Analysis Overview
SHA256
ce13e35dcdab216ea5a67f021ad9dd14e12b066ee2ac97d72f0b4d6c34e64379
Threat Level: Known bad
The file 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (55) files with added filename extension
Renames multiple (80) files with added filename extension
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Program crash
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-15 10:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-15 10:39
Reported
2024-05-15 10:42
Platform
win7-20240419-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (55) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\aigYAUAs\fewskEUY.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\aigYAUAs\fewskEUY.exe | N/A |
| N/A | N/A | C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\fewskEUY.exe = "C:\\Users\\Admin\\aigYAUAs\\fewskEUY.exe" | C:\Users\Admin\aigYAUAs\fewskEUY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tkEsQAUI.exe = "C:\\ProgramData\\WyYEwAoQ\\tkEsQAUI.exe" | C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\fewskEUY.exe = "C:\\Users\\Admin\\aigYAUAs\\fewskEUY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tkEsQAUI.exe = "C:\\ProgramData\\WyYEwAoQ\\tkEsQAUI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\aigYAUAs\fewskEUY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"
C:\Users\Admin\aigYAUAs\fewskEUY.exe
"C:\Users\Admin\aigYAUAs\fewskEUY.exe"
C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe
"C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wuogAQgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCckckok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YiUQMIcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYUcgwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nysMQsww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LksQUMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JGsYcgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuwUkkAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OScIUYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QKwcYcUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rsUwAssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcAwcoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XqAQAwcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fCMIYUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\msUgMMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kiEwAkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iwQcQYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kckIQoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQMcQkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwwkoIcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ziQcUcsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VQEkMgEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UYIYookU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIIwUoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kaAskEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GGsgUwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RgAcAEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqEoYgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZMckIMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lyIcoksc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKYQwYYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eaoMYQkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\acMcYsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CuQcoQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIAQYkUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsgUIIAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hYgcQUoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\liYsQAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DScsgkMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pSwUoEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wIMYsUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gkwAUgsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ouoUYcEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BmcIUUsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ryggooAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZSAYAsUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\byAgcYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eOIMkwEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCkwwQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikIowYcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsQogUoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lkYIIIgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LMcMwUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWQgQwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOwgYEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YcsEMsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qEssIIsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCUMkwAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGkIskYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqEggckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bkAAcMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\toMIoAYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyYQgIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIYsAkYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oIMogEkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jawMUksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jAAAMEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BQwksgsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lIMoAIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IaUcQAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SKwkMAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GuoEYMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSsMYUAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jckEkgQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\piQIQkAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkUEgYMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EikAEgEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GosUgYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\meoYQEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAAMwooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RCsYIEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HoYAsEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeUwIMEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYQocUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SuoYEgQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCwcYIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIAAgEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bAQwAAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FaosMwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RYckcIEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWcYQMUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CokIwwgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AmYYAMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IgYgkwYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uUIsscYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UEAYIkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYcwswEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSYkYUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pmIwkEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWgwEUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qaAoQcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\COscEccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MsEsUUEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywMgMQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EOQgkYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XowssYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQAkkkYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSIYcwIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HUcIQMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jYcgogkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EmMoMMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUMQEAoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yQYkMoww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UYgEgQQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HskoUAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TkYsUYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NmYYssgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 172.217.18.206:80 | google.com | tcp |
| FR | 172.217.18.206:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2012-0-0x0000000000400000-0x0000000000431000-memory.dmp
\Users\Admin\aigYAUAs\fewskEUY.exe
| MD5 | c27e077e578e0e0810550bebad534a90 |
| SHA1 | 617e9e683c8593d9e8a5e9bcf3ec5c86e7e6c023 |
| SHA256 | ea0256551bdf8c3697256cbb08a0153053533c3c743e8523c6d3d0615354d609 |
| SHA512 | 4753e84836b0663542579207d182bda691770a24acbb7cf01cd4af2d83aabf90e3aa55460b900a14fe4f92b072ce11069649ce9d9f25949d408a19173bd6953d |
C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe
| MD5 | 2691b1050fd0fc28de1f7699dfec1369 |
| SHA1 | d441ab0cea6c6db26f391cb2aa45cb3cbfc2eb64 |
| SHA256 | 10f2f4fdd9da5b39ba3710b7d2552e6c1c119dc35932a10ec30ce9e78156c1de |
| SHA512 | 33561b136b17307dbf3d2bc6375165fc62a9354f2ac2df1af9df84cca9eb621cf9849abfb08f28c75d9c6d2312286811eeb7b92bd0ded75fbc65dc5f1c67eeec |
memory/2012-12-0x00000000004A0000-0x00000000004CF000-memory.dmp
memory/2548-31-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2012-29-0x00000000004A0000-0x00000000004D0000-memory.dmp
memory/2188-28-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2012-27-0x00000000004A0000-0x00000000004CF000-memory.dmp
memory/2744-35-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2568-34-0x0000000002250000-0x0000000002281000-memory.dmp
memory/2568-33-0x0000000002250000-0x0000000002281000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aUUUswIE.bat
| MD5 | 8ae0062e3eceb1cbcfb6cac08885b550 |
| SHA1 | b26c98c7f71133ba3ed7a6a6a0b9dc51c2315999 |
| SHA256 | f16076887055843d33cccb81c3a39f033e6871b6852339ad345617af5d5a0f4e |
| SHA512 | e159dbd92cb69d6d6807dbf18512712bed1fa11bbb42c6f9456cb96bf2769366f048deddf6ac72193592cfecf9ada42c490345df4b430b70b67de22b2d00626e |
C:\Users\Admin\AppData\Local\Temp\wuogAQgE.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2012-44-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\kqoEcYEk.bat
| MD5 | 9a9400603fff129a0354412a0760e6cc |
| SHA1 | 7b186d38f780018577868764950f6682a0c6392e |
| SHA256 | 195808988cf7c69f5162b3e5146992550f1bfbe64121f4f36e109bb59059af4d |
| SHA512 | 7bdf865a4be429aea1932d17ac85df5412c50e65c7e146e28f87f833d50d85d581ad2e9c2326b61029b657db3c75dcda603bbc49308970f871091a59f5c77621 |
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
| MD5 | 59513752b20c9e3510db31c99dfc5c60 |
| SHA1 | cbfd0cd3f52fee958f730d8d31b2372370bf26f3 |
| SHA256 | 4cb21f95bccd80bca6baa955d8f9dcc1837e5a561d1585c9aaecdd7d377db8ab |
| SHA512 | 08479b2361a3b3d6a80d47260442718a7ce0f72547471b2b674aefa3dbeed7fa012df9c37efae73d729cf973f579672ca996a48552359ecc1fb2b4b32eeeb560 |
memory/1888-58-0x0000000000420000-0x0000000000451000-memory.dmp
memory/2840-60-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2744-68-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uawwwgUs.bat
| MD5 | b0a4f9bc2064c4d97622d86581023588 |
| SHA1 | 89f536d25c24936c125b8612f2c6411e4fd04668 |
| SHA256 | 1ed6a0089a23eeabc46c4df6a7aff13ee169cfefb315c530d6f16104a8500b94 |
| SHA512 | d8b8e7dc9b80ca239fe2510ec672e40620b6fcf2d753339c58bb3ca5833a8c489c05b5a8f4ad95ca1cad3e2a34a4af8ed4d6151de7d508e5563e73c57cc088a7 |
memory/3052-83-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2740-82-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2740-81-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2840-92-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VAgMIEYs.bat
| MD5 | 7cd3ee8c8836c3a05db243f791d0ccd5 |
| SHA1 | f183ca764857c64f013e41e22a29626f5fc3ca72 |
| SHA256 | 95ab08271b091d1d8279ef3f083e2397025f26003ad512fead15050ad6621287 |
| SHA512 | 63a822c178a784b237cc1dbfa397b4b0fc4410de3b0d453ad12426877c3fce3ebb2953c692a9047a47c83f5cb0aefd25358ac789e5426b10bc7af2fdc1bebd25 |
memory/1604-106-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3056-105-0x00000000001D0000-0x0000000000201000-memory.dmp
memory/3052-115-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsQIEQYw.bat
| MD5 | 43bcc8069c310eb47befdbeb390cf13c |
| SHA1 | 2b7ca939eebbcec833998c274f8cedd8ebc03351 |
| SHA256 | 3f76b6fabc6507d3640e2e5eae0d112e4c084fbbc575021268f41402dcdaabe9 |
| SHA512 | 67ff4842f4991f6f6705c9d8dc5477cb23884c2f70eff0df3117e6e8367c793c38166db26aab3d74e1cf296577574da7eea3e09bdd21e15827e2313ccf2e02cf |
memory/1368-130-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1516-129-0x0000000000450000-0x0000000000481000-memory.dmp
memory/1516-128-0x0000000000450000-0x0000000000481000-memory.dmp
memory/1604-139-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JIIAwkcI.bat
| MD5 | 7ee506e025a2e16d7233db0078f07c22 |
| SHA1 | 1a0e9129acc6c9b96da46731c3f6d6a64c5eeca4 |
| SHA256 | 428c7c810ca11cf22529f053c31be5cc6b99c651da0907c2d477661a80f487d7 |
| SHA512 | 3e78ae584517b7f7970d64c79b59c32bfab31f9f6d49d8388c5289c204033519f92d73d416928cf3a1fbb353b2ea8f2d6e963e2dc86cf277fee3739632ec0ddf |
memory/880-155-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2280-154-0x00000000001B0000-0x00000000001E1000-memory.dmp
memory/1368-164-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JGAQkoQo.bat
| MD5 | 797e292c1feb955f63b4ebbc4e8466e4 |
| SHA1 | f27fe02cab8fd69541d83bf7a7912eefefefb12a |
| SHA256 | d8657c3c0640fedd24b408793f5597de96aed4681ecfc67136bcbe222721f7a9 |
| SHA512 | a60623a970fe81c3744e37089428516ae49eced3976924da18f3126414e0a3d192adb551fa67d60865b91993c3305795544acb37eb7d2fd99717629d32b9926c |
memory/2672-178-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2492-187-0x0000000000400000-0x0000000000431000-memory.dmp
memory/880-186-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oakggQEo.bat
| MD5 | 3b1c2df48d0cb60c74924ae1e1c39e41 |
| SHA1 | 17af6c7ae48f2805ad87f8025fc33911fa04321c |
| SHA256 | cbfdc912561bdca95f924853a81fa2cbf26bae4cce136d1f5731a7128a994934 |
| SHA512 | 88a71bb9395ee732bbe716ffc31949bc40eef1b4813bad372ef0cd83ce3813161029556f060b66db78b00cd1cb9563707b2fda6465b44c71c44e5162239dacb7 |
memory/2612-201-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2712-200-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2492-210-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UAQMAYoQ.bat
| MD5 | d20cd52a9dd06abee31c1e6ded80e9e7 |
| SHA1 | bc3e5d87890d6a4063312a8f47f267a625648a7e |
| SHA256 | 3d4a2d2893d657ef7ddd4b96479b5056a5a8d59fbd998302ec75b9440cc7145c |
| SHA512 | bd98a4813bad39980bd123fdd653a35b99983d541c7d772b19331211c72f7c283d9d8966da2c1acbb695928cb7443c25507f78e5fbfeaa7508dfaafc5dd903e9 |
memory/664-224-0x0000000000570000-0x00000000005A1000-memory.dmp
memory/2804-225-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2612-234-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MogUAgUg.bat
| MD5 | 55ad05530f52330ecbd93d3c55eac30b |
| SHA1 | 8b09c4f6843ef6fa970582185ce0ef786e6e5577 |
| SHA256 | b05a177c32ad315340c89eac13fdf6f300cd94f52b0b66d679fb51653a72fcaa |
| SHA512 | 896b9a663411b27e6b9e6857a6f3a24d3e4cd074643ff49364d2e5678abd2752caed1a3d00eb0ea45de6084beebfb74c6c193c73ea6e7fb7697b6519c4405e6d |
memory/2804-259-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1576-250-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2444-249-0x0000000000420000-0x0000000000451000-memory.dmp
memory/2444-248-0x0000000000420000-0x0000000000451000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QiMcQAAw.bat
| MD5 | ba60791bbcc4e3185dc806dec2c6b394 |
| SHA1 | d988661c6f8dc278ddf6eb76ca1c83f4cc2a6d9a |
| SHA256 | 63cef904821d705459499863b627acc069e1800466fc17b5a66554dce11b47ed |
| SHA512 | 3d19555d2e422b6068cecebae03d0edb1ff0e7f3454bdb7017cfa59963e6d083a4da1e0ef30d3e9a9396d68384950435f6cb07be8bdfc05a1283f8704fe34cfa |
memory/1576-282-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2080-274-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1724-273-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BcEYAQII.bat
| MD5 | 5f693f366076ea8d4ab66ff111a77686 |
| SHA1 | d9c3f3b4b6d16e728187773e08c5f6f6bfb5842c |
| SHA256 | c88edd34e4d6c40b505c37b45ae39a859025964ae8c64dacb9348e184b255cb4 |
| SHA512 | ddf2343671d29ffe598757e9b36bdaf5ded30e715532ae2e0a0ab8fd9abec22e2e1033d21df97f693bfcf96cf173bd40d3f17aaf162d7c63713cf3027e342f06 |
memory/1856-296-0x00000000004E0000-0x0000000000511000-memory.dmp
memory/1684-297-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1856-295-0x00000000004E0000-0x0000000000511000-memory.dmp
memory/2080-306-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VOowMUIY.bat
| MD5 | 049b931424f9b507b5383e1c7164f125 |
| SHA1 | 2d14765ee29940edc3cf4a93f020a2135e1feb19 |
| SHA256 | 95ce848a976150e57ed6db639ea8eaf890d3dbd47aaf317bba349ada5f1efa23 |
| SHA512 | 8237bdcadc366fa04a25610bee18981cd9ddb91c3debfed42ee38da1e5a0376a340baf2e3c2a592d3828e609119141e2301c551dc804c5eeb9c319fdc6d1e72e |
memory/2700-321-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2700-322-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2756-323-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1684-332-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZgkUkAsg.bat
| MD5 | 666d6d55131c5a7dea390c1fd3ce8259 |
| SHA1 | c0fa4bef6d601447716a3af0c35f0bdeb2179bbe |
| SHA256 | 3983966e2b293976bbcfeb8842edff125e82d07839d494b14c8c2a26b4ed1c97 |
| SHA512 | baab951d3dfd7a6ca7bcf7d6f77d79bae92342cb5a2587f0d3498dd4b91c7ce456e9236f7c211f4d9341595f84db69e053e2d812d47af4e2ac10c765f223bf5d |
memory/1232-345-0x00000000001F0000-0x0000000000221000-memory.dmp
memory/2756-354-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AEEwsMgk.bat
| MD5 | 4b65272d2e1a576015ecc06c8e9e2871 |
| SHA1 | 76d0f7c94b7f4c3da1a0b8f183615546b23edc07 |
| SHA256 | 2f1ba1f5b6ea6d6b7d50e36aaed590737001e50f4cca710662a355715b23c3b9 |
| SHA512 | 44093f50ae9465e0186adc74ab51d6d15c5fc47617acd126a0688fdf9b3c135a6e1e11691b8e991e60da9c83be81541fa4aaddc523a960349a034c33cd85b1d0 |
memory/1592-368-0x0000000000180000-0x00000000001B1000-memory.dmp
memory/1592-367-0x0000000000180000-0x00000000001B1000-memory.dmp
memory/1664-377-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\emMgIQwg.bat
| MD5 | 67542aba02229cfebfb239faaddf7a76 |
| SHA1 | e758ea177a1089c765eb5f66dd2f9453e5ad896f |
| SHA256 | 4fb5c441d392145a1a4d42aaa0edf487d0ac2a70d89ec98b93b731a1fcc4e1d4 |
| SHA512 | 98d8a038ab188b48a5f7f3321fba1b4aa3766bd2b957c18e58032e80f6f08f4949f9385b1618da38b9ac477b079c625716c4b9ee0b1f2fa37bfab507e1641588 |
memory/540-391-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1596-390-0x0000000000170000-0x00000000001A1000-memory.dmp
memory/768-400-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GMIEcEIQ.bat
| MD5 | daed9c2ac03a5988276c13aabe7395a0 |
| SHA1 | 64cdb988653effadc2ef3d4a92386dcb3393f1ac |
| SHA256 | 07d6455441991f9e357abe49bd6304ecc17b2bad9e6a9582c9c4761d7c761f75 |
| SHA512 | 8dde8b86934b9dcac08c04d5443bf01984f29f3c08ec13db2c412d86f3781ff647cba3125df90d888f61b88922abb328ff4e20a332a8c7113202703f565a65e1 |
memory/2136-415-0x0000000000400000-0x0000000000431000-memory.dmp
memory/540-424-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kCgwMkwY.bat
| MD5 | faeaaaf126abcf893104eac88bdf0fc0 |
| SHA1 | 48f2663cf31d3e5f619160ee7472f8fd85a24f26 |
| SHA256 | 677447cec90000c4f1db04cd750409efa892518f65197699ff5b7f950c303cfd |
| SHA512 | 765a42f7ff52d10a98bb07945481345d18c0db087e50820e3e94c8707b82a00d5c5df26aca1c575bca64f5b0f96d55834946691755630bf76c8ba67ca677ade4 |
memory/1368-437-0x0000000000160000-0x0000000000191000-memory.dmp
memory/2136-446-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hCAEAYcQ.bat
| MD5 | dbb64fbbf58ec50172a05cb876771ca8 |
| SHA1 | 49b644217029888c4cdd5490bbad29cf77322b96 |
| SHA256 | 5a1466f71ccf5caa3e547daecc2ef28e46f99414d161ab5fc80f8827b094299c |
| SHA512 | baa5f01b2d7187e6a72309405f557db4238290f33382eb9bb9edec8fbafe8d25d731b2738908da7c6ef6e33813322b2cadc4ec8b63a3912a708784b41bcc7213 |
memory/2664-460-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2580-461-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2664-459-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1816-470-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bYAIksMk.bat
| MD5 | 69c71ca8e61366a6fa4656f2bc55b131 |
| SHA1 | 370ace150c98a57a972277d06ba4afe663751694 |
| SHA256 | 243ba36f4aaa8f0c5531204802f701ad3c95028de2ec4eb81d011682521832d5 |
| SHA512 | 4d223666ab598ea1282e6de8ec5f28551d70707e4494b2c3509ce50a840222fb7c5235733e034f501facc9136e2975104fead62b371005de6faba1c3eaf9a8ff |
memory/2732-484-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2588-483-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2580-493-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HcIQkQUI.bat
| MD5 | 3bb6a37d8e831f45cbfcc10dc4f22f40 |
| SHA1 | 0843eb2efc5d7206f383eb8aac5543a70e476dd9 |
| SHA256 | 85490ee61b52c3e02827f69c18f44c33ef13f1ff06f00312dfe86a3d77423ab2 |
| SHA512 | b929ea4fd203fcd8c114319db72505571a15b436c9f583c1acebd30f5fd51d516fe3e079cae5f9aa180db5079087650d13b960309b5ddbeec04bae6db8949d2e |
memory/2908-506-0x0000000000400000-0x0000000000431000-memory.dmp
memory/692-505-0x0000000000120000-0x0000000000151000-memory.dmp
memory/2732-516-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HsEwEgMU.bat
| MD5 | 49bd04c93916206c882445cc125a48cd |
| SHA1 | cd24c050c44eb9a5482acb10b41cfaa4c697e1d3 |
| SHA256 | 2e2c8af0b3592c2da5dce7b55ff167f07b35cd9de7b96af96c461b383da31396 |
| SHA512 | 5a753e0551c663b39b46bb0833b8d9ca821baaad59ebf01a4a31bb4a40599678a0becded89780a8efd9862d9e783dd959c5c9555dc0b128f9ec5a0a5562ca01d |
memory/2772-527-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2804-526-0x0000000000230000-0x0000000000261000-memory.dmp
memory/2908-536-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nggcAoME.bat
| MD5 | 73d16c4a988beb0072aab980ab61c3b0 |
| SHA1 | d1a4341142bb42921b2d76014ae54ecf1e3a00f6 |
| SHA256 | 3a57bbc537f6f3816f5ea393c368da0236efc664223506fd723785b497366038 |
| SHA512 | de0bc329fffaf3533373987e78f4d2d214044d3facafa41a0baff8e96caac851aa76950afe60ca9314a67dd7b770b9dab832bca7b0eea629bbf9ecf35f9bdd9d |
memory/300-547-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1564-546-0x0000000000390000-0x00000000003C1000-memory.dmp
memory/2772-556-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IwYMQEEA.bat
| MD5 | a9140e86cbfbaccae2414a476655aefc |
| SHA1 | afbfdc8bc79fa7f6f3d7b57a4dffee56cde03958 |
| SHA256 | ee0127c94840e72732e93ddcc02c3029bf0d7a6dd73c3b27323c052f542cdc38 |
| SHA512 | a608c1d4ebde1a3a474bd39b0df4cb72c88ffdfe486c0c33cca891c149e325aaadfc6843e4289905c9d58927bd0e83f300de1e41c3bda7d291b68074d943b6d7 |
memory/2764-567-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1572-566-0x0000000000120000-0x0000000000151000-memory.dmp
memory/300-576-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eIwcoMMw.bat
| MD5 | 6eb70d109f8237cadfcc9066089125dc |
| SHA1 | 72ae1c9644b5d0e61b27545d26fabb7cdab686e8 |
| SHA256 | 59c703d02bdfcdeb8624d20b13d14ef364c44efe7a401c885e72c788fd5d479b |
| SHA512 | 24fd1f7e9d6498cf87b01afbb79aeeeb60c389ff997c66c185e3fa447b744159313e02787527a388479c8973616fe26430ec365b1d042a786c2094221a7c02f6 |
memory/1536-589-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2572-588-0x0000000000190000-0x00000000001C1000-memory.dmp
memory/2572-587-0x0000000000190000-0x00000000001C1000-memory.dmp
memory/2764-598-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iCMsIsAc.bat
| MD5 | 3ff0b15c9074a304cbfcc64a44532aa7 |
| SHA1 | c17a14a876d48924e1491b685951f50a73ec529a |
| SHA256 | 6a1b2f8a336bdd9d3e9abd6f3823103875319efbc8790ffa1a8e0d142c286cf0 |
| SHA512 | 9bb90c40ec192a6fe8a69f8b54f3bde9620ab02204790fbcf1984679373027fabbe47ecc5ccfd90dc09135c446102701f88cfdacf42da65bfaac22275d804fec |
memory/2832-610-0x00000000002E0000-0x0000000000311000-memory.dmp
memory/2892-611-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2832-609-0x00000000002E0000-0x0000000000311000-memory.dmp
memory/1536-620-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\csIgwgUs.bat
| MD5 | 2949ab419c7c7d230f1f125b34981527 |
| SHA1 | 222446446ed273a478286af3bc34727966842e1a |
| SHA256 | 853342239dd18b73c897fd473f0fcbba121f29ad09e4455f2330f98749de6dbb |
| SHA512 | 01e289149514f39a0c052ca3b353571b4f6556208c958ebc5ccaebf77b2e2005d0fcd7df09e4a303c6b41c79d030ad3bcb849e4b07f39e515afa46c0051f3fb9 |
memory/1784-631-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2904-630-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2892-640-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HcYooEoY.bat
| MD5 | eb7734671e726731d74843f991f34098 |
| SHA1 | 87004b064f584c530fab24317abbdfca8daea4e3 |
| SHA256 | f6c20474dace0e2316f982648174080d42b5c752f1c5be8e9def970336afc217 |
| SHA512 | 662679323b06cbd9e075f9772a77aaa7d790f5c39b2bc650bd3063a8b78e7856c7796bc01f4872dc12004a7a51a23f199e45745acc153aab4e21b0fe9cba7bd9 |
memory/340-651-0x0000000000400000-0x0000000000431000-memory.dmp
memory/380-650-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1784-660-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zgQIEUQI.bat
| MD5 | c501602fc637cba846586501faba2f0c |
| SHA1 | c4751aa25a56e19414fd4a0261961f57b266b6e2 |
| SHA256 | e9c69fd92ebd2e193756edbaa920c1aaf286d8f66fc1eca16eb817e5b6e39e1a |
| SHA512 | f0a0b8891ba17b06d2e387958c67427b15ba2f5dd6a4aaabc68d5fdf2d158998a19d1bf45f7ef90290f4692eb37353f1c0a7675390fcc8a3692145ab3d4d357a |
C:\Users\Admin\AppData\Local\Temp\gwsm.exe
| MD5 | 43189804bc402fefe9ae57497128c051 |
| SHA1 | 8d4824da08f924dae2ec2ae7a1d89b2914fdffc2 |
| SHA256 | 90348b4f68862839d4e1609f3e49baeb41527aa1f2406e86da72ef3bd75a8e28 |
| SHA512 | 5e7469808f79c35b29b54fa1184cbed9c184cd293c4f0ba4af571915d634fe20172db46aa251a164a6618759787b1400bcd41da48735f292cdce95a5a5b1ab98 |
C:\Users\Admin\AppData\Local\Temp\vegwUsMs.bat
| MD5 | 7c358273c945e727da926c3963ef00be |
| SHA1 | 117080e84cd175a3f3f84044898f24cad50e2f2f |
| SHA256 | 62806336f4f190191b313c7f60ac7bf599932bc6d0bf7165bd2b1dc7ed93d339 |
| SHA512 | 72228c860b47b1fef38bab0b72f96ae4ee0fa967b5292f178333b21972bf8c6b03c4bbe9bc4a1ba68412ff628f7f6f419aad7878c3d431fabeb98f9405629a19 |
memory/2120-719-0x0000000076EE0000-0x0000000076FDA000-memory.dmp
memory/2120-718-0x0000000076DC0000-0x0000000076EDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LGYsYoYI.bat
| MD5 | 81fcc83f443a068e6e60528bbc6bbb84 |
| SHA1 | 4ebd9e4458e66d63601769b928a9c573a98722fc |
| SHA256 | a9dcc89165b15d107895d2bba57db50139102249355013b5f93b0ed28913a6ee |
| SHA512 | 10102cc37cf8959a1fb10af9f343e762ae058067cdf9e851deb259ba3fae6a91129eda7e447ed17b9b88e3d607856611acfebf81adbb0fe6cc58b2a412062d94 |
C:\Users\Admin\AppData\Local\Temp\UuUEwYww.bat
| MD5 | c45ade9942c28dcd23c19bf900da40e8 |
| SHA1 | 6ab7e27d295d5cfbf338ffa78aaf4acfea9226b0 |
| SHA256 | 6c30fc991e1361dca3a7e170ef7f8e81c87e1c1b860420d569df461952a9d9a3 |
| SHA512 | e8b745ba230db58b4678ba0a9408d78f7a1606c6487661dd74cb34f64a1cc444b941da30f67d59fd7408bf9baa58d4892cc59323547f0c16a6dfa52204e60586 |
C:\Users\Admin\AppData\Local\Temp\cmsgkgMc.bat
| MD5 | b9a68be4831676d774f8a62237eb42b2 |
| SHA1 | 70adc392a7fa49825f85e12b42eceff8c52d7fdf |
| SHA256 | e54ff84ee4d640da4b1599f02a24d710dadb97e8ab4b0cbfe342f05fd21fa2a8 |
| SHA512 | c0503d0e832ce598c010cb6a6a860a0e178714a4665f514fc127970b4a720c72bb2b1baff9b03706c2d64ee4a50e63434d66ee7d274200822a36341f35d8ba3b |
C:\Users\Admin\AppData\Local\Temp\IEoQAsEI.bat
| MD5 | 361120dad89d90f3df2668b7d0c98b49 |
| SHA1 | c167e90184c6e966df077c5062d25f988559ce84 |
| SHA256 | 46445bf2c2a47aea47fa20da0e133f972a4294b29d2de4a255556954b629eaf1 |
| SHA512 | 0569ee72c41ce7be3fd8fea0d0726e631b33e84ca30a6e46d58db17e95d8561fdc4b7fabbaea2ee6a06c6cecbb4e00e07bcdb9c6bb5bcc4b265473ac8f31db80 |
C:\Users\Admin\AppData\Local\Temp\IUEkMAoE.bat
| MD5 | 87df0854e283dacfeca7efb1cba0632a |
| SHA1 | 41a7dc7f894fc5f3a8dd26615135cca3af04f64f |
| SHA256 | fc02577723d7cda69d9978047715ab038518b689982a6f41042e336e49dfb677 |
| SHA512 | 0847c304b302d9b040092f6465383d7324abee8ff58ba547907523811ca7a7fc86cebd9d7eb95b07f32569bc1090abca3be2b99cd736412c309d4c4cccfe4c27 |
C:\Users\Admin\AppData\Local\Temp\oeYwYMEM.bat
| MD5 | a972af047979dea28a3705b839ed5c2e |
| SHA1 | c7f81f4665dc138f2c3d5ff8cfa3bf4633e3966a |
| SHA256 | 3d0127441cf2b8739144260dbe70bf950bbe0db8bec5f496365e67857882a8fa |
| SHA512 | 3f4db4e718b55f4ba6ab67425b4953733383616085676bbfd2d5bf5f0625d299c2dcd04891824e86dd37ab7c1375e8081c37b0a77065ed44389057085bd3c929 |
C:\Users\Admin\AppData\Local\Temp\xoUkUEUc.bat
| MD5 | 9067c907eedf7ec054b6e7c26f07674d |
| SHA1 | a547c997a624bec3d74bd7f5f2d79c9e1fc23c1c |
| SHA256 | 922a9da2cc41b7e09a15ff9279687b82a468a297bd7a89cb0c2331618b2446f3 |
| SHA512 | 1009e0795637015ff6a3c90f42dad515bddebd8225192eeabfe7c7bfd74adc701442c4be304d7f83a5a15a7551380b4cd185cee110ce8285452eef0b256aacdc |
C:\Users\Admin\AppData\Local\Temp\rqsQsQEE.bat
| MD5 | 591f40bdefa4f94549b5b7470a14e259 |
| SHA1 | 403993c5ad8dd32b109079d921cb816769c2dcb5 |
| SHA256 | 99010e801988df18ad2ffb3b4b52c30dd17ba566c2903373386cc3bfe6f8588c |
| SHA512 | aa70e7e45a9a90fd5f70b5c7e071a3c8ecb425178a3d421c85d8e4006f2e55b2365ad5aebfdb2edc578db4ee6279f2614e415d00da26ce96dfd99349aabedd98 |
C:\Users\Admin\AppData\Local\Temp\NEwYIsYQ.bat
| MD5 | d13d1fc32b19da459306dab753442eb9 |
| SHA1 | 4621dd726e510d4a5e8c41803e810bd45bf23d3b |
| SHA256 | 4f0b540304d865d748572c403f12aa428b0e5bf9a536221dffa187f3e856908f |
| SHA512 | e59b66f0d41128363fe79bb1907e92ff45e0f1b01439c374811b2ddc86c46b440b78b4c4ebb8058f0557568e75b19ffec938bc74d75f105f17cf08230a94032f |
C:\Users\Admin\AppData\Local\Temp\rOIMAgcA.bat
| MD5 | d4de369176412bd4186849247e2b5178 |
| SHA1 | c0925eb420e1bb49119545ec18dcce2442d4250b |
| SHA256 | 835ab64fb01e20adebf0a518eac9110254cd472d4058f7088022e0001d3ec3d3 |
| SHA512 | 1020fbd8821429e33bdea07773ce9b7a6301bb37cf3217366f821fffb4eb56bf081e304e155188005be1e36283998120ed3cb4abb725a824b6ac739efa81717c |
C:\Users\Admin\AppData\Local\Temp\msIUQAEA.bat
| MD5 | 65619703bbac1c282815702e0a3f4aba |
| SHA1 | 58a4c6339048526682a6b37a5322e426db30ab97 |
| SHA256 | 54d722c1e7bd632efdc0aa3fdfb08d70cff6c9a69b6c195d280b28c8efd9936d |
| SHA512 | 6bf11f5fca7f44d8328be26f601a0fa58ba742ec41d5f5c4614ea3739075d152e085766aaf6924dd190a5244ce5f5eb3985e7a68a0d57395535188a248119820 |
C:\Users\Admin\AppData\Local\Temp\iEYcIYIQ.bat
| MD5 | 603c426c609f4526197e18ef5809f844 |
| SHA1 | 22104d5f64a62ff3e2c653f74a84153793e3d528 |
| SHA256 | e27aba9f480bd33cdf831595b7546cc0b24160c0d138ee2b72d05e424d08d79c |
| SHA512 | c000e1cb32df4dbb7c30783b7e021f2ef48cf6826a0a8d2877824bd713c1c931dd7e5857a4d7bd99b88d5308dc465c71555206e08b357889185e454ab1c97a70 |
C:\Users\Admin\AppData\Local\Temp\oYoEQIss.bat
| MD5 | 5e766fb7085480ad9e5c76a9089718a5 |
| SHA1 | 7503e083c4c4fc24ec738d2e65b83b67b6ad15df |
| SHA256 | 62cbafe5973c658829ee7a36640291c881cf1e05974e78c7d43a98f14540c682 |
| SHA512 | 065b75dd6f5c94e57bd56cb6c34f431d77c5f151c06a5a9fd76332b6ffb342032066e126f2ddc5b32809843fe83bfa92d53bb2ee07b73fa6722d22bd792323f2 |
C:\Users\Admin\AppData\Local\Temp\UeksAoIk.bat
| MD5 | d13c74c7eaf5f14ec984ec0cfeca785e |
| SHA1 | 7b8c755b35585cd1245248009ab04cbe3dc8309e |
| SHA256 | 4279b362f61f4a76d4642be94bc252410a1c27c53a1bf1b7ec854f8257097fac |
| SHA512 | a11ad776fecc9f9d2003849bb81eb9fd4ce613a16fb6a8eb1e004466d44076209d85d9fdbce5ac1c624cff6a8e44371a6a4d6be21d86694421bdd35ba89911c3 |
C:\Users\Admin\AppData\Local\Temp\RaEwwEcU.bat
| MD5 | afc5b7e8578253e821acdf37c440afb6 |
| SHA1 | 4e41611c98dd7c49d285536583bd8888703c7a5d |
| SHA256 | 0cc0e494d180c92565d10cb36c9c2d74ca3de672b307fd1df06ef6d770f6e0be |
| SHA512 | 46b5a3d51245be1e2bc8fe4e19e097e20e6135d420f218e81d9886377f6539db8eb6cf13bed917aa6a18ca06a51061c566d7b3c0ecf8d1da3a5622617ce02d0b |
C:\Users\Admin\AppData\Local\Temp\NiIwkAQg.bat
| MD5 | 729d9c60f34a58b8e2e5b38901790b86 |
| SHA1 | 77a2bcdf21e719a280337a49c226167fa22e0af4 |
| SHA256 | dd22e67b38182392e02f5c264f8e4274d15e22750c737e6ab278cca8c43d78cf |
| SHA512 | b25095ce01d86eba8cf9854d879e2756f6a7ffb832cbd7eaa927c9ba1a8c46fd19f99bbc4fa1e592244169bbe21070f84b34e96622b1b3073e0822385b8e9027 |
C:\Users\Admin\AppData\Local\Temp\kYkq.exe
| MD5 | 837202e4dd06cb2b266c34dd48657402 |
| SHA1 | be766d41d3a882ddaf1c87f7a19897f70f29e136 |
| SHA256 | 018a60213fed4ea81cec7ff0f579cf039b79bd88c927c80394e55bc2a232e54e |
| SHA512 | 49de7357b1b05f453912ac8802f030885be1e196cc1a2d47f1c38cb9ad2b8a903c042f3167df63e32f50a218696823d7cfad77e7da1d8edd2468f2b90aa95cfb |
C:\Users\Admin\AppData\Local\Temp\wcky.exe
| MD5 | 27f972caec0baf334ecb9ca96566be8c |
| SHA1 | c200911eb8b2f1ffb4ae1bc4883302d23efeae35 |
| SHA256 | 1eab1faef4e71d326a6c7517984ed6a6766f5bb808b642a8f965b91a4a7ef0a8 |
| SHA512 | 663eb80dfa2cc7fc1c527c053ae8e7c4ee17d5556a9eb6d0997c4ea58d9788c09c5327ffe11d7fdb1e441d87ad99723d07d1c3fc754e6eccc9edc01d0a7e541c |
C:\Users\Admin\AppData\Local\Temp\eEwE.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\uYQK.exe
| MD5 | ab3b54a9522fb726400eac99729323ab |
| SHA1 | c5d539bfbead90fee9122e6c2da61266fa697f25 |
| SHA256 | 1220167fd7dd10ae6c749d50ab54e3d24e7918737a0cd84f27e51848d0c19b1e |
| SHA512 | cded6f44a09663aee86835e579aa8545876988ff3bae47598af1fdc4570c2abe8d71525840c552bf930a1a64a261d4dc30b793df9f9fdf69ffd3c5602935a589 |
C:\Users\Admin\AppData\Local\Temp\IwcU.exe
| MD5 | f392010d21cdaa388955e9b2188742cb |
| SHA1 | a3b7207a3a5e44be4a443e8baf7c43b93d85fc42 |
| SHA256 | a047e8dc17f53681ddb926d18c1efd1d537a3bb039ca376e23f53e221934eee0 |
| SHA512 | 2ff88947b603d25054d97c8b16782a39c76d64c3200db288e1ef286c0cb678376a40145711cd0af716a9d636bf4361d7f7c4c04f4d1fe3707aea83be01e7ebc7 |
C:\Users\Admin\AppData\Local\Temp\NygMIIIA.bat
| MD5 | c254bc3ade4e339b5b0ade4e12890a62 |
| SHA1 | d590853e742206cbaf0409e2b75c0ed17061138d |
| SHA256 | e476c992dae75c6232cd9686bf96669cd1200effe800d849f975ac4e1d41b427 |
| SHA512 | c2742715542f4d576669d5f679f26c27538d015b8daca584439ea35d5cac1105c9c9feb6535c389b601f0e2de27192f2a6b3c9db119409446992866ce06d5aa2 |
C:\Users\Admin\AppData\Local\Temp\GsgO.exe
| MD5 | 3cc14cc4593bf660656ee1baae512cc7 |
| SHA1 | ac574fd0b26a55c7d0908e77ab6ab4caef629f06 |
| SHA256 | 74b69888f43b71d69a66af46fb7b5ca59c8700ba8e57ba9cc65cdf4a464ba822 |
| SHA512 | 90b0847f8decf7844c5c2df18368f6294e17e8e9b5d45cf099297b660b7f2eaec892242452c63b7cfc5e92de84c57222e0d9c1a4dde27e216244eea058b5fe19 |
C:\Users\Admin\AppData\Local\Temp\UcYs.exe
| MD5 | 6360e7aa816717d824e9b08592419a0c |
| SHA1 | 530b919d072b493dea4cd97d0a6361d47b8a89ff |
| SHA256 | 746db7caa6f264eafaabad8d708b54a74e0ef26b4f09e77aa687246655394bc9 |
| SHA512 | 8f2371e8294a77a2d02d19c255a373ff836e2c17c2b46b723c04d079580ef8ea60d7c87ee7477a4119d51ffccf199da8c41608e15abf007bb53c331b08e366d3 |
C:\Users\Admin\AppData\Local\Temp\Qgoc.exe
| MD5 | 54a48bf1461262befb9876f6fd3fcc22 |
| SHA1 | bedd8b04d529feec810778715d7d70e9a5f81524 |
| SHA256 | 0d9dd11c7c0e9aa7f6ae2163ed71b6337dede2588fd805725c181636d0565af4 |
| SHA512 | 116ed8bc2c5d86a4cf81845b0e429487b31bd6d535a85b84dfe6e294520dbde8e336b0bf4950226bb8f421dd7558bc2da7e70625d3f92ab12a2646100186dcd1 |
C:\Users\Admin\AppData\Local\Temp\KwkA.exe
| MD5 | fac071602ccbe2420a19860d2b42eaef |
| SHA1 | 0ad918282d5eefcc39410f06e8da40999b0a6094 |
| SHA256 | 7609c5ef447190b69784cc9275bfce954c44e47d8f8bad3cb7a9d39079992d08 |
| SHA512 | b7abce5d80faea30d48907be75f380f05e6999a264b95358cc0d6f8a13323f416b71731ed465df65eafe61ce817078a5451d94f988851faf8e5d7cf98cdc6beb |
C:\Users\Admin\AppData\Local\Temp\eowa.exe
| MD5 | bf7e17a46477e83d81e8ad1b43d7195e |
| SHA1 | b6989d664b7cd63b58871fc73bf2553be5b4b6e3 |
| SHA256 | 5be6d0248c4ae1e477b3ed58bf5c3bb901e1976a9df53417a17556e6ec8551d9 |
| SHA512 | f630577bfda6818d2dcd7bacbcdcb8d04b6ce2c9d5cb7658cb29230f7fb4e30cfb70f3b426dc7c42f3a783825a2a2085ce45fbeedd86cbda08c61f2331f6cd45 |
C:\Users\Admin\AppData\Local\Temp\WUkS.exe
| MD5 | 2dff2353a3efa6c800c72372fa333f40 |
| SHA1 | 244248d9d22b01bacaebdc3f57031ed7bb105f66 |
| SHA256 | 922b62b19c7b8cecfec66a5d6bc9ff0cd039c4f66deb6cda537f590542607f92 |
| SHA512 | 07eef1b079c05e3852f16cebfcc315c680c2fbd5e565640559f8e5e64ad717fa09ad5a9fe801245e2f6db12750f3ae5c72f4de6858b1d1efd25f3010c22c0668 |
C:\Users\Admin\AppData\Local\Temp\oIIG.exe
| MD5 | 500d997bd19f5cd631c3a9ed249522fc |
| SHA1 | 8385802fda02d0d1d2d5a2fb2366cbcf21567bb9 |
| SHA256 | 16b886cbd17e9959fb342fde2fdbb4467c029108b6a7eb29cb53745af3ef0327 |
| SHA512 | 4e7460b6b5b2543d925eb7e94f80158e16ee3788d4e46d4207d110a15c1951b6743d7e44063c005b762b36da48dd4eb05dc141516e87092a9e4962e9b8021c27 |
C:\Users\Admin\AppData\Local\Temp\WoQq.exe
| MD5 | dc155bdce882b3f92451a332a79a6596 |
| SHA1 | 1aba8bbe7b3aa9af3df654c6a23777ce553edfac |
| SHA256 | 02705e5acbfffb05fae1a2e496ee7abaffc157e40c8d30bf9514f09b835e8c07 |
| SHA512 | 6280ce61b7f3edcecc09397ac526634e115b0dcc9b505088c714588179d3e4dbcf144ea151d9a2a2eb19e0615bb61eec84330084caad1411f9ad31b8009c2b86 |
C:\Users\Admin\AppData\Local\Temp\ewIc.exe
| MD5 | 3f6ebed3eed702922dc255c6bc6b3b68 |
| SHA1 | 14b6806bd9e1fb0366f0b8b3855cceaa6fa47e16 |
| SHA256 | 6f68973515c91ff90f0c7119e3ac69accb9b1829de69a47b6569b8506dfeb1e6 |
| SHA512 | b286efa51e306e522c6bddc7caa2539f894d753dff887667f3ebbccc928300fd03ac51fa316ecb4a2c91961da1b29a8dc9009d074e39025e1843ce30a8644c14 |
C:\Users\Admin\AppData\Local\Temp\ggEwcsUU.bat
| MD5 | b2613e28886d872b4eb1180982aa434c |
| SHA1 | 28fffa88a8f65b8bfe02b4ad0585de573dd3f32f |
| SHA256 | 40831ee7fce791da6125d14e4557d59e1cf7ef340b2b0f38f81e91397b095442 |
| SHA512 | fc6c5255306b99157ae9e55835a70b2543e68c2377f6184d83f3cece4ed77349c54d4c56b87b3de557dc8d9fe52e49e2b6e62096cbaa6d76390ce4842a9064ea |
C:\Users\Admin\AppData\Local\Temp\igoY.exe
| MD5 | 05057117c1fe70612de4de24af25433c |
| SHA1 | cfcd3579a56eecaab039f57240bbc3a2f3865cbf |
| SHA256 | ef0ff7e4d55dfb23918e998c89a4a4d9e01126ed9443d73a3342a018e4f06dd4 |
| SHA512 | 71c5b164ad338991bb559809541a0e2043f5ae78e5181e4cf7692af6cfca015d88091213adb7dc3bebe5f7c851d7f8122683258ece3b355ebedea3422dbfc94b |
C:\Users\Admin\AppData\Local\Temp\cgsk.exe
| MD5 | 4d2737dfbf9b3ce5fb469ec744c8f8b9 |
| SHA1 | d2bc063bfa87290ee8e3f7a1faded7838a4d8e1d |
| SHA256 | 6188fb201f5e00be1324a7208e220c93a4a63358d54e62f51ee6684dade8dc63 |
| SHA512 | 30de3ea3988f4b7bf18964be2f171b95420e7cfc0ca5c7855c6610d8b4e3650f99138efd109d1652f9043c99cf0feaff6803d32cbd6c01ec8472e086923dd3b9 |
C:\Users\Admin\AppData\Local\Temp\ScsK.exe
| MD5 | 8ac4f006271744e153561d7f27d162fc |
| SHA1 | fda24a84631ebe26f5b8deb30865796847dd5bf1 |
| SHA256 | 0e640d7eef7753b2831b81fde162ce72294574795ccd1f1dd1e99394deca503c |
| SHA512 | bae524d80eea592cebd85fdb85ec556f8ffe8dce0480d129f498b6fcf2297da52a6a0da67452e89607f13f0c3ac4807db395436c975394f35aa9f36739a2e051 |
C:\Users\Admin\AppData\Local\Temp\ooca.exe
| MD5 | 5c22e0d4390d1680d82d1dbb7aff2fbe |
| SHA1 | 3116b14c7a389a7d95dd3172a67210cfa31a5d6b |
| SHA256 | ca00cd94bcdd0b779b69a31bd66c8a01dd544277c0b156e98c604c39f3535961 |
| SHA512 | c817a0dba7a12bcadc82ec77a5f89deddd924bb08ec117337b64c6960724d756ad3f9214ea8ecbb8943436ea2bbf3a9dbd14a20db9ff2b62261fd991b5308bb5 |
C:\Users\Admin\AppData\Local\Temp\gkAW.exe
| MD5 | 833c21cdbf6d230cf4ac84c0a58bb156 |
| SHA1 | 5512a4f8ac45a0dacbc3e9d05140ba6cc11c707b |
| SHA256 | 1b011f7af43c4a42d721a381d0f74f5fe3c8322df33212d6441fe14e401a40ba |
| SHA512 | e41cf619907d9adadb7ac6d8edd78223983f9822b6cabca1e87e5614b7f4434dd4a9b402aee90b339d07458fca0fb62d371832b065c04cc609030bfecac9892a |
C:\Users\Admin\AppData\Local\Temp\SMgw.exe
| MD5 | 74ef2b5e264cd1948c78473c4338c5d3 |
| SHA1 | f4a775073fea933791f099d08498f11f4f91e532 |
| SHA256 | 24a98e9faefabc5fbd29b50a84d3f90ae405743c115ffcde38c620c61f0b4f46 |
| SHA512 | 2b07da63bfd52d29ca5eea7d93f19ca78da66bf35e1196b408b8192de5162a1e3f0388c2f17f4952490707eff63e6a2be8c399666a714aaa3e897d7c5b94a088 |
C:\Users\Admin\AppData\Local\Temp\AQYC.exe
| MD5 | 9c09d2e5e5908faa58a137462faaf3a5 |
| SHA1 | e81a64f2fa331bda4aead61c582db6004bff57d3 |
| SHA256 | ed48dbd1b94299d366740fc1c2630ec60d5f68ae69c736fbe638b36084156cad |
| SHA512 | 2fd6110afd7ea14a4a1a11fc5195405a0c8960faadf80dcac466caef0b956160079f1e085a2d656204ef07d80dc0fe92fe658617d20652364e1b14d67ef3e560 |
C:\Users\Admin\AppData\Local\Temp\GQwW.exe
| MD5 | 65d6d6e481321ff717ecb723b46ec6aa |
| SHA1 | a4cb5117c9e663f7fba48b2f4f5da4bb5eb5ab75 |
| SHA256 | d658f4ddc182378530ab965c34ed9a7083e26f85eb52592ef02510e82fd81557 |
| SHA512 | b7a17fac4a2bdd7fd8374e0abc64491dae5740e2a12d6399a7c58eb1d4a0f93c6c9b2016d52b5c6b7895567cde378a26bbba62ba97b49c709f075edd04dd646b |
C:\Users\Admin\AppData\Local\Temp\acIk.exe
| MD5 | a8f6f80872407c96ce23386263d19928 |
| SHA1 | 4ff3b1b58fa504b7a0ce297e3a724f467ab34b77 |
| SHA256 | 4523211c5d1b7f308d37f81fe5c04744af79099af926aa0cfd04f33865c48c50 |
| SHA512 | 40463022d08000c0781fc18731aa0172908aa4d02dd7f6746187f5a60dc62e09108f47e7eaae38c73aec42d58de84e7151934b87a80e974815c95fe7e396a5f9 |
C:\Users\Admin\AppData\Local\Temp\UqwoEMcQ.bat
| MD5 | ef87edbc1a5f17a939e0feb428bf61b3 |
| SHA1 | 58f807f759b40249ee2dea658edec0384cb53ae2 |
| SHA256 | 8cbd75febb92a31366c2b6669f1387fcbd3d74f88c08e432ee1d08c22fbfb482 |
| SHA512 | 23c359b3965a5b5f77a1a0c11bd7b4b0bea643ed86f2a08aa7cf93c2836e09398a565d78fa8a213b0b75257ad6503c04bb26f6881ed78dc9eaf98740605f90b2 |
C:\Users\Admin\AppData\Local\Temp\EwMW.exe
| MD5 | 9f8899eb29ba27d09a6fee2bce58685b |
| SHA1 | 13c464ab3ed1b5e108e3a8a8dbf1babec6b4dfc8 |
| SHA256 | 243a874752757e021b3c3617b4d76ddc1bb2507a5977319caa8c34c84c95d40a |
| SHA512 | ce684afcb64d4a064b37030fcd56d517057fdbc6bafadf60c15e37e4b3d31237027ea068a365aadaca510d995c0e2f906602ee96263d6b54ea84fa5cba9f7eca |
C:\Users\Admin\AppData\Local\Temp\OIsO.exe
| MD5 | ccc6a6c73366895ed2d4d1619facca94 |
| SHA1 | 1745996c99f768d3b3409d44be1b9c3827b0ac5e |
| SHA256 | 64861850cf6b36354417a35b2692cd3d5241014d475b530af9afc6e3b4735c18 |
| SHA512 | bf05baa3ef1946f10b5c1c13f750292d9ac87ae684d0ffb86fc5f3ea81b6b1a0caa77540c33c99505870e352fdd6477a20d604820499533173b82d5c2beb6762 |
C:\Users\Admin\AppData\Local\Temp\IMcs.exe
| MD5 | 15435e6caa6d4f9a2795ed3a2899d2fa |
| SHA1 | 676c6dc653072a6ad0c915310ac61d401e0566f1 |
| SHA256 | 58f38faab949861a3c28587a62563b7350c0bdbbeef71d6bb0a46f54249aef7e |
| SHA512 | d236dfb317291668a0eec804d60eb234fa69cbf83f105fe657f4cac89265bc04c6e8a95d82765334f5f3823c3a19c5cf35d98538a457103a799f2eb2f9aed6e3 |
C:\Users\Admin\AppData\Local\Temp\Mkww.exe
| MD5 | 51c70bbb8e51744a1c2de332d1ee457b |
| SHA1 | 236614e1690823bfd7f9762c59cbc46bda925aad |
| SHA256 | 53dedf10a1f3247c009b6d289e4b8287330e8d7c89d13e9840e138b1f8bd2ee2 |
| SHA512 | 152ab686ca9b6c45b87041e4e763982fa83d5a0eb82b0a9ab4fd3776c279629ae04b644343f1e83e40f294b03ffbcf558b84e711f76d3c64452de1d077364b2f |
C:\Users\Admin\AppData\Local\Temp\GUYu.exe
| MD5 | 430744f74ebe535f5cfd770c1d8645ee |
| SHA1 | 02c2e9ca5ca26c137b22464a6ebdd75b2ff33aa8 |
| SHA256 | e4e3a729051d44cee8e9cfdbb602e1fec9a1a7edfcb4f93f76a027dc69b48356 |
| SHA512 | 42d8fc48e0043a626ebff0eac3134ec677fc5b21f299dabafe25d432fec76fcd76aaf909b24e42a3b12e5d15623affd715321592dc54a4098a624e126cf39739 |
C:\Users\Admin\AppData\Local\Temp\CSwUkQsI.bat
| MD5 | da0d294682390e0962043532c4006b71 |
| SHA1 | fbe7698db1b906e629b948c88fe40725269188f1 |
| SHA256 | df101ec48dd2d24c9a420ecd10fd8304e0a286ef03e0aeecfb18662f9a90f41b |
| SHA512 | 91fd57a9c7a2c37357313f26a560ba8a65ace03e114a837ead58eb1b72ad375eec07d154f990e69bd45f6dca867d5dcc165976fe48a9415601b68397755843b9 |
C:\Users\Admin\AppData\Local\Temp\SkQC.exe
| MD5 | 7679338a5dc6052439408ef8376eb8d3 |
| SHA1 | 01491a14762ab5cfe0b12d054d83ebd7270185e9 |
| SHA256 | 192192e9cee0a4fec79c73a6fe0910146a60f6e49bb869926b8a0c57beb3711c |
| SHA512 | 5250f7c2a5eabace47f9a932659f1a8c81d7066859f390375d9a6b1dc38edcede96c2ce8467a446b2199f3cd4dfde531f73e8ce408128ac738f4bcf4ac42d65a |
C:\Users\Admin\AppData\Local\Temp\aEck.exe
| MD5 | dd8292c239c242624018ee6c4397e7ad |
| SHA1 | dbcfd7d9e677aa2bd23847df29c4933cf31d2317 |
| SHA256 | b645a73bf1f357dd17229ec93d44cadcb8e0542e29ce4c446cfb1eb59ea67b00 |
| SHA512 | 78b0b9aedc766f717e4bedd798ad1d02e8d6af8c58153bf0fe0a2224e29f946ec45e8c69f164931881bf126e3d065680a3b9a54ddccbdc004b2c2fcf5567d1ba |
C:\Users\Admin\AppData\Local\Temp\kgcK.exe
| MD5 | a9be2c2766d493d6294e4d576f0ec832 |
| SHA1 | 08baff88188a5137f32d21ee685784d4f9358175 |
| SHA256 | 5df42167faca6ae282fb3e9bbe2892b1dc740c4d7a39e4e133b760c69e08612b |
| SHA512 | 17364ba499f304461b1cad2da2cdb0df73411d50ab3bcb610a7619a0e04c77814408f66b265698be46b84028bbd3f3dda22d7555352df13248852708dae93fcf |
C:\Users\Admin\AppData\Local\Temp\cAwm.exe
| MD5 | 99e47efb110f2d7205fb3473a20fd19d |
| SHA1 | b03b0faf3e9494cba46163a366ce1f30b4a69f7b |
| SHA256 | bb46624d5f536f6e5d12abf6313d9ab84cb1822fd83013500e1d63d727732998 |
| SHA512 | 159864e5d2fe88ae8c89427df04a1073ebab0826d22e17dee39e3e8871cd3c94ffde4bb3e6bcb2af214766b9598a953e21f02f2f3ce105355a5e98abc121ca8f |
C:\Users\Admin\AppData\Local\Temp\SkcQ.exe
| MD5 | 033f7a5f96c87fb904ee1b7de1a12b3a |
| SHA1 | 0de539da91e1eff11404ddefb695eab56df06b1e |
| SHA256 | 49116de73bb3c8fb0d65e103c329780bbe770c26729abe864bc94aa2fec8edec |
| SHA512 | 2e871ac3f9930ea08707add2f5f3785d9a03a34d91c8bd0bf4015b3f311fc03b245b48dbb8e342f793ac07b9ac0dea7bacbb5f27b25bc2626fef0b16c9ea55ce |
C:\Users\Admin\AppData\Local\Temp\ckAu.exe
| MD5 | dd1df6dbb0f9eb4a09cbd3bfeee5ae1e |
| SHA1 | f97dac2a49e1d7b848ed2b96d03e58ecb224aae1 |
| SHA256 | 0e6c34f46af0ec8b4123c512dd697100e6e01b798d9f6549a07b6ef8c5f87503 |
| SHA512 | 71af6115993bc467084da8e6d61c3568942787e0925a0fe794f9430a56693fba9875a7310c57559115960e0dc0fe31c5e266a3b853994cc40fbb9a9cf383ed08 |
C:\Users\Admin\AppData\Local\Temp\ECooQwQM.bat
| MD5 | 170be0ce156244fb1ccbecdff6b2cf8c |
| SHA1 | 79cb5c411bbbede9a94de641570a163b63e6c81c |
| SHA256 | 564e1310b1496d7715eddff747e20cb20140199318cfef7595f091763d27b7ad |
| SHA512 | ee5ba21a512b70140f7b317b106d748419b4f191d7128f795add9d82adbe20289ee8a631f856bc57e06cfb6b816123f0d6a92ee87fa86f1910535d18e32e5fd4 |
C:\Users\Admin\AppData\Local\Temp\KMAc.exe
| MD5 | 537c23af13454d7e6278c25b31ae37fb |
| SHA1 | 973a8fc57a0a9a98a6f11e0b3baf0f1bb7473606 |
| SHA256 | 553e6f5d10b4168ea2235c1d6099d85ed8383d7327ba1453bbfa7f05e1b69a02 |
| SHA512 | ac19fd5c03d5cba153340c7590d5f9459cd2ea6583647eca65df51a1508864d41b95ee5a4979e26b8a1091dfc5ad65ef63edc5084e84661992a8e96acb9749d3 |
C:\Users\Admin\AppData\Local\Temp\wcMo.exe
| MD5 | c45feb2b83db3efafd094ddda3a5eca1 |
| SHA1 | 233b7a94786ece4517e7aecad6a0ef9a4b099963 |
| SHA256 | 6144ac53112768efa3b4613c90f1eb86fa23393526e8cd7ddcdd51b880f53572 |
| SHA512 | bb85b84088ca6a715ca4519fc96f5c0298256210df0c7143ee5666b5345c16c8bcb387ee5ca913f1952d439435c677b465771ab4ea712d2921cfd5563a3b2932 |
C:\Users\Admin\AppData\Local\Temp\WEMo.exe
| MD5 | 3c11741cfb4925c38dcfaa65b12c6263 |
| SHA1 | caa0916e675838256d5759df88803cee24e99e2b |
| SHA256 | 948296e5e7c926462f9f3902c6fb5066e5b1e0eef11475a6d3b0128b98656296 |
| SHA512 | ac6da83776672707bfde7f8bf94577b2fd0cc92848a7fd417beddf5547498c334803b1a5fb60c5c2b44a973612be69220cf62f2ba08dcbc555db99cabb4c94c0 |
C:\Users\Admin\AppData\Local\Temp\ickW.exe
| MD5 | bc68d8a162ff9997b7bb8f2aa1867857 |
| SHA1 | fc6ce8a1542a2da5dce132958427bc3d50edb2ec |
| SHA256 | af38ec0191ce41144518c7cb01f4beced782bd5b7d3005366875fbd529329aba |
| SHA512 | 48e5a47f51605abfccfaaebfdaddb64527487dde2dc510b6bd71091c1f34ab2a2b320bd0b3a7053d330868c83669e11fa40df4c2f7e37cbad3ac318c891d85ec |
C:\Users\Admin\AppData\Local\Temp\tEEsocQM.bat
| MD5 | 68942f6435064d077819711f7dcefe5a |
| SHA1 | 10730879ea945eac11cb6955ab83aa00de0e4061 |
| SHA256 | 64e8425c064cb496f083d84f02a20ac5a1d9b27d75142b4bfd2d5828bc069411 |
| SHA512 | 4d9316bca1c578945900951431919ebafa31824145b8d901074574b95e47d1194ffba8f860870d9e2d2aa4f566a6da40d70d2b4947a7db7d3a52a7d4a2763437 |
C:\Users\Admin\AppData\Local\Temp\QUQK.exe
| MD5 | 20a5e5a184fdd51d8a02cb5bacf72a5c |
| SHA1 | 9b84b795bbb6588c37c583fbdbb00639b4409751 |
| SHA256 | ec8d085709ce6487ebee42f75b1323d12712e1e52882a75b5d2cac309dd39752 |
| SHA512 | 4eb678f17e5abcf9caa8cb23df29d98cd5abbbac906046745a89e807ba6cc6963b6cd0dcc2431737726af75521cb0add01d48d019511130180f10f836726b5f5 |
C:\Users\Admin\AppData\Local\Temp\ksAq.exe
| MD5 | d30ed0137488fd998cda8db7ae910343 |
| SHA1 | cbdf85653ed7862d9afd5d687ed445ed0e956baa |
| SHA256 | 7ec5c9d436587bfb2e571bacc6c51bfc74f7005123f1e2930b13220e69b25996 |
| SHA512 | c4f1f83c8761398122b7e6f1d62c98ed0e7731a240f073825a498bc5a1d6b5bc08395e4d7c97722eba435ea8e24314b4867d278d13459a655fa520237b88f78e |
C:\Users\Admin\AppData\Local\Temp\acQQ.exe
| MD5 | c44af7f6260f198babde2ae640f0f599 |
| SHA1 | 192b00b8c5e973875db9475cda7e813033fdc60e |
| SHA256 | 501b8faad5054f1fd6c70e6f829288751ff45318543ce71725e2ef0611a395b7 |
| SHA512 | 11b4b4a022c641b2bcbb30ed81a008ec5ff3c366bc6243e6bfcc87f910db4769f75d30e40c64200c0a7d4ba8e774cacb388427428189693c4333ef625eea56d5 |
C:\Users\Admin\AppData\Local\Temp\aUAe.exe
| MD5 | 333f84edd7fd54a027fb2d04ddf9ec20 |
| SHA1 | 017170390edcb4508bf0650756f0c34b18a74612 |
| SHA256 | 1dc957b173a2493f7459ab3a337052cf6b72019aa53fdf86ad8209123efd3c0b |
| SHA512 | 866014808e0787e6766f7a9365d1aac6b134f3152e4a4b0cc70baff67d83514c6fd8ba67f472292cebe2022f7b1aeda657513a8839c34371d8251fb4f253adf0 |
C:\Users\Admin\AppData\Local\Temp\UkcS.exe
| MD5 | 273d48f2de372b400f0ffb4814672c65 |
| SHA1 | 636d99f5398f944c8b0b68ccfc5023d78315c907 |
| SHA256 | d44f99f5463244663f186063651ffc6120991dd3bc1a22b01355baa91b64666f |
| SHA512 | 76cefc5d65f03ced7c2a66a15c5c387d1d271f8703d67072cdc1cafb52e5f8359019cc0eb4f4cc6e147c5c83e49796c86e25f1ec81c322899bf285dda411e99a |
C:\Users\Admin\AppData\Local\Temp\hoIkkckc.bat
| MD5 | 5fe85732234dfd18014b413e83c85137 |
| SHA1 | 2768d0e3bb5e76faad645a146f515e5bc41bd3ab |
| SHA256 | 788ca8a4dac050606843d0d6429323d5fbe334ffd8da542a14ad96d6e36c36f5 |
| SHA512 | e68007dfbfbb9d2fd4bd63ad1e7edaf4629cb2c1258c3817e455770959ad08edad7cde574e681ca5e990fc5f3875f1b2c24fb8d59ae3d1fa2d2779c571c15d14 |
C:\Users\Admin\AppData\Local\Temp\ksUu.exe
| MD5 | 390f6756a9cd11a7f80a1278b656a374 |
| SHA1 | 9c34ee30bb486ffdb183aa9d1db6c6688e61fbd9 |
| SHA256 | 4b5f397d05b97ff9a15196a1112ffa41c247b459c46cfd09e40b6dbd88f9191c |
| SHA512 | bf0beda7be606e845eef12c23cb38369b29678f5da77a2a714af4ec9efbe79b8312f9dadd36493534cfaceb8309a52337db5353f5c6043bbc1d7a4cba7ec467c |
C:\Users\Admin\AppData\Local\Temp\mkIs.exe
| MD5 | e5a65c8c50f1bc77d67d4d6c292bab54 |
| SHA1 | 8c2cfac4caf8927bdb854fdd0fc8e408b3197d8b |
| SHA256 | 4d3c5c28b7b0d9344816f0595f82a9be990bfd4531d74378c510ffecf4252ddb |
| SHA512 | d361d5abf917edc6266bc67262c231e3208decd33afa24f67c34ab3992392e050b4bcd71a3e16e9f68bee8d1bd9b42c60b965b37ade97e62f59d3927fd31b990 |
C:\Users\Admin\AppData\Local\Temp\QMgI.exe
| MD5 | 9ccc457c3c253410035d087a5db1530a |
| SHA1 | 64b5c4e9f84faa1844123e92bec299b861c94172 |
| SHA256 | e5eb927ae14ff2758b515adb6050428fa41b41dc1fea765cae51ae2edea1f4db |
| SHA512 | f69544c18f22d12505b075e78aa59c11909de5dcc5414cc55bf4fc405b7b9c0bdb711de5c09cfc81376f0d5c8161585a8c7686882207eed7c203cdc6a7a66192 |
C:\Users\Admin\AppData\Local\Temp\aswa.exe
| MD5 | 3b2599102eede5d3f41e07a0ad04b89a |
| SHA1 | 002478a76a549377cce2ef0f01f231a4e6042d30 |
| SHA256 | 09d9c4a99cd2da016521e06cfdfc225f8dfe4098b5b78b2ef8b91cc734069392 |
| SHA512 | c9aa0ac09c34aa161cad120f9a33a3af42021f0a1382dc555c06e63a07cc75792a354122eef131bb0d69be7c5256ac6d0a03715242d60975c57d4840a8a959a4 |
C:\Users\Admin\AppData\Local\Temp\sYYa.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\YgwG.exe
| MD5 | b502d100acf8b58e075128775522fb5f |
| SHA1 | e177dd1e9c57130943cbcd218f44132c6f0c1055 |
| SHA256 | 8ae0264a1b2cefbd4fdebf1f71b60bfa15d6e82af996149822374d776ffe0892 |
| SHA512 | 1a88c66189500f66af165f12201f55a4e7dd390dc0a4e469c0b31f88ef504398e8c8841211c2467d0ec7a6359e04df38f14fe143d1097a197315d02b90641d4a |
C:\Users\Admin\AppData\Local\Temp\BwQwQcUM.bat
| MD5 | 676683ed85718ceb541fc8a5398f97db |
| SHA1 | 52798d7eaf6ed7d80ad0cecb859cfe44f3f5bc79 |
| SHA256 | 98d8a6ec44c54a2b71a87b0a092483253c224929c3855c95c67e6219b2b4f335 |
| SHA512 | 53d72d0e160e9d627c7a5c366ecb1a114d7dba13204ab8e40c9168e5ee14db096e19ebe79112de1d03b16a7feb87d9db7c596121e6383f8eac12d3bf4a126d56 |
C:\Users\Admin\AppData\Local\Temp\ecYg.exe
| MD5 | a9bc138bc434e0f04bda573da07e6ddc |
| SHA1 | 0b9180ca9507ee6cd1f704226fbab5fbb05c893e |
| SHA256 | 8ad07abdc17b3b9017f8a7eab8567af1aea93550a6b01af786054f77f7f25a5a |
| SHA512 | adba7b86e5930fa1d3bbfdd79b8b8e08cfe6046ab6e598cf84bbd1a51e5bf2a20ffb7479cb69170c1a7d429c841f7e1dc15be2000f5e4e9616f702c651c13ec1 |
C:\Users\Admin\AppData\Local\Temp\MIUc.exe
| MD5 | addc12752bf6ffe2ce882236129d9fb0 |
| SHA1 | dbe61a877bc260225289eb5abd05e68bc0279f1e |
| SHA256 | 45aca0f1d0a5fbfb2a1e41b31b3425986db5776c17984f78e71f10bf1481c9da |
| SHA512 | 02476d5666c17cde5ccf9c361bd20dcc44e1d957714d7c1e66aff3c0f8b0db5029bb847ed63249dc34a71da8a2927318287697ed8912c1982acb4f154e4da87d |
C:\Users\Admin\AppData\Local\Temp\OIUoUYkk.bat
| MD5 | 08d8a5ac41049554ba48bda51b2ebb4e |
| SHA1 | eb90cfb1a5a8f2c9ef8c1d852a34768b6b81e840 |
| SHA256 | aa48611bd4720f710c3166959e6637fc4b76a9d324464d8926eedc39a2af2700 |
| SHA512 | 7448810d8fab5c5bdb7aca4941893cddcd1b36768b9c25197faa210a082e36d087fbaf0754549b0c041716dc8e67ed963f4d5a463ae44c64776dd314419ad626 |
C:\Users\Admin\AppData\Local\Temp\oUocskUM.bat
| MD5 | 8daa995dad5ea9870730930fb105c0c4 |
| SHA1 | 84afbd96942b887b055f7e0f294ed5470423501b |
| SHA256 | 196c879ea6b8c27f5796e242ab6de40f349271aac3c46630074bd6ef9583648b |
| SHA512 | 64856fc39c18237a672707303aae5b21b47c0d61a224b76dfb0835abc77242cf8726c40e764398c581b312a0d74cb02e4fb296a004da2b86bdd67759cf2a22ed |
C:\Users\Admin\AppData\Local\Temp\wEMsMsMk.bat
| MD5 | 2835d78e45774a3fda49c30d4b339dc3 |
| SHA1 | adb50fe3a37b63000e9c5f1aeee3046151288527 |
| SHA256 | d044dcff8c97ae0b5d7998d0a461252af287539bf5ab663e5fda14966c5d38e4 |
| SHA512 | 7fb1411df5d0980769d6199dbb84746ddd90f345b0a41f595fa6937c40b673e35938bc304bd67a553770d9f9565236d111537db6dbfff17cf38127edfed1f08c |
C:\Users\Admin\AppData\Local\Temp\oMsEIYwo.bat
| MD5 | 51fe34921181eb1d5dc39ee27f49e170 |
| SHA1 | a108349b6097594388ff935459dabbd55446c645 |
| SHA256 | 2ecd487d540a9d0ee45f9a97f2d05f784ef2dda1e404a4fba945933979f7d621 |
| SHA512 | 37dc03507a6b4d7a754355d1c6c4864179830aa1b082bf2cd8129200b34f3f3709c08006167e6173a8c209fc3c3ad74b6acf45264d81700ff91faa0c539e2885 |
C:\Users\Admin\AppData\Local\Temp\xIUkssUU.bat
| MD5 | 694b57e14114a0fec8681f334b7ad0db |
| SHA1 | d17112760130f3d18b035ba6feff9634a551f6f3 |
| SHA256 | f97854ded84cc76648dacd0d83e839945e39f02b9f67db2215239ef6982cb9b3 |
| SHA512 | 32c1c05bb9702591455ebf7ae43506737e113895ece0117a310377eaecba5abd54a2a5e7a23024a2614abe10e50d1c202a9e1494e90e6f9082c678dd8aae1a76 |
C:\Users\Admin\AppData\Local\Temp\VGccYIgQ.bat
| MD5 | 5d9b15ee48416258ab4aae09fd12994d |
| SHA1 | 5868f0fb8230721169beeba6ab409023ff66fa39 |
| SHA256 | 49eabda608d26b8de95489c84d71b4196456064cd944fffd4439fa486d351f0d |
| SHA512 | 65e4f766d6897e2d54bed80bfae30448c97c9066b0d466faad6b7523036fb5d2634dae2092628b8fd36d5ef749a2b8fc78c18dc6a6a340d36b4682930386253c |
C:\Users\Admin\AppData\Local\Temp\fWQwIEco.bat
| MD5 | 3173300ad67beb680bc9e280997ee58f |
| SHA1 | 17c506472f736a2eda4ccefa574fbc67b942cd9c |
| SHA256 | 90aaa9e19867b0b49b61a2638c22792043fa64d5ab3d84b9be4f8299646b1eba |
| SHA512 | 1f836a6cb692e5c71bc7f2513d3bbeab472a9cfc0e3db913a19e384bab64ff7d4ea151ea7a8b0b0562f62804381f293fc3f280acc64e4a8b8fb3c88ba79336a9 |
C:\Users\Admin\AppData\Local\Temp\RQwMUAIk.bat
| MD5 | 2a5311bd4eed3751071b272b6a13c2c1 |
| SHA1 | f9ac6de0f74e635e94c3dd6a6cee0c844f2765fe |
| SHA256 | cf30354cc8c0318dced38f09040a64f28c43ee783974461f64bc244d212abe24 |
| SHA512 | 35c53bb79d269c4dcec4a6e21107e2945af17c97ba4678062be34a7c3b6e4a21a2667d41c72a82e84e008894e9ee84980e0db294809997170814e5cf9a569edb |
C:\Users\Admin\AppData\Local\Temp\IwcIQUQU.bat
| MD5 | 714de913d65c8af11fe60fbc9c33980d |
| SHA1 | c167cc67ca00281dbcfd8e39a8339d18b190f668 |
| SHA256 | f23b6dea868c9f2caeb489b4a4dc5b856764b35c4f01ced8a78961debd7a8bb6 |
| SHA512 | e485ecdb211dc8190913197eed84b9ca1ac695abc26d7b77ca80aa80b63ba893739db862ca7a4185302bed13a5aaeb8e911bff66235a8f821d1f47358bad36c4 |
C:\Users\Admin\AppData\Local\Temp\yWUYwIUM.bat
| MD5 | db273bf8cf220704b87fff136d3a7552 |
| SHA1 | 90b3019335c6cc2a8a7ac825498f1b7f1b0ad697 |
| SHA256 | 23424f1ce49ac2a86a45125d5135335c51fc660e8cbd6d459555da5524453d8c |
| SHA512 | fa94fb360ef1a012bac0c20b841e598b1ddf63abc06906f9255778db492a90ba86cc5a422ddbd521a6cb0e1f2619df497b6ebed33d130d76ee593dc289512d2d |
C:\Users\Admin\AppData\Local\Temp\gwAe.exe
| MD5 | e2b477c71d7024bead9e7070204fcd3d |
| SHA1 | c6559e66aec53167391e591ca0551dff43eed40c |
| SHA256 | efef281cb33d6622a50e9d2d35226f4005fb43aa828635b8f48f8fa772d5b811 |
| SHA512 | 5b47e5bc9adfcb04d04451fcd73883f15135ed7a7480ba55a4775bea0d4ba5607c5fe0605a17c1bac5af6c9f6e17faddf29ffa53a1274ab29185ad469017438f |
C:\Users\Admin\AppData\Local\Temp\QmQAQsgw.bat
| MD5 | 0462a57b38e97e733e9610f152ff6dac |
| SHA1 | a3de2f49e04e5cc1bbf7e76e4049f5e09cf984df |
| SHA256 | f7b1891973ab29695594264a2974892c5454b82a9522669f53f24f6750eaed97 |
| SHA512 | 2801e9a84a346d628c145750549d973faebab9f7eda8e30f0dab8b909610c7371f8d9280878a73061e9089e8fbb7e88ee77be6119217698ec1f72814881efc16 |
C:\Users\Admin\AppData\Local\Temp\agcM.exe
| MD5 | edd8e23041cd3e5d692c3d03476be210 |
| SHA1 | af0f9d2663f58c491c09d6787f301b0618b9a550 |
| SHA256 | f60d29f9b1efb44d83ee4ab1fdb5f72b7ee1fc85679857294232515c99ecd92b |
| SHA512 | f13197adf4bd156f6ebf4998c2d0ce93ed2459cb6ceebd39f9020d94eb87b97ecac838875235d4fe24bbd322768f05de33ddb2c3a4e8a3a3c9a441b41c44d1f5 |
C:\Users\Admin\AppData\Local\Temp\wkgY.exe
| MD5 | 335c183c8564472efa4148d70a97ac6e |
| SHA1 | ddfd11ed302a94b7bc73309f4db78aa9df2da916 |
| SHA256 | 2010781f2bab687a0e72834395f69363626ffc86dde319fdef1ebf0e3f68e85a |
| SHA512 | 4f4b999666646031b0515b5314defaa0368e65a49426fff0ebebd897c53287529b5ebf887dfdced9906b8e2eccbbd606d3de0cac6baba9a772e11362c194059f |
C:\Users\Admin\AppData\Local\Temp\UIoO.exe
| MD5 | 7a76e26587ae0cd608158612655346a1 |
| SHA1 | fddd583a48fdc787426277e4e4d7aa74b0f04023 |
| SHA256 | fd3cef51249da5af1358187b079e080b4da083659098acbc81430dd51406936a |
| SHA512 | b2957a11f259330ddcbc798b3ea184c872dc708aa90cab748d03664b120490f5d28dd8d4fb3612ff49a35edbf2c316151a1631f72d9d2ac9fb65c704b5f51237 |
C:\Users\Admin\AppData\Local\Temp\UQcu.exe
| MD5 | 728f35992dad2f611967dfa0412f9183 |
| SHA1 | f5d3ccd4438d6db566c74e487fb9a5f572ce6331 |
| SHA256 | d4b6e62f1ce0441793acc1a1b8cbe7c6d2ba45506acee6f12ae408784e00f359 |
| SHA512 | 34bab68da6df27dba51ac5ebf3ad2f334a28c20f75991f653f2bad74d22db4d7f03f31888ea4b329f33d727e560078941f32c6c4791b0d83a408a4b6267a2643 |
C:\Users\Admin\AppData\Local\Temp\KMoG.exe
| MD5 | 420873f3b156fc77b786c34229dc3b2b |
| SHA1 | f9e37cf947fcda1aade6901a8b52b85c3b4f6713 |
| SHA256 | e9242b03ae370421139e8f64bf96d036da600c04317f1cf8cba2c2b01ccead01 |
| SHA512 | 21c897c4c30d1f3624cb3d1ecc397c39cdb9819dd106a09e8f97aedc4b765afb4b05fe1677b23496a9971c20b28337231ca5c796a7c2c0f6817a7fdd2d4c794a |
C:\Users\Admin\AppData\Local\Temp\OioIEsAs.bat
| MD5 | 86c0e6dfea107f34ddadf705324c603e |
| SHA1 | cb56c753e3fd98f903b45d55a7079ecea1c349ac |
| SHA256 | 3ae51e6ec79455f53935e750cadb6343a87c0d4021d56dcd3fb877b10e5a47e9 |
| SHA512 | 496633a0b5ac7cbaa2b399c17dde2eb365fd350f17f317cd7749d52f921c676035f992a9fb9dda049ebc4eb40ea1b7ff139d5bf5a0aa85a7fa5b59a400e50b6b |
C:\Users\Admin\AppData\Local\Temp\kYEG.exe
| MD5 | 885525e9bd1323626d3a96c931debcf5 |
| SHA1 | cde0b0e72bec9f3d821fba5e5d2ce90f8083706c |
| SHA256 | e354bc56412b3fa5528c0b43eb1817b5f60ee606f8b091b40212c59a2bca842c |
| SHA512 | a26695ab8e6d795a737601812bb27bed573faa074bac1e7cc4758df914c71b50291706c6029120a4a6ab6f31e5d3dee9ee24a3e6575ca2d3dea79ac5a883c48e |
C:\Users\Admin\AppData\Local\Temp\cEUc.exe
| MD5 | 50f618a661a9dff6b1a26f5026ef0b64 |
| SHA1 | 8f94015d9ce94d016f7a5f72a2aef8a6f48dd400 |
| SHA256 | d6c3fd8525c52df6a91c7e431bda230cdfb12e7e197c849103e8d1596474e23d |
| SHA512 | 1772c6678d3bb4ca49b8ecdd938361a474e326ca120b4e27cc503efe484a43f9258f0e0560593df6a1e825c46757595c27777d9844a58012e8cc926c6924bcb3 |
C:\Users\Admin\AppData\Local\Temp\wokI.exe
| MD5 | 50535b448845aa337bc006ad564c699d |
| SHA1 | 0af61ae62e62b3e177c293aed4c3a07ed7a52c5a |
| SHA256 | 29c57bad5535d99d1efdef309386cc1798e6adcba79bbbb21342ca98d470817f |
| SHA512 | 01ec60263bda9105a438dc28dacc644c41f6599ed45575c0e3e0340b801b1f9366d7ff09466f237ba199901a18bc365c949ccd7ed1ba0afc6e00269ce394e298 |
C:\Users\Admin\AppData\Local\Temp\AAAi.exe
| MD5 | 85ce830088383c20acb649657a759706 |
| SHA1 | a9d707ab9055643c91cd0497e5c8a379a28ac502 |
| SHA256 | 78d4c77154913eed01957f2c041229e2c8dafc7b297b143a81a0ce66b2acbf18 |
| SHA512 | d5213c3894164461bfdc1500a266c233ff45080db710a14ec9e9f6aa936b8c481d4406b6ab2781e9029d9eaadae08af6033b8ddc9c1326bcae0e9d001d84de1b |
C:\Users\Admin\AppData\Local\Temp\XWswckQM.bat
| MD5 | 47fa82a6793320658e88b69f081c9974 |
| SHA1 | da7d11c697e80eed32ad7be6d1c7dfdda0001da3 |
| SHA256 | 106f7a3098b2c9fbd09b30e5768532791cdb912e2bf9e07741384bc50ba4f722 |
| SHA512 | 06e82e077f785aa62ad8517ace70279dba51052dadf12d9dd73f898b0a9e192208bba22d165459d8d867cb28f834b3c1db775684040439dd310011a020a96ee2 |
C:\Users\Admin\AppData\Local\Temp\kkUI.exe
| MD5 | 4800c3d3cdf599b031e284a40f446580 |
| SHA1 | 3e24bba67902a31417438adb1e32fef64dbc7fb9 |
| SHA256 | 2c5598209e06afe1d681e84f54c7ee891e390a5df27505e4027ed13648cdf706 |
| SHA512 | 5cf98be9a42d419c3896f84d37932c8b7160b0f967aed8182dedff5f6558eb4f173b59e97c3b49f73ec8e15e121c9e0be2143644b3292140d52ebaae2fb3993c |
C:\Users\Admin\AppData\Local\Temp\soYI.exe
| MD5 | 648f88d4a345486ee6c80cece446315f |
| SHA1 | ab6720d937cf70a948954e076ec149038955f216 |
| SHA256 | fc6a6ec28136fa4023004a27769b5d699932fdc41767b2c7fd01d3bff54f5fb3 |
| SHA512 | 46fbc0d044beaeac62ad00a8c36c8455859ed83854295988752fc4977a18a74364235b035339ff884e94e3d1f57e5f192074c62df0252f7aac8fb2270f104c75 |
C:\Users\Admin\AppData\Local\Temp\gsUQ.exe
| MD5 | 31ab7a136a6ff43061136400fd9ee85a |
| SHA1 | 2236ab0870202cad8a974af2dbee2b769ec665aa |
| SHA256 | 59e8a506b4fbd9e3dcfa6e968f0e44230f99fbbbbc97d64786691e93f1a2e0c0 |
| SHA512 | 34f6a710dc95ca57622b5138361c55356d97cfe9b75ce8a3954bec8d4ca884e65039016156c0e507e329759efada13230a7544ce00fc864596ce7cd99459dfea |
C:\Users\Admin\AppData\Local\Temp\acMm.exe
| MD5 | f0f3a52520e7c2957822b5eaf2b7e6ec |
| SHA1 | adfa40a9511a43dc69e09c7847a20b648d2fc44f |
| SHA256 | eaf70d563dd4e12f6f51106e186e820bff97c2a953aa689da1403436b85d6a93 |
| SHA512 | 31af2c0dc6af6318f27903ec052681b96c29cac945e391b47705753c69a6f942d51c417695e812397feb11233bc0b6b1ec29918ae9874f7c34983a7e64d90c82 |
C:\Users\Admin\AppData\Local\Temp\PgIsYIEY.bat
| MD5 | 8070bffe8772ad29bb347206a4584d0a |
| SHA1 | ae4347950a928f024cc07938aac2b123f04f1b17 |
| SHA256 | 921315ba40a669a545cec2143974ac52152f97d985e18094b27a1eb6c97f639e |
| SHA512 | 6361e7754749b33da484d3d37f28acb1cde2f4ac0ebe405444d1d8716e3316357396a4820eb600c9a817226af153f4ef217a6cff01af76df2d6e3f6305994876 |
C:\Users\Admin\AppData\Local\Temp\GkIW.exe
| MD5 | f8049e68be2d873fdc0edb786882e727 |
| SHA1 | 8b1f69f28b41666432e889bc77543f63a7181063 |
| SHA256 | 862b1e79504910692d760ae975a34a8ebae8e7b8efce835aea29d10aa7ec91f1 |
| SHA512 | cf78983b984391ecaa39248cda799e04d815d9a5def8f4d56ec95f117d9bbbd71fd176b9d3da02d92168417a3020fdb604d195ad3458e13ac874841125ab5457 |
C:\Users\Admin\AppData\Local\Temp\KkIq.exe
| MD5 | 8bcfdefd4fe4c9780ea7e0e70c75410a |
| SHA1 | 53e440fb157a6f9066e2ef8ccfc6583981f78d35 |
| SHA256 | 26c1e0be5a6281a9a905d17670144affe2d314a522c744973e85f771bdd40604 |
| SHA512 | 4105f308fb92e0eca8fa22b92fd71ac3d3c1f2ed6502c302554237bac770bd67118abd113c7d13f0b54690ea58a68a42c1f34ee873472cf7f1dfa0ee3be433cc |
C:\Users\Admin\AppData\Local\Temp\EQAw.exe
| MD5 | 44bf503b577cafc2ccb3719fb8e0c3e9 |
| SHA1 | 5701dabc4d2ee990a6938152425243b2d7c25eb8 |
| SHA256 | cff5f79ac0b61fc0814c88050d939b8bd9c8dc8e334079f39401f15fb509c086 |
| SHA512 | 587d410e7070a83ff63146ec504e979fd973f91bbaae5f79624849bf23d482078b2ee05fcc05df6f1491b219228b38c8d23b6a2bb7621c8cfc84e056f5f73fb2 |
C:\Users\Admin\AppData\Local\Temp\MsgI.exe
| MD5 | 83fe5afd5cc1dc0d6463ab6e5734bbd4 |
| SHA1 | e0f63b9f38bebe1577e5a1f369c66060fb960348 |
| SHA256 | b30a78260558e594ae9e8723df0126ff49d3cbb7351cca1db8f2bff25a9606fd |
| SHA512 | ea44e10d56cf766bafca612141fac463c3844bbe19e2ce8eadf41aec9e5481497fd3621a253f65d9173b410d7d5d6f9b472384fbfd20c424897f399b1f1d967d |
C:\Users\Admin\AppData\Local\Temp\lWoEswoI.bat
| MD5 | d885eb960db9118c230f31ea7cea0afb |
| SHA1 | 338a45478b9d34f0e60d6f862b7984163ac457c1 |
| SHA256 | 142520cedb103760852fc687e8ca71d51201b011f2418ade40f95b6d9d72ef99 |
| SHA512 | 437f55ca1a05fdc99e59bb5d7e948e7ac6e03976d46782ffc8294b4658ff13b7d92e052df1755d127cc7a3aad896860093390ccbac64e47b7e5676695fdf091c |
C:\Users\Admin\AppData\Local\Temp\aYAQ.exe
| MD5 | f24dca8e149f3b91287a2054479d1572 |
| SHA1 | 037ce2bf5589a11a08ab3db94e2efaeff9e14b93 |
| SHA256 | 6bc89a5a8a4039d4e87b2f8f53c8355ab20aa70a71227d3ff196f1e1f8fe0124 |
| SHA512 | 0cddc3869138e96d52246eb6afa2fdb21564933ad178c8a8bd5d28abd6dbed43bec2299eaba6366a97c1f3660a909bd4e3c32a28d34e8545dc60f544f945a224 |
C:\Users\Admin\AppData\Local\Temp\qcoI.exe
| MD5 | 1d143fbbf646bb9ca58662cf57d22725 |
| SHA1 | 4e1e3bdcfe513d1014f05e20636543cc8ae411e4 |
| SHA256 | ed5693e09d4d16e258115a2887db577f55baf0ea8d076e86da1c3a72772d6b55 |
| SHA512 | aca183766d829142b982723605b6572ad400e77e9e177de8e12024d79507f23c5780694ae12af5d465f94ddede8ebcdb0de16f40a03a4d98291bc46bdf27719b |
C:\Users\Admin\AppData\Local\Temp\yUgo.exe
| MD5 | 3f0f97364cc7fddeb61c8dc4dc3226ed |
| SHA1 | a17a259260d17ee8121398701e4fe859bf88e440 |
| SHA256 | 8f02b232f3b22310b4b6a3dfe57bb48dc7c942bd7df7af2c7d927c07943df572 |
| SHA512 | 0866dd71326f480162a682629c89538f420f61b78b979a5ef5d9bbe02e48c5290696afa280a261f2e8716b07d73b8dd522d784d2dec19589bb913d7b0b998afa |
C:\Users\Admin\AppData\Local\Temp\oEcY.exe
| MD5 | f32b4911a26f34fb65df88562df6df80 |
| SHA1 | 045ae57c8a5404d615fcc468874fbe45a8c3b379 |
| SHA256 | 5589617c976272eda2bdd7db846b23da7f9b1049aa7ec837040736c72b6d285c |
| SHA512 | 2734070a1581c10b3eaa23605e547634c0f457620ee58bb4ec527222dd131837fb338247b4659db5d9781a4d45b551acb3683fcd72dd07b7be9ab0dbde5b7ba6 |
C:\Users\Admin\AppData\Local\Temp\sYAI.exe
| MD5 | 36e004b850aa5d544215c42eb4d34066 |
| SHA1 | 403acc0333f8c5b90bd509d7498ea0351c83f86a |
| SHA256 | 90e1ff7b6a594b73ee70d61d4fc7241e722feb37390da670dde9bcaee4df8023 |
| SHA512 | 6e59d666ff755d20eb7f1e3b3935c6437e2765ef334cf480cb6875af719243c1352aa59440037babe58fde54288970f4e7d3aa50bbf0070a474572882722fed3 |
C:\Users\Admin\AppData\Local\Temp\CAcY.exe
| MD5 | ede62fe9b3c87a8e0e9b9936eb11c61e |
| SHA1 | 90015e94a77b787544a903d06ccab8ece5eacb15 |
| SHA256 | 6c670097b9f7bcf7c0c8fa9d17ee58fcc3439b2141c6cf7f8289954d6b3d25c1 |
| SHA512 | be75085d81202e5686e7fe599ff0a14853d7795231156319dd0e17acba4d49e46ae24889deb5f3d67d2aef3955729ab5e3f8d1729e60698665603c8555e574bc |
C:\Users\Admin\AppData\Local\Temp\YcoK.exe
| MD5 | 51efe349330d008bca12f905f8553457 |
| SHA1 | d800e1768d29cf30a009e9ed989cf1686d7edd96 |
| SHA256 | 6136dda859569f06907c74d2cd2bfcb68e6a9966db0597f4c0b0f2d90c5302f4 |
| SHA512 | 973624637f3ff75bbf4528258167e04cb69ed0cc37f8cd66fe23ae5a1764a65aa550db5639d4b9fcf4333234689f12b9f09ba3ad54c0cef5b7d8c9620f695e9c |
C:\Users\Admin\AppData\Local\Temp\GSEcMwQU.bat
| MD5 | 2ceb63f485f0f8744c5f7e909eb9ff59 |
| SHA1 | 38280e8ce99cb6524a72dbc7f4704dd65bf12163 |
| SHA256 | a7e300a9c1388756389b00cdf70594101cefbf512e1b8dd2defce436ffb1d217 |
| SHA512 | 8788c997777538813c7849726c5c85a573af4e301f8827054f6c4947c973d9bdfa9cd5b354d324d5ee02b669fb1a307c6266e310f812ce5ccd5255b38580ee59 |
C:\Users\Admin\AppData\Local\Temp\GEAA.exe
| MD5 | 6e73976893fce8b10c07671121920779 |
| SHA1 | 7cebfdc66bb895ae40aa0f2e19dd0f1a7ffd3e69 |
| SHA256 | 1f9aae07690b4588aebadd199a3132974b7ca6407f3ba73a33dcc927e7017a66 |
| SHA512 | 1b5c477e70601f5eb3067b16d50d65e63c6d98738bdb3d37d18a72badf3c6262945c189d9d05756c56d25a0109c8e63f242072e8ef76554f8424f5551fcf863e |
C:\Users\Admin\AppData\Local\Temp\AQgk.exe
| MD5 | 29ae927263bb4fbf1dff027ba135ffc0 |
| SHA1 | f1ec1db5bbd63fa76a83359998eb0d1fdab59faa |
| SHA256 | 07903e67808611fa93643d68c86332daa49cbd46f6940e89b30394b05a951b44 |
| SHA512 | 81d967bd78c3ef6495449eaa3718df2c1dd5fc0dc4fa155646baa135a8f1606d596e1ed9b58198de6b7b8989df0f75aed32de75fae9a680ebb52fee7a1b0d32c |
C:\Users\Admin\AppData\Local\Temp\cUUgskwU.bat
| MD5 | 890159d7be0dd4f8fbae896463f3ad18 |
| SHA1 | 7ab0370e2eae869a0c11f3ace428880a09c8fa89 |
| SHA256 | e130545f4ae7f2d354620b706024344b1f8d22439661e61c806c473f6baa0fbd |
| SHA512 | 526ca1b0d947b45a8952a39f6d90ad025341aeb60517fd7cc79043c4bc20031454772899b53f15479e2406b20396d806917e460380951c22e92268979aa10f78 |
C:\Users\Admin\AppData\Local\Temp\cAYe.exe
| MD5 | cf1d15403392011934e7fb00440add1c |
| SHA1 | afd2ddcfd45b94c2ae3f284acbb0712391291714 |
| SHA256 | 0f8c49b2079a0f40696ea73bdf70c42af1015b7cfaaaa1a18b3e37e9865b4c6c |
| SHA512 | 23d9ae13b1d47ac021406bc6bd2978fda094bdc485f88403309a207b488b2c5b195ee1af39837883c60f0963ae690d4ef480c577ccc439d93dae82a0f89ebed3 |
C:\Users\Admin\AppData\Local\Temp\EMMm.exe
| MD5 | a782385f9769810cc36274238fcdc14e |
| SHA1 | 6275ad390ed61a3fa79257049887ec6f5d6577b9 |
| SHA256 | 348529e0bc91d4f5db5585a74aec2bcb011c8aea49d177a39664af6136198a63 |
| SHA512 | 410776edc5f82df72d1bd94a8500adf83d78a2da3c54c1c0d2e86be9fef47607ec15dd78322c62df47141a90b08b7b259b806800d881d4336b338878f627d151 |
C:\Users\Admin\AppData\Local\Temp\KkwokcAM.bat
| MD5 | ec63a3262a135e5829630095dc8ec025 |
| SHA1 | c93e45ffede37a51a791976cbdf2baec982d9dbe |
| SHA256 | 2fe8a1bcc3d8383e42d42516b73613f1603655e1ed39ea4be93cec53ec9eb465 |
| SHA512 | fe3d3faf34725a76782cf34a4633f9fa5aee44e9e452e9cc6dc79bda700c901fc681104c8bdd2b87a0ffc4180e08e7d9424329b255b4eafc064d04b4cb640b12 |
C:\Users\Admin\AppData\Local\Temp\GsEM.exe
| MD5 | 697098debb66fa3a5df9ab38b7744e42 |
| SHA1 | 8693e0dd36135a6a8ab2cce779df97826f393dce |
| SHA256 | 0ae247b137eab1dbb3dc1eb95cf1594d27098de1c2f2ffe47e403e675abfc013 |
| SHA512 | 8ed4928196a2df8e950e068950a37f120b03fc1a85f9465e357acd50b62562eb8c9a1e4a4ebf5b4e44fa8781ce76cf29c8ebaa69d2b2775d3272b2b7d23b674a |
C:\Users\Admin\AppData\Local\Temp\KEES.exe
| MD5 | 1e9eb7027be5b16617c679a56f4ce174 |
| SHA1 | 5692c4feaaaf5611f34101cd0c953dd396c389a3 |
| SHA256 | 89f60410bf39c4ae9bb9a6b448694e4d792ce7e7a441170693eb37ac4be6c859 |
| SHA512 | ebbfc28ff1b9824c1f02006a6a61590d042fa7f0d5c1e2f9ebc6971eb9a3e516cea4216706f331919630546072231a111088a5b98a09f1ec83ede082f08d56dc |
C:\Users\Admin\AppData\Local\Temp\EMcS.exe
| MD5 | 5d677ce4734fa2678afe6744f1c74662 |
| SHA1 | 440ebcd736fbc573106aa3f845b8f6de4da22831 |
| SHA256 | 42fab79be06f1871fb1fc82bd1000dbfaea7f1c6c6f5d9f6bff6f19a5b36c949 |
| SHA512 | 49ba4e1eae90f0de7a8ad71cf7fd5f7e7b62593ff94a5be2040bbe8022a77d466cc6873ffb59d844b942ade39529ecc4e170beee933dcfc2e43fe919c636287e |
C:\Users\Admin\AppData\Local\Temp\GAEq.exe
| MD5 | 5c84292d146f8d89a9278ef38f4ef9b4 |
| SHA1 | 4f7519c9b6d51645c963fa3dde95cbcaffe889d2 |
| SHA256 | 60638829c1f198cb7dc560e70c60bf3568918a84f771cdf5e3edae9ee615d985 |
| SHA512 | 011bc2de4aa7769206d033245e6213c71d3f7f5f3da4abb87b2fb24035458584bfe3eafe51a766f4c63bdff1b311453599d3a5c743a9ab36f8cc824b5ac036ae |
C:\Users\Admin\AppData\Local\Temp\scMW.exe
| MD5 | caabe9e5797ac2801b78222ffce61b10 |
| SHA1 | 7d9e8310d29a2518df2d80cc1815ea680f99b902 |
| SHA256 | d7b83db1c7ce25fcf26d01d739cd043c69a12d4b0508d0d00f0ac1bddd8e3f81 |
| SHA512 | bc3b04563b1f60644e8d98f9998f9c152a219d4560bf95101a0305e4daabc8eab4f644e7eeffc8a254244e9a6e07546c137c2b81dbfb58bc7a1d52b29c4cc54f |
C:\Users\Admin\AppData\Local\Temp\ysMa.exe
| MD5 | 4f81008a7bd949af5b778959415f5538 |
| SHA1 | 15d3a7d2e08f247d8e0c14e19cfe8b60d077d887 |
| SHA256 | 367f0d6888622ba191b4f8bccd3cb77e902aff142bb31aad5581f839061b8060 |
| SHA512 | 74403042bed93591fe9e7bcc3dd5a4a500cc18a98fbc98760294ba12119f666768214300af3f5f619249d26207a81bab6434e46250b213d0919e874d94c561e1 |
C:\Users\Admin\AppData\Local\Temp\oskI.exe
| MD5 | 03470741d800d775dc9f57258dbea808 |
| SHA1 | 3206fe7e1c4e0365e25986a31b4e9042dd95fa3a |
| SHA256 | 04619ac93a2251c1a58d8576c72818ae1e58b3fa1a2b918ae0ed729742c43917 |
| SHA512 | b4734f51726361afe5f75b54fb8424992c62e5624c4d5b429c088302ca0f9687be03517e29e87e1406f65caf8d013e72d662acbc080592fd4c1f5074f4959c1b |
C:\Users\Admin\AppData\Local\Temp\gUAi.exe
| MD5 | 87d693cf85e20b40b6bae12b2f4650dd |
| SHA1 | 9fbea31db93f37484c790b91a71de09ab1a7c99b |
| SHA256 | 22b5fab019eab61fa6494988c958810d6cd05cc112ea97c6c4acfabe1eb86e52 |
| SHA512 | 19a394a3350af294b9b1de5d4434ab311df15c5b8aa4ae340d9a5a4a38d001f77cc545534f099e08b68c6804d3a3f86320e5e9472011b249e70d931e1c5e5dcf |
C:\Users\Admin\AppData\Local\Temp\qgoC.exe
| MD5 | 1a658c8b5a64666b07d6cc4c21243f48 |
| SHA1 | e371076a8aedc96b55360de8aa05549f55bea507 |
| SHA256 | da22abd41299186677693dcb0592b778e9dc13cce747aafc1a72f1a5682e658e |
| SHA512 | 10f80407aae620a1be8a57bb8c52c6487818ca84ed0de77ebf028f510e6cbdf276c278bea02f2a978df5899fad0db36e9a0318c99bbb6122215447ad83090169 |
C:\Users\Admin\AppData\Local\Temp\wUoW.exe
| MD5 | acfdf4d3e154ee044ebaa8858ab2cca2 |
| SHA1 | a62901923bfaa07b0d44b2457b300918c95ba3e8 |
| SHA256 | 7c1291b10e040bbc1b8a3de53259402d74104469d805896bd23dc10da28c284b |
| SHA512 | 6232bb97415f37ccc8155f9adf2396314b2343c30687ad041b10e155e6afb7a3ca8766ddb198107cb68ec6b016c99792c680628802f35403310b60b3d351c7d1 |
C:\Users\Admin\AppData\Local\Temp\YMwE.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\MAwG.exe
| MD5 | 696967c633fceff3f6806ab43a4bfdd2 |
| SHA1 | 6d09e1c7b23fcc4585209b357202d700efdd8003 |
| SHA256 | ef63a959c6e9ffd06fe4f5597e1d9c97789e6ca04aa627860925df28e9eddb3b |
| SHA512 | bb41fd8e677fab03cf4fa7969d61478bd74e364231b703b730ce75bead6e9e289e2b73935c297afec182c11e90ecc2c3fe5e872f927b806d5a21f8ac05902111 |
C:\Users\Admin\AppData\Local\Temp\uEky.ico
| MD5 | e1ef4ce9101a2d621605c1804fa500f0 |
| SHA1 | 0cef22e54d5a2a576dd684c456ede63193dcb1dc |
| SHA256 | 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0 |
| SHA512 | f7d40862fd6bf9ee96564cf71e952e03ef1a22f47576d62791a56bdbfbff21a21914bfa2d2cae3ca02e96cd67bf05cade3a9c67139d8ceed5788253b40a10b32 |
C:\Users\Admin\AppData\Local\Temp\EYIE.exe
| MD5 | d93d9349bbcf20292f650d3b56564b38 |
| SHA1 | c41211b83dc2c9426e16e91689c9df25159360fd |
| SHA256 | d3b04743ea66f8e282e8135fdea85b1393bf689f2fec851b8eba52bc56c5a023 |
| SHA512 | 17f6351fb69bf8aeaff82fbfbc07d68746bf26a7f98f82c6719bbc1de38ecbed419fac4cc0449afc1baa1b65dc6836e3effe3ce2230dd6a064a55c8772d98c6d |
C:\Users\Admin\AppData\Local\Temp\coYq.exe
| MD5 | 2975d86439f3ad6e1897a993c72a7b5f |
| SHA1 | 2881cecbc29fecddb34ae724fb6da24b5a945791 |
| SHA256 | c770b3e66f87c37ec01a81f43af7ba4e35e08148e676aaa6b809c88b3c7c660f |
| SHA512 | fcc56f4202ba4c21f2697dd51de528e2c53537bc2f17cfe3dcec86ece8abbbedd1565267438e95dc9055e1c588f5fa074ddcd11dafe040ea452f4fb96d789c27 |
C:\Users\Admin\AppData\Local\Temp\YOMgggUI.bat
| MD5 | 20ec7116335de34d54368dcc48eb96d6 |
| SHA1 | ed075709ef0e884cd0576b9a525ff1d874b39621 |
| SHA256 | 69692500345bfe4f7ea565736b7d9d9b317787cf90fde362f272e6cadea66a2a |
| SHA512 | 8448e0c40f71e1ad6bf75c5058071fbea55efe14ffdfb7fed6f5110fa77bf1e76e40ddab6374360ed78d4bf0068e624d53a7eb117dd2b45a045e6aeb228bc65a |
C:\Users\Admin\AppData\Local\Temp\yQMq.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\YkYg.exe
| MD5 | bcc2ba25b726e2040ff1920bb2a8f87c |
| SHA1 | aaa569845edf28e4f9f7b1b092c3651473d7838b |
| SHA256 | a4af238d27908d0d69a3c221911096b21a7b603d9386edddeae148a7a5872665 |
| SHA512 | f0cba0a613f6b98ddfbb32f3559574623282ad73fc1066bd9f9eebede8805bb82f9c40535b5c20a949c2cd12a23dfa1da0068ddae813e1db6c38f0e9960d8050 |
C:\Users\Admin\AppData\Local\Temp\QEwW.exe
| MD5 | 0d68f82d576399b042ca768755ad91ec |
| SHA1 | 364c898b62f923490ec801c174a94b1fad7e499c |
| SHA256 | 9edaedb401b01183fb0225437e29662c0c9aecf429c761a2e2e9741d7728505a |
| SHA512 | dbac1facc2badfa9cea3687e5f80f1b50626a2a39f1029c41feb3091a2ac1b67063ea3d48a292e986869e14d4a32cfcf85261e17f4b9a9d9d65c57e216508d4d |
C:\Users\Admin\AppData\Local\Temp\sQYQ.exe
| MD5 | dfd3a83982b9ff85c6b4afaf379f434d |
| SHA1 | 1182d6b2b7dc0ced718640cce76ccd7fdc01fc33 |
| SHA256 | 524584532d7c4be6e8423af6e28c947c0f4f19cbc85d1ff98dd05cb2730407d7 |
| SHA512 | f7c8a6d4551a607b11481f52206fcc65470a20ecc015dc1f7409bd0be732ee285cc873cb53c3b9175bc0eebb93153da3d38de9063df9211ff7f43c2ff7fe63b1 |
C:\Users\Admin\AppData\Local\Temp\ecEM.exe
| MD5 | 4956f4ff16808febd3849e38b126920f |
| SHA1 | 88b540850928efd3ddb9ec44a78872dbd93bff1b |
| SHA256 | 19c093aa0af677f58ab80b1868473e59edd185177c0b7a107a419ba59a1fa95a |
| SHA512 | 39c8c02190216668cd0e9baeb214d7efe687d152d50cb72160ac5c3ac2d53ea160b65018d1cf2dc6d91efcdccc7d917989e725b26a4b8deff0b7e71741022ac9 |
C:\Users\Admin\AppData\Local\Temp\YcEC.exe
| MD5 | 9b83d780743b6bcd4df135fa55fda595 |
| SHA1 | 8c5704fb71b5199c27db55125229660040a4d104 |
| SHA256 | 45e33930af99ae09ff0a7674d8690deba3aebd7b78d5369d82b187568ed25c62 |
| SHA512 | 7254246b68b8953a4135e854de81d1ed8024d9f8917d2f37ed0d4060497ca6917accf2f7edc12517bce6a663d1178e8ac8af3ef516504531f408ca62d795607c |
C:\Users\Admin\AppData\Local\Temp\ryEQgEIU.bat
| MD5 | df32e57bfef86703056395b764643db4 |
| SHA1 | 932d6da9bccd8224424997f1bf29155144a9b5e4 |
| SHA256 | 49f82b72296492df074ebd4f6a2e6ca61cceb39b894423009e53a6675927b6c7 |
| SHA512 | 91d4f16fc8c5b5a0a498130c75e718f313ded22d4241ee85f4dba4168d4cb6be26490f7094ca8aa61e52bfb829e95d7ee608752db92151ed0c8477140f121f41 |
C:\Users\Admin\AppData\Local\Temp\KAoY.exe
| MD5 | 1f8ea2f0eeec2b64edc9f5f883818cac |
| SHA1 | 986e251ab525522bb815d718df4c355dab18c5d7 |
| SHA256 | efdb2156053248d5f60dcd17e71597712e29f023f561c0bd524faadc78ff020e |
| SHA512 | 22e75f9b6fe4e6de5dad9572e3dd500ebc9ded1fcfaa6da959f612d77bacca566a0a8dec844ddd2eda7b6991797b50c05f408bdf2315162994780a9558d3820a |
C:\Users\Admin\AppData\Local\Temp\wsku.exe
| MD5 | dd8c34f567f28dad3a6e4672d570917c |
| SHA1 | 2d4fca11d521cf9f04b99c9cd6ab1307a99a50a1 |
| SHA256 | 73387d2e34b008b0fa1cf33b60dbec6fab10891bf4eb2cbbfefce9f48ac9ada8 |
| SHA512 | 71ed9cd4d614a884a78f76924f0bc1f08202fd2a51dfbe7980595b9c5e213856054ed7885b74829479841292664fe5b88cebcf0604b77415eb69e9153450e4ce |
C:\Users\Admin\AppData\Local\Temp\CgMW.exe
| MD5 | 137a3a51c4d04d95f8a0b082c078aef1 |
| SHA1 | f44e8591e5b580318b9c52be0260031ff7b8dbae |
| SHA256 | b24ad693fc5fb7adbb5b9e2f6a4e4f942532d2a53600a961d035068c17cef261 |
| SHA512 | 4f061fc03ff286fd48e5839daccd4946c232deeb146407d0ebfafa9dc79cb7b7bce095acea0ef1e11ef30b904895af943a5c1a64a9814b12dc3f508379e3a4a4 |
C:\Users\Admin\AppData\Local\Temp\UswI.exe
| MD5 | d453248e74e229e7ed61feeba5984d7f |
| SHA1 | 73ab80f2927dbb424a3cddeab8677aabcd6ed7ff |
| SHA256 | c5f679eee4dda55cb5c291089835b8849fba64033cfcc55ddbba8b864584e255 |
| SHA512 | 85b466d6e96c17011f6dacb596b5068f1d02f51bb659abfacd5bd1e3a7a6bc2091e3beb2171c4fd76b8b3727fdd2f26ed46e2ec5bffaaece598705bbd0ffb3f6 |
C:\Users\Admin\AppData\Local\Temp\dIsQoEYA.bat
| MD5 | e759f00e7ee862ae01fd178eedba489b |
| SHA1 | 983442f2eedfa30012a16f90ad117759e28dc3e0 |
| SHA256 | 97621d46c31b79558b39829559eebf2eecf7bb9032f750ffc824c42ad3e80054 |
| SHA512 | 715e536b9c45d3645c5ee3ebb7b02cefc82632c792c18db6bce2abfd34d04ad212e0e0a8cf25ae3e1fe5d99525cbf71ae8c951971ea6c9307d05f40f4b6c99d5 |
C:\Users\Admin\AppData\Local\Temp\ksoO.exe
| MD5 | 689a61bccb534d4f763fbdc5e8f6d8f8 |
| SHA1 | 7e93974e56ff798b2b9459b11813bcb08ebce1df |
| SHA256 | b3fb4cd3b75bd4d62408d3ef3975eec6263264f479a7611d0f13190e957919b8 |
| SHA512 | d3af5e863088ef6c506e6ccbf90048baaee3fb6edcca09daa0294b2e10743b09312be6a2cc1bad9deb65b5c3f46d80b85d198f7380dc7b26d453c57f3bfcc15c |
C:\Users\Admin\AppData\Local\Temp\sIMi.exe
| MD5 | aed3f7c9aa2fe126d6753ffee3d18d42 |
| SHA1 | ac09ac7f32e3087c641a5045d133cd1687187a6a |
| SHA256 | a845372ee72e9175cc8c5b99222d8a43a3c2e7b484ed9d32fc526c63d9260f69 |
| SHA512 | f6a30305e2f9700e3f42baf532ce5148c81096227d725dd2d5ba328981ab21f918008092cccf7693f11b26f9670246d175f1b682b54d678fa0a2826edb72b70c |
C:\Users\Admin\AppData\Local\Temp\ugMs.exe
| MD5 | ff5d3e819f1393cbf454540a35d55aa6 |
| SHA1 | cca55a97c1aa7ffcc51b7bcef47bcb374095191f |
| SHA256 | e933b4d20d259940ca1a29acc209da1784182854dd5ba1344743ebcf5af51c3d |
| SHA512 | 21ea2ce7083bc5d2e8bb990459010b553b3fd96a6e98788088a8e9c07aa76547b7459494737e1281250bee163d3339ec793f5ddbaa07100dd747a1486f2dd5c0 |
C:\Users\Admin\AppData\Local\Temp\OUks.exe
| MD5 | 857d7e09a2089b734b3ccd32d2596c40 |
| SHA1 | beacd4c5e5a2eb15cdf860066a0b7f6b20252dbe |
| SHA256 | 09a57e7fa250a5c5aca0070db66eb8202102885fc80f88fe3039b5be0df0c67f |
| SHA512 | 8c164f871a1dd61f41f9792e3d07e30265867d6298d9d2f0e64f2c70ab0fc6863181831c12e4f126ec8c17cae48667badac2d167c32aabc41ab8d170bec7fe2e |
C:\Users\Admin\AppData\Local\Temp\ewwK.exe
| MD5 | d0d1ea395bb1212fb37b2ceca66a6d3d |
| SHA1 | e0a9ee408c34ed02f6440e40ab41143959c1d2cf |
| SHA256 | 67f478163c8ab78e76e39a4f0cb24eb6c00002edb13a6f183e7d4c418f4cdc25 |
| SHA512 | 30d4a24aa662995c47c7e32d176d32d30fbe12e98da00d30d6bb15a9a59403be8bb810107458b9aa6e79900183dcfee60e719c33f7465483f01cd950ea69d8a5 |
C:\Users\Admin\AppData\Local\Temp\wUQa.exe
| MD5 | 6907bd9057eaa13cc517813116c5760e |
| SHA1 | b357992ec7da4da98a69ca35037ca5b61a0790e5 |
| SHA256 | 4c745f79451bfdb08bf8acab808807a8bf108652d24b00941321cb4e14488f60 |
| SHA512 | dda5c53a851cba321c9d677a0502676e75024b4a0c34955677f15bf7aa670f6b86bafeaf68f2e7973611b9a5ab5ed77736e20d17443b767b62108de1484d73af |
C:\Users\Admin\AppData\Local\Temp\BcMIwwAQ.bat
| MD5 | c2e0b4e2f940b8ecdb0e433b29dfe5d3 |
| SHA1 | c0002b0c8155f647ccbd1586be1ec1534356d3cf |
| SHA256 | 62a22a57bb8252da43793e76cf04d2c1d32f3847c5f6d1c456aa4abe7e71c886 |
| SHA512 | 807080bdd316ebabbada6007a146c4db5f84cda1bf7a8e8901e69fabd45d915d9711a187478874bef81816c9168e85d9652fd0d021ba022a4761b0771eacb029 |
C:\Users\Admin\AppData\Local\Temp\MEsE.exe
| MD5 | cd24bee913df87eee106062185d18b1a |
| SHA1 | 0867491e17a2f676fb1072be38267fa441919947 |
| SHA256 | 862dcc6afbd863252410218e913448720ffc277fa2fb9065bdf62d88f00ac236 |
| SHA512 | ebf9c682adef40ee6b9a58b4d83b22efb7504db27ca15656c36899dada071a9a67c206249844368245a24a2a4491f7b9f3eb10631e5b59acfd0a978af225fdd3 |
memory/2120-3120-0x0000000076DC0000-0x0000000076EDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Egck.exe
| MD5 | 45cb199f8a0d37bbe2ef635f1f01ec20 |
| SHA1 | 230b71914c30404fc4fa44fabbd378502ee66ef6 |
| SHA256 | 34feb416f2d12ff1da5fe848a0793d357ea258c6a044164082ed033b579cebf4 |
| SHA512 | acd4758b97ae9ce39bd443593c31d6e2f4a1b3bf00b92b203811533a71ee09eb5b5a039d720fa36776345a662664df2f8d6e5f69c8960f21768c03423035f460 |
C:\Users\Admin\AppData\Local\Temp\wqQMIwsM.bat
| MD5 | 9a5b8c3a2a6bda8e6a190fe9e32f92f2 |
| SHA1 | 95c1479bf6a3ab68812468a825a9e2855ca66152 |
| SHA256 | fdba3ce4f0b09160039b3a68988fccc195d84a9f60c56de418989eb1e5e574d9 |
| SHA512 | 347099bf425841b9a19f75ed421b10a883b855eb53dbc44493213dcf00c1e03df46c0dc5aafc73d0995c20deb4a3712c062e4af6f8e48fd8991280d799d97251 |
C:\Users\Admin\AppData\Local\Temp\iAkK.exe
| MD5 | f7e126d80349a46fd3d2e11659942af4 |
| SHA1 | 3434895a91f4cce37f425a83b48d9f8f63c4487a |
| SHA256 | a2fa5d9dd2a48aa252ccb7b9d73b398a2294645365b065a99d401a8329332ee2 |
| SHA512 | b98dd6b66074a8e311a13f521fd4887dc788ec377fc479bf678ebaa1f1c52da2e13758e329cd3c2c375beee3f609f8f791e949c2a7a9fcc9f45aabe7321906c9 |
C:\Users\Admin\AppData\Local\Temp\Uosu.exe
| MD5 | a9329f45ddd075a66d14622f1eeab8e1 |
| SHA1 | 6c597ddfcc6d7989bf6d50994008ba48ed2f89fe |
| SHA256 | c94b8f99e6675373096f7c5418e4a71fa3e264b3d09aea5fdaddffe9776125c5 |
| SHA512 | f98bb8ea5b230b5a3e6feb6f00aa5f8b04488e92b8d1d2d77d8f4b5884fb514e5a77d057657da3c9d34582c58b44566228339c9f2679c7e14299fd891695fde0 |
C:\Users\Admin\AppData\Local\Temp\uwYy.exe
| MD5 | bebc4a2f6a57b1dcbbc96de779bac797 |
| SHA1 | 95acb060f16696cc70b66aee438bc6c737941c81 |
| SHA256 | a658bf62ccafa07216cc3863d8d027acebc6f30cdf82f8b5cb5e5d57f38657e9 |
| SHA512 | 78422adefb6a2de0a9d478d88a6f8ba02b0beb4d664ac235d8872e70502255c9549e22f1eba7f98194f9798677b386908cb6de885b0ce435a71bd7487c2c5d7f |
C:\Users\Admin\AppData\Local\Temp\SYoIYwsY.bat
| MD5 | 987882d4ac78f57d62f722ef2990bb7a |
| SHA1 | 060ef0bcd78aa32bd5fa6832349823fa4e8a8126 |
| SHA256 | 79e4f4ebe756202f1526475ac4cc25c776ef708f15eee8411b5b548d073a83cd |
| SHA512 | d782a127f355fa2eb29a6c0cba81a7d1eabc1057454bb17ad74f02876beeb683a6193f556cf0f6955713f6ebaf73e9a82c56727b29575ada721d48d3c4039296 |
C:\Users\Admin\AppData\Local\Temp\SEIS.exe
| MD5 | 45155a9e403b3af5a507459e2970c94c |
| SHA1 | 6872fae9a24a6b8ae27ffb630f825c0faf84396f |
| SHA256 | c45beaafa5ef0dfc01838db7939ddbf0f1613b375c27578b1b8cc0b7dafc74cf |
| SHA512 | 60269073b5c4feed2a2ecb85bbfac841a96e872158cf5cc68529feef6c35ec8b5fa4c748ce73219ce01858643b09964421ca8f9af9f1504d301019abffc4f651 |
C:\Users\Admin\AppData\Local\Temp\yAMs.exe
| MD5 | 28df28961d55ce313b12a4df40f66940 |
| SHA1 | 6c7bd453226b2c296ad6b543affc589c0b2a61f1 |
| SHA256 | 20ff1f28b6b2c6a8fc74f0eeb29254a1537230984dd0bc69b468ceffb9a72576 |
| SHA512 | fa911a10ea19478364765b482fd97c97bdfda702bf91f019cfd632dfe00639339eb6073e330de0647315e2ad0794dfbabf2ad3545806431993a56350a53e8745 |
C:\Users\Admin\AppData\Local\Temp\Okcs.exe
| MD5 | 8f3ac8d4e5922dd7343fd9827fe860e1 |
| SHA1 | 63efd21745651b6c17621185e2ce18d86bdfee67 |
| SHA256 | 30d07c151ae990126d846f434d9f93def399e8825466416312a8dbf3af471807 |
| SHA512 | d840f3e3d5329c485b8c8c4eeb5387b5f387a941d5a0f19bd2425fd3e36c480233ea5007a1d6f04f30fc22be2acbbd31dd5290f5a131976046974ad06f94160f |
C:\Users\Admin\AppData\Local\Temp\Eswy.exe
| MD5 | 958f12bce8780048af73e6b26f887e8c |
| SHA1 | 31a389be47c3aa33b5a55828dce3f6b383a1f9b8 |
| SHA256 | 0e957870a98b960cdd64191d5cf75c5f15f70bba0fb0a3338f330d0196d922a5 |
| SHA512 | 879579fc5ec0c1bb71a00952dbee5c993f0e8eeb607acdf38d800624ba2616d4bbb55a46fa9d77fe37ad65ee474c14dbcabd628f8b8b842248ed7d42fb36cb54 |
C:\Users\Admin\AppData\Local\Temp\mmMokAAQ.bat
| MD5 | 472e3c29d4054a2e3eabf8295e9ee6ca |
| SHA1 | 1addfdd7ea6d1b6c85045b4d97f3290bb994a1e3 |
| SHA256 | 732b43d9901f9532746f13f2b40e373a0ef9efad2424fb95563c4434dbdf56e7 |
| SHA512 | f2044a5d1f43b2cc548ec0d1a5ac8a961ad73126f61985099e51786353bf2a2d943e6e0ec87ad6c17e812b9f6e93b891091cfc12be60eacdaccdce3199bb04ef |
C:\Users\Admin\AppData\Local\Temp\wMQU.exe
| MD5 | c79ddf16770c05f9500228736df80bff |
| SHA1 | 28e595082f44bf221176334322b614370f338d44 |
| SHA256 | 4e17943c9da41038e0618fe1606f1168078b3746577a363d1837088e7688b6ec |
| SHA512 | 3bb634ab6de16dcc1029eddd180cf4a44f1dea88232129476605bd54e8c088464d3e7f8dce7b0a705fe625fdf313f1c60fc7640c58496ca5dd7976346ee46082 |
C:\Users\Admin\AppData\Local\Temp\gMgG.exe
| MD5 | eb37b0f2949067a2a980d4ceb208effa |
| SHA1 | af40f9751580e95a0b6b22ed94aebc2a70e3a130 |
| SHA256 | 8eb503b7a80f920526a065d51f1049cb37cf04e23a095f6dcb170dcf88e7d205 |
| SHA512 | 36ce78c8e59db66fab97572dbf952637be56e6fc1ac18b0a5a31804de395be8f26ab03346442d28b075445a434edab6ddbde7bf768a0e6c55d0b94a3b2e3de0c |
C:\Users\Admin\AppData\Local\Temp\GMAq.exe
| MD5 | 6eaa1c7dda8cc31f8a483c7ed5249e7a |
| SHA1 | 284b39eef8690f576e798318667ef9119433737b |
| SHA256 | 18629ed2da436b569ca4281978bf287905df9903f0fea6666cc2b87dfcce455b |
| SHA512 | 40391fe6fab9202261e6c6b9bebcb8870c268d9c115498d31e6b293f63d26e9c6e9650c67b754f016f8fdd17471b0d16f21926161cefbc893ed62ea1efcef1a0 |
C:\Users\Admin\AppData\Local\Temp\iwIm.exe
| MD5 | 7f1daaac5b46bfca3ebccdcb17ad8a8d |
| SHA1 | 47ee6e1ed02ae4192bf2b5b48a22671fbf25b3c5 |
| SHA256 | 0399545798663a6d0e3e0e741c963d5cd9c7747869eda9faf4a9864a6591f4ee |
| SHA512 | ca37b27f23aebfe50e37468af3ee9dd6165a38a01b2ac11a1c302d4b88b7f9e24f1835ad2a5e58c06cf7e2e52193b01d991ae356acfed54d482fcf15bb778095 |
C:\Users\Admin\AppData\Local\Temp\aEEIIscw.bat
| MD5 | 936edb2ea2c42bd02fa31a7a01cc4551 |
| SHA1 | 199f4269cdc41f59731073b8ba82922726d6eee9 |
| SHA256 | 64870a1b3fbacc56af73fe74002612bbd796b50d5b43b7d219d49d830865f9b3 |
| SHA512 | 9f14a2d99f50ef8ebc2041246fed9f75a22018d431c023e67372c1b6ebe2369398ab37f193962fc780fe773432ad5409116bf922bd28b7517e8fa9fe61d58d89 |
C:\Users\Admin\AppData\Local\Temp\Uccu.exe
| MD5 | 6fe8b7f159097c3740765960f33790f6 |
| SHA1 | 8ed65ed5a634ae0c20c579cbbce394c8e578ac6c |
| SHA256 | 9b48c9dde6622c85f20318a54e7147d840e229943406b85abac54f77b277ec83 |
| SHA512 | 2b1a657cb468050b33cc1353f9ca9f1e5295f1fb1f4d734e3651e343af556230abbeef138cdcefe5652e0eab65dfe067412f882ded5a6fc21d02f98edbb43a83 |
C:\Users\Admin\AppData\Local\Temp\YoIU.exe
| MD5 | f250c7628b7d7bba660820f76441ec07 |
| SHA1 | dec0b7d2bd4875542d5ee78c8e01c95ad2993d11 |
| SHA256 | e4385a8e33d3d374878a9c4fd20f728ea79d8ad144fbad149faefa83fd9586b9 |
| SHA512 | 23a64275b5987f010e91a3263e21e20b5848861d426b8266efb35666fd2ff3c26b1887b0aa7629fd185b78f688e995ebece867cc8b2277751ed26b953b974a11 |
C:\Users\Admin\AppData\Local\Temp\iQEw.exe
| MD5 | d1dbfd424162deda92164d454419437f |
| SHA1 | 77a747c1ddca522dc356fc4574ae5e2196125252 |
| SHA256 | bbb0267e7f42776fa33a140dfc2d4fd427c0b25f00002eb375f439fcbfb69a57 |
| SHA512 | 0ca168bc4b29a326ede9a2e1f0e941201a5e9afd3e19387064c9bdc5d3662b7c2f4fbfdf55fe7d2bb4bcecde7e8a54ca9cbf0a751c02bc363edc470d3bca0138 |
C:\Users\Admin\AppData\Local\Temp\ZukQEgAo.bat
| MD5 | cd0dfbe4506c584bb5cd77d2e35f4190 |
| SHA1 | 36807615a54ed515a148d95cdd20f12dac4291b1 |
| SHA256 | 733bf501bc2b152b13aaf441117d5df0e0bcdc82bf8bed468a9f8be2ba8e966f |
| SHA512 | c35d74037d38307a8c92a426fe3c1f23228ef474eaffe21cadf8aec718fd5d152d6c55d062aff6096fb8cae6e1a774e50af3229faae5d9746fd49c520c5ddfb2 |
C:\Users\Admin\AppData\Local\Temp\uoco.exe
| MD5 | e61013f515ceab8a9eda72941aa23dc2 |
| SHA1 | 40c7b4ff6776b198c0084675157009d0ba105b60 |
| SHA256 | 5b125ac5d1248d2c1f139ab1dc7050daa51eb8375afdbe01ae54deadecb96c06 |
| SHA512 | f413ba69833911602defe53884beec37b8b5c4abb5ad301b97876a723791d74944314adba460d4ffcf7ca0cbf5eef45be1a6af9a7962186e9ee5e88583a53c26 |
C:\Users\Admin\AppData\Local\Temp\kkcI.exe
| MD5 | 1a677a8c8c23b58e60e40d864acbc425 |
| SHA1 | 7c3683bfb4aff70ce050e3203b6aca4ec9d3258d |
| SHA256 | c72c94d31764023b475dde3012fa5f1a6ba0f7ad696559af2f7512ae44356e26 |
| SHA512 | 7bd0f0ea9ca77ab64d0a84e0144b385e6adb0d33846cd955a13f224d1afe8060140cf68db73265c3a4df66efb43b30b38c29dfb877eaa77f9613f5acb364d58a |
C:\Users\Admin\AppData\Local\Temp\kYcK.exe
| MD5 | 46dd51b87e84eba41090a12280431158 |
| SHA1 | 6dd71037b142f023ebd31489dd91197a0b398730 |
| SHA256 | dcbe5a954f05500e8e0228811b61a88fa8d4de69df7197bb1326672c392720d5 |
| SHA512 | 0d0a74b923b61540830e772ef5f558c1f9963983bcb93bc54852bf34bdc6394c99840c42a6005df66c55385c835cbf03722b1201deeecb5c68484cdbaa4b9bed |
C:\Users\Admin\AppData\Local\Temp\UQAu.exe
| MD5 | 08b3eaee91291998e707a0b31947b184 |
| SHA1 | 24eefa4e6c45ea3390180e5636f8a5a3bdaac53d |
| SHA256 | 2ebef2a13ace3e7e1fc03c412107acbac7a8405b35cacb91b050d9a068b0c379 |
| SHA512 | 9bebe8895a3d38fee8810239a326f143ba294da61960fb51ece115e2a5dabb393a054b0a600a298cbd006307581ae907cb7c0a070d401a36352eae5c4f0292ae |
C:\Users\Admin\AppData\Local\Temp\HQkYQUMs.bat
| MD5 | f306bb7f3d2d865e026495d1de96ce61 |
| SHA1 | c9fbf6d630d340f3659e4668965952d5e38cee91 |
| SHA256 | 2e9a3d811d059f31b4d2de6290ed30cdf0ab00e5a8af2361c8ec86f3014701fb |
| SHA512 | 14148f6baf4e11c95aa009246a96023a5969ccf483bfb1b6489c9f65fe4453c74acac3224db0bacac31d8a9d783f0fdfa21101af4a262bfb0af8b73c9a962dcc |
C:\Users\Admin\AppData\Local\Temp\aIIE.exe
| MD5 | 62b79d9b22e534c5d6ae3d62ce519738 |
| SHA1 | 7f68baa2d049b4ad6a06cc41b5b2648fd8f48186 |
| SHA256 | 7d48a4606537ff011a31b3ce562808baf7eaeba23bc5d78fb31c387f532138f9 |
| SHA512 | 942ea602b50e58fe8dd2f891132728843fddec05e125cc50f5aa05a6a308af8d300d15bc02988b2e56414a36b94c39304ab911ab0c72b58664f30e6eee6e8834 |
C:\Users\Admin\AppData\Local\Temp\OMcg.exe
| MD5 | 04fb9fab3b7bf22c58829816681310f9 |
| SHA1 | ac9cb24c8647b87cad7b97e1c48ac814f54790f2 |
| SHA256 | f1bd3e1f19abc0fc69451979cb7b8133977c6a69e794a26bb0f8c669a281c156 |
| SHA512 | 85ef3477e2aa50f129b8a87289c5fdb4b92cdbf76b7974b94088501b6daeefc52d25abb6ec8c463574d91648da7bb27dacfe563c1cf4c773e456a451e9425eef |
C:\Users\Admin\AppData\Local\Temp\gkII.exe
| MD5 | 79f16d602cfc5a3aa1efba3b6e129f16 |
| SHA1 | cccb26bd2da3121369fded77d1e10554d1e021b0 |
| SHA256 | a0f87b11c4e508d1b2b4e160aa42650805c571a1a94f63dcfc25d6a7bdf36e44 |
| SHA512 | c08f41e1d0835fca29992d84e6b912d1f58235058e8d39cdece174aa766ee493bec3cd60efbc16b8105e0a3ff869dea1ca761c84b5b5e60ad4e2c79322b64103 |
C:\Users\Admin\AppData\Local\Temp\BiQEEMIc.bat
| MD5 | 336f4903a7d9bbd3586d92bf7c5191da |
| SHA1 | ffa7bd07b4ced1d6b640528de1b1b98e85bb811f |
| SHA256 | 17e4b76695fc9853f3d0609e123ad5839ed8b2f382c04b92005da96c07a5ef8d |
| SHA512 | aaa712ec100e5ce27cba5359282bcff43b13f33a847f88fdd40f9c99ac4cd034fd68e57de030c86d2d6ca7f3d313da3705e322ea63682b29b18dd1e0ce7b3ab5 |
C:\Users\Admin\AppData\Local\Temp\iwYG.exe
| MD5 | 68af0d0eac91cd9a89d124c658112657 |
| SHA1 | 1f880c36a32732a6c173ba5195eb62f348afe160 |
| SHA256 | e275c4c99f0b2de7cc169e33bbaa37780b5e1f385757fcebddf19217a2a26a6a |
| SHA512 | 6c624370cf0b29c775715b0bac8cbdb4b96c0c6ca5f12100b479c3c84c9e07cc4d9f7e7b86993456dd5119f0b46446a3e4525723a2f58aef7b6bf2d42b10877d |
C:\Users\Admin\AppData\Local\Temp\OggM.exe
| MD5 | 99ef958d44b35a888e2363e60590685c |
| SHA1 | fa5cca62e60a2faa1a33bca4673a81a86982418f |
| SHA256 | 896abddbfa02da690a0ef19df67485677620e6a7b2fcb6596c0eeff90c9e7dc5 |
| SHA512 | e761bba1af986609342fc5f94102a9eeb83a83b78b4eeeaa6110b96175f3916ea742e104f790868471715174f409575bfb8f7e76dacfa11a89f7bd6513a725f7 |
C:\Users\Admin\AppData\Local\Temp\Ocwa.exe
| MD5 | 146a81e1eac50e9de8f5beaec7dea037 |
| SHA1 | f165239326c3a30816361d55b5892bab0e319309 |
| SHA256 | d8b8f51ced731ecfa499263a936137f6990061ee51065da1f1817ddb616cac59 |
| SHA512 | 6922f38ac8825480d1267d865f2d3d5d003b4165b137e9d424a150a15e4d4deaa0e764e5fba87a390608d79c0311076d5c385e2f7702356cf4529cb9264a4b57 |
C:\Users\Admin\AppData\Local\Temp\BwkgggkY.bat
| MD5 | 3fbeec9cd2df486699f23d675b7862e6 |
| SHA1 | 2c43502561c545c2639421d5c19b95ea3e7cec94 |
| SHA256 | 1e9411406084ca1acd4e9057743137f4528380ccff36b72d02b8e4830ea47df5 |
| SHA512 | 8025c847124252c5eb103a9b55fde7c8a3cbd886cddc3fa0a301b9284a8b9b0fb7b143cfff2f9d1d1e7f2d1a67fb52c642c6ae93132417d0d28ce29adccf1f31 |
C:\Users\Admin\AppData\Local\Temp\CMYgcQYM.bat
| MD5 | 5a88817bc2c243245c1d59319e9b8b9b |
| SHA1 | 746d3827ae5063db7e5d357d96dd0f64fd520fb3 |
| SHA256 | adbe7e84d80dc491224adae65e2e70c31ba4a5844823885d52c81d8ba234263f |
| SHA512 | 8c05091a7ff96143f20502330f1ebaea2e21ae4f0ee43c283668a4bc924a537c13194cd03943b9ed2689603d24044d0468c9a94356d110407e5277ef3f466ff6 |
C:\Users\Admin\AppData\Local\Temp\gkQq.exe
| MD5 | cbf55535a28bd4a15712262ce6dca5e1 |
| SHA1 | 12a8a3399850a096bfbc4fb6dfc15c206650abe7 |
| SHA256 | bdfbb4c27d561a341734016df0a224128b00871c1d0a0207a052463e5bc7e1a2 |
| SHA512 | 45dad4b949129cf6265310119d61accd79774cd179482fb8d1647380a607a13926b9771a03064de7f0e9b6978cb2d2dfd1f95fb04c53ef586613b5fbb9e6fa53 |
C:\Users\Admin\AppData\Local\Temp\CwQS.exe
| MD5 | fb97bd8e2b5a1c0de64dad6584ba1286 |
| SHA1 | 26435fc0118f4290ce3b328d033428d36a26008c |
| SHA256 | 69043e14a29d34a89fd17e74577b14fc20b3bcad279d0d6cd91601cb479f1766 |
| SHA512 | 7d1d5796ec5123b0de18d0a1c6a378d99fb20778ae972503472af24d0f7088a2804df657b8a6e7d929d4c7c5d590212af56e7d5f4474787bbff415acbb7c2b36 |
C:\Users\Admin\AppData\Local\Temp\SGEgQQEk.bat
| MD5 | 842c2c700dd49b6fcddd90cb7d800ca1 |
| SHA1 | 8f70e477ef13badec418b4afd7ab5863a1809f09 |
| SHA256 | 0bec69ff5594ad527a7b8242d86b43104db2abce40129f6b52fee3bcfae0eba0 |
| SHA512 | 5d183c2129a65323910202835e34da62afea3cab5ba5c02907ab2ac8dfe8a717fe10b3bd71266604415f23a69513cceb9ce61173de9179094d3902c304de5976 |
C:\Users\Admin\AppData\Local\Temp\MYcU.exe
| MD5 | 8634abe4a20e15453f08878c938f3e4a |
| SHA1 | 713a608ebced1d2e9318953bc0e5868eaee02171 |
| SHA256 | 9855c6895196779089ab962edbf1f0b5c5063457d85b08bf0781e754f35f91d2 |
| SHA512 | fc0f4a6ceff0ce15df67f174749121293395d011c98aadf03a2781678ba3853e153994f6aa58572eca312769944d71b2339a6b255a789da982bbf24a3d3cac3c |
C:\Users\Admin\AppData\Local\Temp\kkgK.exe
| MD5 | 2e8b2448578ce3b7e59d8c12c8b61be1 |
| SHA1 | 44a310d06841575ac4e93c1cb2e07be5d757fc9a |
| SHA256 | 410fb8f19b897d7f5848002e8cb263107812db9972bb396f0f74c42c9cd64828 |
| SHA512 | c0518955afd1ac400e052f156376701249b83e3d25d6c01f8b65bd49274cec49ca7a55df5da3061b9634136af02cf2dfbca33b4ff10dd0f0d7c04f5cff221b5e |
C:\Users\Admin\AppData\Local\Temp\kEkC.exe
| MD5 | cae1de5eb53d58160ccad80932feeca1 |
| SHA1 | 374f7c6b644fec7d791032e60f7f19a884962bb8 |
| SHA256 | e2a7dcdc877c17f4c0cfe56558f6c5a19c397141a4a1f78db47ca57719bba4ae |
| SHA512 | b3b419146e37504dc42a7f61a66529a40299afec046b2f66499038a5599b178aa6a10163589f26c73942049f3f2aa1173c16a5737065d15f578b6e7ce298faab |
C:\Users\Admin\AppData\Local\Temp\mEMw.exe
| MD5 | 92b8db2022827e4c896b38de8d37894d |
| SHA1 | 6d5d55916d0b1cd8eca572a9db3f745b16e89951 |
| SHA256 | 5c78c849c9f89ab6a7883b326dbce8a75a38a812ed4699d284761eba8a6c3eba |
| SHA512 | 5902ff1c2b8153f8fcfdb6d0bbb89625cc2f10cc59457b3a58311654f252ebd18b7ef821b9a089828f68f8394a36c60dee708a3246ad053083e1393fa14d9420 |
C:\Users\Admin\AppData\Local\Temp\aAUa.exe
| MD5 | 93f5bd7e22a94bde8e1ed6f60b6d65a2 |
| SHA1 | 6929d2ecb137602074d5f9496a1522931d242f2b |
| SHA256 | 00ce4a210b279aa8f9dac1dccbda46fb428c4538702e13fbf4513d2240a4454c |
| SHA512 | d6dfc97f39c360dccb8913c44e8ff67c4e27aeb5c8c74e96bfad0f26785e4e70b775a9e7117cbb47ea630b84939aca17362543fe08bbf6edaf9db6037fb8a247 |
C:\Users\Admin\AppData\Local\Temp\iwIU.exe
| MD5 | 1d6470b80583f6e2e21277ecfd353100 |
| SHA1 | 2fe3e97a36f9136af0e05eee7b1066b58a51b877 |
| SHA256 | 9874f50758287463e0ad9dfee5d17d7d58d5b5ed10c25ccfa44318b171887712 |
| SHA512 | 1fc28b73418dbe47f4df09dd458d980cc0f266c2efdd9b3cf45f430b5aa1edde750bc18407cc55062133738e0a482644a6d3a9fae1bf330ab0788bd7ffeba61d |
C:\Users\Admin\AppData\Local\Temp\YEgMEQUE.bat
| MD5 | d56c2280dcc84f8c7d02c362c9b55ddc |
| SHA1 | 6ed7bfb3ab6a02809517b22a2b136630e5f82aba |
| SHA256 | 24376287356b201955770dbcf278bb57e13be0d239ac6e33e7c530fd03ac407f |
| SHA512 | eaf046208d662c359db4242a77c68b2bc6cd233322a1196b58f08e778b488a60f3fe461b62971a88776258a804214fc51ae5af1019d77f599ae675e5d2cc54c2 |
C:\Users\Admin\AppData\Local\Temp\eYoO.exe
| MD5 | c6a9ee1a74c5eb926f37196994862e01 |
| SHA1 | 79e6e2d3912290f78d19f096dfacd942eab84e25 |
| SHA256 | 2f00f1bef661e4964e915c769dc4963356a96767e5a6303cac7aaec30e474bb1 |
| SHA512 | cece6813f0eeb91497e8e04d649b3a2fb03e5932a6d72506a2f04b89c21c4e140d85698e05aaa7d38ea1c3603b1109fd8d163c691f9d0193a6ceb5cbe72e350f |
C:\Users\Admin\AppData\Local\Temp\Ywka.exe
| MD5 | 6a3533d3593e8f3b772620f6ae1b4c54 |
| SHA1 | f4c4a1c8b996132d3f0aa782184553a7db7ca7c4 |
| SHA256 | 31470a6c116fa804753f1c6bf1ea9259ce13a752ce9f5cc220fee94c792bc754 |
| SHA512 | 163179c456ebf239ca06b963110171163dc0d7076cc2a4435e59c0f1e2621e81df6407ae06f52eb5de87c69ef6ced55510c466ce10622f1347c43d2506e7f13c |
C:\Users\Admin\AppData\Local\Temp\yeQYYkgM.bat
| MD5 | a438568df95612e71a30616733d2b905 |
| SHA1 | 5fd29ee5692bceff8ae60724ded9685adf556b90 |
| SHA256 | 6b48a6db0b2e1eab2e50ada013310548bfa7997a4203cd295369a5312bf3f909 |
| SHA512 | f5dfaf227e62d0a276f13159d6a99d224ea68a64197ef9dc42d095314beb664aa632036f40a99cf8b551f8f790a8f5cf58b04791d4a12bfa451e241e219cb284 |
C:\Users\Admin\AppData\Local\Temp\MEUo.exe
| MD5 | 88d915bd56d75a70b6e538721f9faeb1 |
| SHA1 | f98d4edf7f1eb3a7135b5e5548f0855b6c72f659 |
| SHA256 | 87a2659f9e80f670efee74441f9b1724ab1ac16462eafa701f66bd3d179ef22f |
| SHA512 | 457c214b82eb3b5e6faa56ccfd5ca72b6a9955cd431bf355f870dc70b896f211d64cf3889291ff5e94a67eb7846012f9ca1e18114c63ad553ce76e8006d49ee0 |
C:\Users\Admin\AppData\Local\Temp\rSEQwEIE.bat
| MD5 | 0df64cb90c9ad7f157285c989ce29bef |
| SHA1 | 82b4b779a982a581e990f5ad7376a22fcb4dbd85 |
| SHA256 | 8a9b9d3fee87aa5398ca63f135ac78eae14521e389cc77cfa8a3a1a009a50ece |
| SHA512 | bec7ebb6f251e893e9bfda13fca549c9a9d7a8329e0a357be6a1df13b9c5cb7252e9614c8b92eadd3f1a2ab1ac331da55ed5a60fbe89ada89743462c44a7bde4 |
C:\Users\Admin\AppData\Local\Temp\VsYIooQc.bat
| MD5 | b5265b4d87ddf59477b99a3dad9d944b |
| SHA1 | 791083a0672ceb9e4b4c64fc7460aef892383a8c |
| SHA256 | 7ca44c5911ed800201667bb4ea154aa4dc5d5fc47ef3b78e7b48a8a206b7a50d |
| SHA512 | 5887158ef94fb988d6525a0b45d9e973e47594e76efdd9355172c27f0a763ce567d0617009a8ddb43536adf1ce5f3de52bc07679bf3388dc92216a2f4d4cf5ac |
C:\Users\Admin\AppData\Local\Temp\dEswgQYc.bat
| MD5 | e7bbc147b6e0c2c28cbdfe7bd6d21b4d |
| SHA1 | 566a21b12f537eb15a9811410120695bcbb1cf55 |
| SHA256 | 7437edef513cf85fd17881ddead4cb0b964c6c053800b783614ddb549661875c |
| SHA512 | 51e5264fbdfc521baf3cc83825a2722e9588d6007054436120b514a31eb94ea279caeb05eda53fbdeb628942f82f1f3c5c7100517c665a23c01bd625c3104296 |
C:\Users\Admin\AppData\Local\Temp\NAwIkokE.bat
| MD5 | 7bcb99f7ca9320d5f90ea02b6aca9e2c |
| SHA1 | 31b8f9f2d0e04ab08c691c61d45ce37d739a9561 |
| SHA256 | 9c1ad24e3194e214928cf4bc12ecc6fcf3d22f13236a142f4c34c85088b2e7d6 |
| SHA512 | 839463492afe738607fd69cae80053e3177122f928c5ae4642a1155d023bf520a9a7a8adf84e58b94d134e466a836e385988863086f184109e1b19dbaedb1499 |
C:\Users\Admin\AppData\Local\Temp\meMQsUos.bat
| MD5 | ccc5dfaecb9350b83221aebe24541c48 |
| SHA1 | d28e86e5d22e3249f93a49b598042c9f86c96dc8 |
| SHA256 | b2624c1febf0a79960a4b4cbd69871810c3ab42c1fa4f643e03a1a35f2360ffa |
| SHA512 | 90a482b3df7cf44300ebfd7d46e7e750a5101d2a1b9e79373e0a7a12fb67cca2d734424bf1c931784a2973ffdd8cc9643f7255deef18249a9908a778055228d1 |
memory/2120-4050-0x0000000076DC0000-0x0000000076EDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cYAwocMo.bat
| MD5 | 0691179727f4a71c9a2844f58af6b4d3 |
| SHA1 | 331dd5280d1552ec02da33e4452ff97718161dac |
| SHA256 | 56df170bc50124dbb37d9ce305ea644ba385c5ff3ab71b1249c7442934e13ab4 |
| SHA512 | 645b00d3a3f228e31cee77585194c394abb586f5405033da4f9144f7980abb27f4a961f7b381d69cacfc8aab7d49f6ab34259ef3aa8f1ba4ad6412cb5fed277c |
C:\Users\Admin\AppData\Local\Temp\KaEwksoA.bat
| MD5 | f895c6e18811bc6bc77b576da0595c34 |
| SHA1 | 5eaa9d60278a04a1290e0a95a06a9e2eeeaeba88 |
| SHA256 | 74a423373173aef544548808e6a88e29a68ef3b416ab750c9363663b914a29ca |
| SHA512 | 3bc8e6884afd61516c29d9efdd0de29cda7c6934a2542d9743247a9345792f9043483e9bd1ccc99bda7e31470a1c6cce1bc38bb085cdd7ae29c71487bc44a994 |
C:\Users\Admin\AppData\Local\Temp\seIQMsws.bat
| MD5 | a9a47233c68596e4d4e87ef5817ad909 |
| SHA1 | 8504d9ff09cad212fcf8e28c160291b24b7debc7 |
| SHA256 | 8016a6ad42ab5b514dc7115acf412546e13290d0a07f03f2cd624d91cb181b1d |
| SHA512 | 62e2e697b1e7fba8715a36b32af5b0c90201ba97159d378d635efe07427859a0a8891b47478cf978a8c827a71b41a09e7dabb2a0ba843d8aa4283b869e0b442e |
C:\Users\Admin\AppData\Local\Temp\FCAYcEMw.bat
| MD5 | a728df061174fcb233786824b8af3f40 |
| SHA1 | dacfc65aa06e99cfcf3e8b07dcb335fe135965ba |
| SHA256 | 0b46a17441a7e22f91bb477c99f45fef1ecf7296216b96629b6b9a1c47778f8f |
| SHA512 | 7647769e7b1dcd1663b7ee0722e13286424333f08a08e0764eae02bbf6cda7f4122ccde70a359e9399aad4f5e4d8b712b8bb871f7539c8d741c71c27e377cc0c |
C:\Users\Admin\AppData\Local\Temp\LycAgIck.bat
| MD5 | d81abf87a5debcf6d47dfe8332aab922 |
| SHA1 | 2a318038d969b1b36401612c5f399dfd8cdd487a |
| SHA256 | f93cce4c624db783c6325322afdf83ba9d6dc01f776a791e1709a36d507547de |
| SHA512 | f2a10dd94059a7d7210139b0eab9c648c24256a3dbed01b0f648cfb15330cb4a824ac09d1b195707be4145209c251b70bc221e8cb56bc31e32b1ec849f9b0705 |
C:\Users\Admin\AppData\Local\Temp\feAMgIAo.bat
| MD5 | 798d7c5b92f62ff2f934ba2c7afe6345 |
| SHA1 | ab4448a1e3a72ea8280e8b416419b25f803e19d4 |
| SHA256 | 4c2dc4d10f83fbb7857a24f6298d85a972861e546fb3c859e0f22cae8ae754c5 |
| SHA512 | e4cecb0601fd9b1d028ef6e82e842830750b264c5308cfe88c959bb4c82b867d6d99a801b7562f320c3afb646858ecb621766c2b040a1e5eb5818eaf18dd3425 |
C:\Users\Admin\AppData\Local\Temp\dIokwAco.bat
| MD5 | f946ce22e3687eb2c27f5814bf5c5e09 |
| SHA1 | d025c09d45180c5714bde5e79c09ffff4e8e07bc |
| SHA256 | f9242ea2a27d2cb0874188081504d4e3673a1fa96095de8b9966bf8846f5774d |
| SHA512 | 7aa5bae75a810a561babbf68e2650f8474fae04aa1d28b278f2240106a27f739b90c3023c76068168d43e2d5f5348dd3f7e33f2aac4eb99e36abe9646a07e0e1 |
C:\Users\Admin\AppData\Local\Temp\CAEsEAcU.bat
| MD5 | 12735a405611b1e4beda465e07ba4c9e |
| SHA1 | 212fb822347388e0e2b03b3d1403db7d3a32ab20 |
| SHA256 | c84ac2f4a25f39219984037165a7dd6adfbdf8bd6aec2dcfb9f239b584502b01 |
| SHA512 | 3747b5d4f1f0a9e9b3bf77e0562d322cd67e6bb8d9a3d57fec1ed7a635fd2df7572c93abf7924f3963fc2ca9cab707b42ca83511d37d6419f5c572ca7b5cebdf |
C:\Users\Admin\AppData\Local\Temp\UEEkQgYM.bat
| MD5 | 0bd4c0cb6c21442545b82b787ffac55f |
| SHA1 | fce1660e31679bf388b5f30078b4ac41e9fccbad |
| SHA256 | 431f04efcf002566f46a29647abc0f169b6d6fe47de5bbbedfab07aa0a97e42e |
| SHA512 | be3713603462e4d96d5a7fae65ee74c6907759a45f7244e10e31e5a9d034f1966584772f578f8eb84858853a7ae27f34c80fc6ed98dbacb534a35ee6228431fb |
C:\Users\Admin\AppData\Local\Temp\oWscwAcQ.bat
| MD5 | 9ac77adbb6a68d47caf5f5fd51beb875 |
| SHA1 | 3e33e6f830e6ec4c8f6cde8ff949f30b4ecc2cfe |
| SHA256 | f09b3adabb8cd676a52c16d88e3e7bf179eb0a427683524c70c241bb66903035 |
| SHA512 | d4447916ff4f9d1bf0d95ed5b03cfb659d5f372ca9ab81dd7775adf76028935357c17bbf660a6b27440b81dabaa677a1545d18f011b132c2954ff7ea166bc849 |
C:\Users\Admin\AppData\Local\Temp\sWIMUMss.bat
| MD5 | 62a5a9189cac6660b3cfdef5312c9005 |
| SHA1 | 41fbdaa9255c43f04fad1c8277ead50593e28511 |
| SHA256 | d06b9c413942c7f20e2b0fdec7cec483274d3727eba3dc6f6b397d2017e3b4cf |
| SHA512 | 724bcf3dc00ebcef1b3bfd153f490469fc7a9874abd034d39611f0e9161dd94b0da4ab579a951d180f670401604037460bce2939b2c5624e50f2bce5e32ba11e |
C:\Users\Admin\AppData\Local\Temp\oqMcYYIs.bat
| MD5 | 4bec0f7e2b0d5631a8125109decc5ff2 |
| SHA1 | fbbffed7ff1a3f98ddc8b3dbeaffc9b80829e7d3 |
| SHA256 | 2da2e749f07f3e48d66c6ea00e0c1cfb5042f9c7adbe292f28d5d1bfa6d82aa2 |
| SHA512 | 25ab374d0e00d59f0934c6fe6bef454252fafb8434ac5a9e0e76ff33ae596154e371e7932de4c9d03a230af5ba45722fd41f4797e9157c42b78ec7a20111d9fe |
C:\Users\Admin\AppData\Local\Temp\muEkwQUU.bat
| MD5 | 7832da75d16a726be003919485349d30 |
| SHA1 | 6a1aef5cca52cb60f0a839506acfae57d80db3ae |
| SHA256 | 08cae59681a2196749083ac9d8449b5f801d2ea791f3762c1c18242424d9f520 |
| SHA512 | fcade03cb84f29321277cbe3fef72a86a171c54059f19765b14f383c74fdb20e44f8f1b848a8eb63330a9d0860163c1f97719b89cc8fdfee80cd76304c191748 |
C:\Users\Admin\AppData\Local\Temp\VSwosUgk.bat
| MD5 | 9df98ffd911c4fccc05b55afc8df208c |
| SHA1 | 24a9adb8668677d9ae5d9788ecb4b11828860e42 |
| SHA256 | fbd169338d3a5f504311865b476881fd3fb73cc54b5a168902b7d86b3a2751a0 |
| SHA512 | ef8c10396e615156493e145d1a4f711a6b4b2a9cdf55a0af698401b847f2304377be4c3e8c90a2a5942d7c6a9c634ef667f36306a7121e7d60278f83a27e5ed6 |
C:\Users\Admin\AppData\Local\Temp\xiwksQMc.bat
| MD5 | 189c461f231b88b21527cabcf8c8a9f6 |
| SHA1 | 9a26827d2eae8d08078bd13dfb3e3182e95154cc |
| SHA256 | da7232643c40646eb9120bb31bebaa2335e5eda8bc086a7876380b1f2172cd1d |
| SHA512 | 3e61a2dcbed381e30d7348d13b3c20c58ac256efa285108fa1785b4bb17c1a4b0012577e782ca396868bf959f4f4ad929b184aa592c2988e0ffd096f98eda4e1 |
C:\Users\Admin\AppData\Local\Temp\BCEAckwc.bat
| MD5 | db9fac743cc9890617683a02ec107083 |
| SHA1 | 5932d58af55b379377342a5b66d175c82e5c4486 |
| SHA256 | 0ff2f39db5f3dfbd9a41b3b38db71ce94ed5ac0e8bf0e471765d6444a24fba83 |
| SHA512 | fdcba62c495e1becc14430e304df7a708c88600a31082d5cc6ae56564b9d6ce9057565224c0173c13a895ea100f1ddc1666ff87f73eeb81333f373dcbb060c53 |
C:\Users\Admin\AppData\Local\Temp\pKAEEcIc.bat
| MD5 | 3d6b32db219e2950eb6171f3d015b7c0 |
| SHA1 | 1be278648746404eb85ba5d8c4801318325f566a |
| SHA256 | 2e05cfda60f8509fff68cbe74885e90cc901694746f71e126318554fa4989726 |
| SHA512 | f4d04b38a73b85e527717e7ffedc7c140bfc64a414208057faeb70bf1188fbf10b206b1e78491302cc711bf5b054eec3c44665ed567c86b1820d718e0e826488 |
C:\Users\Admin\AppData\Local\Temp\ocEkwwQM.bat
| MD5 | 08d3bd4bdbd0a7cc0b34e76c8aa7115e |
| SHA1 | 1ba7376125b06b7f2d45d923ea512d6fb8f01efc |
| SHA256 | b2d68bc35036ec830700c4c858442d8d574e1d88b059f4a152d68e346e3da958 |
| SHA512 | b34550d607696fd780531b7cb6f18d513208e28527d827811fcc494585cb428a41449eef84c785639412a1f7033db07c06448e56d9c95509f66868f5b540c073 |
C:\Users\Admin\AppData\Local\Temp\KkMQYIsI.bat
| MD5 | 97c6b2dc6da3e2273c0b2a906a9393a1 |
| SHA1 | 4a9dee44a56b6efb373b5399c58d4d12e0e9007b |
| SHA256 | e9f322aaf5b5f78edd5bb39451b32269c622af48a6528060f5d0862302a5a8c3 |
| SHA512 | 0383a07febc5a8c9033600a5b811cfd803a826340c63b06e182599b4b90830d44b9c8d902ba9dc06c3afae9810dc45f606790860dda68ed43efb5c4a56a9b9dd |
C:\Users\Admin\AppData\Local\Temp\oGEsQcUQ.bat
| MD5 | acf10794c5d3b526ac16975aef8bb554 |
| SHA1 | cbc9ae1d75575fe67833f33a9f19f7a9d06d97af |
| SHA256 | abfe0d86e468389dc2b6b5efe8dd248a72dfe30b18bb667b2360e37d2ef70dbe |
| SHA512 | 852e99db999cdc148c8d41e4cb882c3561213424c01c85bb874108531fe4ad9cea0ee03a3de2d469d250d0c75b0357aa73435cadba182f263b2d50cacd6546d5 |
C:\Users\Admin\AppData\Local\Temp\wQoAUwEk.bat
| MD5 | 551f3c316cf069ba91312a0d30eb9c9f |
| SHA1 | 49720f550c611ad38dfdc69348fac9b164d6aac2 |
| SHA256 | b9f2fd64daaebcfe8c46ce6269981733a4b6d8696d4f34b7b8fb05f9d300e23d |
| SHA512 | 1a48b7dd45d0c2f200926b4a98a20a95b09f6f7eb17e1c44d9c44c75171a870cdaed9718fc8906d5c59124c1c63757f8d6fa84a2fd282142def2509dfb67ae85 |
C:\Users\Admin\AppData\Local\Temp\BmcwswYs.bat
| MD5 | 18403ed400583416119c7d022df2de6e |
| SHA1 | 360f2824c7c0b05e68bfa535b44154303da63a4c |
| SHA256 | f6ffb8d7d7c895a7d5a4e972428ee90f542e7610f4642f1a83160dcdea9b69fb |
| SHA512 | 779dd1e0d023719713a95bb1c565cc3642c5edddf17d6750ac7e8a40e3a9908b9ea73e1e6518be0a02aca53f66d8eea7f36a2dc9c6599badf18ffca695b8eb6f |
C:\Users\Admin\AppData\Local\Temp\XkMUEMUM.bat
| MD5 | 5135d3ee7e63c8e80a2a22dd410d1bb5 |
| SHA1 | b96fb17de4decec44b8987f7f5e443bc31fc6f40 |
| SHA256 | 4c6525ce6190bd1419c7d9a39422f65b15a2f755fcd5c16acf6ab42bd4bb58e9 |
| SHA512 | 75c70549178f1a0d0be95a127df2f4b3947df9075b411fec852e9c8e65131ae02d19e4b20665b25d616310a87e13ca9631c51004e7358c7944911df3c7bdd3ed |
C:\Users\Admin\AppData\Local\Temp\dwIAkAws.bat
| MD5 | 42c92e77ef6e8e4e68a4d2f1950caeab |
| SHA1 | 6560960ae4722866be58dc5c0e288b78dffd96c5 |
| SHA256 | d947351a05f04e20b25f251d3a82ac2cdbb34b7336b209c41b2744f4b554a2e4 |
| SHA512 | fa03f33a51a3ba259ab5f1b6c772bd15908140e794b793bc31810788be32453b1c97512fa2c23ed264a6a4736b108986d6848e043ab3edb623b9b31ffe56f65e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-15 10:39
Reported
2024-05-15 10:42
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (80) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\ProgramData\NmcUAcgo\gmYAscAw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\yeEQwYUA\HCwQYMko.exe | N/A |
| N/A | N/A | C:\ProgramData\NmcUAcgo\gmYAscAw.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\gmYAscAw.exe = "C:\\ProgramData\\NmcUAcgo\\gmYAscAw.exe" | C:\ProgramData\NmcUAcgo\gmYAscAw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCwQYMko.exe = "C:\\Users\\Admin\\yeEQwYUA\\HCwQYMko.exe" | C:\Users\Admin\yeEQwYUA\HCwQYMko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IiEgkQIM.exe = "C:\\Users\\Admin\\JkAAAEwU\\IiEgkQIM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SUEAAIsM.exe = "C:\\ProgramData\\lAoMQcsw\\SUEAAIsM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCwQYMko.exe = "C:\\Users\\Admin\\yeEQwYUA\\HCwQYMko.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\gmYAscAw.exe = "C:\\ProgramData\\NmcUAcgo\\gmYAscAw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\NmcUAcgo\gmYAscAw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\NmcUAcgo\gmYAscAw.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\lAoMQcsw\SUEAAIsM.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\NmcUAcgo\gmYAscAw.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"
C:\Users\Admin\yeEQwYUA\HCwQYMko.exe
"C:\Users\Admin\yeEQwYUA\HCwQYMko.exe"
C:\ProgramData\NmcUAcgo\gmYAscAw.exe
"C:\ProgramData\NmcUAcgo\gmYAscAw.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zacsYMUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\myEgscIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YaIAggIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SOgIAUAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mkkoAEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VcQooEYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jYYAgAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMYwgMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sAkoYIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkoMQEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yWoYIQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qmUgQIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nqowUkgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmUoUcQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAMwEUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKwUIgUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUAMUUcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGcggkEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAIMowMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYEoowsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGUcIQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCggkwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYkIwwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIgwIEgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SqokUYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CGcUIYcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uywEMoUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JAogcAgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe
"C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe"
C:\ProgramData\lAoMQcsw\SUEAAIsM.exe
"C:\ProgramData\lAoMQcsw\SUEAAIsM.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3708 -ip 3708
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RagIokIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 4748
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 224
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 224
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEcYIcMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YqEEcgAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekUMQMQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eocggkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAwYoAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lQckYgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIssUsEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqcoAkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEYsEEwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCkEsQoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIsAIgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEsskMco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMMkYQcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgYsoAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwkQQEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMkokwwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WaQwcEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAggAQYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NYgUkkYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUoQIAQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsUMckok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYAAMEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ooYQgsww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QkUIQcko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUcQkQAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vasoYMgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DoIMAIww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOUIwkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyYgwAIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\skwYkcwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AWcIcIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqwIkgcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZyYUIwsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuMgEsQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JoswoUEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vggkooIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYYUwIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CCQIsYAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\saswQgQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HmkoIMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcksEskE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWwwEooA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dGgEMAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUUAAIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKkEUgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osIUAYMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgQgAMEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAEMAIkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsggYAYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMgkwwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qSUkgcss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKQggkQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EMcgcIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcAcIgUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zIcEQEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUAcggAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CUEkAUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GaYwIgIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WWAkwAEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEEAEcEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKwIwwcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGwgwMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bEckYEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TewkcIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYQYMoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ywQkoUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQUEQMkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeAcgIQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VIoYQwgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RasIsgUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsEwMAAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MWUMoIQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\coYkMUkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IoUQkoIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POcYAYUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JasEgYgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tagwgIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEwEAwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgIAQEsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkEkAkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yCAoUsgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BqkMQsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NIMUkMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XQUswcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SoUsUwkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiQAYoYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGkgEIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEUIowwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQEUIkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LaMYocUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hyEcoIwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uMMAkIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiEkgYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EsMYAwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tMYEgAUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWggIAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOIoAIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bqwkwgEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YycMwwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osUEQgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| FR | 172.217.18.206:80 | google.com | tcp |
| FR | 172.217.18.206:80 | google.com | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| BE | 88.221.83.250:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 250.83.221.88.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/1752-0-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\yeEQwYUA\HCwQYMko.exe
| MD5 | 6d97dbfc897bf3e28a55f9e164981b89 |
| SHA1 | 33bb9eddbd2ce8c81da338ce43bf65c6fee5c736 |
| SHA256 | b4b6cb8a8da0a02a34d1b71730c86d7c92cf68851cff5867e352020ea80e6eb2 |
| SHA512 | bad71e939ba95999c53eb3ec5ad39ad9ecd69b78ff047ba33ac0ebafd5439dbafd1aa223708a47b9099c2fb492e1e42c2bed5271d6b8bd0770b7e6491871fe97 |
memory/3284-8-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\NmcUAcgo\gmYAscAw.exe
| MD5 | 31d442b2f50b6b057560b8843a22d432 |
| SHA1 | 7d937160bfaebece366532f60d41f8284078192a |
| SHA256 | b99048312f2d75107c65ef636d2ec77435b582cfcee58eb40877896bb6fda4de |
| SHA512 | 3327b72234af36b4540f8863bad778a3d8077b90064711641ed38db574c70a3889f2329d5a7ba31c1d0fe9be31f55bc811cef640d2bdcab6a8754be0bf491e06 |
memory/3492-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1752-19-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2208-20-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zacsYMUM.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
| MD5 | 59513752b20c9e3510db31c99dfc5c60 |
| SHA1 | cbfd0cd3f52fee958f730d8d31b2372370bf26f3 |
| SHA256 | 4cb21f95bccd80bca6baa955d8f9dcc1837e5a561d1585c9aaecdd7d377db8ab |
| SHA512 | 08479b2361a3b3d6a80d47260442718a7ce0f72547471b2b674aefa3dbeed7fa012df9c37efae73d729cf973f579672ca996a48552359ecc1fb2b4b32eeeb560 |
memory/2208-33-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3800-41-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4560-45-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2560-53-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3800-57-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2560-68-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1796-81-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4632-92-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4696-100-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3096-104-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4696-117-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2104-128-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4752-136-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1636-140-0x0000000000400000-0x0000000000431000-memory.dmp
memory/528-149-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4752-152-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4920-162-0x0000000000400000-0x0000000000431000-memory.dmp
memory/528-166-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4920-177-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2164-178-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1988-186-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2164-190-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4368-198-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1988-202-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2128-212-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4368-216-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3760-224-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2128-228-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3760-239-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4908-250-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\yeEQwYUA\HCwQYMko.inf
| MD5 | 923947ca1b0c5ea1b87df7d6db6dc91d |
| SHA1 | d8e175c636ea19d5e6be55fadaab22746c9d6b2e |
| SHA256 | e49e7826deeeedb21f867cd7c6d9f31fd02b30aa0677b0351a01aa568c4f28b8 |
| SHA512 | cacb75e47bd215ba311b67e2a2382cfe3541623e3171e477abbaf405179cdd14ecefb4cfedeab5698ed41ba0ca64420a7b1653929cb9f48cd7d0d420021a62bd |
memory/1764-263-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2448-264-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2448-272-0x0000000000400000-0x0000000000431000-memory.dmp
memory/752-280-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4960-281-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4960-290-0x0000000000400000-0x0000000000431000-memory.dmp
memory/400-292-0x0000000000400000-0x0000000000431000-memory.dmp
memory/400-300-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4896-302-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4896-309-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4656-310-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4656-320-0x0000000000400000-0x0000000000431000-memory.dmp
memory/624-321-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1356-327-0x0000000000400000-0x0000000000431000-memory.dmp
memory/624-330-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4748-332-0x0000000000400000-0x000000000042F000-memory.dmp
memory/3708-333-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1356-335-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3528-334-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3528-343-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4748-346-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4000-347-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4000-356-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1360-353-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3624-362-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1360-365-0x0000000000400000-0x0000000000431000-memory.dmp
memory/5088-371-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3624-374-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4724-384-0x0000000000400000-0x0000000000431000-memory.dmp
memory/5088-385-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4724-393-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4300-394-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4300-402-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2944-403-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2944-411-0x0000000000400000-0x0000000000431000-memory.dmp
memory/704-413-0x0000000000400000-0x0000000000431000-memory.dmp
memory/704-422-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3720-423-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3720-431-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2176-432-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2176-440-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4780-441-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4780-451-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1828-459-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4024-460-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4024-468-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2504-469-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2504-479-0x0000000000400000-0x0000000000431000-memory.dmp
memory/392-487-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4932-495-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4972-504-0x0000000000400000-0x0000000000431000-memory.dmp
memory/208-513-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3440-521-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2308-529-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1748-530-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1748-540-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4636-541-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4636-549-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4704-550-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4704-560-0x0000000000400000-0x0000000000431000-memory.dmp
memory/208-568-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ukkO.exe
| MD5 | 9a9f023ebc03c6c0496b33bcd9324726 |
| SHA1 | e4929304dca3553ef393ada14331b3e8cfa068cf |
| SHA256 | ec6e140de4061366a12c93ce4d0277da8b5fb35b278652281a59201bdf87d630 |
| SHA512 | 33372759f1835fadb7725e2b26446f2b0dc9d0d9c79258988d19b31d49e7442c4d0fc3c8829e1ddd3c4a7f38413ea46166fda3c06f8787133fc40db0dbf47109 |
C:\Users\Admin\AppData\Local\Temp\QEMK.exe
| MD5 | 56b95e0105fa0ea8332c17f8a2b5f6c9 |
| SHA1 | 5a41b4223704e8dd2a74048efb699251b25b8920 |
| SHA256 | cc012074e7a643bcb57cbbba31c20ede8b73b3575b001ffb11037cd32f97896e |
| SHA512 | 4991f118391dae02599c23806a3b2ab6481da2c20b15328a130dca75b0c11cb8d690d0dae1d2abe9175de68c718a78185bf1cf1090241520b1132b54579e2520 |
C:\Users\Admin\AppData\Local\Temp\KIEW.exe
| MD5 | 8aa579bba53f31b59fa3c6fc3a27859b |
| SHA1 | a27386276a2eb3e31e8aceeebaf6b117ac8a34ed |
| SHA256 | 823672420000c704a14768308921aa6c4556e1921c68b79f2ddeffbfafaf02e7 |
| SHA512 | 43149a0781b1775db5ec33f35b045d42eee16059562c7826ed788bb4934bf37828c32792b8081ddb1cdf49787517dc63b307060329100ddadf4cc7cfb1534baf |
C:\Users\Admin\AppData\Local\Temp\QEcm.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\SUIS.exe
| MD5 | 08dc05666e3bc403a59bd4ebf571a5a2 |
| SHA1 | 31ebc724791b836235b77679f3dccd0500a58a2d |
| SHA256 | 023475d1cb0859de4495e8cae1c9bdabac9276229af7ef97ecddbb7e5f04c18b |
| SHA512 | 23af7f51b38cebef4f8d7a2ae5c59674e30de58fc37977a3ad8a7ce7b72e2fbd356c9c198993a5ed043d0314cdefef2aee9de58ce73a5e84e9022d2f3d8a3f40 |
C:\Users\Admin\AppData\Local\Temp\uwcY.exe
| MD5 | c55cec59ec929be4b38695517cfc22f1 |
| SHA1 | 72d15ca08823d0e65940477f81572e35889933a8 |
| SHA256 | 472c8cd621119cab42700c0c1d1c5a9ccdf8cbe1ce1f27527b2aca65843b3e6e |
| SHA512 | 292faa9d4a834f667f7bc3cfa985c35a723d635d32fee8e2fbd080effb688eb485ec096f67383d291f2725734108c1dfba4f45d50b45a606b920ba14001e295c |
C:\Users\Admin\AppData\Local\Temp\AAQc.exe
| MD5 | b426515ec2713f92b5bad0e3b6c27779 |
| SHA1 | e98f5ac6fe7021f38f356ccaaf0948000fc6e3e3 |
| SHA256 | 1f0bdadff76e962a65bba5f417d15083e037d4801738a497e6fbb07bb2bcb8a9 |
| SHA512 | 87a11f49bae0a187e0516618f2a8b72cadd3bd65a61019aadce4b5c8c442ed7463e003148e6f1d28a6ee7869878eec10bdbc75deb88389970e4266734b4c24a4 |
C:\Users\Admin\AppData\Local\Temp\qAAy.exe
| MD5 | 9190eeb7f328ab36ff5650d2e53deb3d |
| SHA1 | 1dce75f923e4b1a1852d08ec5b1a08e19099c28e |
| SHA256 | c0f1282f24647de453c4ed559daa3442d0ddce0dd5c2e24491ad6d3e3aab2bd1 |
| SHA512 | d63227952d4d723a3a63e28f9c812fc88456bbacc0f35624fe63a73a4cce5a0bc65cd4a6c7c00794cf01ed92540e918385d60dabb23b7a9fe28f45ab1cc500a5 |
C:\Users\Admin\AppData\Local\Temp\aoUG.exe
| MD5 | a96b5ab374c58a1fc46fa2c0c7bbdf65 |
| SHA1 | e73e66d4d5f498a946c8a02689fe94671c1ff374 |
| SHA256 | 6ca35c2b05d4d3bbdd31e244f7f831b736436e6abc26c13e97283dc9cb4f786b |
| SHA512 | a2a2704968fca9c4775a38d9b788d7059eb275e61e7bdc590212547250be4821810f6bd2348a3e07afe25aeaaae1d522fe31568c1ba339a1348fbf04033e0bb1 |
C:\Users\Admin\AppData\Local\Temp\UsMc.exe
| MD5 | 5c3060ad190b2e345d96af03699bcca6 |
| SHA1 | 99caaf0e19fbd8343075978c1142f175658b5ef5 |
| SHA256 | 2b957347c1d4d2e0982300d52301abbb9682dd0523c394507561c7d790be8fac |
| SHA512 | d275eccd49ffe63d8d3c2bdaa7e790b1052116b66818d5c377401e610fa41fc3aee4cfdfff267f7e38906829202cc2bef74eaad84fe8d05832c1e0dc3e49cefc |
C:\Users\Admin\AppData\Local\Temp\CUIi.exe
| MD5 | ab503cf2f327f8d344156ba0dd6a3fcb |
| SHA1 | efb32142211083d7595d24417b465f5e3a1237e5 |
| SHA256 | 7d919354ed71200ba58003562b5a648a0e96d0d5031479c754b6cdafe70d903e |
| SHA512 | c698864bf3bc7e15ffd6f983eb5dfde4f21795946d49d0c0f5fd569d63e9b920d65cf95a1e4308b5bfa475dede5c9d4970ac16bc46e89d79cda3a971d2d28c04 |
C:\Users\Admin\AppData\Local\Temp\EMUM.exe
| MD5 | b843714b2ef1163778264e71a56e9282 |
| SHA1 | d9b0739f40527e8cf02b731050f91a085f869bdf |
| SHA256 | 8426db75dc14ccc31d936e8f831a4de60b917b8b51ff5068a0382fccbe91f48b |
| SHA512 | aec379e6820c3c73cc255f129568d4bf5d49615affa29eb40524296ccbbe62bd08947510c8e117588a8a51c625281e8544fce8a2dee9b4c9cd8e6d909d64212b |
C:\Users\Admin\AppData\Local\Temp\uMYk.exe
| MD5 | 40ab82d1fc148940f51dfa90c7768274 |
| SHA1 | 28e643f28735992dcbbf2355f5167971a5cbee63 |
| SHA256 | 889bf6afbd76ced96cf174baa7d4f437434fa557dbd53d7db963cff2c4120d32 |
| SHA512 | bf5208590a0ce71000929b857f29bb1f10b29e5bb0004491a355876353ea16fc834ebdfb72990f93103a4eed7aa189d895d12ce11b7038d396531a5cb623fb18 |
C:\Users\Admin\AppData\Local\Temp\CEIE.exe
| MD5 | a38925e2a6c0ada6272138c9d96e2153 |
| SHA1 | 6c34874f7e06e2a6a2e8a47a8f6ad522b8cb4601 |
| SHA256 | 3a6ec6b77dd4891a96da5f464a7bf0ee3e8fb79ee7b6075e9f5f79bb4dda55e4 |
| SHA512 | e8d7a0b65d5b124cc5833ad0a095d57bbf4dfe4c1e40d914e537b72fde38b07a2a69e1fdcad83dbd75c105e30042a9e843ffd60c05f7730a208fa0ec316bd6d2 |
C:\Users\Admin\AppData\Local\Temp\CEsq.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\escu.exe
| MD5 | a7744a98623f30c97f52dfd832ec2de0 |
| SHA1 | c7097f2c2ad3919565cbb584e06e371e7c62eebc |
| SHA256 | 4d5bf5684b4e7915e803550de8add5175f063f98e1beb3487f303355251569ee |
| SHA512 | dfc44fae1893deb3be97ec155b41b8b12043872c7886d27db1faa8c70fbcd2da50a41ecce60769391b3ef789fc5fe2342d91b09bda5f111d0953563b27324415 |
C:\Users\Admin\AppData\Local\Temp\yEEk.exe
| MD5 | 6b451faf29808fd59f6b2951056b8a98 |
| SHA1 | 887dc932d645f19e5c8fdd0aca27a5452d5fc3a2 |
| SHA256 | 7ccbf8c50b98f374ee8f8da80a4360fe8e524dc11e33284582321a20f01c99d6 |
| SHA512 | 17db93fe085ba06f9b02837aa344a603e9cc4c8d9ac3e28e8600b588ef7553f6ab342487d33f2bec39c56063ca2cbd73cc9cdc30fefa5e4ef158e90b376ff582 |
C:\Users\Admin\AppData\Local\Temp\GMco.exe
| MD5 | 2998d5cea587c31a51e91e9cc6aa91e7 |
| SHA1 | 313373ae5f15aead79aeb225e9ef3af1ac7a63f3 |
| SHA256 | 4bfb6ac51a15c660c2485ca68cd6d794912aabe75001a2355f23f2b41101ab54 |
| SHA512 | 9a6e619227026bce10a4c8623a44b942c2951af79da83b18b841d19a1a82de2bf743b71eb09b34d83b78887924c7aef87d53cac3a101172bd7848d50db782991 |
C:\Users\Admin\AppData\Local\Temp\aoEU.exe
| MD5 | de8e583dc84d5fb6f6d0ac52c422710e |
| SHA1 | 3ee63c8b8211eb768107921fc6594278d65b7217 |
| SHA256 | 2bfb6119f820411980835d426ded86d8205ff20c74588c338cbfc29b6533fd30 |
| SHA512 | 2c7f5213bfa21fd2f97c940a5df82572f5e3fe8a95d872b3cd17ecb466f8bf908703d944e70880961e9bafdf19c3a57033f5082813031e2bf82e70ad913be3ab |
C:\Users\Admin\AppData\Local\Temp\uMsG.exe
| MD5 | 20eb516f3fddc0adc0e3520b609b35e9 |
| SHA1 | 2ec4dcb7e98cabc78f55e3186377394cca0cef12 |
| SHA256 | 68f27e1c4726719367d97b0998eb51ac258707e8971756dd9dffdcbe9445294d |
| SHA512 | 3522be8b623ec810b99cea5003d7134681e9d9fae2d7a0e304d99c49583185d93c84102e3400dc08710e524d80e836596ee7a9ab464647ff8afb73a3d45dfd81 |
C:\Users\Admin\AppData\Local\Temp\yEgG.exe
| MD5 | 8a9e4302d7a3597afb24f2c8e9c360b4 |
| SHA1 | 41ac1b116405e032fe44f02ead7a4962a2ae44b5 |
| SHA256 | 97d427fdf3e4393ccabc2a2be82a8273f1d3603703481aee025bc8c4f2c7b873 |
| SHA512 | b685a7cfb96f9006f115cd48145c3dfe0ad4dcf3db20e28469418f49205a5b112b37cff3b1c02604f97b12cbb78d0ad3e26c291233fec1d3fa1b2c31f5e4f56f |
C:\Users\Admin\AppData\Local\Temp\EUMm.exe
| MD5 | 5077d1d2845c4880431861b59a62cd91 |
| SHA1 | c244a66dc06e0cf55f726d72a65d7dac22a8427d |
| SHA256 | 8ede49e577be8815c9b0b7b89c5f2c058c1390ce0bcbac7209261f32e3b52d35 |
| SHA512 | 5e3df0ebeb3b96f7ce9fef82281f65a26adb1036f77f8d68ab35fbaf3243100cf1a2af375d66ae530f12f9501350ea315799fffcfcf6a1015b8d8972738bc46d |
C:\Users\Admin\AppData\Local\Temp\cMoK.exe
| MD5 | 3ca2556864d05ac4098e90a0312234ce |
| SHA1 | 281f884a366504e3b66f781039bed4477689acf6 |
| SHA256 | 80bead830c875b47cd1ebb14e8f9c0ae7fa80b8e8f0ad909ded0c2347f0851b9 |
| SHA512 | f73c518d0d542482d0c20275d168e9cf2955b16ea54e10b4013fb887cecb1b2ae70b60637d7407ee6282e17ea8daa7544c4517cc85b0b755fadfeecec0a95875 |
C:\Users\Admin\AppData\Local\Temp\kkEw.exe
| MD5 | 86e6d67b5469b21792959ff51dc26140 |
| SHA1 | 78ce7b74f213d6a5ed904d661794eb69bfee8219 |
| SHA256 | f83de99fdaf8cc1b665458694eb082f066795990d0e47a3ffccc9ccfbce2c354 |
| SHA512 | 782ae6f7da66faecc91df427148af35687ed602fd0d82706fb7c2b41d62696b8a048b0302efe01d6f89614487ab29988afa90be26808597ca2e8968b204503ab |
C:\Users\Admin\AppData\Local\Temp\eEMu.exe
| MD5 | bdad102513340570ae87fc7569e06d59 |
| SHA1 | 4053dca96191d224b9eb4a8cfb54d9e53b8d4538 |
| SHA256 | 681d427b346055564893c35c7c3db42d84547c3b6cc41eab529cc547f063fca3 |
| SHA512 | 1517e2fa5c95fbc26543b3b5041cda112108d32d0aa2045bb4b88696fe54fe516f76523987dcb0b0497bd0c67bafe60395a3e70dbee6ec780b2921a8cafe11bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe
| MD5 | 24246a341cf19a7811a68bd86f259ffa |
| SHA1 | 5d9ce5552b6228e34a307119dd51c1862e873212 |
| SHA256 | 4d8996f0369a79b36d503d7378a98ecf78129f64421526ef2087123111af77a6 |
| SHA512 | eed18b817b67d054621f0d0f299293ebf21229bbc98254e1bbdbcf279a653c98c2a1e85c39fd8a57b770a5fdce7735c6cd49e0e8aaa7073b175fceb7514d392d |
C:\Users\Admin\AppData\Local\Temp\EIIo.exe
| MD5 | 2656f2d990eb90f6677b6988d2b56ec3 |
| SHA1 | 3324029365bc06c9d0b350f3c7a0df33e8859abc |
| SHA256 | ba395974e80c61aaa1a12494fbeed803bd53328b28e420da3765d7905c0f65a3 |
| SHA512 | cfcfeff46d2af02e9eaf3f386b8bac5be974a508ee48e7c346886ded845f2b6a55cae8aa2935f6e6023e38a64e5565fa7c89678e3c3ecc6b95251859f8cc6ca0 |
C:\Users\Admin\AppData\Local\Temp\YsIs.exe
| MD5 | d141e9e50ed6a96d7ed0281fc397ca15 |
| SHA1 | 00f5ae034e8d13b57f03a25086604451d667ee9b |
| SHA256 | db2c3b2f380c48f587fe422f3e59b074149fa43eda8c29007e10392a7f3973ab |
| SHA512 | f4a67b71274c86831f2194d8cd69c5416dc238b2fb0ae4dbd062778d7b7932a0cb66a029b0eb389580efd208daad1b2442f12f554a0b1c4c2a85ebcf9ca8c575 |
C:\Users\Admin\AppData\Local\Temp\sosK.exe
| MD5 | 49f0e16c8edcbd5bacb7d4f4394361ea |
| SHA1 | bb021c7328e49afa0bcf58013fe1c8a901492a1a |
| SHA256 | f2a308939e0ddfe90d0283cc413c53cb68a7ecc6de4939ccd3cf532f5a270619 |
| SHA512 | aa8b96636344822864b36cd5f2ba336d70eb0a1000f43265899cd6f0acc9e5a77998c926348a849acdaa5c3479b61218ded1c9f9419db8ef33110440c58089d3 |
C:\Users\Admin\AppData\Local\Temp\EsYU.exe
| MD5 | 288a5f195633661f0e396813e9056c7c |
| SHA1 | 3e32d8564b1ce8a9acdecccc347449673a9dce7e |
| SHA256 | 1eac1a464a1e89caa68670205aa53fced5e46c31f4bbc2906d57a20a384dd9a3 |
| SHA512 | 91ff8fb5313ae91b529431d4de9f24ca48cbf70e28f365384fe095234102b95ce3ec9add73c69dc76dfaecd687971ff9ba22609fae996b759082484f79e67282 |
C:\Users\Admin\AppData\Local\Temp\MwMO.exe
| MD5 | cc0f527090bbf7a3698cb17ad3588907 |
| SHA1 | 37b1ef526a7a154935c26ecc78e019e9722cd94a |
| SHA256 | 46a50438da3151b9145a43b919da820ed26d4b3b008b3d6b1a93faccef4822da |
| SHA512 | 350f1a9dc60227492f3ffcbdbdd157bd8ff52b514080d059e81b67ed8df6b7d6a1d9e222c1612abc361cb97f546bf2bd64d439aa2c2c15f2eae96d5b10c306c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png.exe
| MD5 | cb29e43d6a372e67a528ff51e59dad1b |
| SHA1 | c00df8f021307994464679271b86cc6c69fcb1e3 |
| SHA256 | 2a10b7b00fc2a7ee71eea2f7f2c0bfa3d21fcaa1d14955d13481a6cc9589393d |
| SHA512 | 299bea44f2866ed37a53466194496d08f12ebd6a5fccc7f8d2ed4116357cb0506b0f3798739d10da78c7304b9ea74bcc2a9e6ac86fc2d65b7510dcc0616b22eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png.exe
| MD5 | c10a6714b942517b7a616a520050851b |
| SHA1 | adab41ed4a0f7341c7b60a804f7be2567e506782 |
| SHA256 | 56f12f9f466f3e72d04aa6664a208815be150d1c427f7dd53871eb89a325b96a |
| SHA512 | b474d1f594455405cab894d68f2da77177c5cd7d4c84156a19692c290409e685db063e0cbb998220379bd5a15936b4ce2fafcd8d234f39026ef258d0b5791cec |
C:\Users\Admin\AppData\Local\Temp\qkwK.exe
| MD5 | 33d4f4489a558d6e3ef2df1b74e6297b |
| SHA1 | d71e8487524a2c5df0fe74f19ad698a1f899c844 |
| SHA256 | 6ec72572682db20fc324455565321af0a0fb4f7b13fb24687081398445a8212f |
| SHA512 | 69a2bb5880808eb8e54d6d59dd0b7f538087e44b58e6738d80edf81e48f07d0d20addd62228fd583647f92887d0f52d18c1ea682f8696a243036cabc19ee795e |
C:\Users\Admin\AppData\Local\Temp\MosI.exe
| MD5 | f3cde5f73057eaa9c59ea14c4b98b6d6 |
| SHA1 | 256a1270a01b6d68549038f960b804add06fb842 |
| SHA256 | ffbb6a23c289bab24b40207e8c9c34eaa79d67a3ab1c4d50568ccb18b8d1ebdf |
| SHA512 | 50b82f9eb643a0ec59eeb9fb4a3b8d58d421aa69fcea52a98e6853fed15b3b95e83804c532b7fd3d5e62de1428b35491a9684698ff93b280c8b8003dc83a8aee |
C:\Users\Admin\AppData\Local\Temp\eUMW.exe
| MD5 | 7c173f74bc99d29f28779a4935497b33 |
| SHA1 | 0abbeb9ef02efc582f53c65f5b85c8a81b950297 |
| SHA256 | b83287f16e1a79044309a07b761f4b97a50325224e7541337a5e611b8c8f52ad |
| SHA512 | f78f8c68b7caea4cc93478318ff666093f1bdc2b9d49669f0cf92a95117b27dabc634212012eb9e7d3bcad07f82af5b3f130cf116414b839f4d5cab4492c6fc3 |
C:\Users\Admin\AppData\Local\Temp\MAYY.exe
| MD5 | 33b6d64f0b0fda6cc0fdf605d54f138f |
| SHA1 | e70b1445b2abc852b3d28c3fe3a41aa87f8fe28a |
| SHA256 | 13cfe0924e0a664893a09d935a8dd061be2d43d3440d2d51ee7a6bd476ee6b0d |
| SHA512 | b2e70bd6ada4f9349fb22d615c7a10a9801e8d3f4e6f8e807e6f81c145cd7884bbb963ab9283a535e3bcc85a7d24ff62d99f613fbc8c472618721c5d93361538 |
C:\Users\Admin\AppData\Local\Temp\IwIa.exe
| MD5 | 75ced039edd6bcd9e46dccf53099b94d |
| SHA1 | 90447d20b6fb777ad31c297e617612aaa331273a |
| SHA256 | 42cc63f00ea486674ce3238781c8660a83ce3e15d55337d0aa8d5de2937b4a8f |
| SHA512 | 010bb0115fe25ea114fcc6ea167d1f64139d215a17f0e640c1be9ec8b92954faad09ba2695d5a244e0c5d6854ba4d96275bdf8034df05a6b1db2613730a2a020 |
C:\Users\Admin\AppData\Local\Temp\EQIG.exe
| MD5 | 45fd75e274e1ff1805289f6fd7a7e72c |
| SHA1 | 3f422aacef12d9bd4b5911d8600238076ac8c0af |
| SHA256 | 43b08a592bfe5d9b4b184c55ce4b96ca5c0a0e7c65a69bf0148e07e8defdd576 |
| SHA512 | 3f33911ab3cfb213a1441273bf31b9f249775165d3b6c2b9c53bfcc24efb037b20f05a475a198a883174a94a364bc4808ec2c7e926c8dee2605db61ff0a5ffb3 |
C:\Users\Admin\AppData\Local\Temp\Gcci.exe
| MD5 | 8c85a9a6b6954c15c6f2fc2a35c36679 |
| SHA1 | af7da180e07f14f25f09ad27f2ff097a2b78c9d6 |
| SHA256 | e9301419d869bd90c91cfac46361b0d230441447b3e510aabcc977ae5690b125 |
| SHA512 | b8b855c1c7a655f17e3b2a092a5c69f19d06e568adececf4aac1be5d882bacde2bace3c75404c800683f4b08d1a1e16a399204a018c9fca03f9d9a5b43a0af88 |
C:\Users\Admin\AppData\Local\Temp\uoQA.exe
| MD5 | d3910236905ccb1bbd1c57db7b1c4544 |
| SHA1 | 3441c89fa40d340c48c19354b8ca629ce6ba0ac9 |
| SHA256 | b344286667eac53f3920ec4920cc93533693026a49d5282eed2769cd1070aa61 |
| SHA512 | 1d5cf719ca03e23e55d53b3fb22c82f3ae266816bb3aa8c19170d9a189a991b88178e793cd83fd125b140312bae725a5190bb3c5809aa398ad27c5a4412c81f0 |
C:\Users\Admin\AppData\Local\Temp\oYUm.exe
| MD5 | 5a35b6f58748d021f0c6ab1b4ce7a769 |
| SHA1 | 196723c36ea5c3a589b24ee5f4d96ec091288990 |
| SHA256 | 563b8e103dac68b6320eb238d7d1822b0ec344c76ef27cae43483700650504b5 |
| SHA512 | adb86dbcdf14a721c323ba40e2d2a32ab455bf4ccd0fa6d103cfc16b1ea3331fecb26afacc884e642dda27142daf655c05d5e4febf12365b63bea9d28bced30e |
C:\Users\Admin\AppData\Local\Temp\aAIE.exe
| MD5 | 2285476f60903ce35a11a3a4e5a2ddb2 |
| SHA1 | 6bb3188b73d41733623bd73781c575566dde2573 |
| SHA256 | 4eb5a358573891e1206ce92a37344bb22efa5ee8ec7538f40fd2727e2209dada |
| SHA512 | 63d64cb7662725ce801e181511146a125e4e07f7e619fb5bec1b34db194ceba706ed28fc34eacde55c5560d34cc0970ad3610d0cb1877b086640ee3e28f19fb6 |
C:\Users\Admin\AppData\Local\Temp\IUcu.exe
| MD5 | 1bd16d1b2bd01b39c5271cf6a539dc4e |
| SHA1 | c55cbf4748ca8de33fed4d094acbda4569c43055 |
| SHA256 | 35745df0fb14e97a1add5392d017fd66e048b55b4b31b814bc93af1fadaf7611 |
| SHA512 | 257b741c0fc89b40db2ed01af0ef86f9fd3a410489bcfc3a9666b3f043974c498dfe39e2cf25d37e1ee57b04f6d03342285a40f5a3f45aca4618c12ea08cd9f5 |
C:\Users\Admin\AppData\Local\Temp\EcsU.exe
| MD5 | 38cd867aa280823c8682331e1d61c862 |
| SHA1 | fd3b4708a77c41a726b386b7e983f3869fa0137a |
| SHA256 | 19431897f088301fcae474fb3e5a28afb2765600e92ab3fd80e7da1e323b3a8d |
| SHA512 | 4dbc17dafb8fae672f2879ed963cc61a958a07af8437e6afd1cd99deab4306fd400c8c6911dab863a410cc02844f2df6b1f95edc5642ec3044c0b4b809c323eb |
C:\Users\Admin\AppData\Local\Temp\mIIm.exe
| MD5 | 5744805939f91911f4e5cbf3de0329d7 |
| SHA1 | cd2a25d8d628227bc9545f3a366dba0ef7b3dea9 |
| SHA256 | 991458e5a29543cb56240350a0d5b7ab0d3cf37babbec5504353e724d288781c |
| SHA512 | 883b0318c93fd7b48f32753e99e1bfcc7312ef602913aff17ef355cfbf50ad4ee5c168fb70a4781166beeeff99f2f45f9ccc9f5656c372c4afdafcb1af260066 |
C:\Users\Admin\AppData\Local\Temp\mYsE.exe
| MD5 | 59de8a147bbead3c77e7bbe98e66e6ba |
| SHA1 | 253fa850a9bb9184716cfec8d384fd4db565c6a2 |
| SHA256 | f7435f492fca28101b3f5195e9813c3d284bbf30e19b1da34fecaaa235f7efc6 |
| SHA512 | 84728d110395ece58f387eac799936624e6ecc9deb2ca380cea17ba69e22a85c4a8211a3e80ddf9552cda68991cdafe9c0908c05824cb6688b0a3cc40dc86700 |
C:\Users\Admin\AppData\Local\Temp\YYAQ.exe
| MD5 | 46c6ee41c9e3c4b6cd73338f634583fc |
| SHA1 | ce9c15b81eb096e36ac91918fbd7041fd4bd033d |
| SHA256 | 8c910ad454a46958efd2008d8b3508dc480bcc364f6a81228d627213b77bb1c3 |
| SHA512 | cabc5c45958706d8cf0aeca01e945d3d4f858ba0eedc68ed6637c0a9a6f6ad26eed2d5d1e930b71a749d7c7244b45cf6558b0f9e8f8c75e5b880d2cbae1ec008 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe
| MD5 | 949141f00cdac4a4a2775203f93e1aea |
| SHA1 | 260c744270f7c1204ccd88e27f6dd01c9ed133c7 |
| SHA256 | 90dd1ba0125fa826b3e0c9b75fdfbec57e4726de4272f2c1d193f06b7dcbafef |
| SHA512 | d37287d2fcc426c4aad7ef040063f63dd1e5507f00a69cbc89dbf756b0b20dcf30bc8fe20dbf0f5e29efa86147aaeb3734c9c815ca6b1f5df98a1ca59aec5b32 |
C:\Users\Admin\AppData\Local\Temp\uEEe.exe
| MD5 | f70abb77155fd92bafe0f8847ed33b46 |
| SHA1 | db15c4fa3e7a989b14bd79292fd268453d12733b |
| SHA256 | ef27373f000fdfb5099a8285818150d3538494b9f419a190a91c7f9474c1a9ef |
| SHA512 | 7fd177b09e609481e76fd55c9f54fd0e8afd4dc1c4c01b1add970e33b470a7fcc9c078f239f5737c19842df467634e10b1a309669bf98c46788a479bddaa55cf |
C:\Users\Admin\AppData\Local\Temp\OsQI.exe
| MD5 | be700e07d33b3301d1eda2ff11614223 |
| SHA1 | 8bb45b3738b47659b3f91a30ec9103ff6020c8ca |
| SHA256 | ac53e9050282660a4ae3a199a8decacbe58dd0d48c4bfdbb94132189d3404576 |
| SHA512 | 481f336cf3cb7ba4ea8017d53ce0ac3741ed0232be55f4445de64945ce8e9fd1130814facb38d9a81a85c475e967e608dc288cdcac45ca6ded0c16fe036c3918 |
C:\Users\Admin\AppData\Local\Temp\AEYm.exe
| MD5 | caad0f2bb327a718f694a48a9ce72fc4 |
| SHA1 | c225c1c67e958deb20ca30c3bb2810f6d746ee61 |
| SHA256 | 74bbb73e1d38675799daafe20defbf03b8f174a9a344df6c8f6fbd830090e5a8 |
| SHA512 | 600cde45f631a98ec95535f85db35e3dbe2970c83d2bfc30d2f7c1495a6f527751fdfeb4ada240418a0286763819c2ef577e7ab21f6337faefe567ad7ebae827 |
C:\Users\Admin\AppData\Local\Temp\WkcG.exe
| MD5 | 3c565c76c43c1af491c418a4a5632bf9 |
| SHA1 | bf606669cf2cc1e1982671fbb79af7f50f944e8c |
| SHA256 | 04463ce5b156eca897e9b571cb0fabfcc1858e537b0153726736f506ae1e222f |
| SHA512 | 867f542539c78de43492486816acea9fb6e2782f6ef1fec9d81cca4779a8804b0402a9f29b251d5f97daf177efa3bf114c65526943a75ecc6ff0261fef2ed5ba |
C:\Users\Admin\AppData\Local\Temp\sgUm.exe
| MD5 | 5870d6c3882ba7fb5f0f9b693a68e626 |
| SHA1 | a4084ae65c7b6157f2a090013065957e10bd31c3 |
| SHA256 | 2a83ea2586c8268fa21aff9b2cdd18d9f39b31a288a8ffa26351dda504647b28 |
| SHA512 | 4bfd37a90ef7a2207d3da477224aa2eaecc148a65be17ca5ee52996f18cd3dc8ab0714fc16a69b3e5db9ca45a4b7f619f972bdaa421d46af71f63e5c6205b4b1 |
C:\Users\Admin\AppData\Local\Temp\oQQE.exe
| MD5 | f0600491c3b79c0922017b6baa1d943f |
| SHA1 | 939e9d954707cd152bf39397aa573384fd5b47bd |
| SHA256 | ed0f13aa78f7fb0742b1eff7adbdfd9fd63dab76eefda57602cf2e91f451e372 |
| SHA512 | 648f615d966d24a6468ac2a7098b46a1cb1dcd18b90305247399b3c307af5ba805580c3777e658741351e09ff0d13cb0ce68b301cfb1160b7845f9c1f8d3ce3c |
C:\Users\Admin\AppData\Local\Temp\okMM.exe
| MD5 | a90ce66be47da485b3b49c2890afcd30 |
| SHA1 | 9cbfda5c1ea71cf555bbd282d7322dee3c3c8297 |
| SHA256 | 4eca33fcdc815de3094b6e7d682e913c30ec53ee77384d570cbf7988dcacc78c |
| SHA512 | 06197ebb61bfe1151455047ffa76e1125bcf1eb66a9cbf5b5cbd6028e6d55dec9920c259e8747b37213e0106f01da47d977286b7b9b957d1023141f8f4452656 |
C:\Users\Admin\AppData\Local\Temp\qgUA.exe
| MD5 | e394abdb497a5047f17d1782520267e8 |
| SHA1 | 7e1f5d2538ebf9a090d2eb1e3229c1eb366145f6 |
| SHA256 | 134f83dbffab444ca02608e31e7b9ac067c41277f99406790fcc77420bd65370 |
| SHA512 | 81d572445ab4c51bea72414a03f9bf1c2e871b85019d16c40a3172429d4ea2f53da320c0c651aaaf61964d8ef3a3c9ea7ad2afd3f67877202cd2b9fb4f31299e |
C:\Users\Admin\AppData\Local\Temp\UgUy.exe
| MD5 | 42d2c44f2204c5c486faf97f5195b982 |
| SHA1 | da047cb73d4ed6d67239422c6b361e20ae9f1191 |
| SHA256 | 62c5d456adf3465829988e7652c085c86d30a4de79216799cbee49ed74707cb2 |
| SHA512 | d15fd4fc1193ea83d8a51fb0fb196f441cb6115a79c8ef48f1339eb4e7c6571682641357898b95fc67deea438f9a7141444619a1207faacd29ae331aea07c6da |
C:\Users\Admin\AppData\Local\Temp\MAsi.exe
| MD5 | 7c604d514fa1b9d8d7b12921ebfbc4a7 |
| SHA1 | 03f94680cdf4dec57c3786e6d141fdb00680b377 |
| SHA256 | 5e71adc16d0e80b55211c7a1c4c9368d33da02f755bd93addf1c356cd168597e |
| SHA512 | dfd052d1ac46b9ea985bc191345c5a7181aca1736aacc7c91db04465bbc6fce36e582944e6da1dbf3a1ee8c6c47ff418d16e172d355029fe11ae29ce0c8f7628 |
C:\Users\Admin\AppData\Local\Temp\CkYq.exe
| MD5 | 02d1c04c1d623ace7c513cd29634b35e |
| SHA1 | 4f09edec8d9f791695842e96ca474e31357ffcdb |
| SHA256 | 6638805c57d68c4855177b0fd773f8cffe18479e7e4eb9630ea3c6ca76f508b1 |
| SHA512 | 98377a6a3e879bb9537237152b1c3652c3a810898603b1a4b9873f003d64f5bc496d7da6a2aef42c58b82698b97bc22fa433732ecd688d0572b1040fdc9d403e |
C:\Users\Admin\AppData\Local\Temp\uUsG.exe
| MD5 | 9ea3e606de9447b78ec19cc221def12e |
| SHA1 | 53e67dcf5034c08e844dbcf6ff594d753e295b49 |
| SHA256 | 05fc3b7d4bfb3ef3c3c458ed160ea540a919827d0512913de11ba287604a065f |
| SHA512 | e645ba0ab41513c082efb2b0a025a5df515b162232ad6c005628191a356cd5bef7eb412989c17bc4bbf4c5dc9812b2e90149189c12ceace1ff2ca0aa76e80148 |
C:\Users\Admin\AppData\Local\Temp\SYki.exe
| MD5 | 038ce8019dcdf91e96f3d07ddbb29e98 |
| SHA1 | f868cc3906b94ca58ebdeba3a706d81ffd4f6991 |
| SHA256 | 1622bf2ad9febe22e3477e1bd6516b313f0d104bc15bc1ff82dbd596b653ddfa |
| SHA512 | 58e1291f53839557a8f9c2ffa008563877fc78629fb97a6d940a1faf8d7beebb06a883b56746507c8c0269b35750e7afa896de29470e7f7793bde9b73268024d |
C:\Users\Admin\AppData\Local\Temp\wQkY.exe
| MD5 | f5a6555732a995d63fd68cbe39363419 |
| SHA1 | ae3982ca0ef1a20ef1b035e66ccc046e6c8f128d |
| SHA256 | 6b44689a78f4d11430d92e798f8b0ea7231f7263a7a75fdb4844f8a6ccd64286 |
| SHA512 | d8d5fba8f21bba426b05c2ed53304a840d2bd13d45c77a84deb2ce0870c47bdf713fe750d7039c16c85679ad25cf9a85350ced936157b28081bdac48f2f9c96b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 187939a74561f72b55daec40f9c8ca97 |
| SHA1 | 4e9bc959f90792bfd98c762688834942d5997896 |
| SHA256 | e1a8013d554fe33298c62c674640b324620123b43bd486a218d683d742bbc85c |
| SHA512 | 418154ed50fb536c3fa792909b2fa99548bc436cdd0046e0c3b8306e8fad7ccb1e67bd06bf6633be3646dd6b92b24f199d8c7a243757d6a5ee10ed30cdc83d0e |
C:\Users\Admin\AppData\Local\Temp\mEYu.exe
| MD5 | 1f5ddaf9c4037bbef6942d92ae45e0bd |
| SHA1 | 63bc5b3de49f07e8474bf7deb0093e23031e498c |
| SHA256 | 97d3e3e39124e3184d855cb90ca76b0138bb811474fb68f71c3429b02077b79f |
| SHA512 | 00c80fb1dd70002e95521913f88d4aa81bbdfbdc6708e68bdd5313899bfc27256ba9d2b04dd08ea2d21612e5b3b6ab9039f92a84b639c880cd7bd8ddc1632159 |
C:\Users\Admin\AppData\Local\Temp\kAgw.exe
| MD5 | 7988eb7115baf4bf9d437123ddedbec8 |
| SHA1 | 634354ce0a01270d9757862ce1fbac26e33223ae |
| SHA256 | a49ddca67552ab0566d1c50d3a4db24f5fc1bd59129a5f1d516e7e7cf971679a |
| SHA512 | 3759a6ea0a92ec3327a6d66a75875861e28196a676e2dfbaae3de719d8bd9966a313b4ff885a3d64da781026eaa37bd24ee8e7493e50c8cfb268d6a3786c3129 |
C:\Users\Admin\AppData\Local\Temp\eooE.exe
| MD5 | a40c59c9f3390e00fdcf884890d42b58 |
| SHA1 | d094b5e58bc42c6c4437604a629a5446ab9fe4c2 |
| SHA256 | 696ada0fa8d584a76440cceee8b2d630e9ca18dba75ae41f13ba1828bcd3f239 |
| SHA512 | f534a9514641c631304f580439d7ebf14de2fb981ec334f70c5fbb346145c414c0866b4817ba394d90c8508682bf9d72fe984f1a42e76a96fe8c877c554215af |
C:\Users\Admin\AppData\Local\Temp\Ukks.exe
| MD5 | 5ca12c2ae2cdc4a2213b4b5723e7fe0c |
| SHA1 | 2bda33f453bcdbc89b4855ff98634cc2f5646e08 |
| SHA256 | 5e42488a189790fca4004a584b073456a25174bf3bd6212a79b4b61959fc084a |
| SHA512 | fc13c6bc0b95cc40d386d394cf236247f727a46bdee469b7dca7ef9779302a4b74cd6e1dc395c652c4165918688eba57ad59cf77b9e64d1edfda1fdd8e4aa18b |
C:\Users\Admin\AppData\Local\Temp\yokk.exe
| MD5 | f24ae946dfe33919a5fafb9be4b59e40 |
| SHA1 | f1551b86173a7675903ae8911b125188a7dee31e |
| SHA256 | 5b9e7b1fca4f4bd7446796a2240dd941e490ec506eb578c9987f0c3e79a8a778 |
| SHA512 | 6880e9667209a745286852f8e644ed70ffa1a3d408a17683a4b31099c23ec2962776eac3d47117eb3f7cc2ef96ede22851f0122886deedcb08efefb4f6894f81 |
C:\Users\Admin\AppData\Local\Temp\gosK.exe
| MD5 | a51aa60046364ffc1496ab80db6c6f3a |
| SHA1 | be7f360447cce1553aa434644e052ec2d3dabad6 |
| SHA256 | 5e92f7c03533d816e66e4ff07788b41b86ba0dc0523230ad8652f00c32a14455 |
| SHA512 | 440740a1ce1fa9cf3d49ddcd5e01bf9a13d313a71faac6aa9dbe59642a8b1025e8710a2b2bdf16458dabfca98617ba1dac9d018fa9a1c82effdad44244a7ac7a |
C:\Users\Admin\AppData\Local\Temp\wwIC.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | dd18b2c8655fab4ab9fd0b2c03cc655c |
| SHA1 | 2586c8d30bde9d7a7a6b91e92fd95ebcd56dc9ba |
| SHA256 | d305b9471fc734e609eaafa480822ebb707cb8e36ee8effb11b803f0374b00e3 |
| SHA512 | f8b4eda7363eaa80ff9ee232c16df7d02a9faf03d88b68df7ee05af311e30091bf08510bfe40bccf89516899d29294519a525b0aedeb4195c4749305cfb5a66d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.exe
| MD5 | b6e85b3d286b2ed129bf6c8ce88843ef |
| SHA1 | 645285edd2ecaa3ed1e56d309adf43f8a704ea1b |
| SHA256 | a4ae3d3f881cbaa6586f1d5e31bddfef76f24d0a0c5d3cff72e8a379f6ae81a3 |
| SHA512 | 9dc1aa3dc65f176f624728cb493f7b66cfdf70ba507c6959415914d9a750908846f5ce62470ae75da7598d55ed7db812e6ded15c5d2d1ee84e9a51189f415b43 |
C:\Users\Admin\AppData\Local\Temp\gQkK.exe
| MD5 | 20028c914652ad8d5da927460813b515 |
| SHA1 | ae3b8a4fac5e3deb41e830247812af52ea60d66e |
| SHA256 | 4c17a6650cf9c1e5d201a6d643a7859cccd5f5ebf14137b39f1629b9ee741a01 |
| SHA512 | 5e8247fa37aad07e12674e05dfe40a72ca72a26e8957117750bb76f553e727456d55bb8e86f75fb59cbabdbab9b9fe04771ca10b7a6332ab6f924b6d8016d5bc |
C:\Users\Admin\AppData\Local\Temp\EoYe.exe
| MD5 | 22592e258fdd7dde6b58157c3a15d204 |
| SHA1 | b21117bfb82b1a3098a3c129f35021cd74648f47 |
| SHA256 | e939c3dc8feea16bb80740893274aa080d76e895d6bdad0690c74d3b57c8e18e |
| SHA512 | ca7759dc33dd498ac30443356d365101fd850db5b1e2dfbf977ce767e6099aa7c386a447898688936771a48c92755cf0dedf3a5acd3e7dde00b617c3e6aac3ad |
C:\Users\Admin\AppData\Local\Temp\GEsq.exe
| MD5 | 561f4bcff8b8ff29e2bf9887917ffb98 |
| SHA1 | 21ea7763cd3e214ad604e9ed5d8536cbd3dbe7ab |
| SHA256 | 31742b23b4795e8b6f88ebe572fd2e262aea9e3083b8c3483ec9cf828af75f5c |
| SHA512 | 208237f312dbbcb1f133c0f6e956269174c8f6de7676949c76ef67dbf5de2b31b190d90492f4dcd3924f61f457bf5b79fd89f48a92cc77592d6d13112b895060 |
C:\Users\Admin\AppData\Local\Temp\ywMY.exe
| MD5 | a25a6e14b0d9a538956f4e3514211373 |
| SHA1 | 755cfa447f0c125d89de9855268fd313c60b19d0 |
| SHA256 | 18f70c57f0b00495c99984f189a59050c3359825bbdd80225976625e4280159b |
| SHA512 | 7f5e4243dd842f7e9b547ca8fd12cf8fe36ce7158708c112a045a870773971c090c85a6acc84704405e90e43cbf041f7470ef965b2fe2c6c8779594369d38e00 |
C:\Users\Admin\AppData\Local\Temp\qwEw.exe
| MD5 | ce3345b8d7e663aea1dd7453890f3b43 |
| SHA1 | 09d6e6d7b6c7b14781c7f2eaee4fc8a6a0755d8d |
| SHA256 | c20fc7bb430f7760f22eb6cd33cea324a2864ceac741bb070e43b1806343dd61 |
| SHA512 | e130edc3b366fdf0ce8f9779c903dfc44590f8e71b1c41e3749c20ae5e1bd255ca7f8f25115c66f5886529d3eac03e979370f3f452844c9d8e92c860f7e7aa6a |
C:\Users\Admin\AppData\Local\Temp\QAEA.exe
| MD5 | 95b556bd8997d45b63662a153f49ba6e |
| SHA1 | 8f123b220ff6130d1c32427647aa20ee60ba12b5 |
| SHA256 | 3374eb9c001aa30c5af12dc19ce144f8caa1a5569905cda173ccb94fe3494c0f |
| SHA512 | 6ba9e5c5e60a0c91420b47a73a1c93f9b9841dc3f7cf578adba5ffbfef2cefe313736d9dd8f0def88864e0b945229dde5ecb36876b978cf5dd76d2f086faaaed |
C:\Users\Admin\AppData\Local\Temp\AwwK.exe
| MD5 | 9d4e9c339646d6d38fb30c566d12d298 |
| SHA1 | 1fea158357efe182611bbc48d5861790e70ec7fb |
| SHA256 | 33a3b6af74c367ea25996c561534b6c66de1e51a20676276ed0af77ad5718e4a |
| SHA512 | 7b7cb407d43a082f014fafafd09ad090c451c20d54ea5f0cd5b41c0e582eed2bbbb1dd7755a9c67202b29d94884adfdd7dd53fa2a6a7181a5bdbfd3b44c51218 |
C:\Users\Admin\AppData\Local\Temp\sMMi.exe
| MD5 | bfa1985d8cd6b74cc4101bc2f9db8430 |
| SHA1 | 13b16939a75ce5c1715d726324580d7d3e9c4dcf |
| SHA256 | cb1b7660ba7f450985c0243bbad34f1b816fbb3fc9dfc0fd46dcef2b4fed7568 |
| SHA512 | 6fd3b897b4053912f9fcb76a0abbf7d51db009ad8c72d716b4f232a9835dabb1a5abab53583d6f78124a31cd82d3dc39894c50968dc0d98b9cfc4813885b8c23 |
C:\Users\Admin\AppData\Local\Temp\cMMG.exe
| MD5 | 4dfc0448e1e68ff4c1892c1079078ac8 |
| SHA1 | 1299b973849dbcb2b6ca8f0d7674138d03b3e3a3 |
| SHA256 | 4159664601f50a7853eb41f8f11d55c2f83f8f3e38a82ee999a14859bae3a39d |
| SHA512 | 55e90c5fdeb63c8a07251089eed402944e7d98da2122d97052742e1d8acdea5283dfe04e9c8ca945798ac0fc72ea06150d1797e6001a63cffecbb18342681e06 |
C:\Users\Admin\AppData\Local\Temp\SMcK.exe
| MD5 | d4d1b191433c2a8f6f4af7e4e9a89476 |
| SHA1 | 81c486dd80a76c9cc10e04ad8f229252140dbe10 |
| SHA256 | cbec3f1181ae2f7f915b01e8abc89111ce618eaddd65093b28c777a03289208c |
| SHA512 | 125c0237d7c18e4abfc64a99ccd94cc48a0ee16fd7b11990011644cb4fd29b626efc3b6c4d1a24fe332a0da78e236c4e218d2ced2c48e58cdac08f2b3b5d9f63 |
C:\Users\Admin\AppData\Local\Temp\KgAE.exe
| MD5 | 33be991d58e7ac94263db6b16d38722f |
| SHA1 | 9a2c66f2b32b277a10fb2829d2ef409f950a4dbe |
| SHA256 | c13b16d532d6e3056125608b26da8ec85187b6ff3cecfc8f883d6682a2629bd4 |
| SHA512 | 0c1fa4295a963916b608d072e7fc952855c974de583e9c1425e869c53e21412dd6648a9c9a45983c08e8e44617ab0ed86ff96bac4b81320a936d888f667a07f0 |
C:\Users\Admin\AppData\Local\Temp\MYEe.exe
| MD5 | 551ac380a76cbaca800ce3b81dfc129f |
| SHA1 | beb41440d79949d6234fa474155cbb6a5bff476b |
| SHA256 | af30ae0ff3e7ce47d24c1323e7b0786bcdbde50ffa5e84d47e050f6b09e63b58 |
| SHA512 | 6f9f0efe1f53a59dfca6640c484e06317a6ab1e030df578df11da694318e9a75660edbaa09e7d5444566bcd0ebb1d086fc3485b6ef00e9831eaa56d9dfe6e8f6 |
C:\Users\Admin\AppData\Local\Temp\gsgK.exe
| MD5 | 45ead1d5df89b3d99af8025ec6257ab1 |
| SHA1 | b46c98080a45a758e3b738258776b91fbe6a59ae |
| SHA256 | db2f827c066a3d2b34fe8b09ae69bac156d4747ea65c5d1b229d042c1e340ad4 |
| SHA512 | 2e9cd3e85b417445681e434cc62ade3bfce9073c0cbdcbfe60f3d954c5355afbd5c58d653f204e624b9d37c293ea2b1f0978d507866383538bc65417d6d23763 |
C:\Users\Admin\AppData\Local\Temp\MQIC.exe
| MD5 | c995aadda81c2c6d2c9e9e0bb5d0088c |
| SHA1 | 24c440e5ca73b5dee23061aad00b4b0cde5f9abb |
| SHA256 | d1fb9ea4db04760f97ac282511ada6be8bf17c8a6b8a450b9c4c480faeb6ad74 |
| SHA512 | 0bbf9a6ccb061dc0693dad2f330d5bba8051e6cdb70cdffb69a13cea4521b1be7d039038686f36df2a27d7506a7f578dee1379b216343e8e548dd650c005e905 |
C:\Users\Admin\AppData\Local\Temp\aYAW.exe
| MD5 | 5878a3f5dc12f34d1ed1c9b61a040343 |
| SHA1 | 501fee94327179536f60b094d9178dacdc2609dd |
| SHA256 | 9f245c946ec055e5ef11341bba9d2bf494731b5ece07afdde4e942c00c9ea05a |
| SHA512 | e3fa16b81bc4d4d91b8662e90a9061f3b6906da34c3bc81556fd05473d2609036f21e7d0fc6bee31026c731cb48637a9ee98dd63264732fa0e25ee1e121aedc3 |
C:\Users\Admin\AppData\Local\Temp\Wsoe.exe
| MD5 | 9571c1d731682f0f3f7eb5f76f0b1e3b |
| SHA1 | dbc274722bdc69ceb7bc14483f51f44d187b0fa9 |
| SHA256 | 3821c0cf72ba246abb114e3f871679b259e7346b0fab560f4f4b2c18cdfead2b |
| SHA512 | d7a1af071ef308107d2ef3af924030f7dc87f2813795b565350c73c9ca5343dc2789d4ad67eb0f9a38a9142870b400bc8ee5074764d3ee73df799bc23b5951c0 |
C:\Users\Admin\AppData\Local\Temp\kAsi.exe
| MD5 | aea73a68d028fdc2238a418deb1bc72b |
| SHA1 | 03d262fbf5cdb49b11a25722ef161593f3e102cb |
| SHA256 | 40800d8d0c84146cab7997ce33c185a45febdef6004b76b4f42a82f3b7afe430 |
| SHA512 | d8148601113924a957065f7703311a48f4abdc3ea4250742da42374e5586ab57e4ca82ac2c22b2dafb2191fab9b82509032e95c51a24425ee45500e15f53b362 |
C:\Users\Admin\AppData\Local\Temp\qMEI.exe
| MD5 | f5b0d488ed360a8a79538e6f37b346f9 |
| SHA1 | f52cc489f293dc2e58d5d8bfeaad8ec338be3051 |
| SHA256 | 20f197a0afaa1377b614847042f8cca1d3a047d4a75475fd45ab0429fe96aea7 |
| SHA512 | 3bb1e0b10d74ba621faea4b7a3f46763dec6199420a18fa653fd0a9b14a0f4247c791a9366a23952b2b5ac6ad3e118b28cc70faf9e6761256b9cf2ff2f438e96 |
C:\Users\Admin\AppData\Local\Temp\qcgc.exe
| MD5 | b65fff25a6a16e8d0fd6cae4e04370a8 |
| SHA1 | 91196cc91a513488b57448d2e976dbb9ad3efc24 |
| SHA256 | 99aba068bbf6fd62c7e009f073351d3751321b11450c8f2643f89d5d1b860af1 |
| SHA512 | b24af097b30c5fe901e3c2798ea16ab7b0a998f2d82e7bbdbeaddf04c9db4450c093cba924c158df6305e95c1247217c22da04c5f0e48de119e7d59aae3176e8 |
C:\Users\Admin\AppData\Local\Temp\SgYC.exe
| MD5 | e89c2080d138923702c794dfb291a992 |
| SHA1 | b21d73a91c2a94a0f6172889947e7569265ee566 |
| SHA256 | 0fd3f18ba0c6c1569ff2024e1c4914417b047f588ba5591ed3ef89df7a37a325 |
| SHA512 | b208c76e705f9ddc0977357e4760b158a3d75c5b3661f32cfa1d09dcf7772e935d973d98188671c6e740de37e8fa34ea5695d01bdd680656073c36b7086a9834 |
C:\Users\Admin\AppData\Local\Temp\aMkK.exe
| MD5 | 536f3c6167c75d6089162071fc22bcc5 |
| SHA1 | be9d6b22a728d1f785d1e6ec8afa0dffd0601c1b |
| SHA256 | aeafd548317224a8dfd2d6543af6a3adc996040094a111aa6f17022a2d7c0481 |
| SHA512 | 94c72cb41113dc555b89099961825401cc7f1f6b88903f668366f7bfc0e2693cc57eac23895b7df38791e714b4ff93b7fd22c3268a6a32d816c0a431e333e7b9 |
C:\Users\Admin\AppData\Local\Temp\YsUy.exe
| MD5 | f392cbe3a9242ecbdc8949334d8d439e |
| SHA1 | 47c3b9e26c0f5c9b7ca97f37e3cd7ba9eb4d1575 |
| SHA256 | 2c60e3f90315db2d0b51baab76599cedb80d24c7b803e965cc1f19627625a187 |
| SHA512 | 721318f4f4da7813d3e7c917bbeba31dec59f6738a184c0a48cdf15bc2be2b03aa58e6151923acf9e2a1e9c46e539b35653c3cc46b276bf4c28aad14d9a6b995 |
C:\Users\Admin\AppData\Local\Temp\KEUs.exe
| MD5 | b5a79c38234ff87a0dd3771cd46d9e71 |
| SHA1 | 428fe6fbe67c8f6a8827ee177b54b8645b26465b |
| SHA256 | b32ced0565d42218e3677f45d08ce9e177c6905de99fe4d06ee68064d36e6005 |
| SHA512 | 9a810817ce503eb886d7fb37024bd51f0d01fcc45655bd4577ef7a03955d9be6a975c3e7525348d4d5e5b4217ba28b33fe93f355ce530e0a82613e09b32507b8 |
C:\Users\Admin\AppData\Local\Temp\Msog.exe
| MD5 | 861eb89bef59363e7ef1e23dd9ba5f1d |
| SHA1 | f24a1ab9300c1e9fce6a907492a57a8504bfa50c |
| SHA256 | df13a0f8644b88e179cc35eef5db08edcd21aa3995abd4e7c1bae1773254982c |
| SHA512 | c7d64019414321fa76896d2af50faf689722e1f68a7c3f4f82fff0e787809a2c0146f7375837e075fffa8b22e9524b5ce9913074f4196b6ecc8bf6cbc3851cb6 |
C:\Users\Admin\AppData\Local\Temp\YQYW.exe
| MD5 | 41daf687e8a39bb5952f07ef9d123b90 |
| SHA1 | 40035f6d566f3f3fbe6cfb9c6f9285a6948e56c3 |
| SHA256 | ba89efc74af2b9d418de2db7ce275ff6273ad428da561523ae941b2effaf8a70 |
| SHA512 | fab904f8ff6a60012474e5c7a97be65f56e0e1b070d7c1f74bc8cd0f8125ba5f8e64e15aafa8317f39571b24462fc11d7e1c4e2b0108b520c397eea630028acf |
C:\Users\Admin\AppData\Local\Temp\GosS.exe
| MD5 | 663c754e53142663a5bb6039bc85387b |
| SHA1 | 994463c0df0338d33cf7d0b8b86b958d41282dc8 |
| SHA256 | d37f91ef93062b686827e1942be2c1df9e48e38b9582fecd93bf30de510d44bc |
| SHA512 | 572cbcb3b00ee99c1c66a9bbea059651adb7e69fc079313710bb741dd0e8cd07a885b57fba483dc1a60d10dfa47b004f52c9246e306cb2c47264fb453c904d1e |
C:\Users\Admin\AppData\Local\Temp\WMEA.exe
| MD5 | 7fbab4e94e6193ac87518d5213c124b5 |
| SHA1 | 6894e93079fc562bb5398445d2668687f061364b |
| SHA256 | c67221b1ac24b6a2808dd50f594136cfcff06a817a16751892e261456324f2cb |
| SHA512 | 7e594b531f36c2bd97b3b6935bc40ef4c20eb645add9aa19a08d71506c47cf9612e3ec7afae1a868e19462898de56712ea4be3b278c70b9e213adeb112279224 |
C:\Users\Admin\AppData\Local\Temp\mUMm.exe
| MD5 | fddcb397578153a41ba2155f935c399e |
| SHA1 | 615a5884e6561ba1ce8bd78944433125ca9ec7b8 |
| SHA256 | 008f7ff01c0c83bf0dffacf81ec507aeb1e94d9fb05eff2868d22d1ec70482dd |
| SHA512 | b37d4ace75838ccbd9bd4fe29e0b3a3aac9e9cad3cb95e06c3cfc65aab6a8359da2c5e53c0fcc40ba70a69737abf9aef0e64387a30c2d99c168ef1e94f4d751c |
C:\Users\Admin\AppData\Local\Temp\aowW.exe
| MD5 | e032d27522b9ac7f1a3afe2b4d2948c8 |
| SHA1 | d5285712069e55d0210156c08b51701dc4b6e715 |
| SHA256 | cb386088fd5b4e26ce98c19b36f0987c8d0ce03570c5c37a8a02dd1acd96cc23 |
| SHA512 | 793a2e78d74aea1780ad9ecdcb78dee04c86ed74309d17c86951cc954023592add603f9420778bd5d43047d75b2ae0606fd68202e487178122e32cd2a32c7ad9 |
C:\Users\Admin\AppData\Local\Temp\AIMO.exe
| MD5 | 741e0e7cc711ee6666e7d40689632b7d |
| SHA1 | 73f36062c2c1ec3104057f82df60c8bb40ef46cb |
| SHA256 | 1b894f53fd41d961864e39632267a25af86b3b6bf98409c01c48d1991b1f3b52 |
| SHA512 | d7fed558fccb673d2e235e3d7459fa2c4b6146844c356ad22cffce26a865fbfada75e206e0d6ad0686a3d4c36c568dca7d81fe986fb9c7490ee8fd58aabd472e |
C:\Users\Admin\AppData\Local\Temp\wEci.exe
| MD5 | ba5f94755743503958fc6fd4b2a3abdd |
| SHA1 | 1cb9c63f79143d5fb7eb7210648c527338ab6efe |
| SHA256 | dee7ea8c77129f6b2a39355033e3372ad832a5825570adee6e55df4ead1f29b3 |
| SHA512 | 1ae1e1f51f4dc386665199009459a9e8544d63a1320547428a97fb17ec49e7439d3bcccee460586c95171b043f83a822a46903621539d5daae2f829d2640f459 |
C:\Users\Admin\AppData\Local\Temp\QMsM.exe
| MD5 | f93ffa52ca29d08727e186aff44fb1ea |
| SHA1 | 9cd8eee466e1783faab92af41e93abf95b8dbb63 |
| SHA256 | 120402c8e4b67c30623ccfcf77af2491b6410d0f0d013f3809acf0c490fdafc0 |
| SHA512 | c12a2196810bc717394cebd620d25209b039392dedb9f6abf7d350b56835f8d21a75b5a36a6972c58aa81b61f316fa852d79587b0dae6d4cef630644b8d69384 |
C:\Users\Admin\AppData\Local\Temp\eIcM.exe
| MD5 | 3e478ac302323d081290dc6efac07079 |
| SHA1 | 7be9b5083f6e9e610c90fd95ae4be512773f9bc3 |
| SHA256 | 8b945b7de7bb4e913971521340ca0e4145b07079124c67d31ce84ab19fcd83b6 |
| SHA512 | bd8f596ed578a12109ce7c87f86cf8987c4fc758871e4d139d4bcc83eca75440d497334833368fa1f531142c2d30abc94eb2da203a7e0b1084eac0c715ce1ca3 |
C:\Users\Admin\AppData\Local\Temp\GMcE.exe
| MD5 | 6f71672a3fca40bc3f621b8affee981d |
| SHA1 | eeb32394382b629e3cd1cdd01344241a1a1a336c |
| SHA256 | c163b777e734e6f35200511a9c7e45f0ee717d9e66541ab4e3c8683588a2dee9 |
| SHA512 | 6bb34950f8777ad8581a5d8d92575520666d3e326b988221479117dbb968b7eeb3d71c894bc23693fcd31a0185ab84ce8541d0cf3582e9880e80c753b53fc7d5 |
C:\Users\Admin\AppData\Local\Temp\iEoS.exe
| MD5 | 5e37b745a3d80667e48bc936c5014a31 |
| SHA1 | 4da72a00b89ea19768b433206caddb7640742e81 |
| SHA256 | d59a9d949e54448bc5082d7e12fc6fb58f9d6bcb411cc58024fe92d4ce8f3881 |
| SHA512 | 76ff94cc56e18948b94a80f495f7bc35ba47a39f1835ae7f2638cf6006790ad1571d074ee38a7db69d6fa97eecd1757e61a3a60d96c496aeb02ab88f473dcb53 |