\Temp\SAEO.exe
| MD5 | bf9ce9aa9214c2478426888de6eb3f0c |
| SHA1 | 3d19ecf5e0fbdac42ddf7d279b564658166c2130 |
| SHA256 | 972b1f4727ed097994e5356397035f741a88c2cb473dc0c37dc3e7e935f60a52 |
| SHA512 | 5147c9c3f766fca74f0b78e9238e9298155393a01edbf65d161324e127a38801851c5e1ba0b89bcbade47f7c8a41ebf7e59214534933702c86b94112feff88b9 |
C:\Users\Admin\AppData\Local\Temp\figoMcAg.bat
| MD5 | 43f8351edd38358e4bdb2b4616158bf8 |
| SHA1 | fc79f68b4dcd61de17007870913386d333038861 |
| SHA256 | b03f8d81cc0b067c0c2cbf95ae0197c165ae3b719c34bfafb5d84263538f7648 |
| SHA512 | 4041b3bc334caf52b2b37c80b1323748a38edaca4c7d855b4bbd7e11140f9dcfcfd71bc0b14007b7a56d7ba21411107d9e24a3a721212f8f41a5dc79cdb54658 |
C:\Users\Admin\AppData\Local\Temp\UUMm.exe
| MD5 | f7612ad3b68bd5791d052815c9527ee2 |
| SHA1 | c4192fe092328224fbf214f4c613d6cc1518d5bc |
| SHA256 | e3a7f9dca645229aa569dfbdeb3d377b2ba72d265c925dd01253fe5e676f503f |
| SHA512 | 1a05c1dc847379c2a5e1b314ce469f7c9395007a7a3de1b8a1f4b344053635fdb540db70d363adce8f2ac7dcaadef6a29360cd7f2cf609861e8ed00facfbe502 |
C:\Users\Admin\AppData\Local\Temp\UQMa.exe
| MD5 | c7377716cf839d8f92289b3265e812b4 |
| SHA1 | b7749dfbdbcf339a88335bf43e040e9d6bee1250 |
| SHA256 | 26984fe26fffb5ee35b1a11e647388082851f74ed604f2d23e38686f6a051314 |
| SHA512 | 5e6a8bbbac89b80deb70a18752864788c76703e43e8f20b19e2299ee5397e0449fde164a2db1011c0d49d87c964bf30150a6a25466c5e744c7d38d593de45112 |
C:\Users\Admin\AppData\Local\Temp\KogG.exe
| MD5 | 1c3379a47495d89394ea45ebcc164c8f |
| SHA1 | 24d721a85153246b028eec2c65924e36d0346ae6 |
| SHA256 | 42fe6e188e25ac677db17fa6f0d874d210c0ad6c6d3c6963968257cd2db3cc39 |
| SHA512 | da479f78143d2575e788d6599e38e68a68dca39f6fecf9d47ac7a4ab932679f9ec7f317b0dbf9f5a4536c43c6c8576c0258c21a1d6a0a2997efbd6586aac3a1b |
C:\Users\Admin\AppData\Local\Temp\xaooQgEs.bat
| MD5 | 5b5eac0405e822baf34969a8f1d14459 |
| SHA1 | e7307da0ce93a19ca826f9594d6de25798326991 |
| SHA256 | 90563164559fce630aa733da27c710ff9fa0f89d5c650ab33aa74eab3f800094 |
| SHA512 | 3d583211dfef84ae9343d0e3b0be2485b47ffc094cbcb4f3cfc79343f1281bb4f465c9752fc9419c463f42b0e3dac4312f2a8e1f5f206968f99feda1e54e04a6 |
C:\Users\Admin\AppData\Local\Temp\CUIa.exe
| MD5 | da16add1013313dc311e4199c00f6ca9 |
| SHA1 | 9c63016a0dbd6af32fd1ebefa8d93030171a5666 |
| SHA256 | f7aedf3b4e570c3f30afa82f7442ef0ab56496de4bd251ec4fa5d9a4ff91cd3b |
| SHA512 | 9dae79108c652f6dcfd8948b24a1bd3356ba8609fc3604e7cfe1cfe8476903a826f6c55098c0b38e8638e184b367ef1de12fb6739f04f9b27198a30eba16438a |
C:\Users\Admin\AppData\Local\Temp\tuYAscYI.bat
| MD5 | 1567c7cf06e7d5239f52653f2c39c6fc |
| SHA1 | dc6ed82cc450a7ca25f3ae8bda105bb80ea26b2b |
| SHA256 | 9e7b8ed1f5f379cefdf22305e6d018c7664c9d24552c1e08327e2ec556e5308a |
| SHA512 | 2c8b2fd0fb51228941ab611f7c9c8dd0e41f64cb77291e55cd5b7e1ffee440cb24bda12fd33303563ce7daa1476bd65d65fcf96ae31d7f2d84d4bf887914d654 |
C:\Users\Admin\AppData\Local\Temp\gAIU.exe
| MD5 | 0c8e82c4d4f372f541aa7db791fb1537 |
| SHA1 | 1f4e040ea7ddfb150cd757a2130051afa2853e2d |
| SHA256 | ee4a30dd4d59893844cdcc6b931b99571ad62e517de186072b16e7d43f326b83 |
| SHA512 | 13054343eb5eb6314f3a49bcb165dfe06aeda38c52603a25f2dbb0079ed447ce4a78753eaa37aa17f9f9db42e67187c1a60fe904b7407959d517a4b2d8d86a1f |
C:\Users\Admin\AppData\Local\Temp\ekEO.exe
| MD5 | a84a15e8681013aa800e39e9f655780f |
| SHA1 | 5b35dbe1f103288c90d41828fb966d4c801aaaa4 |
| SHA256 | 190b0ec45d2c61efedaba52c90a99bed89089bf10e02303350271bc3106bb039 |
| SHA512 | 39d553d632a2613e0aae33a065fc89c482bfbd4ee0ee05463fa46c0d1b3f7690c2000d0cb6231b6c82d8e25e3fbf7082b530d40efcb59d7cf5b53778bca2b99e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | 6f0710f986c4642d035af37eae9c2f2e |
| SHA1 | 74aacfb8ad7ff0be136646465798c4d9f2b2b3b9 |
| SHA256 | 03df54ae7dd06ed8e269f364c522a7250a3ae90789d241607981ccd1cb1ddf9b |
| SHA512 | f38815e180808572068490bae3717b37983d43bf245fe3026fc93aae42d180e2311797bf46528544c57fc380d6cd1631eac275cbacb30eaf3e8cfa7de146b767 |
C:\Users\Admin\AppData\Local\Temp\FeAgMIYM.bat
| MD5 | 586fc608d740a9fc34068cff774fbacf |
| SHA1 | ea8821d7ba5a68fc4594771efd8b48a51af79374 |
| SHA256 | 9e3389258eb970d6bd8715cee801da46601dc64c4cf87a1067a39bb146848274 |
| SHA512 | 19da2e151197891ac1a3093589be94423c21fa6a297505acac7a88fcd855be6d6f4b25326d6e0a73c119c9f541ee35f3512d07adb570bb216e4eaf71ca8165bd |
C:\Users\Admin\AppData\Local\Temp\eUQK.exe
| MD5 | 87d12d13a10287864009a9cc20dfa007 |
| SHA1 | 421056b1567760033dc5872875bb2db90801bbfd |
| SHA256 | 6217a8e0ba5fc33972d99e113dd2d60b99ed27c838075cbf0a9365df4b08f7e1 |
| SHA512 | 6f0f080d0af2b021e5cd02fd05d91bdcbdf5e0f0539f879bbe5298caf2e33762c57e22a803f26428083c95e49df6ba909aabe56e60f14261852a9477c4a16e1a |
C:\Users\Admin\AppData\Local\Temp\aoIM.exe
| MD5 | 0845e802be3049e2eb220bde1dcd8b15 |
| SHA1 | c999c62152621098eeb60ba1113d22cf77ab5ecd |
| SHA256 | e3cb64bf718d50dca428ffb0eaa69aac7da2fa69952764acd930d87543824015 |
| SHA512 | 5faa3dcbf0282dda36daec562c1598c11920eba0530c9eda9218655932daa37c415989b253af26c5efe32e2550d133b0b2c5e223705dc35eb7df45fa1b7cd997 |
C:\Users\Admin\AppData\Local\Temp\fgkcgAsA.bat
| MD5 | 5e5c0eb6d20dcf23b4999069ba9893dd |
| SHA1 | b142a287afba76938641b34dc6d504c3055b2448 |
| SHA256 | a09c0bd0ce382c5dd572665f37195f36a8d45fcb1615f6300d8a396662da3afa |
| SHA512 | 10cc79797e12fe35c2532926b6c1bb6cc5096aa734720dda739e73b9307937cdbaf195a64a62f5fc4895980eb743025ce4ed1ec2505d7d70e3f4f4914b009c70 |
C:\Users\Admin\AppData\Local\Temp\gEEo.exe
| MD5 | 1214851b9565a59f932fd210748bc903 |
| SHA1 | 79eb54588b452bff9cb9c398e7610812ccc20f79 |
| SHA256 | 799b22c2ea8406115c50e326b9bbd872e226b6b323171509b3b0ee3e3de18cda |
| SHA512 | 047930c3a6105cb35baf5e2276f5146ccc1eca9901c08c9839818cc6ffd91936726938e71b9ece65a8afbdf7819bf3d6d256bab913f604c16bcd8e8c26dfd06a |
C:\Users\Admin\AppData\Local\Temp\sgEo.exe
| MD5 | a3c64c44c18f88e4c2d55894f990e8a6 |
| SHA1 | b6a65a5a8db6a4c2380f328ce7d674cea4d38af4 |
| SHA256 | ae778f2b8f98c66f35066154e5f6148decc60f4fdd4ef5dc502bc42d9b7ba4da |
| SHA512 | dc97aba373f96fb356a8ae3d403a267a465e6ebab9606e3d8732f5fa7a7cc5c354af84b1045a837951a2ce55ac5701ad2a90fe98e2e27a54e6e6c40a0cf90d03 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | 73d315b1bf5cc7266e6eb4e5ea66fd63 |
| SHA1 | 332010e43afbae0cbb0bb369c5f88daf5e4e8c01 |
| SHA256 | 0187bc4dce874a71a8d1e85bf45080143ee1610849a153064004cb8603c8fca3 |
| SHA512 | c383eb0c0aa6d35329daf3b6785aad528dde6a174971ed273af45ab40cd864168230053fb4b642cb8f8579d09e9588ffef1704c76e48586b586f9aba778b033f |
C:\Users\Admin\AppData\Local\Temp\wUsIAgUs.bat
| MD5 | 5a0034f54874ec10850d4b6a816b43c6 |
| SHA1 | 66906a646db5a61d6cc4975a4b3ea4a52b0512e4 |
| SHA256 | 4ff8b754448a88abd7e72155e07d26d0bcfcd0279e22e6714a4b2fb746359d6a |
| SHA512 | 2dd0096d08abf985782753f3506cbe8472c807a89a5f44dff6925a0f31eb579bb62cccebf0534d65265605a93712e2836d34ee0f43cac2925b13fc30b4821333 |
C:\Users\Admin\AppData\Local\Temp\SQUC.exe
| MD5 | a004f6a481cd41663255308c5a8e9cac |
| SHA1 | 838da091693aa4cb56d07e043256c7e423a32499 |
| SHA256 | fc485574e7c1d2f5a6583db3b3f71b00987b28e0454d9845e1daf838cb6b481a |
| SHA512 | c6e41e713477982d2e437a867feb0f49871895260714a621bf13f10fee7b1d2eea406c2f2e3d91db435960cd4c94c2ea01577cb0cc6563adf1c72b92ed4474b6 |
C:\Users\Admin\AppData\Local\Temp\yEgQ.exe
| MD5 | 0b7ef11cbad5565904ed2e7d1d76b7e9 |
| SHA1 | 987d0c3a029f166fee29afa0c29abf8290279a75 |
| SHA256 | cdce06dc8016e28607894115a5770281826b8fef90cc19c1e0bde352152405c3 |
| SHA512 | d4d30701a4d3fd13a7828c9aab445381be5be46e3efae7a492dbc789bb87a65045de09a2c3295c2019f399b7ec178844e3b2bf902fbc86bafcc8c3f2d9098eac |
C:\Users\Admin\AppData\Local\Temp\YokQYwYo.bat
| MD5 | 5a823c70a3a1a4bef152d82e03b904d4 |
| SHA1 | 649c273d572c9a80c05b611a6dc163023f8cd282 |
| SHA256 | 65d2dbeb93e8e786ece070f41203f85c7f14d102c0653cd721ad5158af5a0d57 |
| SHA512 | 0d82c3a3a5f8e3c28cce0b209b2fc06fb7cc73031b5e74bb40c466ae97eaefd1567f590af3d0b4a19f6624d75def4fcfdcbed72f25aa9bd62c45a370e6ee94ef |
C:\Users\Admin\AppData\Local\Temp\KwEC.exe
| MD5 | 94bc6a970701e2a1a71b2ee91b0a4090 |
| SHA1 | 368e508ae1b7e4c5496dae3631bd930a2d03b580 |
| SHA256 | ddb8808948ff35681b981f948998160846a922843507ee2cdceefbbfcce2bbd8 |
| SHA512 | 5d294d2ee7bd936a1369f74587a4c030615ecac229958d70b18a604c84031e216a52d097f04dab6c03ecfa793948ef838cb6ef6614a83959b4d0186888d40cbc |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | c4a03279925ece1812c610966b675774 |
| SHA1 | aabe020569797ae16a3d5d402dc2f5c82dbb3df3 |
| SHA256 | 2cfd764ea6ea03e997937c2951df7719c160dde68eb1618725cc3224891de1a3 |
| SHA512 | c2c0e8f08c7d19c9aa9df323eacd6ee8cbd4365fa10597cf558a32f798c155bd50496933e00a7d3d8cbae2f0931d558d9a3b3f1f7e5b2722176da88ab7c1df74 |
C:\Users\Admin\AppData\Local\Temp\gocwQwss.bat
| MD5 | c04e08345f00fdbf1002980864d5638b |
| SHA1 | 3e77c612e316ed5a648ff06dc7d7351fb9ebbd48 |
| SHA256 | 24d82a9d458009b8188be4fe5012f851afd1bc9ced25c132976613f7d087af4e |
| SHA512 | 943c7d2515bb750a163d274b6daa930d7d5a3fb73c8c5c774225f1a76347977090931c1ed1f777ff10ee49da20568282203a6a5caba51e4f9901063e2774cc90 |
C:\Users\Admin\AppData\Local\Temp\yAoA.exe
| MD5 | 2b13d9f6341f1bd5aa5d70eb09dc26e8 |
| SHA1 | 0696820d7e48ecaadf88702dc3dc056009c8a576 |
| SHA256 | 5732f1700be5b8cea4c9a56db86ba352113ab0f2001ec1afaff7e678e971a831 |
| SHA512 | d10a1645e3737c7892e993a195345a6450cad37c028b131d6edd30850742afc8d28e7eb1f4b7e9132f658d5b68b990803126e82bcc52faa84b98872ac61c0ae6 |
C:\Users\Admin\AppData\Local\Temp\mgsA.exe
| MD5 | 9714a7f94fa3fc88365555eeb8ff6da7 |
| SHA1 | d62aa36405c7d62272d1c595b55e6d09e8e5c1d1 |
| SHA256 | fa532291212febb96b64f83f30a561058d8fb82fb3fd24ec3f39f37826437efb |
| SHA512 | cae05ef2c380a482af489f688f22f271c42881e3178242aa6afa8ca5888911388e5a55afd9f54273f9339dc36923dd0dacd936544c6ae9fcc070a5e2b2850092 |
C:\Users\Admin\AppData\Local\Temp\eOwAkIwE.bat
| MD5 | 4326fcda474ba1c9883196200d4a5aff |
| SHA1 | 67205efa2460e2e0fb18d3af391af0d1421f9de8 |
| SHA256 | cc1a59908ffac049471bf47004bc1ff9a2567d701fed8c9b2545fb7c618e75f1 |
| SHA512 | 4918cc191225a99edb0629437cb623cbae86fe9d2bfb38487aaf642f0b15102874b788f96c23320a0307d2682ba2325820bd229b08ab11da69196525dd71bb54 |
C:\Users\Admin\AppData\Local\Temp\gAMu.exe
| MD5 | c61b6c3ea811412394cb55186af03574 |
| SHA1 | d507aaa6b040aa96815373a439baab1735b97e21 |
| SHA256 | 49b838d8f2e808ff948863fb30955b1401f0f9aaee95c6e5439be841495b8d90 |
| SHA512 | b38ffb836507a6d9e47998d57144993fb0b2d4a01b43855de6d8309ed8c92198e38ebf36d74a92fcc93a87802a799d6dd3331d64e400fbc27ab83aa5de36fea3 |
C:\Users\Admin\AppData\Local\Temp\msAm.exe
| MD5 | 7ae08bc327c92b140ff8888c5ba70c39 |
| SHA1 | 695528aedc017167682d8d20f7265b73e68c4ff0 |
| SHA256 | c10d701ddb0feed43eb35e411b9e9ce30696d2e0b7a7a8e0bea6cbf1bad06603 |
| SHA512 | 60c47fd58604f40530ba9d276dee2cc2942dfa43de98742e4657f8482f9873efe049f13b9b7ed5d51f45abf29de63d3932528320b79e372a51dc3f9246ae2835 |
C:\Users\Admin\AppData\Local\Temp\HKcEkAUM.bat
| MD5 | e9b537ea5082e51981ae58561428f9d4 |
| SHA1 | 4a847a6dfb0d2d85cb87f2b2223e3b1f497ebb7c |
| SHA256 | c61454b3518e8458927d429af095b127f8cbb3819d6599ac3f37632e8af90496 |
| SHA512 | d5443dc2a81c614ca048dcedd335b43cb02e21bcb938f30f3b8539a29f0b99add230435a54dd617b4d87a8368b9ef5cd84f48589870e31454f75f71c124cc465 |
C:\Users\Admin\AppData\Local\Temp\qsEi.exe
| MD5 | 06a132919b085bb0a7a73c6a2f33eb74 |
| SHA1 | c5f358f60cfdcf68af4f467406797886c20e1fa1 |
| SHA256 | 5fb36a31156457fcbbe1c1fdb15a0c836e5121e6eb087fac70be5110bbb92f45 |
| SHA512 | e408fdc0ea2a75670e5d71735cb8984e7cd2aea53f932b6cec60b0d1b187dfecd422d1038162749aa29c8d844bbe581a73b415e783bf2d54c053552da65506b1 |
C:\Users\Admin\AppData\Local\Temp\mowY.exe
| MD5 | ce68d4683097867787c74e9ce35808fd |
| SHA1 | e97ba81a80eff3320ea4004e022d283185b95666 |
| SHA256 | 3ddb68693977fccc10407b8d7fcdb506af175efe0fa08f048a0994846b564c9a |
| SHA512 | 400660429b8af9566f5ce7f1e19df94c1862986ffb336a150333728979a900eb29507e969514226b47b9305da2baab1dc9a652602fba87a932fb4bbd0be1969f |
C:\Users\Admin\AppData\Local\Temp\cMwW.exe
| MD5 | 099b721a6558bb94fc6b4ca24948ea85 |
| SHA1 | f871c42111764ab1ca87cb8689bd00599eeb3cc8 |
| SHA256 | 96ce301c7cd7c0be4245121f6caee26c7f51ebfd8dec5deebecc319345daf25f |
| SHA512 | 0e5b5502ef3e3ded3a172ae83cdae0c0bab3d9fcba134587c05140af05587d97c52901a27a1ee7bd8ea16bb4ec3ac6ee429ebc4d38f2bd778ba2e1feffe33838 |
C:\Users\Admin\AppData\Local\Temp\NqsQsAsk.bat
| MD5 | 0b571af7692ba982501a9a4eed88e185 |
| SHA1 | 3f8381c2c49b0a01ecdd04420e055d70f1c8cc73 |
| SHA256 | 83b416f76f719c890e9d8f5bf92b97425beeeef12267aa4c49b58f764f5eb88d |
| SHA512 | eaf372a7b0070c0653a324ad66f9c2587be3d6244eb27dda6d91de4a873e60e323f5012a2b832d409fabc421ae4f3df8f9248a9db6b15cd25c9677a9416f7773 |
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
| MD5 | b114334b25f682df49f8c45e6e165bd4 |
| SHA1 | 1f3996a82292476588350cd661a534dcc5280ca0 |
| SHA256 | a79244f7b954d3b1a76be746620d55d95e48a24702cfd908b25b3d7091b0ce65 |
| SHA512 | 8436ae5fef45f9fd59d0b1ad2a47b31e1a49c28d274cb85616f4adf0e8c2cd8a26bd56392c68702f9efbc2e45cf5df184ba66446c1265b4aa79a4501efab87e3 |
C:\Users\Admin\AppData\Local\Temp\poUUkgQs.bat
| MD5 | cd8a61cb31019ecc8f2e6b1ad0de3daf |
| SHA1 | 92e2ccaae36d296b1163cd8cff44027f3db5d076 |
| SHA256 | 43081bfefa625ce4f4f90a56aad39029ad69f42739d0ba345a8048458f0bf4b1 |
| SHA512 | 68edc6f58be7d9c4989f53deb7705ae3d8ae996552e9a4867ff383bdff5a7355ec5823d823d577dd8fada960e65ceccd33918dc498bf5bf78789d0662017494b |
C:\Users\Admin\AppData\Local\Temp\fsoYQMIc.bat
| MD5 | b2c303ea30b5ac75248c8829f96d2747 |
| SHA1 | 1caa6b954c0ca02a90173c5763c635e398534955 |
| SHA256 | 8b731640275b809affb8f429059b540bbb904a8ed4a6c728035c22dfa1b21a6b |
| SHA512 | e9510d22d6f44abe81431bf8af7ab0a42a9c6d66e0bdf5a1dd8d41255da9202c694e9acf753de0cfc10a9d5ae4de744fcbbc12148b2661da39d035a5f7ed8928 |
C:\Users\Admin\AppData\Local\Temp\YsEs.exe
| MD5 | 0ee22b26ea8d96aa68446a6f183d5a65 |
| SHA1 | 97e1d32d24560ae2551fbb83e7566c2ede7b6389 |
| SHA256 | da19bd2690e734b8358674cb67eecabce9f885df55cc234b4a3e339ecc69f966 |
| SHA512 | c977b9ce0a2aec99c9ca6d49789fae793df22f17c6216749ee0b51ef393096bceb160dce5f34666f20f9025aebe4288185bcb43b8d28adae97f4e98ca1d2f05b |
C:\Users\Admin\AppData\Local\Temp\OgUQ.exe
| MD5 | a6bf4a43bfb2bff9b538c968a96af3da |
| SHA1 | 3be5808c884f8c2fdc093144e36b1c5d23e4c58c |
| SHA256 | 029f77c403f2ba95ef23b09c5e5d9931bb13f3f9a94dafd9c3deca4d955b7799 |
| SHA512 | 837f3f3525efaff33c484d6d17457a9a007b61a7b9a756576889d556a18281c56622b49c3b2df9a22a2bacacfe5a96506e48719ce81e9d784172348661a9d3fc |
C:\Users\Admin\AppData\Local\Temp\iAsi.exe
| MD5 | 9a8188eee2a2633ceff6b51b279ee760 |
| SHA1 | 57bb06713e3ad1eba36cebbcfb14af72925cbda5 |
| SHA256 | c65fbc5f19386ec6993c0122beb6a5783b3d3b3f564c6326a2659d311e49bcbb |
| SHA512 | a0ea424b65f1df346735607c14ddc24a189c2a60dbd7b151f35910159ccab8a7502a08e9cacc9a9f7a0da0af68f2f55774cbcefb7d6ecb0ec41700538e4281b6 |
C:\Users\Admin\AppData\Local\Temp\IAcokMAA.bat
| MD5 | 7121efe14f1d2e8a3c2a0cada9e6f050 |
| SHA1 | f2c9ddd9f776dd116faa9ff2ea765349c5881a10 |
| SHA256 | a09a5a9c58493d144e3dad329b398287300164b68c4a5e131d3927dc58ff1341 |
| SHA512 | cca55f798f3f232eaaf1499ebb5e7dd300b25f581fbb601546de5203999229e9e065652daf7413f185f3557080e8f42d9e667b58727cc5f6a839f85e69bee497 |
C:\Users\Admin\AppData\Local\Temp\esIi.exe
| MD5 | 7eabdfdd060ca3d45fbd676fa48f038f |
| SHA1 | 94e41a404b63ca68afca369d36f17ecc9b82a8a7 |
| SHA256 | b34485bef184bbe4f3845439c67cc7e2c1195febeb16818a710e762a878d0d16 |
| SHA512 | 199178e4c6973e55c7bd31cfbcd5cb95e7f48300bc64bac6e4a20885cd5288d935458ab00a1f86c84a40d4b925f34bc5510dbf397c8543d9c2ae66c218f69356 |
C:\Users\Admin\AppData\Local\Temp\agwo.exe
| MD5 | 94a036be92b632d2e7760ee4af3e63fe |
| SHA1 | e3497a0d314ed9499ab9c5d9304541ffd885a7e2 |
| SHA256 | ba4174e3af367c7a48ae1b4606ce33a6faa6e6bac8a1d7d2e86454bb37183c31 |
| SHA512 | 6c24b51ffb52bacec352b2be372672da5632abe9c6ebdc99a5feeabfabce62392ee82ff6c5f7b76b66b0d43b5a22f11b7e131b139ecc2abcefc2caa5728906f8 |
C:\Users\Admin\AppData\Local\Temp\uAwi.exe
| MD5 | 33497d6f70d92521491bfe9475ab0d62 |
| SHA1 | 2b5cd21acbbf6f25dd3f900d778e3e1f9373b41d |
| SHA256 | bc1d09fdabcd89222fd1e1304a9157f38de2fd64de5f5d3dc6997460db572ffb |
| SHA512 | 4a433722a99fd311be2fdf3ee3f798cf64f1dd8297d93dfb6580f1fc9cdae3a817f856234d570b7ca0441dfbe994c5fd03b627b76d7e9203a50ab654d7c5a828 |
C:\Users\Admin\AppData\Local\Temp\iQMs.exe
| MD5 | cbff10d94e091a06ffc3486e391d1162 |
| SHA1 | b09679740168d8ba11fc52d29fbf0c1a3c4ece12 |
| SHA256 | 7a3a58947fadbd97e732d93dedd21d884bb885b715a02c3c055c10673aad8f43 |
| SHA512 | b8f63424304665d9bdd82a4f74b55249b90563d1b985734eb618ff57c6c4d7eed039a7042b926b7d6726f9e76602cc4f6a4a538d90efc7508f544f322324c39a |
C:\Users\Admin\AppData\Local\Temp\sMoC.exe
| MD5 | 3f0952b875b26e4398e3b516a185813e |
| SHA1 | 80319da1a7011897816408531f7df665df03af5b |
| SHA256 | 4c77b7b7bc062facf72402d9daf888d17aca39c90032584f18f5eb161f61a429 |
| SHA512 | 068a52fbd3f8cf4f40d2c5b91f3617b8713402841520a078a7f7630a8d1b4dac9593a60ec1910d554736aba4c2c14e7bd07ecf92be662c746fcb2db1f9a852c1 |
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.exe
| MD5 | 27daffcc1abbb17d68d866305c6a2225 |
| SHA1 | 93f884626a402cd96409eca1abc3b5b926ff1875 |
| SHA256 | 4619f06eb269fefcfc845e4ad2463b15e3a4646bcca0d1934380ff00151c5b14 |
| SHA512 | 9193b03657236b60a01d1399716cd9bab066f1d19de4b967a513a8fb02dec1a67048476924b5bcb13098aa09ccfa96c1e3da2065662dcb33047e4ac5ce3694c0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-15 10:41
Reported
2024-05-15 10:43
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
93s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (78) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\tUYswEoQ\WewIQwEk.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\tUYswEoQ\WewIQwEk.exe | N/A |
| N/A | N/A | C:\ProgramData\LiEYcEYw\fKoYYgwc.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WewIQwEk.exe = "C:\\Users\\Admin\\tUYswEoQ\\WewIQwEk.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fKoYYgwc.exe = "C:\\ProgramData\\LiEYcEYw\\fKoYYgwc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WewIQwEk.exe = "C:\\Users\\Admin\\tUYswEoQ\\WewIQwEk.exe" | C:\Users\Admin\tUYswEoQ\WewIQwEk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fKoYYgwc.exe = "C:\\ProgramData\\LiEYcEYw\\fKoYYgwc.exe" | C:\ProgramData\LiEYcEYw\fKoYYgwc.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\tUYswEoQ\WewIQwEk.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\tUYswEoQ\WewIQwEk.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe"
C:\Users\Admin\tUYswEoQ\WewIQwEk.exe
"C:\Users\Admin\tUYswEoQ\WewIQwEk.exe"
C:\ProgramData\LiEYcEYw\fKoYYgwc.exe
"C:\ProgramData\LiEYcEYw\fKoYYgwc.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sCMswYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CewIQAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWEgEYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XeggsQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIUoAIwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tQsIkIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SMYssUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CyQMoIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CCMkUoQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sMEcIUQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgEgEwkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BiQAAsgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fGkcMIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIMcYEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkssMwMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aakkkwcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CkEYQsYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IygscksE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKIYgIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSoAkYYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\desIYYUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkkEYooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaIwEgYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uQAMEwEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sIQoQggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LYIEwcQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAUgsgYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RUAwcsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vKcMsMIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mMocoowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmYgQYcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TQQgsYEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dWYEsIAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQkQMgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEgUUAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GeEQoAEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEsgEwgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOEswYQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MiYQMcYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jQQooUQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FIYogsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSwYgccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcQYcIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOAoMwwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nEQMMogw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQQckkws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\noMQIYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkQEwUMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sqkAIYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeAMUwoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CQsIIcQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ESkAoQcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMUAosUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FaoMAkcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IQQUkMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWEIEgYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WMAAUMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hcogIoEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZwUAgMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Jiskscwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FkMskgMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HIwUksMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CscAQAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Gwckkwgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSQggIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAUkAcUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsIYMEMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bCUMwYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIIgIYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\maIAQsEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iWsYgIcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqAkYkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hwscIQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JyEgYcUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYYAIooU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mOswsQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\swYYsgwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rYAsYEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsAYsAQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKAkwskA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NUIcYEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QsAsEwMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaIIYokI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OCscAwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xkgscUkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lkEwAYsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hQcgsQoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uisYoQkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qmMQcgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYoQAIEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jOIYAcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKkscEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEgYUEEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQQAIQUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YckgskEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cuYYAYsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EwUUIUYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYsIkYEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkYwIMYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| FR | 172.217.18.206:80 | google.com | tcp |
| FR | 172.217.18.206:80 | google.com | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.107.17.2.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/3764-0-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\tUYswEoQ\WewIQwEk.exe
| MD5 | ea35558d5cf85909262fcb76d956d9f2 |
| SHA1 | aed45dd654a6f670dc4a41489d9036a08c36beab |
| SHA256 | 35f89dbbdd391769f99dff78b84af022b1e76e3af72a1ce74dc29ab26f482af0 |
| SHA512 | 6f7e5198581a537a4289693db24be5686f25d74f4a7286721c52a85b4c0dc89dc07b157f09904cd76311ca79ccc22e8acc54757ad35c00d6ffa5adf69b3b5432 |
C:\ProgramData\LiEYcEYw\fKoYYgwc.exe
| MD5 | 8fbc132591e7c1e445032b0d446ddd59 |
| SHA1 | 8ef77c85f9e90340d5d366b1a49f9c755ccd52f9 |
| SHA256 | 163e636659b5821fc4356f59054326ddfa353d790e5d524c53e1e938b46faaf9 |
| SHA512 | 9b80ced84c551cc69626994c050032f180a06a044ecf2b5bc13a062c4d5ecab8eb5864db1d9dd0232d17394b068595e14be8a1284de1c57d8b6f597c9e1417ed |
memory/4948-15-0x0000000000400000-0x000000000042F000-memory.dmp
memory/3780-12-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3764-19-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4560-20-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sCMswYwo.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock
| MD5 | ef625f28a5fa08948768d1836c3227b1 |
| SHA1 | 96a6f727228c1ace18c93c9b6117b0cfe7f66a74 |
| SHA256 | 9074d2d9e945ad6999ea143b7ed0a3d0007ed71c2fd6703253ccbdf5238ed889 |
| SHA512 | 0a72a13de0ad7e0bf32771d0c3c6483f5878bbc39393f671361454775bb01450ecb0a3a4443102fd4f76e26a2de58e720ea705465464ca376a8b517e2cd91635 |
memory/1360-33-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4560-34-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2548-42-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1360-46-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2548-57-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3592-71-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3648-70-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1804-79-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3648-83-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3940-94-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1804-95-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3940-106-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3076-117-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2624-120-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3076-131-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4444-139-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4064-143-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4708-151-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4444-155-0x0000000000400000-0x0000000000433000-memory.dmp
memory/216-163-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4708-167-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4588-177-0x0000000000400000-0x0000000000433000-memory.dmp
memory/216-181-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4588-192-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2572-200-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4612-204-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1988-212-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2572-216-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3320-227-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1988-230-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3320-241-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4428-249-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1876-253-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3612-261-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4428-265-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3612-275-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3800-283-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3248-291-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4380-293-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4380-302-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1840-303-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1840-311-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4456-312-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4064-320-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4456-321-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4064-331-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4532-332-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4532-340-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5000-342-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5000-349-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4880-350-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4880-360-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1848-361-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1848-369-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4972-370-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4972-378-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1804-388-0x0000000000400000-0x0000000000433000-memory.dmp
memory/840-389-0x0000000000400000-0x0000000000433000-memory.dmp
memory/840-397-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2044-398-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2044-406-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2452-414-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3828-415-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2452-425-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4340-426-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4340-434-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4732-435-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4732-443-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3096-444-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3096-454-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4472-462-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2536-463-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2536-471-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1872-473-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1872-482-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2804-483-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2804-491-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4732-492-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4732-500-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4780-501-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4780-511-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3920-512-0x0000000000400000-0x0000000000433000-memory.dmp
memory/332-520-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3920-521-0x0000000000400000-0x0000000000433000-memory.dmp
memory/332-529-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2404-537-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1484-547-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5116-548-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5116-556-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3472-564-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1240-574-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KcsE.exe
| MD5 | 84a297d0a17e16e09ed67022303b57fa |
| SHA1 | 0e99320340d477eec7fd146776bda55ef97aab1a |
| SHA256 | c5fe5185ca1bae27faa2596c540d7c4c93f18f38b749e18da7d219081cf1dd6a |
| SHA512 | 8db66f499581e94180f66dae1264c5d64999475b6e38f152d0d60355b731563406ff42c8836e91c4d6dc816d965387f773d4d8c7777cda58a68269baf5b85403 |
C:\Users\Admin\AppData\Local\Temp\uMka.exe
| MD5 | cdd83f43dfcdf4252883260f7d5fcd49 |
| SHA1 | 31efe33875bf9d59f0630fb8fb3b1b8ea17d00ae |
| SHA256 | 85351a48c0a1ed71f6299c0441df6bc956728a26ea7ba93a013295a9eac89a2c |
| SHA512 | c921559a3b6a42f240bc11d3ae7d3a464cd7e615b0e7527a4f4ac0f50b8ecafe8cbf2726282dc3fbb2b602b33aa22d35109e9e7b561659c985852ed538dd99a4 |
C:\Users\Admin\AppData\Local\Temp\SAsW.exe
| MD5 | a1219a9c0a94a51ea4b0494af597040b |
| SHA1 | 8673c02e0452918d62b3c858ee1c4f941058ee5b |
| SHA256 | bf1e72c841b13fe9e7025a9d264a83ad74a888c999ac7e22b932d9d79d4f0443 |
| SHA512 | 513a497caa6b06888dd085b001e94542c62d41bc9f416125133f0bd58fa627332d5b2f32622f974b2a2e11a441b2160032d314e91885b14c250e61b94f3e77c6 |
C:\Users\Admin\AppData\Local\Temp\qUoQ.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\MAUg.exe
| MD5 | f45b5344e5290c547a0279438c3c2cc9 |
| SHA1 | 800aaed5f319ad1a5faeb69b885b623472057a7b |
| SHA256 | 00319af261ce621a54e24946ba20480eaf49ea6e514c27f6f448656a0fc10c80 |
| SHA512 | 2e2e14f68b5fa800943ada282e15415dcaecfa124f4e61c48a3dbfbb211ef05aca5c4e0cdf4238147769dadcb79a6560783c049dbfe2c94df5ce26497cd4efca |
C:\Users\Admin\AppData\Local\Temp\CkMg.exe
| MD5 | af869e289ef866efbef463c575c87dbf |
| SHA1 | 647c08badcba15c3be987cb0b9398b0dd6363e3c |
| SHA256 | 6cf4ca30e405f28002d934319cce30a8aa1d393586bc78bc63d77f7663090d1e |
| SHA512 | edde1901908c1ef16570bc006a712c3ea6a024a502838afc885f273b9853c948dbee19d869783af406e6b22025264ea81f2ff6941cdfefe580dc2f1639f3310a |
C:\Users\Admin\AppData\Local\Temp\mgoM.exe
| MD5 | d12b402e196fc2f0f4a847565850be47 |
| SHA1 | 3a6bc1729c121c83b23cef3f4c522621481b3dfa |
| SHA256 | 22a832f309da287916f8eb11e7a557ebd9d13df3e9efe452ef9d03b931244250 |
| SHA512 | 086553728cb4f30a5879c8be4c4f58119d3f2016269ecc6296bd1222017c8c5ca4c64bf8155fa8d473db0c1d5f906e7cefd40ec0cc2b8c5de3ef3a7ad05e4762 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | d399d547e0e4836d2dae32a6af8bde31 |
| SHA1 | b8f311f24b6f2db3e8fac20c758ef0132ad79834 |
| SHA256 | 51163f7035711315d1fca39179975bc98fcd3b51acceac61dba7c68fd58df639 |
| SHA512 | ab13be63effe2840eee710f58268b1ca98b3b6a6b68771f607ee7e834b5e5ee7b7389ea8f614875e80fa7039752ec3546bc06586697502a5fc32c4a3acd02fd0 |
C:\Users\Admin\AppData\Local\Temp\ugUm.exe
| MD5 | 1c1207ce374857c3084fcfcf710f7894 |
| SHA1 | 49c90a5c256f7ebe2ea04849c487c8ce0b6b144a |
| SHA256 | 8042af37e4ed7335ed6d32090b8bc0dc1ae4ed7aee092233706a67a57b42be46 |
| SHA512 | 157e08c878068d8c5a30bcec9114fa453e00f11768aeb0d2222eb80d3d386095d7c33f5f8337b35199695f45e6987a98a05374bfcba98ff736d10f45742405d6 |
C:\Users\Admin\AppData\Local\Temp\MMEC.exe
| MD5 | 116522ae6b3823c051dcfe4f717ea107 |
| SHA1 | 0e7529f64ca247993c37595ea8223dbed0744fac |
| SHA256 | 8bd809de5c1aba1786de61e828f64765e4d6cc5cbaf5f94ea12775ab5111da09 |
| SHA512 | e04831960faae02f5fb93a31477093c3305a861b4c9490ddc59b913d2beea44678f55e04df5037d65662de78e6bad814885d83fcb0b7aa8f14dddf74f79f9d54 |
C:\Users\Admin\AppData\Local\Temp\CUgC.exe
| MD5 | 83457d55c4bab0fa86824f2e660444ce |
| SHA1 | 8a796a4d13ada542e12a14ad9802b9bf1ed950d3 |
| SHA256 | 89e5a623483ba21636602f353f51e329bea47fc0786d828f0e34bd938968e28d |
| SHA512 | b55fb189f286933d2da5cd86e0d6781a387f662814c96bb95af2499d8416d84cc45f8e50f55ea10465eb8ddd693f7725d6a13d5e3d5a11f7ec6193f5f35215fe |
C:\Users\Admin\AppData\Local\Temp\yYss.exe
| MD5 | 4cd42091c188e308cb258bf9f1c27b35 |
| SHA1 | b0ce52c6a20f0b329e10352b58de4ba1605fe880 |
| SHA256 | 4479df8a7a98ebc7fe6307e89f69ff5e86eb494fb9fe17acf9de45b98cb67647 |
| SHA512 | f3351bf4d25f2eeea149d4e4b722f192d22ea20998d154a27bc6651e6d1d273d6464063eee25d8a870d85e2cf92291b51407f3116301bbf971a894524bda05b5 |
C:\Users\Admin\AppData\Local\Temp\KEEe.exe
| MD5 | 3f01b81fba7786f7732ac3ace064a427 |
| SHA1 | 7b9f33979db941a8f8b8158ed5de80981888a7aa |
| SHA256 | 4192c769001cc045df98d8191eba43072721a212721f6584c38688a370c0863d |
| SHA512 | ef614305e315ac2d80319aac88657ebfb23d801dc4ce92376addb529c72fb2fdf45b72183c93081b70d4b53c18ac88f5eec3b609f62223c97893849eded65dad |
C:\Users\Admin\AppData\Local\Temp\EoEm.exe
| MD5 | 97b3b27c85c71b3406b918c3d3c32c68 |
| SHA1 | 77d2277cfa6538893af6a78298b79068491e3935 |
| SHA256 | 9964efeb44ad05fb040cd7061c61ae7ccbadea692de1755e26ec9bec88c1ecce |
| SHA512 | 785994c98a68545ea27a0470182c8a575dccfb3abfffaca81a16ef3cdcb68e614e0d7430ffd81f1a35645015feb9e7eae139fefe9249517e84dc1fc3622e83b8 |
C:\Users\Admin\AppData\Local\Temp\swgc.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\iwoK.exe
| MD5 | c02b35dc3386d6658fb78f01836476a3 |
| SHA1 | 822c80599424d538b08619612d1234b8f323dd98 |
| SHA256 | 3c561d310b2884dd078fa04dd09de079c07d9154fc897095df1f2959e9b61e2c |
| SHA512 | 8ac3f97a7e033ba17b9aa765dd4e9dd492ff179ef3d510aa5355f811ab2e8d86821a817b0254203265a52649b47af8de5105350d9c62fd4957820526ec8617ad |
C:\Users\Admin\AppData\Local\Temp\YkgO.exe
| MD5 | d0ef1d0c1596e48df55151b020fae419 |
| SHA1 | 60c376da5e954f0a9614698af7b28de8bd2f534c |
| SHA256 | 0d112cfa720890155efe3078e85201c5e52afe294255996a8631f63429307764 |
| SHA512 | 9b5a0091cd83519b42cf73155053c608c9f734a4873d56ae6c0c71bf4324eced65ba11e4b8d4ee6192d13f1b68a03b6d1497d921c8ad8b04cce5a157d59264da |
C:\Users\Admin\AppData\Local\Temp\mgES.exe
| MD5 | 2e2db2be933750207e3c073fe161433b |
| SHA1 | 8d708b1996b42a32f9b5a3cc75baf4393d7f3f5a |
| SHA256 | 8b2212eafea1e42451016751c56a1e10f10b0d3f6de729cc6a678c2d84846b58 |
| SHA512 | ebfb9aca132980d8a339eef6a6760c9480d543ad43a201d2b7dfe77d9189cba44e8f954c1ff6f14e12042ddb1d9c59862c82516232b982b26b60af4f820ab304 |
C:\Users\Admin\AppData\Local\Temp\Iggc.exe
| MD5 | 2533c8e1b2f3d06112c62d4a4ae6274a |
| SHA1 | 0c2a3d779dbdc6d4af71a1710529186ccb175577 |
| SHA256 | 5e812383bf623446cb3950e8160b9e6a2379471740a82d86b6043eab632813be |
| SHA512 | b6bb18db67a440658f4f5516f0a6b9834b99d8c4f140df9212f8534b13b8e561990a70dc18463ec8648043ff8f1b75c4949cf4459243fec753f4f45df69466ae |
C:\Users\Admin\AppData\Local\Temp\QkIo.exe
| MD5 | 7d9c71cedc72e25363ef033329981a04 |
| SHA1 | a7d93808069a01544826322ec0c687f706ef40d7 |
| SHA256 | 6f88a6302c772425e62570e42ae383841df556dfdcbdef5ba113184ec4ee3c0e |
| SHA512 | 45a81b53294dd4519963f32e414ba2bc154042bf4643fb35d914c7180f3009a89a763a83d1b5b9a204505c325c3d5f43ed2808e2e9e4647c17d5ee666d42b537 |
C:\Users\Admin\AppData\Local\Temp\mIQE.exe
| MD5 | 0d3b4c063e2748f9df67691a7afda3cb |
| SHA1 | 98ce0943feba7b88ca787c27db84e17e72e92e71 |
| SHA256 | 61e40938dab1f00fbb78a59bf72db69770509e228a1373fcbd99fa218f99933e |
| SHA512 | acca3d72cbe715325e63478d4e16d6db8c9bef77c9825111849ef20e2718cc9ed6128000d78d8061c8892948ea06bb631172737e91461d18e4ddc5b1c94bcf71 |
C:\Users\Admin\AppData\Local\Temp\qYEc.exe
| MD5 | 390e06688ccfb1ff030d51069b374527 |
| SHA1 | 348b3be8ea6f2c4c500b172dc0701c752b1101b4 |
| SHA256 | 590fa8036866155eb07b7795e56fc538de2217a30f53b523a43b30293c476246 |
| SHA512 | e216741fef8cc25d0a57c8ea32546980c35da17d7e70cb968f5de90d31af9b6f0e98573194415fc7f0115f268a4ca4ea9f2b43c7a936935b6cd4e360d7d2658b |
C:\Users\Admin\AppData\Local\Temp\McYC.exe
| MD5 | e3e36a3fead0955a94dc623f66fdff94 |
| SHA1 | 347218357608bc329d2ea2003596677db03614c0 |
| SHA256 | bd9a4fb125e87bec84b7baceec412aae7a31272614afe6ff58cd34837cfe0875 |
| SHA512 | e4d5aa7f46e3b256e89d4212455cb78e53990784cf64633b86b946c67b7acdd80fa5df555521c568f323030d663c6ffb9b9fc0312f613f3eb0bd7d0a700c7c47 |
C:\Users\Admin\AppData\Local\Temp\oEoU.exe
| MD5 | 1b64cda54e9cd7c7a86cb4960b1b03d1 |
| SHA1 | e1fa2e4a5d79fe5970455ed757ea2f54f348e009 |
| SHA256 | 1b27976f2677bc6ff421b54bed488d42a2524acc09e8ed18a3a2beee269c7c42 |
| SHA512 | f43747926a7180bb08e52f867097ee4ff448b0bc7f2759a0f0fd184d7d2bb10d713f7452a46fa247cfef87469ba76aa798307e13f5dd1c713de03714036c5fa7 |
C:\Users\Admin\AppData\Local\Temp\eIwM.exe
| MD5 | fd9c650ce58e0d1f0fec773d4d0bf0fc |
| SHA1 | 8c6dd7ae4d0fa211982c0e9197c3d20b7acae8ce |
| SHA256 | dad859e290a7b7a8f06ea511832105015297b5489863db376e2d382bd3180e4e |
| SHA512 | c0398e316f7159f31f411b93aa05e8f70ac4e70d055de5d95acfa246fc990170018b176ac89d40cbe3a6c7e9b5b688aca1c5899310a231cb769866b0977d000e |
C:\Users\Admin\AppData\Local\Temp\UAEq.exe
| MD5 | e5c46564ab8fa4675b6071283352dddc |
| SHA1 | 43a040abf01896086c7866b1a8fa773ff9f7c3bf |
| SHA256 | 9a8e0759e367984284395717241530a8192ef6803fea10bd3906a955ed04955d |
| SHA512 | 99c32001b86edf7440f3457069bafb07c76aca75283663515851a2a1507460628a3533e849521787c224e3ecc6badefa405f6a8368d258ecb31a195297488ecd |
C:\Users\Admin\AppData\Local\Temp\mYwk.exe
| MD5 | f8425946d3b607e927f1a7575b0c2d1b |
| SHA1 | 3577743d26344748a3838162e507f2d194850102 |
| SHA256 | 62eddce4fd9c786d2560a56577b7f7a2bb4f3a178ad76727cb2bc0999080717e |
| SHA512 | 7bf0857ff847c90b9bf1981382dc97d327c26702624c6f38a411144427cb194f7c8ddb4ff939d39b513031a04231ecec1f7404dcddc0fb6b3e09bf9145bba68b |
C:\Users\Admin\AppData\Local\Temp\ocwA.exe
| MD5 | d8e21baf9653cd91e5935e8b95e4aca5 |
| SHA1 | 1f4c54b7bca989a15cd188f93444616e86d53039 |
| SHA256 | 7def5d1b64b80b30097cc75d1aee3e65620487af26f647e46abd7073d850cd8f |
| SHA512 | 1d5ca3dbf16b401ee5381b35c922fd207f43c5d429fa6c83e6e6c80478569aa62b81e73bea75a2cd1ea76e78b2dfd07ab65fe8be9c636d2543dcc1fc5b674706 |
C:\Users\Admin\AppData\Local\Temp\SIAq.exe
| MD5 | 1a7a3b268bcfcd01471d87b4db2c2d14 |
| SHA1 | b7f38d3b7c65598eb17202ca6cabda331900ff96 |
| SHA256 | 9ef32d7c7f0a63f2887278f146e5f06b0b2037b9f112356add0c247872af58e4 |
| SHA512 | b27826e34a8799ff6bb263caa5b48606e01e6d3153053710e0a013b551a473a6de1be6687461b05288ca768c4697253071c02a9b242b043e072426f560f09f5a |
C:\Users\Admin\AppData\Local\Temp\kgcG.exe
| MD5 | 12ccad0adbd54a896386a85e76fdfa84 |
| SHA1 | 685f5a985f83f4065febcfd0175623b48ec916ac |
| SHA256 | 65aec9233d379380bbf83d411d361dfd00eb074e097fa89463eceddb84df9b83 |
| SHA512 | 05754f69bc3e8bb07f5efb9644bf517db193209890e835bfc836c3c983efdc3c0b93e1de3b4deb1537052982012c76175a584645498c5d87fb99bfda0e58110c |
C:\Users\Admin\AppData\Local\Temp\WgoO.exe
| MD5 | 1ba8e4e5de5cc2cb5eac5dd937e2a6b9 |
| SHA1 | 42b706d81a3c045d5c7f4a1b47173174d155e24a |
| SHA256 | f6aa0bc681dcc382d91b4f7184dd3ab77c0377fe0d639af1e3c45c26b393308e |
| SHA512 | b68c8cb1481247c459a080713aa996e4af41e433aaf0a04b1df8c34b3b8cf1d720b631875a69f052a66146092977fe2a3d914045292acbb5ac52a2ac898632db |
C:\Users\Admin\AppData\Local\Temp\yEIS.exe
| MD5 | 560e43773805df4382a6caf06ebc8ade |
| SHA1 | 0456bb043b6e4bafd7c958d6684fcd9bab59d212 |
| SHA256 | 3d4e7b5c69e77f091ee053d47b12a2fe6883166627a89c9d7b882ca483cd8578 |
| SHA512 | 779b77253c7412ab2becaa312ad34dd09b03666a9fb4c8ec2a24e3fed811b36d0b237699b7dd847453be3fa95db1e3278acff5417eb5f026ea602a57fe098585 |
C:\Users\Admin\AppData\Local\Temp\ygog.exe
| MD5 | 5662a28a8986492ed9f2eb8a942f8d67 |
| SHA1 | 10da764145e74c21df952c0387738aa27c43c4f8 |
| SHA256 | c2dcb40832e5a9c41aba35e2f322c7c36dba8270db11c538f5edd1f77da5567c |
| SHA512 | 6433cbb1b741f3b7a857a20b944e3018b5f63a6c31daa2b419d00a86b756b5f117f8a5e68d9d7ca75f5d9a3dfb55ac0e7be63dc9408a92fd98f018396a174b07 |
C:\Users\Admin\AppData\Local\Temp\Wkku.exe
| MD5 | b61e218988472ff28e4e88bc1325c401 |
| SHA1 | 6b091cfd25831f8d047b39a8e37211bb65a9f045 |
| SHA256 | 23ef90f3d90c9c75a738faaf4a4bdd225c342a568c01cd69dd820e8301bb509b |
| SHA512 | 7d24569600784cd040cbe21b6d09c9a3ed6e4f253e726343a15c215b16c8dbdac026b49f4df5720c1022f91af65dda894cf895cb28f7baa1515bfabcaf5d2ebe |
C:\Users\Admin\AppData\Local\Temp\EIos.exe
| MD5 | a68ba8e37cf4d8838d6059e5e789977f |
| SHA1 | d472c5606aeb018a43c3dddf17eff449e54073c7 |
| SHA256 | c387033648dac2f7d3becb93d8e4882a60efd148c81e0994eef707d28e99dd05 |
| SHA512 | 7bfdc1a47e1b09ac378ca7c563bdef55535ae936df35a8d72cc2af121cb36059d24ddd2dae67cfcd364e8a75997f691d1dabc83e63ea30ba9dd7ff60e400d4d9 |
C:\Users\Admin\AppData\Local\Temp\akcK.exe
| MD5 | a261d416243b045b70e8e61295bd3c75 |
| SHA1 | 0463a5fd3727398950254db6bb2a105915121b5f |
| SHA256 | f2252ae85c135710100200d62f471c45d67f25a5ad97bf7c788c0c0d2beed410 |
| SHA512 | f5d37ce071990dbbd1879ea9422e39870f66aa2365a2f1677b56ab6026635f8d792740a3694211cc8b6655ce46c2f913408f24aa67cc3d466057b6475193b499 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | abf0530347d3dfe90f823392925c95de |
| SHA1 | af374c9afbabbc9bafeae24a98f8da678413a333 |
| SHA256 | 1c7c3c6614f776c8b23306a60dcec82e7819ad9aae69cd7f8b86b8ccd72572c5 |
| SHA512 | 4c08eb0243ecbd77ffa2861f028613164cac046a14a761f83731f3d5592557defab6e072c23b6cb93d089ab371d1f8c917d65ea93086ed0ef0eddd2ea40d36bd |
C:\Users\Admin\AppData\Local\Temp\gIYm.exe
| MD5 | 80c16d191b1cbb4a147737cfabfc0244 |
| SHA1 | c00dd82d2c9eafe6221276ee2ec4067b679cb9e8 |
| SHA256 | b8411187ba115ebfafbe0356b5b2e8fb973dba466ac14dbf9d67a81b7a051ff8 |
| SHA512 | 0d614dc578017781a8e60f905eac470b06cfca1b20336498c90040162fe7d7589a430a1eb48eda669c3a237ce858740c6aa7e574103db9c987f0ecc45f5cafef |
C:\Users\Admin\AppData\Local\Temp\oscy.exe
| MD5 | 629a21b8b18493e104b81d8a366d1639 |
| SHA1 | 90005d32b4e559bcd0e799e3fe84a803146eb02e |
| SHA256 | 41021acc800685a5c697abcdc59610cd7937f527b152c4309594408b5e76b0a5 |
| SHA512 | bc91c67caaa8f9f48cd903bff217067dbd9551bb635dec2afd0210c2ff1f31d5c3776ae2d56ad54dfd79cf3f1593a34fcacdcc76d8a39029c8d763b880e6cae8 |
C:\Users\Admin\AppData\Local\Temp\CsEc.exe
| MD5 | fbf9dc4d62ecaa034f66065924ede921 |
| SHA1 | f35dcd59acb5dc88c4b1ea791577ff84be556b4d |
| SHA256 | 68933faa30ffa3e21ba96e12c9d7dcdbed492295e3c6b478ef8e9a7417ff1a91 |
| SHA512 | c01a49c53b83347a11b918ed100fe78a3291d71ae93e6f760b2e39e2fdf67bbde6d135ad3e567b54b00f3fedb509b7ecaba2341619bf9ff85c92ce7d33db400c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exe
| MD5 | 12a96b1ff03459e838de02017e6d88cd |
| SHA1 | 46a3128bf67286c6e35ac8b092edb4e705406dbf |
| SHA256 | fe11cecf5fcbb039bffdbcd783e7531602c6ecdf976bad207f28a913b70673af |
| SHA512 | ff65e4540c1e11cb18475667ca77bd919811a347632cd8cd6060862dc58f797e3e12ea61f0359b9883e360f6c1c0e722906d824d44d12f08292b6225378c578b |
C:\Users\Admin\AppData\Local\Temp\OYUU.exe
| MD5 | 7ee29cc31839c3b5a8031c7b498976a7 |
| SHA1 | fbbee8624219d286c0f8a09f230d12eee95cd0c4 |
| SHA256 | 13b529ef0cb6393a3675ec6f3c746711ea4bee0db6203070dde1e329430505fe |
| SHA512 | cb841ca9638bbff929967ff81d06475a1db17f408e30a1ccc471ecacc5f2dd7a2091c0599ae4730cae4744d21f13600bbffd757b6fcf6e62795df88ae62a7b01 |
C:\Users\Admin\AppData\Local\Temp\qIAu.exe
| MD5 | 31ad3d6aed540285248f18f44c04b7c5 |
| SHA1 | 2d1a0c69bca00a4d50c2f08653ee1113a2b1655c |
| SHA256 | e7177603234933a95c06731c43563833239ed8578c2273e2a38f5e5718189173 |
| SHA512 | cd476c85032c1b6db5e823b1f4ba4a420eb8c4886796335ce2245f42a4fc5426b79d1f02cd37b47bf27c7a3ee28b516b4d6b7cd8d490b8f5af935fe80e31d08b |
C:\Users\Admin\AppData\Local\Temp\iMoq.exe
| MD5 | 94bc132d4a0d48766ecec2b7b592e490 |
| SHA1 | 93c7d1b8e3db870ae62e1b37a64fbd6dbea7a741 |
| SHA256 | 158b124c91434a672789b1ff67c4968509fcb45ff0822587ecc9f7f6b1b39ae3 |
| SHA512 | 61be3d1ab1ba49f688af238381ec05fa687dc99bd9cb3460a7b3f431102552a7ed5b0d643973eadef70719c9a402613f4f01b8d269475c369bfee7b1d9e019b5 |
C:\Users\Admin\AppData\Local\Temp\gUsm.exe
| MD5 | 374e545d9101ac03741506f3e7f107c9 |
| SHA1 | 4f7ddf0b8f1d2976a689e21a74e8d6b8f9855f09 |
| SHA256 | ded4de5210c407db621478f5589f20de8273f701f34b06ff58014ff8d8e851aa |
| SHA512 | ea524f9365fb7ffc48e83040249e36c7f223d3696ba9e5259a0c08993963906b6af46b4656dd98bd167825dde95ab4c2cc1cbd05eddfffaf47df8bdd653519a1 |
C:\Users\Admin\AppData\Local\Temp\oMQg.exe
| MD5 | 73378c1daeec72970015eded4c98588c |
| SHA1 | 1aec657199aca6676f597f05c6fa6cbe88c84ba2 |
| SHA256 | 9cc343c9d7745ffd38f00ada563faadabff23737ff1e62f808cfc477d53b983e |
| SHA512 | 0ab9e25b5793dcfa65cf7b8a2ee2072f4995c7219719f0d627cf815f255edd6ea657ae5e7a825d889f0d81622995669621a3a068045ab8be4ffa5888f1586ca4 |
C:\Users\Admin\AppData\Local\Temp\KEsS.exe
| MD5 | ed98e4a0518b3679826d82395d4158f4 |
| SHA1 | 1524023120c04d1017a60c68b5e26abf5dc0539d |
| SHA256 | ef64347e40ff8b8c3d110faa9f02bc74b9e12eeded276264fb0c4a03ad6629b1 |
| SHA512 | 6b1da5ef30b473c7e131447e162ceb85cece99ec0c3485a4f8ef8f8098b24e089d1ad6da69ddc0638a3cd53f5c2c03bace34f7af968a4d6006a99f750807b8e4 |
C:\Users\Admin\AppData\Local\Temp\MwMM.exe
| MD5 | 0b76d165d87fa193fb3f654a815ba3d6 |
| SHA1 | e781b63d26be082b4b594239ffcc56438e0517d1 |
| SHA256 | 79900d993874e0464157a1b903ba38f50bf85b2247523490616425d8ca7ccf77 |
| SHA512 | 8793b052d5dd8394c76aaef1a779a2393106d63bb1fb2e94911bcc1e03aaa17377bd8fc54a9b0bc6e4280415c1c5c43cbec3e0ddf7a24cc4005561084ce81a94 |
C:\Users\Admin\AppData\Local\Temp\WMko.exe
| MD5 | ed1f1fb34bb069663c74e7afa7518c10 |
| SHA1 | fc8ee5e9c067f6aff8fe2f4321344b33977bd518 |
| SHA256 | 95e9189be137a1e9ad07749be12af6cb089b37bc7d51cfc6f7305f36f425a5dd |
| SHA512 | b4cc148bba855f932a56f2c53ba44fb83c3f48b6181b2189f2b84c2f5628e26561d1ff52b90848b2b54cff60ff624320138bcbf2d51d1b0fa4597a17ee022ea0 |
C:\Users\Admin\AppData\Local\Temp\GsAq.exe
| MD5 | 3a8bff3771a3cf8b9863162b440ae93e |
| SHA1 | 2325e228b25efeafcd767106d5516fea0cb922fc |
| SHA256 | b82a4b40e68cac55e902c953518bd9f28a675623b481c5e62027849304437e1b |
| SHA512 | 2fecd93f60d5004adc451c2a6fb26e134900b19710bfffdd5caa7c109c946a1ccc6eb274625a0e598e7c3f5c4af558ef080cd5b2309c53ad061eb2acd87e411e |
C:\Users\Admin\AppData\Local\Temp\uoAa.exe
| MD5 | b2f68f65a23498ca90dc5597842384ff |
| SHA1 | 57cc03367035a517b54bd20a6a8e90ff0e51c522 |
| SHA256 | 885f684b426c19e44b3f565acc4058b1462037d9b46e128592135282620df4d7 |
| SHA512 | 0e2175818f3b3d216d67a2fe50bebbbe6a40760c2d3ccae3c657f4015fa85156eb6f7985292e066b09849e4157ca69b635bdda22a4ca07656a59fd3547251080 |
C:\Users\Admin\AppData\Local\Temp\eUMw.exe
| MD5 | 95560a7038a1ede048907ffce394403c |
| SHA1 | 2f8bc90a381d69edcdf294f54f156ae1f9284279 |
| SHA256 | 0f0ad2397404d989de8a7c6c3b9dac00e603653f6bf4af369412fa7e52313e5a |
| SHA512 | ce0226d7a3ac15d16d01c49ca326a184d5d5fa02eaa55bc021cbcc9cccd3bfef5336c3ac6ebb8af4a10e1340e71aadebcbf5538aa72dac49bbec867cd1ce95c7 |
C:\Users\Admin\AppData\Local\Temp\oUQI.exe
| MD5 | 371702e1aaa856dbe601d8b3ca4e2d9c |
| SHA1 | a02c2719ae5dcfc0075422fbb26c6fa58bdf365d |
| SHA256 | 4054576a6dfb942d66e244783a2180da502229ee049fa7689a7850e8f4bf6920 |
| SHA512 | feeb3632eabbff36e6dbdf94674e4148cf47506466ae241162961f06d1ebc30bd5d31bbd8ad5541faacf7ae6c1e8bd74c83963b6a6609dd3154d20e788a7f387 |
C:\Users\Admin\AppData\Local\Temp\cYAm.exe
| MD5 | 63d9cf3b1a5cccbe665d7aaca884632f |
| SHA1 | 9414d34ee87938abebc32c8649806030550bd0e5 |
| SHA256 | 147d8710e2154148ad72e4bb057578a99ef2789f74d8188c84e8356c469d8bc4 |
| SHA512 | c4232bc18104e1a3fd2d6946bafdf79e3d21fa8de072551dedc6226d1777cd221e10052115e6895916cd84b717237b0d5129937fd8abf72612e96080a05b2155 |
C:\Users\Admin\AppData\Local\Temp\Uooq.exe
| MD5 | 63c516a61bb4388a0d2fcd4bd2f33f1d |
| SHA1 | be9a25943d9598532a8a19fda33cc80e854a95f5 |
| SHA256 | 7e60762e90fb347edadb1d35bd0b30d0ecefc4ddc72044c9e6e3afedf67fea99 |
| SHA512 | a05a1c76aaea43fff116ec8c62231c9d4defb2b5fc7fdf3b5600b14399a312a260671e030efa7df755c157dd64f52d9583c67a24a3d694c440e8235c4ac5d864 |
C:\Users\Admin\AppData\Local\Temp\oEoa.exe
| MD5 | 7d5def927e2bcbff28845d871616c1b0 |
| SHA1 | ebf5671a5cd66de03030a4d2f57561563314723f |
| SHA256 | 801de2e4c19f89a3d668fed38acba7139dff855a1e75fbce4cb011bbee86ebc6 |
| SHA512 | c9652aa5c1d28fbf34bee9635745d5994924615743cad91216c0f221f7e5599dc9637c4f10dc584f14aa335caec3b366b7795965438cd3a7e36a15afae0e0f4e |
C:\Users\Admin\AppData\Local\Temp\QQse.exe
| MD5 | a013b54e0b848056ad0b8eaad8dde647 |
| SHA1 | 584ad7cc67830738abcb212ad89ac84d3fd99d45 |
| SHA256 | ad313e9857e447fc9331652121435fa8f499ac08addc280413dddea2189c834e |
| SHA512 | 0b16bcb04da6adf48ca77cabf51c0548687bb02bc3572915e2616013cc11d546e62e5e8610de74b4eb980306831f2f3954d4929501a099e358975f9a5b63ec8e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exe
| MD5 | c8b4a738965dd8202c74a550cada349b |
| SHA1 | bca81f1c134377ecfe3fdd00bcd910e4c0d32f7c |
| SHA256 | 1bedc1f088b1178f84bbb7cad388576134781d753a7a0dbf1fb24715f8792e5a |
| SHA512 | 4e69a4eb081e74f2dc9f87fba20f615e1f533a57a65a675f382cdd031c8a0b2cdaddf3f1cea791e007429964eb27161c1938e9fc224067d6972639bb9082ee52 |
C:\Users\Admin\AppData\Local\Temp\Ygwm.exe
| MD5 | 35e3d6739c10b6097cfff7a990c38f56 |
| SHA1 | 9b693d8c106ca0c0f6cd835add7f621df0022574 |
| SHA256 | b74b3edc4bedb68cf7e0c18716e2a14f01331ae63d5e5e9c078b0faa06f661a8 |
| SHA512 | 0c17ce0dd374ae50ba6cc202d8773819ccff1b080869a2e351b22ef4379570274f7e994bb8e6a91215f5254a6b0911186c36e6f9299db74ca544e8e72ef177a9 |
C:\Users\Admin\AppData\Local\Temp\WEMi.exe
| MD5 | 1f2f32b3afefd89aca30cfc5cdb1cd9a |
| SHA1 | 1557a0b8ecce34e8634859affea59bf848ccc185 |
| SHA256 | 86e372e3e6638a7563594f38ec3182c718cbbf9f68b1e216ae938a8795d3a0e6 |
| SHA512 | 21307f5668c3ada994e18d44359b3603acf348aea0386c28cfd7e87ab626ff7ddc716c46f009bc7d5e8e2e3a0bcb55dc5605ffe1d4d43a1dc05f862d08476068 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exe
| MD5 | 7d9b2cc52ab3e6e52100202769800374 |
| SHA1 | 55ead4d832416ec524ed02118f993802980121b2 |
| SHA256 | 9e001516907e0caf9c61ad1786b1fd6fc0e876dc50b9dd1bf3bd866be6890c10 |
| SHA512 | 8f3ec4afc5265f6486e1c69d97d178ed33078710e31cd8899422b9a94998b8bc0d81f88abe099c08bbf755d900dea14cbd3da18691798decadc8063cd3783160 |
C:\Users\Admin\AppData\Local\Temp\EggC.exe
| MD5 | bce74ed747d506257db97c671da498a1 |
| SHA1 | c6d11f266544e6dfbd22194707e882a55f76b644 |
| SHA256 | 71ecb99c3db5194ec243762a5b7933700e1080587e863805d766342851f78dd6 |
| SHA512 | 1f3ae21c2623e1ab57ac9ea6aedd8f878c72600f19829bc7314503dc404d29b1ae8ff1051ad267b7c678f3e20695e42a4f9ce5143ce93d12f6e4b4711d384047 |
C:\Users\Admin\AppData\Local\Temp\MEIW.exe
| MD5 | e0c47186d2a3f5b20e51d03fb236e0ab |
| SHA1 | 94d16b1c08652caec3d7d6c750445b03219ee061 |
| SHA256 | 6a213de0216371d174cf7c384db38508f3406327386700c89eafa1431f0ff244 |
| SHA512 | a7a5eeac5a1896d310936ef36e7284787b07c90d0056215d59f691dcc5400e9545d1ee7cb53fa9133c76cc2f9889ca33769bc574017159a3b66831eaec4992cc |
C:\Users\Admin\AppData\Local\Temp\oIUK.exe
| MD5 | b0b2749165e11af73914809370d935c9 |
| SHA1 | c8aa2a075a061e0b04a543962db7acd78a1405c1 |
| SHA256 | 7da25c3de2a0d9b981c898eca98a048b3f1516a1ec9ef7eb846ed70ea42b2311 |
| SHA512 | 41657e5850df63c2d2ae7d70a9249c93deee2b8559b0af9b96b5f4c31a3ed30bead413c0796f489dd56847914e3e778c59f42dc59a8a5f3d6d719607d9a751d1 |
C:\Users\Admin\AppData\Local\Temp\wQwK.exe
| MD5 | bd282249c14681620b84b5ff0fde67e8 |
| SHA1 | 814267790e424cde6bbc2d5e858f9cbb92c80505 |
| SHA256 | 90fec74b93df6df77323a816a01646c00bb651ec3d6c6ebd5cbee8bdc14e0634 |
| SHA512 | 840826f4f04b1f1eeafad17661f2e0dce0afab988f4f1b89c4cf7da2feb5a54d51caabaf09373bda8c3cbd292ba89407ac1c55cce091db765c0b7c7ad690be1b |
C:\Users\Admin\AppData\Local\Temp\uEEE.exe
| MD5 | 42656c92ce7d632a5e1c342e1b58c48f |
| SHA1 | e7cee7e0de1da342ff20319cdea4bfb58ef905b7 |
| SHA256 | 95058c0c254f2b90ff4f327c9089ba740f697bece663e3b0b78bdafe3264afe6 |
| SHA512 | ca8443e7ddc3bde89682cf089859147ac99a3cab1ecb0d25a5d57541c2debe1472c46fe779e3bf12ba17bf6c3c3b67e0b23ee88e8cbc36ba341a7d3fc1f50c75 |
C:\Users\Admin\AppData\Local\Temp\mUAq.exe
| MD5 | 0445c489170f209774fb37507438379e |
| SHA1 | 9c96be0f4843bdbd139fe41867baa0f622456aae |
| SHA256 | 6ab36b0a23bb9ecf9c7d42d9c24ea602fe64cbe3f860c72a1767929ffe6c0ef1 |
| SHA512 | 7786bf1472c33e04f6ead63201d14f94fbcc1bc8396fcfa024d2c01e6b0637ef6626e9f4e8107c3ec724d7b238bbe0433ef3e74327715904c94c9feeaeba6837 |
C:\Users\Admin\AppData\Local\Temp\ygMu.exe
| MD5 | 6c5c78bff8367ac7650651a5ac0c9aaa |
| SHA1 | cefd4ebbaeea2a629d16965b34d6f71b6ce926f3 |
| SHA256 | bffeb3dd6833bd6800de4891521fc40a312aa09200fbd3e8a693435b0d5861d0 |
| SHA512 | 291021cf7b59fd4364ee00964b5b34e90287e9aa1313dc6568ecbd97e5bc140da048466e56e9dd97e0ff7a81acf6218327757f83e2a2cccd2b022f7923f0773c |
C:\Users\Admin\AppData\Local\Temp\CMsY.exe
| MD5 | 75fca5a8f75f40afb251006710458a60 |
| SHA1 | 12a2fe3449352ccd52851bada6347d3cf67fe101 |
| SHA256 | 3f303be095a860b8f87174a1b3ecb8fe745467df261c80a105a0d2ffb95ae839 |
| SHA512 | 353c8e40774ea760a862fc705fb02e31ccb501595962ce76cc1fad27ececc45e06c538709ba47d48bf59946d4ce1c9a79d5029d18a8fd1ccf79e405b7c492817 |
C:\Users\Admin\AppData\Local\Temp\OUkg.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\Ukcm.exe
| MD5 | 00cd506e1bba5a46fd42bf740367701a |
| SHA1 | 24fc9abd3f0e64d65e38fb7c0b298c545940ed36 |
| SHA256 | 88875aa28548347746f290fdccbb1770bc5797ad02354256d4c46c622c2952f6 |
| SHA512 | 45a37104244759a100702daa0bd9c28cfc82576d6c1d22d13a4b9baaedfe10ebccd9a36fc9e6ec56b91c38c94860ee162df2cf683af961bcceab104e60668cd9 |
C:\Users\Admin\AppData\Local\Temp\MQsq.exe
| MD5 | dbb8da9b78d9fd4769b9a3d7d3e55bef |
| SHA1 | 444a0aa193a06afe15219ea5308d7f7b76d9096a |
| SHA256 | 3e6768bf39bc56478eeca7dc7238559d2b065dbadb30a3fb2ab55d2ed449312d |
| SHA512 | da89fe9a8988f90aa61566246fd0d34be9b7046958f985a3019ea35937b70ce273fd5072d4800f728b8cbeadf1b24b4208328c615afa3a9d035c82acdeea3241 |
C:\Users\Admin\AppData\Local\Temp\CQAa.exe
| MD5 | 9e2d369eeb857c340827124e4bb1e319 |
| SHA1 | 2429fca418f2a5f280c973a7e9eb01d290fe145c |
| SHA256 | 6d4128ac526cf6d7ee105601cd2e2b8d563bb0b57502e4c990912c768630f3f8 |
| SHA512 | 21830c57466bcc6b95ec02b64897084f0ec13ae11056047872068ec26fa14e8ac9220e9b4ad075cb3e27a859e4e60d01620d9d24b015e1cc166a3b46ceff7af2 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | 417f8d20078d28525f53204fea5347c9 |
| SHA1 | 7901ee45094b0e45c71183107f90355e3c101cb1 |
| SHA256 | 188f3ab50994ee638c2c6aee4bec8f752e1571c9683b9b740e2a5ad662b53799 |
| SHA512 | 6b595a4305f29df21a590dd5634527ee734a75109bcf3a731b6c6eb612c325745046c9172e29b4002ded7e4dbadff90197fd289fbf3951626426dc313ca8223f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.exe
| MD5 | 3a47c06f4c78a8e7ad1bda7d8f9caffe |
| SHA1 | d1f9283ab2d0fc0dd8a3426d9c0a38104e69b10f |
| SHA256 | 042bcedf05b787e70fa0520fbfb4c37c358858526c5ba4b7ca2e5d40f916bfa5 |
| SHA512 | 2fdeeeb73bcf6056047150a60079abef1d0efcb22f6af81dc24ea671123db5ac2ac28b35c08b8d0e6d7167a567560d4e47a89ee1209b6af210ed59e5e3bed261 |
C:\Users\Admin\AppData\Local\Temp\QUoW.exe
| MD5 | 6a322e96d15ecede7cff2afa4eddd166 |
| SHA1 | 9b3e40abf0af5d2ff4c402785124df66f19022f2 |
| SHA256 | 5f62cb6656e2610e20167c4b880dd99289592d8318cbcb34a3e9e95e3ca87a2e |
| SHA512 | 2ab03ca19d9da473c878a8271c722f10734bd7c822a76e081361ee03cb5696d19df133c6904cec36d41e00c34b39c8f5b73829fac262954a94d72d0d71303e80 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe
| MD5 | 555792f94caa793680d296219338e1d0 |
| SHA1 | 200504dbfefc5589e3a4f0ba94e2f349c8d87e6b |
| SHA256 | bb77c4573a76995aaba870deda301723463727d8f4468b8a72534d521f74b86c |
| SHA512 | 2953cd6c7f0fe2139092a0c444c36dfe3dc0d229fb369a18dcb2a0f7adba2ec24230357c9660705c2391589ee63eae7135fab106a5b3e23042f3756e82b476c7 |
C:\Users\Admin\AppData\Local\Temp\sEsk.exe
| MD5 | 76aa6466e3a3f78bc7e167ff93df01a0 |
| SHA1 | 1f213434b5179a8b43442b0524c6636421719aaf |
| SHA256 | 6e4845b7bfcb5c6a5e30f053fdc155913f020e8d78682f934fb3095a79f632d2 |
| SHA512 | 5cc8dcbc45ad165679afe80949040d67114d16bb780746de7b69decdd8e9593a5e79e865a6323f47be04ee2584591849740440be76556f3bd55e62ae205b42ee |
C:\Users\Admin\AppData\Local\Temp\wAAu.exe
| MD5 | b3da918ead624c6f70cf180adad4f093 |
| SHA1 | 27cfd2099a3f0aedd4acd8ab1a24d2f1c7b2fc69 |
| SHA256 | 9c38970e872b678d9c8f8708810311cb289fa1a230de95ebfc0c39b2ffa5b8b3 |
| SHA512 | 51e310a04f07a00ddb721f13cfe5d032dde8ee37fb9bdd93e3e53cdb3cfe9c0c037f070762951f9a819c4bb6815cf5ff2077d3e7e0f202ba1e643e6542db9e02 |
C:\Users\Admin\AppData\Local\Temp\YAEG.exe
| MD5 | fb4062d2548d0705cbffabe31d1c0c24 |
| SHA1 | 5e15f3cc5ecd8234a8005e355e8038bef2a0983d |
| SHA256 | 2fe56ccdcdce17cacc910b336c79ecc9f30f42ed0f6b89d86eb7d748ca25c7c3 |
| SHA512 | 793300591c20bfc13ce612444ae7e022dbae83f9ae8117f98189273e7e1d58b44c9b4f3d7a0ace75c4abf91b8a2d78f03b3cce83851bb8aef3cb0cb736983e8d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 5bc75d3a02cbc9e7773582e08e1790ac |
| SHA1 | 1df2a3701e8e0078cf280254acccb4d2add566e3 |
| SHA256 | 8afc81ec727684298bb57d86e56b239c86ac632fbc7eb3c7289752899efa4a10 |
| SHA512 | 7b2a8635ef46bdd1b93351ecf3af3e92e1ec7df8f667f4041713a1e71f7729918feb93b3786a4d15d4eaaa75fba30941704924043d791e1f7a99cc73a7e87394 |
C:\Users\Admin\AppData\Local\Temp\UIwI.exe
| MD5 | efe3c41c7508bdef40b4caab493edc73 |
| SHA1 | 2edcfe4f1abc2b827e8d2177dfdd9f978194b457 |
| SHA256 | 2d163ff51546d07f7c10b2fa4c10a8fd630acaef9ea5e0eb846e1ea6a61dd1f2 |
| SHA512 | 985d06f0c8b68726f8908fe472eaae0a9d65b00f3f245fe171527dcfb63d8b6de1ad8fa5271cb00ea72977b57cbd8d5f0ec68ef075b2ff2c16693649899fd942 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png.exe
| MD5 | 6d6ad648e2197125749f88c3a1069086 |
| SHA1 | ce204a25cf4ba90e8fa54422bf3b84a925830d12 |
| SHA256 | b405c4b1d906d12a4b3ec036979c1f4bb201d596a884096bbca43845048d7dc8 |
| SHA512 | 82d87810741f12c8ce6cb1453e1cca45b9e44c863a7c7ab1973b2f75f1556fa709fad5e412d8e13dab2e28b55f4dcf117a9d3bec97b5a4c265aec0f3ff2b9884 |
C:\Users\Admin\AppData\Local\Temp\QsAy.exe
| MD5 | 96412a2b526a7dfd0552f39baa4e7e17 |
| SHA1 | f5a861e75f14b5cc949b0c5494f43f4658c19366 |
| SHA256 | 0e84ed97ffde55dfdd0fefd08cc14ca2fbc44be7cdd7a7355403cb7520d14d60 |
| SHA512 | 18938b50b2b71f0eb5d126f7ce65694deba792980b83a1af976a2648a42421be6fb2909659e48e15d4f1f7ce99ec22c2d4599e847778a853ec24a71d93224502 |
C:\Users\Admin\AppData\Local\Temp\MUsG.exe
| MD5 | 4ce8a581374648c550329dad08d2233f |
| SHA1 | d5a310b54dc253c5aed6988b2edea66181926745 |
| SHA256 | af91effd4195eb30b9ea4d4b8b175ddfa12e014179b1e42798b93f8e9781f492 |
| SHA512 | bdfaa1dc502132eb886af8dbe406edce2adee6d2bb15d44b7da33e5b31db6da5ffe50c0120978c1db650233849c6a48a2dae5a08f88627109eb0af43768baca0 |
C:\Users\Admin\AppData\Local\Temp\Ascg.exe
| MD5 | 5cb440fbe7f494035fe5cabc0a9138c6 |
| SHA1 | 6ced672839b8daba91fcece3e742817a09e5dd0e |
| SHA256 | c83d335bd0406afd7f0bd7f151833fdfbbe0f760c0666bfd228bcffcfe9ec02c |
| SHA512 | 6fa2a7045a3facbf55ceebf4daadff5bd3705a77e1b85e9390ed6a12a718383f12ff78448a6c15dad11a4bf4d2b32d303a07a8aadd954d0c8f7f7c3b614bcb03 |
C:\Users\Admin\AppData\Local\Temp\uwUI.exe
| MD5 | 7dd862569ce6e00b6a9b497557498008 |
| SHA1 | c0c69ac46238625e87693032b652d92f5f5e43e5 |
| SHA256 | f0e4bd22d6ad16900a126ea6c803cf9dbde0a261b94298b6aa405abaffe8b3b9 |
| SHA512 | 3a19e44f860058c7b412791b590f5dad3d8d7399a3d8016291edc19f7f91b4523939643b0fc711a82438475c6c8909b333909868a3d6b90c90fae491ceb8d683 |
C:\Users\Admin\Downloads\DenyInvoke.gif.exe
| MD5 | 5ddf2951d88f463b375df03339ab3bf5 |
| SHA1 | 0762ae2d095c66d99236ebf586628376bbffdeaa |
| SHA256 | 688050c1a60c999019c7c59e988dcd9df9a6ca8d71ca95c9844429dfe44db05b |
| SHA512 | 52736cf3403575dfb3f346e383e0cfc06646dd811bef8bf0d804db2157b5e2ec61c2261d8cd032ac44e88cd6b3d2ad22f871fe216ae51fad05e37a4c9fda4459 |
C:\Users\Admin\Downloads\HideMove.jpg.exe
| MD5 | 3114a245ad4a13497f52bdb79e61a6ad |
| SHA1 | 4cadef112b081ac805aca5552d5063eaa3bb9bc3 |
| SHA256 | e171f2a975c843e93308105d8a0d01adb5a15fd64d104ad2fe0cfa185aa41eea |
| SHA512 | 242fcfa606b24f43d660c0c5cc000173e2b663f02357a555cc430ee75494a2bab99ddd3371ad4fe17459a4b992701e371c0f6670f5ce20d33cfd1d258f4602bf |
C:\Users\Admin\AppData\Local\Temp\AcEY.exe
| MD5 | 633e416ff5570d5d18f09f2078891eba |
| SHA1 | 1dab6a2104b66ee52f8476c6ee4397ccefba5e6f |
| SHA256 | 6f208ed94081b5e726060de3abb7d5315f0cf1e446a4d6480f105859264bd4a8 |
| SHA512 | 9f0368e39b69cb94a256bffa86cb5ee1e31b5bcb1b8e4a8b1a585dc37e1b121203a11edc30a65c3ce8de9114423da7c8e472d611d31e5ff754787916e0d5d529 |
C:\Users\Admin\AppData\Local\Temp\ecAQ.exe
| MD5 | 2098262830a07008f8541e8714a2450f |
| SHA1 | 5d965fbb25ada0c1644eb1fd029c3d3f2f520b83 |
| SHA256 | 114dd1be67509f499377fea33095a6ce831840fb013fa8b586098137d8703048 |
| SHA512 | 357249ae8273b95ace79606590d0c3d3df87bf45501172819783dc1bba4c3f3a3da3be6754a5de65c214ea12ee01af075108f400ee04df3c1574e72d5b50ced7 |
C:\Users\Admin\AppData\Local\Temp\SEkm.exe
| MD5 | 98f63c89640dfaeb211867273f39fbec |
| SHA1 | 39d079b2a976365d6e75da6b53d8d4ea92a9471d |
| SHA256 | beb3638127647fe35d4ca0ec225f6103bc622568289647e8661785b024ee49b1 |
| SHA512 | 0dd12349939d471a6687f57240668a694704e30b5cbc7b6a43bad05cf49eca34ab86b34d56fc9abf0f69f77c9e03b8039c337dda41efdd8aa1ce87c1a6f62523 |
C:\Users\Admin\AppData\Local\Temp\oYky.exe
| MD5 | 5582d280a5398de69224a10ff93ad669 |
| SHA1 | e526cde356a628578df6e628a6f7801498e7ba53 |
| SHA256 | e3e47a91bf8f78b0f403e30e5ec26a19373e04a437234de5844bbe11d7347e33 |
| SHA512 | 3beabf496dea9c66fadf219c556186acc0ad5f656a75000decf2c1cee560aa6d62a46ce8012969d25fec1c82dc52837858edc9d1d46b38f245055f85e6038f76 |
C:\Users\Admin\AppData\Local\Temp\uQoS.exe
| MD5 | fa93bf5cbb443c520313777f469683be |
| SHA1 | 876d73a9c554cc0d17ac5dbd5a639ce9c7bb02e2 |
| SHA256 | a9c9e4cad484a62bd8a815d0fd152191cddc546d6f990864b6eec82544273409 |
| SHA512 | 9d8d4614212d7f05fb000675a97a828106c589a23f61557217fce46b7fbfc3c90e93fb7423fbe833080e73a70f7611ad3bf72d34eab045702fa7f2e250190d07 |
C:\Users\Admin\AppData\Local\Temp\wgcG.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\Ockq.exe
| MD5 | a57dbb7f1d4b54e0a0ecba30cf69f10d |
| SHA1 | 907817e3734e6abe9a2f475612f6868666ac636c |
| SHA256 | d6e2036360a08101b61aa0e3a59488d9c8077ade644a8c2a52bb18032e41f72d |
| SHA512 | e91b8836bd2aa8250877ee3ad9ff469bfdd89d71baeb10eca98c0849ffd8b111295b306fcac05bf98510fb7298ede7a2505760cef0c5764e7e8d0109b1eba469 |
C:\Users\Admin\AppData\Local\Temp\KAwo.exe
| MD5 | b964ecca59b3ccb55dc52b8958e8528b |
| SHA1 | 3448aa553cece0c3e1b9364d16713985fcde9333 |
| SHA256 | 439e6b426de06716109251484662c767bbd6032afcf7b537d05841b3a092e62e |
| SHA512 | 14bb7c8825063938f883fd8340c1052a7c21588ef54ab1093c86ac6db83b40b57eaa176066c867ba636c079e4125c7863288f53ac3dea4ba0d11835591fcf8b0 |
C:\Users\Admin\Pictures\RenameCompress.png.exe
| MD5 | c127850c79c3eb95dd66c8cba1ea5d4f |
| SHA1 | f7ab6b59178ce1efde572d634c6f61e71f8e1797 |
| SHA256 | 57182b94f475ce5c8ae9462d7e72b5a7d9a0723fbc92494977df6f122f632710 |
| SHA512 | 5eee16301065d36234ce1ff3da876dae0af994f532f050e2323421eadf32e9a035b99b84ab439b34aea82da6ca40eec93704d1d94ff446e51e12cbadd15d6c80 |
C:\Users\Admin\AppData\Local\Temp\ywgc.exe
| MD5 | efa68b7b4b7796d4f61020e81025551e |
| SHA1 | 138e4b709f871e7ea4035dd85153ec24ce481d9a |
| SHA256 | 91dba627fd3bfcc3cadb5942f1fb2e4de34d6d6008d7cdd21fd5912bf13ef8f5 |
| SHA512 | 638d93adbde25d96227cf3981b0db2782569ce9d3adfb287cbd9566bc74319ff5c3859a61793dcb1b8d5f887493d7cc5422b55c5569b8e3b859600c8064bf685 |
C:\Users\Admin\AppData\Local\Temp\GoUK.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\Pictures\UseNew.bmp.exe
| MD5 | a7ad6e2ca538786c73e5e106932eac29 |
| SHA1 | 6de82e5ca691b4b120a201923caaf662828d79a8 |
| SHA256 | 2c11e69d0b4e70bbc0149d23879b37fe182c1d38699528a6aaf9def260b58883 |
| SHA512 | a043611e6f09bcd5851b2b1f813d925f0da9f103d27ba93cee6f57ed11bac0930b0e85c71ea6fde408b20075877936bcad445744009394c94d7ff90977d8644d |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 72cce5d3abc24aa42dd6e22c4bb049e4 |
| SHA1 | 2d144f42c52d329742dc8d2157e85ad9f9dec094 |
| SHA256 | 8faae62088e2a16a6db1d56a633119d7d52b9a0c4972b929948be1132a0db81e |
| SHA512 | 9b423469438be4675e3f8e2e5d4a6d58d1d707e09b5e34a9f90235643b7120a33b30454f41ee4ba8b219f555aa981a07a2809c56c76b7cae83c6f93cd948181a |
C:\Users\Admin\AppData\Local\Temp\QEoM.exe
| MD5 | 5f704e662ca325076e166fbef68a6207 |
| SHA1 | e5875c42353b818affb5ddbab162b29319907d89 |
| SHA256 | 1a586b5b0bbdc690add630b83f1a89b0c988ae2d536ae5c322697c4920fb769e |
| SHA512 | 59e8739a1f73c1e55ae96842c194324a1d259262cff1da15eb70d1629deff8f7ea19497a3ddb77562b317a5db2dcf0e695e9a201e31be76dcb8ade8798489576 |
C:\Users\Admin\AppData\Local\Temp\AgsU.exe
| MD5 | e77b803783d41b02991fbe20740cffb4 |
| SHA1 | 50d988ceb67dc91d4cee7edbd5538984854b0cd6 |
| SHA256 | fc447dfaabc3cc596f494d0e0b91c8635907934e9301125391d339260beb6258 |
| SHA512 | e0f916d349f717b6770af8da3fd2d7f0f51b9def9752a08f7403a5726a4410492b21053bea3ab072ccc616ff53f832628d3a62a74f39ef33aee2ae95e527347e |
C:\Users\Admin\AppData\Local\Temp\EgMC.exe
| MD5 | a8b8eca8edd33425e6e1ec552c651b43 |
| SHA1 | 225a70ff06f977a1ba88825769147411867467f7 |
| SHA256 | f749c9a63a5af2622f6d38fcf1a8ba44dbcddf8803d69c2d964a71487a2fb3de |
| SHA512 | c87e82573c9e58652c43eedde14c197443111461eb35a383ba75644b92eb2a9b20d2fd2b4452fcc50695843458586098c27a469bc9878846cee540e89087f58f |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 99503c5ebddf47c557e339688d1ba14a |
| SHA1 | d1b0a5608453a5b50a9325ca0357fb953dca4fe1 |
| SHA256 | 4f22ecc9d32b00ef62778844cfbda2686816dd76827dd85734cd1f862916d7ec |
| SHA512 | 3b95ef028d4da176b19129e542a6698b94cead2bd2fcf4c6f66986899be31d51c667c91295c30e5745933a261217d569d764acc96add1cfade5e8acdbab91f6e |
C:\Users\Admin\AppData\Local\Temp\coIq.exe
| MD5 | 19fe3677cafd3fa9a416a4cf2428bbcf |
| SHA1 | 09ee9587772718338e483230747872917d3e283e |
| SHA256 | 29673bb8351c8c4e4c2e1c8e89e13cd2ca9e1f83e072b93f643f52d2dd0c089b |
| SHA512 | 1d4a17aa93f3a4f68e3e43c63a171e78c4babada1e0fcf7ee14bac435e94d8582fbc41c5e7c914fbf3c241b80af3d4e5d55ab9afbac141b9dc2ee5899a3db708 |