Analysis Overview
SHA256
15dc6d8cd97ec807ed9c0f49499c7cdb89bfc1c8a9d0b2f5db0cd9ddc401596e
Threat Level: Known bad
The file 2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (75) files with added filename extension
Renames multiple (57) files with added filename extension
Loads dropped DLL
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry key
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-15 11:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-15 11:45
Reported
2024-05-15 11:47
Platform
win7-20240419-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (57) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\cgYEgEsU\OQMcIcQY.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\cgYEgEsU\OQMcIcQY.exe | N/A |
| N/A | N/A | C:\ProgramData\HWEkAYco\deMIsAEI.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\OQMcIcQY.exe = "C:\\Users\\Admin\\cgYEgEsU\\OQMcIcQY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\deMIsAEI.exe = "C:\\ProgramData\\HWEkAYco\\deMIsAEI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\OQMcIcQY.exe = "C:\\Users\\Admin\\cgYEgEsU\\OQMcIcQY.exe" | C:\Users\Admin\cgYEgEsU\OQMcIcQY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\deMIsAEI.exe = "C:\\ProgramData\\HWEkAYco\\deMIsAEI.exe" | C:\ProgramData\HWEkAYco\deMIsAEI.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\cgYEgEsU\OQMcIcQY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe"
C:\Users\Admin\cgYEgEsU\OQMcIcQY.exe
"C:\Users\Admin\cgYEgEsU\OQMcIcQY.exe"
C:\ProgramData\HWEkAYco\deMIsAEI.exe
"C:\ProgramData\HWEkAYco\deMIsAEI.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGMAQUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pyYEgEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WcQoUsMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SygokgUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAgsQsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yUMUoQkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIsQAQIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgMgkgQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYocYssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nCkoswwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lqYYMcIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKkckQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EGoAUUME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mEwwcEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WyggcAok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pekoscUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKkgcAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bEgEcwAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TOwsscUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kgUEcUMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aAUYEgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gmwkYMow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OsIEoEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DecwAYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RGccAQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NaUQUAYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCsMAAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSoIgQQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eUEIEoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WyYwcAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oYUQsAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZYUEkYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWAcksUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tIEEcAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcwoAgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nEYsAEAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gusEYQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UyQYgkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ysUUMocM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wsgAgMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lckUkAYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMcUooco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NScEEwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zosUUsUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKMUEIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KYAYocks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qKIkAQkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EAwUcUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yMoUoIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tyskAIMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VoIMMYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGUgAsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DIUkcYoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywIYoocM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UkgwsAEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MuwkMEQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kYAcQcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcUQQUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGkMsQIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BuUcEIsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nUYYMUcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOkEIgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIcIIYcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikgwwAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QKsQAkYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qCYEQcgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AaMUwYUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZAsUEcUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tuUcMAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bocsIUMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmwMgAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\asoEkIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uOYAEAUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EIAsMYAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycocwAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HOwYEgEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-620483395-3076086882013875445307881911869954338-7144832871442942745-1529602009"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hmYEwcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JUYoIock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "931662013-1545174389174410928716855797121146183856-2042605722172525414-1145128651"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DmIQAsYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uuAooQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6438941489706499807934374180515137-1446387397-1057013776-1128055707-255916229"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1241719839-1652636909037003111297718075-2000611983-230635287387686352184738049"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UywEYEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yMwEMYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KmkYMIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wukosMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dSUwsgUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10205582301433622817152354832112705924261801668517881789010-953099373-238245858"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JSoQoIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "805709010232366675-1199230827-993810795444725279-1011369966-229127642-316503556"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMUMoYgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1488521569-733304918-1260613145-1933265738-1148894141-1733169636-2071609788235820839"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bwssokYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kUoAEAEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aocgUcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1710358483-1716976980894294217-4856068419188870871338569009-1732735805658431645"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SMwgwUAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-693968276-1264781182534418536-643348011509553848-1743808589541520851798267687"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Aiksowow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1005462750-7895472381264827142-8417922951239901575-2039026987-77654762239978030"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AmQsggMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-249783934115653335755919842120084809868811885631487638932-1786101794710544978"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "786405815705309044-2093014539-1128959193-20401403781458158709-1720686119-1485825650"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JUwgcIgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\roYkYMUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JkEkMEkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "560941987-1019796910-5251600561652008867-1439898671-140073496-15934282251068520637"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sGAYUcAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IuIMcIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "852996300-28462696622884816-17855258521926272395-1501180372980658086-1986337353"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1975915734-110968642-1531229715268888097683692517-196428047437087298989256844"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YAgsoIQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QUoEUEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bWEMksMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1961839020201361726-616627529-6887102167451527381189501894-1357862046800133209"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NKcIsQoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7227123765992426781685730184-1095312963-8409187192178498541373082409-1951751035"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZIcgowEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "594227233-3783856812143323986-3893540622065924579624262075-300154975-1958706930"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\reIQkUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17949197581712395641343886546-14307381531596400005-459241676-826554402-445965960"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IgQMYccE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\syYooYgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-895699510734108025-14627623171378839820-381934364-683096708-1577234544-383289036"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CQUEwQMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12256901139203807581340319168-2076288141305220309-734565827232303382-431439307"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYkIUcQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zKEUUgoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2083321002-5598506661739234460-1972135193-1209298084610047442-10650120131060337229"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VUkMAAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "245893173-1047678868-110395166394265610-74827420-1660766404-2937657362014595401"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8730167751295825451-1921057913-2603154663039414414418933461706803353-1839009145"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lkMIAQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UaIYAgwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-38561517-1029857166-1936491605-2088790882-1331651998-977234017-7194627341740623877"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1244574194-2143578094-1466501171-1956125748-3218543891218018825-1540204217-1346551683"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20224658379501842482061175548-19204337661423857831-1065888634-7250564721188040942"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WycIgAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAkcEsYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2120781774-519913344-151990240239578574114256510661821032220-5091401541885093603"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7610732971182412615-1145347698-201885224589084705-330646283-1844407729-213405052"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DAMAswcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1587751617-16703839021061957710-1668138183-101325260422359445575478030875174907"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tkYIgEAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JCsMkgQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BGQEAcQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2046050691-16057866821596530860-919009525-377835127-1422383084-1736269694-1649222158"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-921183340-69601637-188054019218320192371018522071-211782513695297039400809873"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OSoYkwEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GmMsQgYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kUgskIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECIIYoMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LyUcoYEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "721375273-188617194487851167991666776-2113293592-228923295-1496953649-581725567"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fekEowMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1006725945587271987-2939037311838878104-1116294421-1976723037-14224833301197607884"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-922314827-1627001956-726235709944296673-7797066942056893008237679369-1418685480"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUsIsQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19008063951712073064-699287731-17788192-1893838923984919120-18092842941126542127"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rycAgoYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\igskYggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CSAsEwQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "202104769810274042841507228092-17861363-2114795433180115039-998129232-1293355934"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19315839551235055922-18620350171766888274-1448379108-1858944850368622333-1251608835"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IKwIAcIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| FR | 172.217.18.206:80 | google.com | tcp |
| FR | 172.217.18.206:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/840-0-0x0000000000400000-0x0000000000432000-memory.dmp
\Users\Admin\cgYEgEsU\OQMcIcQY.exe
| MD5 | e78f1b9cde52cb4e16e060ff839a9b09 |
| SHA1 | 4bcc4e87403cce6da7b6a50e02086ebc6cfc1b54 |
| SHA256 | 40c392b804a267508ecda14061f19762e17d496241a3e89ffee2c28c9e0de04a |
| SHA512 | 4c4518a5db146c6ca7c0be1acaea2756bd26d10471d44b39d89f27370b2bb8cdc2ab4267a1e9ae2bcae82cc9032af3bea50c7edb741b1c2119864290d5dacbba |
memory/840-9-0x0000000003DA0000-0x0000000003DD2000-memory.dmp
\ProgramData\HWEkAYco\deMIsAEI.exe
| MD5 | 4eb20d6dd715c9fcc92b130310a98cb3 |
| SHA1 | a26e4f4c3445bdfcf66c1e7fbdf8333fc7ec5051 |
| SHA256 | 25517547ccb6ae54ae827ad459a29b570cbbf4a1cb3e12fb539617316912ee37 |
| SHA512 | 83e86b8c28cde1e7761efec734979a432c54220f6e731e2b53452cc773591d11d568495aee8cb5a2362753883fc1f0b30e858f03055c6ec6f9ebfff5c4af90bc |
memory/840-21-0x0000000003DA0000-0x0000000003DD5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hmMQEIMA.bat
| MD5 | 96b113cf3b350e17ad1825c944d3bc74 |
| SHA1 | 1dbe84e9c70361bbbecdc16362308a4e50e95340 |
| SHA256 | 0e55304d11e19aa24448f07cf27a598fee9372feae1597619279934346c06700 |
| SHA512 | 38a83a4b6a68f489c82b1fb0fa74045771350668de9aecd4c15bb6e4c6b5d2184cbedf9b4017ba1afca067734bcf75c026ed060875a0bf7639320baf66c1bf18 |
memory/840-20-0x0000000003DA0000-0x0000000003DD5000-memory.dmp
memory/2680-15-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2496-32-0x0000000000400000-0x0000000000432000-memory.dmp
memory/840-40-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jGMAQUow.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\NKcwUYYs.bat
| MD5 | f3de6de7719d0349fc93b5e9c343c9aa |
| SHA1 | ee3480e80825e93e0c52d9478eb85399e9dbf35b |
| SHA256 | b29726218c38b85cb1d4b326699bbaee338bb866334069dfa888ff63065b8166 |
| SHA512 | e4a5a188ff992ce0b727ef6aa26f9d96d3068e4a045b0cff6dfa8019b31c4c0596b5fea814c343554140988090e7c1db928bf0dc566d0ee9a8de0bfc454b9ab7 |
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
| MD5 | 170555a84120985bef1afa430a90c465 |
| SHA1 | aa3652093aafc935d3d65b65954d59c9ba198b16 |
| SHA256 | 0eba5399fee276a0834e1488637ed1bf611ca1e28da39f2abc6edb2c59d6c4c4 |
| SHA512 | cf95ce630a758dade0a7ddaa39abc5cd561a9ab2bdf73cd6abf154fbd0a84d63b04bf239626e987d595d75a6c009d53bf3a0f45b818c0512d3baae15add5d399 |
memory/2804-57-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2772-56-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2772-55-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2496-66-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hmYMEkYs.bat
| MD5 | e825b14131b945f17d39d83c02239492 |
| SHA1 | 1fe501237e6b9b441cedd67ef21740f4770ecd78 |
| SHA256 | f1ae45d00ca7a1fe7f6aae445b57ea9a40ef7f5da8195e11c6c5fdc2bca25b27 |
| SHA512 | 73913a7e797458b164e2e303c96a841b6d8768f34c75de69ec2ef6f3643307228556a5e2aaaf00ac8bad404af8e159438748820a43fe56ab274b72716fbfc0f9 |
memory/2024-81-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1824-80-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1824-79-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2804-90-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sWAAQoIU.bat
| MD5 | 0a4eac03550faf964d3ce666954996a3 |
| SHA1 | 49edef40d693f3aa5fce1ec454c3786b3b8e6bfa |
| SHA256 | a01671c63b6877a6aece5739235361222148d41e8df2de53fa4d122b63179efe |
| SHA512 | c15dda835e7bb1411b8138201290527009483e56d3d53e2c421114cacb26ce286fabf96e94546961ee853824cf11a63795b447c3ca4e43937a9275cc81368534 |
memory/1460-103-0x00000000001E0000-0x0000000000212000-memory.dmp
memory/320-104-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2024-113-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwMEIkwE.bat
| MD5 | 50fc1bdbe2a6ee304f7603e3b318a64c |
| SHA1 | 0aaae048b7a92b4cce629136086bd8f6e90c2b90 |
| SHA256 | fa24cf0621cf68dc977b47275c735bfc1827387da7377eeb54d3d4bbcdea57fb |
| SHA512 | 870f7f282471446da07ed8c59e878ccc26e6ab1dc87a931d48ab730926a490226344b7efc4725e34a6f51dbb05c7e6795c3758b48685cd9d6f243e21f5189081 |
memory/1108-127-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2080-126-0x0000000000230000-0x0000000000262000-memory.dmp
memory/320-136-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SeEggscM.bat
| MD5 | d0fb4b5ae110b06082cd4bca443ff5bb |
| SHA1 | 69e996edaa22c67ca8fdb60cb2775f610b68cefc |
| SHA256 | 6e25073341c4d249f0e283a54e71bba99a6a14d280064c7d964fcb06381ad758 |
| SHA512 | 1b9f3984859072804e47d6f396c51b7984fde1b311ff7e0bf5f381d390f7d2c6555a429e55a85ef757e3307ec8b2f8ff72b674e8357bdaf63aecf61ad3f6133c |
memory/580-151-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2144-150-0x00000000002E0000-0x0000000000312000-memory.dmp
memory/1108-161-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uMIsEQcY.bat
| MD5 | 25846740caa0ae6e06ce85a16e597361 |
| SHA1 | da70cbf529d46e790ac70915aba16a77085867e8 |
| SHA256 | 3e1dba83ab825538168bc74be1777d907222bfdfc73f955df734c1b3a820bc7f |
| SHA512 | 903b879d82b537a027ef81bf84e0ea6d8e77fa7ca6d6973765fda5fbdad6522ddf8124e24b4816d7d9fe4356eac8304a5d6c75a8eee5f813d3887a9b1ba5a918 |
memory/580-184-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2396-175-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3008-174-0x0000000000160000-0x0000000000192000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NcEwQQMg.bat
| MD5 | 5d037e6dbd4cc87a57154de22deaa623 |
| SHA1 | 1a39d93b56f5ab81960722715afdd22e0adc8b69 |
| SHA256 | 3d3e12d1d7fcc7e3e14a823c76ef9ac2ed9b6a7c970bbbd43704424a6ca42b7f |
| SHA512 | 3e73b2e63b4a70a3d8e07d437bbb9a2f5c9ffbbc1d59f5b4f9cc1ea81fe00e319616f7fa1d25eec263b75566a09ed2d02646fe8ca8edb42104c8834605fb5a9e |
memory/2824-198-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2756-197-0x0000000000850000-0x0000000000882000-memory.dmp
memory/2396-207-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dwAkgoIg.bat
| MD5 | 786ff6fbf2723f2d9cdf8b547747c443 |
| SHA1 | bfecb05445b826de7fa4c192bb1f6df969035bef |
| SHA256 | 58b9b9c3957d4d09d14883cdae657eb5ef1d6655954d6574e900e1914a895180 |
| SHA512 | 72a4ba7fde13aa67fb595c01c0450131adb1461ff91ed049d29800a141c36df1078f71aadd4e5ca0e886462f5495d126bd1251561f9951469cf06c31e4e6aa6b |
memory/2360-220-0x0000000000210000-0x0000000000242000-memory.dmp
memory/2188-221-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2824-230-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FSMgYEwU.bat
| MD5 | 8b978b8f9ae692edecf60291ac5d1202 |
| SHA1 | 7a8883f7b8cf064878e1ad5f1b444754919aa0a8 |
| SHA256 | 392b804cc588c575f419202261aa92aa883bc1224c8110aa66026bf1a73cf826 |
| SHA512 | 4d6b8cf3fa0271e2ad79aa414c431050e59bb44bd2b1bcb7e50008839ce449e3a09080d83d560c9ab9aa1d7e0aa2982979eb2c2c24d1365a9831855182044bb4 |
memory/1948-247-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2244-246-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2244-245-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2188-256-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lGAkIAcw.bat
| MD5 | a47d875ef99826af3051fbba453429f9 |
| SHA1 | b113adce216674dc99951b3562da47c06b6a7900 |
| SHA256 | 045e5663a89dc3b9660dddb170e758af7f867a7e93258c9f2e6b1415a116f261 |
| SHA512 | f59c1ec1eb6fe585aa54f9152a6e06d84e384753acb61904d764d6ed320ce17ff9abf65831cb96b345f7ebfc60daa4efbeae9cfa5db0bd8d01d229f586e20efc |
memory/1604-271-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1940-270-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1940-269-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1948-280-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eagYAcko.bat
| MD5 | 2f6579879270b674b12a479d745f308b |
| SHA1 | 12baa91e7c20e3cca553a3710d50688f255f3f6f |
| SHA256 | 6620e32c134d826be9211d7cb94b0cc2ef4a7918785acbf434828314a140489b |
| SHA512 | 53dd313caa50204191f27fca59dbc2c9bb5172a3a2c9cc78041b6fa96f7f8d41f18d23b29ea05a2c1e2d2853e601f993cb68eebb397f341528e1ccd8dd1adb61 |
memory/1292-295-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1432-294-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1432-293-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1604-304-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WeQcUgAA.bat
| MD5 | 99a453e4bf90c81b35141081f709546a |
| SHA1 | c59b495a62de2f28d4da2133939c6ba2d665034d |
| SHA256 | a41cb429811394f6d72cc3114942253ae383a511913e3bbed79ada9b8ff3cf99 |
| SHA512 | 4b2087d3d4ac241a30067c416be4797defb97ee8f577cbbe15cbb5a31464b1d01a7106e2101e60f28c6f563f3112f6449a311497ea2ec0127cfee9e6481daee3 |
memory/2556-318-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1500-317-0x00000000001A0000-0x00000000001D2000-memory.dmp
memory/1292-327-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SqooQIIw.bat
| MD5 | 16bd2a533bbe84dc98211e9ce2cae0a8 |
| SHA1 | f87b53add902f2c7437a6944673b5e6f97b74799 |
| SHA256 | 8a173128a1759d443e65e09e297cb371f56249a87404619ff59366a4dcaa1680 |
| SHA512 | b1142cdf9f33d94d938fc3c456f85ef54f3feb7a6ea5044b0b7f375d2ee8578917a3592b2e46f9887a8b205011257b89274e51319f7605523ccdc8918babdb59 |
memory/3008-343-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1364-344-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3008-342-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2556-353-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gCAkIUIo.bat
| MD5 | e1e80837e0b97e42b59619d7a50678ed |
| SHA1 | 9f175cfcc9aba42f29854aba9166756b4e6fc07d |
| SHA256 | 38d257c60750e35ea5807262e5f37601e8ee5e06f7b44a0f9900fd2f21bca3f1 |
| SHA512 | 20ee9fcc6ad33afffa75221784eeb895d406e0d39b88eee7b0bba0227beae451cb275509ae2090fcd4ea298283dcce0a944cfbad00df467f6868a89ef085ef54 |
memory/2528-367-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2676-368-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2528-366-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1364-377-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RcEIowQY.bat
| MD5 | ca6f2f6e8bd5d20b838af1c503aa8312 |
| SHA1 | d432b33f39f1c727416e636896a339c7562857fb |
| SHA256 | 93cbd1cef4588ff0ad1d1570236dded749ad33f8ee7360262f5b8aeaa6ff5cc9 |
| SHA512 | 34f46a90c469a80ec6da1c73767979c6d57e8359944537297465cd72ffc4d7c3cdd4693f8fbb5cf49db661e4197332ea2a5ccb6f11f9943f210c6098bd1a7612 |
memory/2228-392-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2360-391-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2360-390-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2676-401-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fcoYgIEA.bat
| MD5 | 2a4a005bbfb8d926946553299ae62f49 |
| SHA1 | 7ae08420487de712f74ab2f1624a57e60c15a339 |
| SHA256 | ddf417c442d07d811aac315ffeaae0c1f9bceff1fa835cc01b3d4104e9984440 |
| SHA512 | 3d59b0f2293850468f22975b1256295cbef1dfb86306b17b05face9e1c7605c009f1360382246a43a038186aa35adcd45e3ec3159275505e9b1f7e4118256010 |
memory/344-414-0x0000000000260000-0x0000000000292000-memory.dmp
memory/1436-415-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2228-424-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PsIQkcQI.bat
| MD5 | 3d607ddb61b5f6eb9f1f2e8db03c64dd |
| SHA1 | 55619d228302daaab75efac47046d751bf20371b |
| SHA256 | 5bf13eb3678bd112583d653a4458aec2150980a5215b30e3bedb4b7c41ebbe89 |
| SHA512 | c897f0b930aa20c0a6e075983d8188bf350e7eeb1bc71bd3502169f9b58255a2787b5d1e2459c2d41225ab10fa6f94f6a9feca938973ee64d98df4d053fe2d5d |
memory/1436-447-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2144-450-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3004-449-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3004-448-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Lkokccgo.bat
| MD5 | 37ab4e44f78d45aa92f83b9cbbab07d5 |
| SHA1 | b25873174c05231d165580c95b1eda1725a9fe27 |
| SHA256 | 896a83fb0dae321595a33ae1a82864a937dea779957da21447d8a8e754f91393 |
| SHA512 | c75c1f78a2b7d74f0c5604262a8fa0ba40cc65492452dcc719190e57267e647e80469766d62263763153e399bd7e9ab267119143e44ff0a844e90000622fca50 |
memory/2108-463-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2748-464-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2144-473-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GQwsUgkU.bat
| MD5 | 5bfffcd71bf11bc3a6dca4f455d89beb |
| SHA1 | 53a7d11f5a9c2ef5e225f5902a452dd68aa315de |
| SHA256 | ddf27c4a10657a7b6be1368d8c8954c05ab7ecc19eb8e573444c377a661e2dd0 |
| SHA512 | 54e2441993514922c2ad4718b73f224ef13ba0dc697e33250af0315214b3d5f27cd911c38dfe18de2f279d10f46231c0e718236fffc6ae3e64f4c5a3b5f88440 |
memory/908-486-0x00000000001F0000-0x0000000000222000-memory.dmp
memory/2500-487-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2748-496-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\woMgQoAY.bat
| MD5 | ee59a57dd05470542077796478fcaa3f |
| SHA1 | cf301cc4d72edb803ee6cc1be6f491824aa33e6e |
| SHA256 | a69c2caef5c909599c89a1b95c1426cee9a2292f222b3c703ddc30085883db5e |
| SHA512 | ccc26080901ba76b1e043207f33a979269c80f8d78d424d810f96a29715c7f701d30267ef4815c5bce1b55259566c8c0610c367bf9c76a20540f0b286a59b6d6 |
memory/2720-508-0x0000000000120000-0x0000000000152000-memory.dmp
memory/1820-509-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2720-507-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2500-518-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kiAAcEYc.bat
| MD5 | 6a9db7027a78df752610107e76a4064d |
| SHA1 | 24d7c0fd579b9fc096fc3934b97d407ea33df326 |
| SHA256 | 5626e01fe5ffc8b21ce462fb6db2722a48921c695480d09b27345dd32b4e10ae |
| SHA512 | e9bb6a721c55fc32cbd4537a7cb908c7af0cf088e543d1f050151eb667495eb4734fa66a4581cb850ec12e30938088b57513b6d454ba07b6aa5022ef77b910b0 |
memory/2676-532-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1908-531-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1908-530-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1820-541-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kOoUogkg.bat
| MD5 | ff89288a69f10a60d0466fa3258fb3eb |
| SHA1 | 1558b058974097a4150088e160e5ba127dba4301 |
| SHA256 | 9d7e88b17af4c1801e24d553ad08d6a0784e07d77f55a5f5fb1239d4bfd64c2f |
| SHA512 | 2cb49e7f5ab9f87483a52d35b910270b452992d6a453d84886bddbe41e50de6ccd6201acc40a8fbe98b14e7f41e3fa3692de404fbb8f2fdd0b607bd01997d2ff |
memory/2988-552-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2416-551-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2676-561-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vsAogMoU.bat
| MD5 | 0cf215654378e89f00f56bc14b204322 |
| SHA1 | 4d6366649a8fc4b0f34ef1c41877258d5ca36248 |
| SHA256 | 92011e205c3049b410217e77454b3ddd0c32f326ba768c9ec221739222e482be |
| SHA512 | c90b85f47cde2920a95f6d29964e158812d4af4daf2bb4dfc35bd4b0d6aabfbc6b5df37a2bcddf1e10df2a521c8e69162e7bc1103b816ae1c90ca3326350e3d4 |
memory/2248-572-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1436-571-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2988-581-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VgEAIYYw.bat
| MD5 | 92f388fdddbb892f3b2c0f7ba0d31c6b |
| SHA1 | 2c1d6e4eaca4426bb1d13ef00b46dda6a931ec0b |
| SHA256 | 5f4d7a04192b023b9e987efaeeb8efbac36bce0ded31808fde75d90950bc998f |
| SHA512 | 81a811a7e14b8fb9ffa1a5224f34421e315391a4de8dfdd89f674404b1e6094205c7e4f548394ecc1be8415e069c06ffd60291dcc64f55ebdb0d7c1b3f57febd |
memory/2760-591-0x0000000000170000-0x00000000001A2000-memory.dmp
memory/296-593-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2760-592-0x0000000000170000-0x00000000001A2000-memory.dmp
memory/2248-602-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BEwMQEgQ.bat
| MD5 | 31db303ceb66439beb3a569b372c6fda |
| SHA1 | e161f485928ef85067d0adf532a13594de3cfd6e |
| SHA256 | ededfd1f4ba094a8ac7847641ae855960aa79afd93c8c1a81682e639a3d2f228 |
| SHA512 | 56c508cf63a943239c3c4171bc4111b331fb12fb5e403e180b3f47a55336eb8c49492a9256880e54181bfd234751b9f4b4af171d2a06fb0175b7e49679868045 |
memory/1804-614-0x0000000000180000-0x00000000001B2000-memory.dmp
memory/1804-615-0x0000000000180000-0x00000000001B2000-memory.dmp
memory/2132-616-0x0000000000400000-0x0000000000432000-memory.dmp
memory/296-625-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HakcIQog.bat
| MD5 | a8980a01a6e2c181dd28eedfcc44c2dc |
| SHA1 | 4117eb01aedb5734b657abc62db348928ea7844b |
| SHA256 | b9784b54d2c71e72d837ab21ec02f6adcaafd49afb1b2aba5dfa0a2f0df9f431 |
| SHA512 | 51d825483d0a27c215d7c63a344839c2173dc733f8c12ce11f05df25fce536564ef0280e85872963653ecda9912926918e4e1fb65dd405a729fcc5bf1bda1d62 |
memory/2176-635-0x00000000001D0000-0x0000000000202000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ocUcAEMM.bat
| MD5 | 917cc342a905d3ef079f86cbbd13cf5d |
| SHA1 | 4aa1fb4ac5f1c67dea47842c43d6b9355abe2f33 |
| SHA256 | 99b172afa52b1b59ad7af51360a438c74f325bae00ab8e0ca3bf6682ce4cc43b |
| SHA512 | a0dd2782376153a2ac804bf46030f81db56dfc7c024ccb3b6dda4218d0800520e15c897fc4e3522627f0c7a76c0cf5c33fdac5cce63252f72f20100cf251588d |
C:\Users\Admin\AppData\Local\Temp\KmkEUMMo.bat
| MD5 | f526c5eea1217ea1f92ae6ecdf5f3ddd |
| SHA1 | df342b6767cacc14ad8beb338bc651f20c890c9b |
| SHA256 | 11b7e0e675c16702d43ad9279d3bf038376cf84a8f448ea4e479de7811309219 |
| SHA512 | 54bc75f6120899cf4243e657a696a22ff78e49381318ce4d7e6d6325c18457e83d6fa6cbf83ef567d3d06d2f17984f098a6200b977b9bf195bab7b1236007f98 |
C:\Users\Admin\AppData\Local\Temp\AEwQYYww.bat
| MD5 | 9d970c7faaabecd584f2a1a7dc792058 |
| SHA1 | 2cf1a4b9c240d365c86dd2885211c0392db0c63b |
| SHA256 | 1e5fbb9818d601805be9352cbcc8752acb2ef38602720a14c61e24797516703f |
| SHA512 | 3a29201675e319f62371a321b426b68d9667a97393c4e216281e77dabcd09bed3cd32a10fef5935f80d224ad2748dba70688c0de1319534bc6323ca0e5190258 |
C:\Users\Admin\AppData\Local\Temp\OAsY.exe
| MD5 | b6cdefd73e9fc372e2a467e2fbc05461 |
| SHA1 | b56ec86d52c9baac2fe35d24de1006d976d99635 |
| SHA256 | b34234a9b74f06bc397db146ed87b35c09f1cc29ad168cac0af2b8f4c1934e0d |
| SHA512 | bc411aa230ba4427cb2bbaa77bdb068387839ca960fb7fe3cb6f39b3f2e11fab8ced99f2e9029ace41ab467d6872cd7276ebd35d28a8b8b04f980a4ea6c3afc9 |
C:\Users\Admin\AppData\Local\Temp\aUgkocUE.bat
| MD5 | e778225119a4de1e05691e8730a82a77 |
| SHA1 | 760b99c9e3fb99fa9654283c751db948db046a00 |
| SHA256 | c2f7690cc40ba979dc05f8f433162df455f4ad849507f0827a1259d0ab9f69ce |
| SHA512 | 8c5b0103cd56108606ad472d03171f65367646453eb8fc7b736aff7599fdfca367bc3ce06f18d44eaa79bb305db88084607e55b45077d08a73650aa130d92b9b |
C:\Users\Admin\AppData\Local\Temp\sGcQoIcg.bat
| MD5 | 046ea6f2318335e9331788e87196ff6e |
| SHA1 | c821f309f262b352210acdc7c51ffef6fa80f693 |
| SHA256 | 2b3b18b1fc79ca1d063544a044e329a4ac1956fc6cc4e48d7d61cca281e2f27b |
| SHA512 | 450e7a0c7c29f5528964a29de0d2e0825ff99549e2a6ee0487fea6d07fb20ed3f565008e63a311d5d2e5524f7a459e5d92739a344c4bdabd0d35002180ff3229 |
C:\Users\Admin\AppData\Local\Temp\PKQMMcIk.bat
| MD5 | 3ab8cc6a8b586c152178ebf07b5b317d |
| SHA1 | 965033c2bc6265a8d594ae56ef5f150c6058ba1e |
| SHA256 | d3b58db74441c70c31f6c805f4ccab181072c87e59bdda80cac8d1cb308ffb3f |
| SHA512 | 832283b589354ed7cac8b3bd3020eae3203a33ebe9e4de4f40f3cee6a2bc2ce1b0a43b0f90fee4e86359f4adcd6a12b737dabb817923daa6b49f0a78d3923eba |
C:\Users\Admin\AppData\Local\Temp\hGMowYMM.bat
| MD5 | 59255422fc86799a5a8e8d5159f0a02c |
| SHA1 | 5ed81d687b6356b7423fe088d859963bfb0882d7 |
| SHA256 | 72393f10b2670529e19208349e7ce35203dacf3f4a46c01252047e507221a03c |
| SHA512 | e676bafafc86f6ee32ff49e731a8ded67cd28761d1e0955da70b50b3f718c1ec3e7386f11c0daa9dfcb2c747ab5189ba4e48245fb03894929c7390256f42510e |
C:\Users\Admin\AppData\Local\Temp\ZmEgkIws.bat
| MD5 | c5fd44b6aac6af04f9d85a2ae8f53f46 |
| SHA1 | 958f489c4fc87d69fa5619553d1fcdbbc9e569b2 |
| SHA256 | 9d01899ea12595150960b1a7c1d9c8209384537d9711168001a22c174a9f7730 |
| SHA512 | 21c17f7ae7c87a110687f5b7fb9ed35dd519d51990c2c5f683b6342489fc31da5b26f3a525f955d1dda0875b1b101f9c0b0ba5774a7ed65e816710b625e0c724 |
C:\Users\Admin\AppData\Local\Temp\FscMcEkA.bat
| MD5 | be939cc7a39a9ee75616b38411438113 |
| SHA1 | 4f9c5ca23548c6eb94b3b16f4c0d947795c7a94a |
| SHA256 | 10e40dfe18bc1474b6128f8ab4aae5dad1ae59c87af870bd99ef691e010a7827 |
| SHA512 | 32bf1f50c4de2a560dbcc976ace3a6a28a774ccfe268cc86f7a6d2a8f010e71d16139582a3e2ab75f35872bab292576f7e909dc715686d8d595684847385e878 |
C:\Users\Admin\AppData\Local\Temp\qQsIIEUI.bat
| MD5 | e41a440e1dbef995ea6ce8b313e18a28 |
| SHA1 | 8fd3032c6d693286c8a0966a7686a08d6641101a |
| SHA256 | d47bb461de4eef9612afc193fe9119e5dfbee63ac562fca874c140fafa5a24c5 |
| SHA512 | 14b2620a19211c62646b5a32de502863e8a60e951aa1f1a42fb4a0c9d53c2b4c70b31da4738e2f5df40ca62ec9f9e83d3a0b303f3b61be608227ac1992845013 |
C:\Users\Admin\AppData\Local\Temp\QAcsoIsI.bat
| MD5 | 422ed0c74f71efb56e75dab0db8c8027 |
| SHA1 | 0af80e336ee313a5a98f6eafcf54cdf5763ec053 |
| SHA256 | c1219b92716aa530e2f0d3549558418fb741249577fe233d8df957d5d16222db |
| SHA512 | 338675d3ae722b028e024ee75fe0afeaf5cd04387b5ae403a59c3a68484e9783058b769897e5ffc772d719f9ba803556dfaf31d07d45e5633ea95edf6433d656 |
C:\Users\Admin\AppData\Local\Temp\KIYMUQss.bat
| MD5 | 8568167c84aaabb62c1483a2497162ae |
| SHA1 | 7d8dde0248a6ebce804029a366f50089997600ad |
| SHA256 | cc2889b8b598a991f5e7a2f1abfcfb418bfdf8616827c66db5b10e002ce2d0d1 |
| SHA512 | 9ee06867f2dff52b73cb3a31e251aad445a88a668285c34eb3005564ecdb4214f90c638afc824a874db078f34ae8111737602bada7a40b3245a2009ec3de75f1 |
C:\Users\Admin\AppData\Local\Temp\EkkEMswc.bat
| MD5 | ab301fa32cdb75c455cc7d915c8fa863 |
| SHA1 | fb9dc2b7fa63980d3a30223a8a2e9bda4960340a |
| SHA256 | 46dec77647bbbd9cbb759455a6e524950964e879ce7cf939922d1f6a50f4209a |
| SHA512 | 4648a2a7afb52400f3a413673e3ffeb25d3bea8aced4f82fe2f2aa818b8c8ab92e480c4c3a6e33b6e9a8e4204a1f92fd32e54abde181e33a6f98cdd080ffd390 |
C:\Users\Admin\AppData\Local\Temp\DeoIMkgs.bat
| MD5 | 01f2d24e811294e8fec5ddd3fa26b130 |
| SHA1 | dce875de15a8ce6a6c98ee5860bf09a161e41471 |
| SHA256 | 906d8b5989c237eb2eed5335525591e2fcd1528319e2cbbf7f8492fe41a6a955 |
| SHA512 | f3534f24003bf96d2bb957d7e0ef8191e65ce4a307f104afc8a7eb895e1a1a318cadadba8eeab91d1486801cabaf3bb358cbb523ac38763ba527a47473b17e70 |
C:\Users\Admin\AppData\Local\Temp\XuwQwswA.bat
| MD5 | 62f785431811ce270d10dff7226c0377 |
| SHA1 | 04f5bc187261a7ab69d7dc8571b7a44c01dc7d87 |
| SHA256 | 7eeec3c94ad829748d5d232f5bea3c89df93b496adeac41c350885d4e07fe502 |
| SHA512 | 22989c59b41cbe896caa0d745bb83be22081e23d4e4e7dd01f56fa190572a463239ae504e47214bfcd7bdae4a439c1206a595b89d7b6715fa0a9f24f4cf9d5b9 |
C:\Users\Admin\AppData\Local\Temp\pWQgQcwY.bat
| MD5 | 53fa96d97680946ea7fb9eb62437f735 |
| SHA1 | 320b422382db1ee2a38d57bb5618243bf0475f5d |
| SHA256 | ae068db3940a446bdbcbe1c3786193cb265b6ca61930e10f75337e575163ca11 |
| SHA512 | f19a7372fb30c677e6090b9e4b97fe9375d79254385c784e59fd733c79807c69f2e3b9b4006585ed420d86e9e2acb24b8de180e0b4a4a86d983da94ad375ad92 |
C:\Users\Admin\AppData\Local\Temp\jGocUcEs.bat
| MD5 | fda606432fb9dafa92d23333bc86bf1e |
| SHA1 | 3d89289abdcbc0b8b2341e6e41969fd4f13417a1 |
| SHA256 | 54f3084d1098e60f8b7b59cd10a1e4388cac6344c906bee26069d7e27643b8af |
| SHA512 | d0fab4f08825f7ecb5e7616c19ba7ce98fb2d692440af5e903e7b84af731c049a073d7f8b4b265d21044bffa98a9a84d744f28fe31082839ce3ef1d685be71ac |
C:\Users\Admin\AppData\Local\Temp\KOwoUYUo.bat
| MD5 | 4aad403a01399034b8c80a63452f9721 |
| SHA1 | 0f2d7288918fef53446143ac38a797a08ff9a6af |
| SHA256 | 8d11cbe4cae22ba0006eabf462cc7469a6d9374c9525e24cd83c307195808c43 |
| SHA512 | fdaec50b7a355d866f35095b24d5259856d4020905fc69432f6b6190e42be3f0f8736bc5bf4df4abfd17e3b7085dc32349e65d05e58e12a6672e823efd309fad |
C:\Users\Admin\AppData\Local\Temp\wmIIQUUU.bat
| MD5 | c5483764382b986cc49d269496bd6ee9 |
| SHA1 | 6807ee12b426e179fe9b393e24e235d767507e88 |
| SHA256 | fed583fa60046711bff2002db7f28b1b7e8c79470ec75bfa3cf50b8168d11470 |
| SHA512 | 32527e6e8c4e5250c57a41c2e0d7d0adf559799233cf5fabb0de285917105c1e95d4ad864de6a84567b0969d4f987d09d4a1039d03a87782e94d22e3b6353291 |
C:\Users\Admin\AppData\Local\Temp\qiQEUYoM.bat
| MD5 | c7093e56041c9f0245e2c0bc91ad4534 |
| SHA1 | 2abb4ed65709be53f99faebc71b75304b0af7e38 |
| SHA256 | f10e0a3c0fdbec508f1422c76e31d0a27a8c145e03926e6c3450a3b890ce6f5c |
| SHA512 | f481697d28d23fd07b853407b52d3325f0968a1189731d757cc193966c0795637907530572fdb5f35ec64f5aa275c2a22632e046b6e14d18fa5be571298af3b1 |
C:\Users\Admin\AppData\Local\Temp\OaAQYgoo.bat
| MD5 | 32bb2918012f74a5b2382c0257eb3c02 |
| SHA1 | 9a365fd2eef35a9506311340456203c32e9494f3 |
| SHA256 | 55f23e831c5fb44f567ce28b05b17e18bbb418cabd62b5acef6ac9bfaae863d5 |
| SHA512 | fcea0d411bfed3c245589fa7101a9b4af0f23ebdf4878c1fd879432025fa2d2f2017852918feb24b86130edb693b00cff6e14c41de201a5db269b416075ecf11 |
C:\Users\Admin\AppData\Local\Temp\USAsgwoQ.bat
| MD5 | 95c305a979280d030bc03ab747fbd891 |
| SHA1 | db37161ea955f83a48ad7084eff1317874190e28 |
| SHA256 | 471d971b599f2c7bdb5ac6fafe5991b109c7da18072b2366a4f40f60dbe0c5eb |
| SHA512 | 1701e1dce7c5938d72e64da29aff41d7f21e60da60e604ee249712e143984bb33646e7e7f72dafe139ce1717caf002b53b7e6e594596538cb54e17e9e1e57551 |
C:\Users\Admin\AppData\Local\Temp\pyssAIEE.bat
| MD5 | 4cca1a445675b824acd99d8a866e4b26 |
| SHA1 | 96bb03a8ce5d239ed92764ebab46e82f15657475 |
| SHA256 | b4a582945076ec7afb1a2f5d19e22aa187c01f08b28a608c58881e9136459e0c |
| SHA512 | d30d047f969ebd495aaaebb14226d5a1558d15c49f6bfc2aaa5c3106ef1087cd3c0d2fc9e115be21ad26eab7af483b73f259191a581bb75779cb6424c45ed76b |
C:\Users\Admin\AppData\Local\Temp\haYkUskU.bat
| MD5 | 7a2f486156d41429b4c9301524f387ac |
| SHA1 | 0341edbb42b2742e5874e34d4bd5009aeca96b5e |
| SHA256 | 8b76f1719aaaa0ed04606e66f6ad615f5c92a49fd72dedfa7c12de27fca23042 |
| SHA512 | 67a573cb48f138dddefe88a4d5d1caf8c79a1d154b9e7c57db6ebbfae2302410b60766821b1539e6e2a8afc768910e089d2a8719eb168df4fa818e771352cc4e |
C:\Users\Admin\AppData\Local\Temp\pEMcEggo.bat
| MD5 | 67b6b147cd0c03c7aff75d3b61877442 |
| SHA1 | c17c9262f1cf189cc424925274ad7eb540f2cba2 |
| SHA256 | 9d053543053f6ccc5e9a0dc9d8eab6f3e78ed3d7fb54be63b6b193b5a57592a0 |
| SHA512 | 0045231e47930830c1815c03c00d8cafc9fe81eb533c579a87d0f3c29846aca4ce618c2737b95fcd4ca32ce63fb5620ad65177b6ddd612cba47fd3285e9252d0 |
C:\Users\Admin\AppData\Local\Temp\QwUm.exe
| MD5 | 7ed2f62be64d7660972c4acb1b81d778 |
| SHA1 | 10653af59cd390da248c21d7244b1c9f951415e0 |
| SHA256 | f77bac4bedb433711f212d25c80bc6d3ee3fd2328eb5e5baf6de376747980127 |
| SHA512 | 5773975baa20bc21c24b7b9c73f33e01ca8887c643596c36d9e4c56bd901bfa5f5abe92f07c954ea8bdf12a3c7c9fbad89f95f991edfa3dd4564e795cb27fe20 |
C:\Users\Admin\AppData\Local\Temp\KgMs.exe
| MD5 | 024709c16fb25648a28fcb6c9bf1581b |
| SHA1 | 6902fe32c26c7cb266caf59fe86253ff11177e90 |
| SHA256 | ee6d580c43039a2df9341ec317b072caefe944d92c131943d0fe6161bdf83ab7 |
| SHA512 | 18f564c47bfb913f9fc5318aae35412595e9723ee7606241fa6106862880cf92e3bdbff77f5c5e1fbf00788ea6a26e18ebe0d5d52f528f5df789e88c34e16b0c |
C:\Users\Admin\AppData\Local\Temp\IMYs.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\UMEg.exe
| MD5 | 4ccf70570e55ca44a283773c0ce6c131 |
| SHA1 | dd64f04fe9678d8dbf7d1b7b8774ca34f0fd182e |
| SHA256 | fd346ee669da8f2d9bf83f8974ee7460ef95b2de243bab90e9c8f014dd7e7c8a |
| SHA512 | 771b865bc98b1231f14909f47197b584008a122d64a00062aeabc638d94c7c63147f6cb2e85e3bdb4be46fa71223354098d806ef8a84be5f2d5f2cf5c4988397 |
C:\Users\Admin\AppData\Local\Temp\SgIM.exe
| MD5 | dca2934ffc7a088684c6dff0daeafe45 |
| SHA1 | 6e956dd2fbeb49ae226ee76bc3182a052da73f29 |
| SHA256 | fe8d963cb5b65b83eae1beaeffdd4a50f24207c67aa8d33b0a5eb85ac507ce76 |
| SHA512 | 36089200e220aea33b75b83118cc73fe33b6f459be0d39af1fd57de06c9eb533ad847c41b0dd7f42982207b6282c5f1447d41705e3b16f5b00b328290af0e5eb |
C:\Users\Admin\AppData\Local\Temp\PgMoEYQA.bat
| MD5 | b2d446329f216be693515b956d6e6f88 |
| SHA1 | dbf1b7e5a0789a236ed8df1259533f2d03f64aae |
| SHA256 | f200fd3bb9a582632c83a871b46c8bb7cddb89a85b45cc08657274d6a1c3554d |
| SHA512 | 7342e09987f534acbd4bc22a35c540daf52f5c8a9e37847c09eece7dfae9914a9cdf2fd484231fdbdd3857dbc7188c8d2a288b1800c4f6e95a3f2d6352bbe628 |
C:\Users\Admin\AppData\Local\Temp\kkQe.exe
| MD5 | 194fef70d88c3afe20fca358e1d27480 |
| SHA1 | 64361e84471818f0af7906ff5130022aee56903a |
| SHA256 | 1e5577ecd41274adedb5101f97c591d00b8df3a1da1a2a67e1c08d94c2d94edc |
| SHA512 | f2f4930758793b3dee044becd3abccc47a349ad62e2bf9d3ffe7035f12215f23bf3edd4dee5ee5788773aa9a63347df0f822af8f995dc149abbad331b249ddd3 |
C:\Users\Admin\AppData\Local\Temp\KksO.exe
| MD5 | af9dd017fb869a5e13eff03e9b827d2c |
| SHA1 | 3b101ffc5a2b84f5a145b11df285e0f7466cbead |
| SHA256 | 62a3c812bbe12e60c8eb46af8e6338d4bdaad117b4a56ecaaa819ac9fc88a583 |
| SHA512 | f64a93fb3e7d7f3c57191778baf09205d2805a5838f1935e976d590e3e8705c0c802808fcc562f3710f026c57d6bd4ee877c32afc15042a4ea8db952d9a73c31 |
C:\Users\Admin\AppData\Local\Temp\MYEy.exe
| MD5 | a93eafcd02c1363e36d04f5fb9152a50 |
| SHA1 | 6572329150da9ba599e29d5822c6af92e05740e1 |
| SHA256 | 14103e37f1f5b69be056d1143f2f40412b67015962468f655849d4dde7474173 |
| SHA512 | 81b62b05c8e662c3c4bcf6e3a84f58c13262a3940becdccbc241caac98ecbc0564e925c991b3428a3f43f0a1846513863f012ba1facb7fe48cb8ffcb92e2ad19 |
C:\Users\Admin\AppData\Local\Temp\IEEo.exe
| MD5 | c6ad22b355c7371cd5d62fb8ef0a6c73 |
| SHA1 | 0ae462b5a6f0ba84a4611eff2476f552a8a9042e |
| SHA256 | a52929c4b345a1b3c199975b2de2aabdd97a71d91d44c6803e92021b6c3e0dde |
| SHA512 | 999422648535716187eb5a7cec7a32bd228c90c506edfbc8a57c19fa9f568b229b8626338368a086d4fef83de38be726ab1851cca43c2fda5d2baee464051274 |
C:\Users\Admin\AppData\Local\Temp\agoi.exe
| MD5 | c789ab10141127bab36428f56a8556b4 |
| SHA1 | ec74ff527e08157bda9fd8176212c2bf1edd58d8 |
| SHA256 | 255fd8dc16a2c0f0cd62edcb81b719fe99de8f3ed8b089cb8f46f4aeda813f5e |
| SHA512 | 3563f3307d31f32c731be0adf235bb2f9d89db0c3ca625b5c6cfc158de81eb9f3b229033a653e156591c1116737ccac506a951d12b625d7f64ffdc0141965025 |
C:\Users\Admin\AppData\Local\Temp\QgMwMAEY.bat
| MD5 | 6db8c6aa29bb41c91e060e92b99b048b |
| SHA1 | 8b712be7750b9037c4627f85edfd7485fb357e67 |
| SHA256 | 789d3361883d11314d578c4053c54b37a03e66141e7a5b7ab5836b4f8cc91f5b |
| SHA512 | 24e5ea85a03f63219a1c3c0c3d08118dab213d4021376ba75838066b4043269c28eb421607074402924e69c6ba18c7727ddbc6a4a1a20d9c50fec1cb765b2568 |
C:\Users\Admin\AppData\Local\Temp\mkoU.exe
| MD5 | 9e85ffd5fcd5dab94160beffe0ced28b |
| SHA1 | 406f8e1024ab6bd78f5356b75a8565f2ad3fcd4a |
| SHA256 | 3afecb835b191cb366704f41a3fca7f46f1ad138cd954a2ee4b7de1bcda37053 |
| SHA512 | 795b3cf6c3ae945a1912085d9e3701c11a0b6fd8aae9399b67e2d8e757070ec19428b49273efd3ab8fac2988483aa1865308b1dbdd93f3ae0693c19b40d2126e |
C:\Users\Admin\AppData\Local\Temp\mwUU.exe
| MD5 | d7fddab414eef5b94f4d8b69e70847ff |
| SHA1 | 155e63f67b2fd8e6c9c2ee18251bd6fc049fa082 |
| SHA256 | f3d00cadce43957e7829f424adefad11a28027a6b8062cc3b24851aa081749b7 |
| SHA512 | e4fb6559ba9ce44cfde003942c677931f4b172040a7a2c58a5c4e9788338c6e2a7634e0bf5dfc4d990148503f6ecae9eaee934e2db2cbc465883836be65efe6d |
C:\Users\Admin\AppData\Local\Temp\Kswg.exe
| MD5 | 2a2374bc8a1bfa2c53acd2004b0795ed |
| SHA1 | 73087c208c3acbeb197c9d68e3ec93f33ef91c0f |
| SHA256 | 255b432dba4e3a067c662271b451ce0992b99bf6d1e2adde6c2ff3df51ab42aa |
| SHA512 | d428d9fb857a1bbd29e051235bc91c7d8a4e0f3387a04137d8f716faf9ef10c9e1c0fc4f8fe5ae99f38619ba370c74b81eadd3a09b37915ee6ce1478851e52d3 |
C:\Users\Admin\AppData\Local\Temp\WgMm.exe
| MD5 | f21932583c757ad7b5d17af3458fa94f |
| SHA1 | f01ee0c5ebeaa95d1041a78e9a9c93b7ee3067dd |
| SHA256 | c091ac7ca47103b0fe79f90979ce4a62ef7d9e0ce49b69b71c30e4be4fdeb222 |
| SHA512 | 8b8c13a30685bc431d383a7ff9d98c0e8aa70954ec91a759c53a07306ea45868acc4a863952e4427ba28d0efc23c24fc73f50eefab77e0b3a85d645adda9d671 |
C:\Users\Admin\AppData\Local\Temp\uiUEEQUg.bat
| MD5 | 50b74ec9a4331aa029fa2524f0e57a59 |
| SHA1 | de9a2db78dd3fc34bc78801ccd44363f6db86615 |
| SHA256 | b4145e8d15764ed2e8120dac02d4a8e4a7b48e1bad41f024b3c1e9d9fbc23f9e |
| SHA512 | 5839b38ce3ff1b45a11f8d2faff3642ac7b52237386c0e57afa06582a1b0716d9730da3abf041ad4fe196a8a44107a74b262d7434ff97b3ea8b4054369247122 |
C:\Users\Admin\AppData\Local\Temp\ggUU.exe
| MD5 | 57362f6b6ccb96cda862f35f0e504bd8 |
| SHA1 | b10904a45e64e20937af07af934f091153b04997 |
| SHA256 | d4111c88481149dc7e926981130eeda5471845f1fcf223cff5c237437c19f6b2 |
| SHA512 | 621acf397feaac3b637bcb1d36744a1ca3142c39ae70daa41af119b720e3331bee25f9ce346b4ad4aa814ba271a176b4c02a2ad66c35c0eeab2effea4ae2be33 |
C:\Users\Admin\AppData\Local\Temp\AEwq.exe
| MD5 | 84332e5c9561f6168cb804ded142cbb7 |
| SHA1 | a27a52afa9367d6965e283095dc40345ee20d1d3 |
| SHA256 | 2618d0eed4e700dd0f6a83732fc7459ec085aa8f0048d0637dd21e5614ae28ed |
| SHA512 | 9779d014a0b1d605e9045053b24e7a5fc07f726e3db97be2e8ab2afbe54b7b0e2b9669ed8423f87ffa651b299d387d62fc36c0c14db12c5c2af82f74f9058576 |
C:\Users\Admin\AppData\Local\Temp\qkUG.exe
| MD5 | c45de52912000b86a6a009f194e24151 |
| SHA1 | b6e1fe80d847b1fec3e0afe52c7c3308c383ef02 |
| SHA256 | 3e699494fbd9eec5f5d10b5fd6e25c51766c240b85ec5187acc74aa746b828d6 |
| SHA512 | b091502d176584f3a720b9526ebc3e763294ad73c2ae65c5e05e214260ffbb7ff624a48ae65a2f062e90f7e0e437005c3bbd3d06285b83de8fed7792d88f9def |
C:\Users\Admin\AppData\Local\Temp\KgIW.exe
| MD5 | 0602d655433d05b407303b29f14a151d |
| SHA1 | 890773d148fadaca3d7b51e39491c028313cb6b8 |
| SHA256 | e7ae5d5163332742a99336bfe8fc7d430babb5d131a0e6d509adebf8b58ad524 |
| SHA512 | ce9d04b266445c8d249f54be689cf0a3d1c49d0f0e7f74b95c926fbe753c974b38bac3ea88f877fa858e98c5eec29a8725cc15eca583d9f5a203608e539a47eb |
C:\Users\Admin\AppData\Local\Temp\KgoA.exe
| MD5 | 34dfc3966d50da57fb0755da3bf334df |
| SHA1 | da3cbb7827cda8fce4f29c1aa190a037d0efda69 |
| SHA256 | bbf0a460120c3dfed01036d3aad3f5523361370b2f8b9ab81d5d4cb20a9bcbfe |
| SHA512 | b4e48ef0d7c157f3eb1ace09159bc8d1fccfdd465023a21ae56d596fd7bf330c5971b78eb6d13666f79710bba8809b07c9806d5d23e8a0ee1f9e930aae866944 |
C:\Users\Admin\AppData\Local\Temp\gMQkcogE.bat
| MD5 | a6dd8257128f492814ce1065b66d31ba |
| SHA1 | 5f0149871f436c704a1be6dc66dc714c50fc0eb5 |
| SHA256 | 7c5de4e1c700903d974650f009cc5db28dfeaac8abfda9ab4115049b17f0706b |
| SHA512 | c45da7d544c0d6234a055a5bb6ad205078ac981d4616aa9143335c12cd6bcff2754147af5c7008a538ba8cdc46a8aee06a35ec949183f95916dd1a5976ba047b |
C:\Users\Admin\AppData\Local\Temp\QQMI.exe
| MD5 | a85c7cb3a8e6abe7b936dc2792e67053 |
| SHA1 | 94eb462af51e358f85b306f20579cef5548b7b2e |
| SHA256 | f7c0cd2f1c78a1596cd6bc16444e4fbe4375266d129ae2e0f06513926dd88db9 |
| SHA512 | 186f9f3411555910904938dd2b28616b96eb0cb02ddba5329caa76fe993e33b8ce6c9bb96f222b2ee2ce47b0688d08e9bd8d1d69839114d2c8ddf33168e213e3 |
C:\Users\Admin\AppData\Local\Temp\IMgO.exe
| MD5 | dd94957f5080ef32222bbd1c7f29ec05 |
| SHA1 | f255b05baf559596d8d7d67077d0051ef262daf5 |
| SHA256 | 04e1725ce0e34010834aad77e91004a219bbefbef66b4990d9214c7bf298f890 |
| SHA512 | 0180367437fc5e9b32ba33e493d5b660f82a66fda07e4411945e75528b9fe34adf168204fdf3a52b54c642d1043e3bfd1a6521997bd38222a551f8e7b270cf9a |
C:\Users\Admin\AppData\Local\Temp\ewEu.exe
| MD5 | fa55e05e7694e673d26a26e7e4a5953b |
| SHA1 | 13f74dc68870251be84133a03a12fe0b1457f395 |
| SHA256 | 986785ea10ad63e5ccecbf0109ce7346ae4c13eb6d838c04edb31185798bc67a |
| SHA512 | 9d324e959d0df5c9baceb24efbcd73eedc41c970c3ea8a02f411d2270bb6dce974b645f6e0a938eedc6a3457ac8806c2855f2a2152d05772f909053f91f8db26 |
C:\Users\Admin\AppData\Local\Temp\AQwG.exe
| MD5 | d0a7dbdaae3c4150deef8a7bdf89e9f6 |
| SHA1 | 12aae3d72c874872f33faa9f0d7f0df1670491d5 |
| SHA256 | 531ecfe7d1d1bce7447a879315b56ea7d4aab562a282149af5f0ae2c071e6f3b |
| SHA512 | 7cc917a0fe3b9dbef14e076e98eea2ed5b3cae447aabf582290da135728b652b4135dbeaa6303d80ac36a0ea7449c974dd869130c46aee75bf0d77906219f514 |
C:\Users\Admin\AppData\Local\Temp\acgg.exe
| MD5 | 75ca7576be7bd362a2c41eb70a76d1e8 |
| SHA1 | 67ad7a7f8545bd863ad6e978b0ecc1427ae122d3 |
| SHA256 | 100599c5a009bf079c5a1753acdca51f02a7406a69ebeecbf27f550d6c9129a6 |
| SHA512 | 9033fdeb3e5a5fedd0a1ee636580ed8dfb3cd15ee351e27635091dd52014cda7947a3003058c8360f1057945e11434c176d4c108e63c2d067a190a91eba16fac |
C:\Users\Admin\AppData\Local\Temp\YMcS.exe
| MD5 | 38a21f577e262a9208d09fa29f3ae285 |
| SHA1 | 28a249dbe232a273c5008fa62a17995fd1551563 |
| SHA256 | 82f34e2fff5fbccfcf367921f1d42dfa96b669032e249feecc040ece34d09f57 |
| SHA512 | e6a1678658c310f64f6894506a605188cc2093f6d9698919f6ba47b07afe75cf6621a740e56e858238db875773851d24110c759108a45eb17b538357d87161ce |
C:\Users\Admin\AppData\Local\Temp\WQom.exe
| MD5 | 8670ce8b0a1a12356540db338b55b939 |
| SHA1 | b640b1481ef31bebc306974884f282e1ba5699d0 |
| SHA256 | 41a53fcb0e8fd287618e9924237eae0106b689653c3ec79b93dd564251e365cd |
| SHA512 | a9a9b0d22d39691d9125fcd606887cf77af065af79d09fd4774f31ab59dc904f836de1de185257ad06934ac551e50b0a776c429392ef9c4fa316dc9fa1d9328c |
C:\Users\Admin\AppData\Local\Temp\OkQm.exe
| MD5 | 9540043ca0db23de59ef71567f2f453b |
| SHA1 | 063917157933ca00e8c3207acb0d0bac509e506e |
| SHA256 | 59f06c072305a93a374738a99926fddd2e9648d05bb6f87d6f8d0cbd5712aea1 |
| SHA512 | 4a6e7ea5276a7f81ed472b79b42eba2de928d94c388565407db301c1d82bb04afb036afde5c52a29609ed605402f65ee4de1d92298c7c2593298f019e6cb0774 |
C:\Users\Admin\AppData\Local\Temp\Ckwi.exe
| MD5 | 0b278154cc7e6b1dbadb348ac1be0c95 |
| SHA1 | 06c53a9c644e7a6ef8ff34de79486aca452c0ec1 |
| SHA256 | 8b50eec6b8cf50726e00dbe34a8a0fafcc610cfcc26c1fc5bf533f4fd977cc05 |
| SHA512 | e9f7fe1ff9de2454a0a298527a8a9542cae5e0246a536c64a7c17b1c704324eea14961d607fcbe225058c759ec2a6538e42d7776201ebe7db2399ff97d955304 |
C:\Users\Admin\AppData\Local\Temp\YCoggAcI.bat
| MD5 | bafcdca16b06a721d083996f6eb452f9 |
| SHA1 | 64d56839a2fa18064497b08e81dee8f5a098e3e6 |
| SHA256 | 99a4338414d6716a0bbcd8a6462d91106566b929b1ae26b66f143fd1e40d6d1f |
| SHA512 | 16f1ec720173c01802a0b09f160f2ba753dee84b6f28a180ae5bb4cf618c9f4bf3bb3bcf6e3b5362ad2fb81c1a046f5dff02fcec6dcf090f06f6be8e30e39ecc |
C:\Users\Admin\AppData\Local\Temp\IAUI.exe
| MD5 | e1b21fab51d3da3398305e204b1e5609 |
| SHA1 | 503bfc55afcf1f8e80634c21621af2f1ee7f5139 |
| SHA256 | 72a7ce6fa6d8a938c1bb35015c2401a72598aeda79c0f4689fbf01ee6c8d24cc |
| SHA512 | eb3a501d55cbbe852a7cd3ad276a95c96d1aa03607e1fd84d8d62a2dbeef3c5cd51c145852f34dcc3ee350401a67eff095783f749116663b67c004bfea5d6ce6 |
C:\Users\Admin\AppData\Local\Temp\egAk.exe
| MD5 | 2eaa8769fae033b3966fa43e67cd4b55 |
| SHA1 | fd1b0f578d7eeba2b116e1592fc63bc7c6ea0e4a |
| SHA256 | b8e0bdbd428960fb2131450a5c9708db31fd87594c39a9e4168ffdc6230e3792 |
| SHA512 | c535117c7228735d9e8a692e9b22d5d489822563a94a1140fdd2dac7b7edd49780cc1ac632dcefe8c34dc819d6a7c46a0b3378cd4d1e1ea70782ed277f035c28 |
C:\Users\Admin\AppData\Local\Temp\QQoa.exe
| MD5 | 3d5544c5cbd94d681b4a29d627acd060 |
| SHA1 | 48291375c83ea0fed95887f903e8cacf4ba8f63a |
| SHA256 | ee6c6acfd164fd0b4f86ff9a5fb5297878e5c0c425d7ff3df934a85343c6da8d |
| SHA512 | 8db65dd187d9bec72b0a15c5550d601e93991574c1eec3a6d30dca87d74f3a5c3da9347413f7b964b1b03598d416cf9cde55f96209886f9bec84fc1cf530dc70 |
C:\Users\Admin\AppData\Local\Temp\WMwg.exe
| MD5 | 0d9ff69de111e295c33cae6f3e9b2567 |
| SHA1 | c6e9d1ada535251c4b2ce6bcaa6a98025c99dec7 |
| SHA256 | efc999959ee7ca3b68b0c595a123d7e3b57aa30d4f69c1619e23c61b61e40fcd |
| SHA512 | 73890686a53a5143db8f2961912f1bd4d2d6b40fb93eedefbb55a8a7785391381cc8de96ba9b28caead836b0a5be9b908465bd8eae2fc2d1e5fb1a26fd052793 |
C:\Users\Admin\AppData\Local\Temp\aUkA.exe
| MD5 | 8d51fd60520ba5d8768ba63907d39957 |
| SHA1 | 48b58cea9bb2335c4d814218b4a0b436aff61eaa |
| SHA256 | 603f65d4bc213af8b9849a76d699ba6779c0360b151b5f15fe3d2535632669b3 |
| SHA512 | 407c31050f96e8d4e3ee48ec053aad4fa65f3532a229b8eb4aef1bf56cbf7ee45799e254941fbff7a7fd44cef1f160b53a5db1cdae19397f06e1a237bd5c184a |
C:\Users\Admin\AppData\Local\Temp\QYEW.exe
| MD5 | 6253ae4c6840385292c183a545956136 |
| SHA1 | f0adceef5ae82eb52de7b72b687879549bbf0019 |
| SHA256 | a4f8b51e88a91704a625678f9d1cd405ae7482e1b2fa0f9b23466d0687f9e080 |
| SHA512 | 473092c9579b42126b102c3765d47f4acfdffb0e52aa6d490f4eaf7bb824b763ecfb303db09153ad1a3b28d260bb326f3229ab231c9a2fb6e0fead548d07f51a |
C:\Users\Admin\AppData\Local\Temp\CIcs.exe
| MD5 | 4950ec379fdf7ed62ca6626312bf224b |
| SHA1 | 43a86d862491446ac9ae2ec6f23213ceb38ccaea |
| SHA256 | dcb2b7a9ec881e8a7b2e454e49440acee35df4d1b36bbc850ef55f44d78be5d2 |
| SHA512 | 2b6827310653cb5e4e50c7fa4259dc34d1c0d9d05e5558721a38c776c332078a13209f8a51a40cfaf618df2fff8d8b49c8ce0e1e240204601a715dea562fa0ce |
C:\Users\Admin\AppData\Local\Temp\CsIq.exe
| MD5 | 002257bb32bf38944ecca5dd9575cde3 |
| SHA1 | 458e69212ce57b55e0b1c2c44da102321ea33087 |
| SHA256 | 9f38591467d1db60b31ef438331634a787c759a510070b16ec334f056712cddd |
| SHA512 | 7e699cfe60099fa5897084c917b781be4791e481212e8cf9c4f5801391cb5243f5e1e894fc7d6a39075f30ac00d03e7c4029f061b86532ec4c3ba8a6ad85867d |
C:\Users\Admin\AppData\Local\Temp\IoQkcMcM.bat
| MD5 | f61e4cda99e174a6d6f22654447dfb43 |
| SHA1 | c57e5a204ae6ec7b841e170c50da7cb0162d5547 |
| SHA256 | c75ac11b1194c62e6ec63d10f51fed644c6c40274899950e06d8db101d1a7a13 |
| SHA512 | e8f88845eed21e254553094976c9868466535b05497d38f0034aa29b6f6c2ef71dd1257f9567254d511c881ef63a4018831d96e2f65b68e133c2e20297bcab5f |
C:\Users\Admin\AppData\Local\Temp\gcke.exe
| MD5 | 9c1d6db49fbfe9bdb223ddd823914778 |
| SHA1 | 3bf04048d908eebc65a4f1c31cc4475f858529a5 |
| SHA256 | 0177627e3ac3820c04db182d2fc7bc587049ba159ab9790d6821f250a737be62 |
| SHA512 | 673d5002a31245187094aa2c1de9bb996f9b60169950b90a2831eda39454f43cd5d252b35227ba25c7e9f321460009861a0dcbf1ff12326b689ebd1fee1f62ab |
C:\Users\Admin\AppData\Local\Temp\UUYY.exe
| MD5 | 6867f4998a9477f9e3e88b4ec72cc1d8 |
| SHA1 | 4812aa9b9a3e3df519d8df9895a510c994f02e63 |
| SHA256 | 3dc4136090f7e4cdd23a8df41e2cc19e2d56fc858275d40aa26f9baf6e845541 |
| SHA512 | d86cb18d314341d7917f04575807286fd0feab37dfa25108f7a92f82d2683f93c0efc61fad88da56b1224d75298b9a68244b6dcc8040dc586c910423530a4702 |
C:\Users\Admin\AppData\Local\Temp\AAcA.exe
| MD5 | d599a0f23b59d66db76a6cdfc98b3365 |
| SHA1 | e57d8ce4b1a77a61f266d2058403f7e9d2ba6779 |
| SHA256 | 5402e31f91d580c7ca9d40bb074d36948e2020cadeb8383cb793b8502b082b56 |
| SHA512 | 77181a2a461165497ed2e492230e49c319c4bb2091999de969468d12cbaeba9daedeeff011d1df2c28043de1f1e806d95582c3c8a70e576b774c49160193f9b2 |
C:\Users\Admin\AppData\Local\Temp\oQMK.exe
| MD5 | d01eb905da1a91ee2c02cd6b8fb426c4 |
| SHA1 | ba0507d6e495e0ae72aaaa797e04b00274a168be |
| SHA256 | 2e90c30131d05f089a8a6e9006eaa0b2929478d660b5ca62687622574d8568ea |
| SHA512 | dde3e3f207f7a8fc914f0a8817dd611f122bf628477389bd8d4cd6033f25bc98ba7b3325f4669874d8b19ec1d16897f34aba755106889d69ce41ff60e87f416d |
C:\Users\Admin\AppData\Local\Temp\iAcS.exe
| MD5 | 4f7c88ac20b44f562222de7f32f23f65 |
| SHA1 | 5bbbe380f4a2f45bbfe8dec36dbcd9cada65c0f9 |
| SHA256 | 94f8359e28685eda1b84e1d8482233a25b310c62dee96738d764fc90f75e419b |
| SHA512 | 79d56875444e3fbea1fb0f8fc09b940b5fd2ed990bb5d170f2eca7e12de60201f603cc32eab5014c135a8764e3a67edc1a6e1c735e209f9d5b508e66e68c6a83 |
C:\Users\Admin\AppData\Local\Temp\gscA.exe
| MD5 | 48965004ea53c5a71a51e05d0c50c559 |
| SHA1 | 275308084f4a42a023715c6df4b977febb15d816 |
| SHA256 | 8efe82d9ceaa6ce5e2b7db3f1a8027432f65befeb63031947fa268f10670eed9 |
| SHA512 | 3e4daa9f5ab6297a756fd857488833fcc3831bee2f3d9e829949b5daa1bdf8901d027ca74466496835a0efd42bc0ff05c976bafd7aa50b94b258236ed0558ded |
C:\Users\Admin\AppData\Local\Temp\OgkY.exe
| MD5 | e344d76ce3ebca4581786c5a272300a2 |
| SHA1 | 85f81db1fde6b6195d4f4c49e9ad21b29ce7da81 |
| SHA256 | 187d22b76b225b0590fde7010c37ac9135f48c1ab5e08c4afc45283f501cc5c0 |
| SHA512 | 36b1052877c36d4c935474fd4603d3b05be1672fc9c6e6c9a0199ab71425e46bb5d266c624654f128c51ca5920f66c83675e5ea45408c45f1e34beca6735935b |
C:\Users\Admin\AppData\Local\Temp\rmUEAIEk.bat
| MD5 | fe5e95761fd3657f629eb04a568505b4 |
| SHA1 | 928e71e69fcc3a18a512f891acae31e5b8941902 |
| SHA256 | a23f1a19d2898d8cd4d1ee2dd6db720dc3b78550e1f8174b8877f1c6c015b997 |
| SHA512 | 2f97e51329a700471da2e9eaf4c30915ac6a1cbed063833dd301ecac25647cd49aa42a095575560f0d2206e40e2547f6b607e4262bd5580b1f7d41c61bc94302 |
C:\Users\Admin\AppData\Local\Temp\McsG.exe
| MD5 | e1c7af369c224a53c98842f28feccc55 |
| SHA1 | ce07e5a87eff1c98ecd35a0000c0394031669ab4 |
| SHA256 | 88e368401f7af1c11e10d7b3e03ed465398b37b75cc8582167e460403a560059 |
| SHA512 | 793ccff21c903b75403618563c6781977732de216fabe4686549840abc81149cd7b4c2db2bc76f849a42555607a1206df8a88f08c7858a40eb91707f3089263c |
C:\Users\Admin\AppData\Local\Temp\AIsi.exe
| MD5 | 045500de7997ab52cb25df98e735e26f |
| SHA1 | 422b151a53f58592947f54c88253039e1a63894b |
| SHA256 | d61a5f9ec7e63c50ae4c15ed4dbbb7a6034e302041978c32d9145d06ba3af3c7 |
| SHA512 | 7d79ee74017c46427a7aca8efd504f5ec381fecd546095d4f1d065f54f50647c8ba4445e669326c2af3c0605540067a578f804f9505af1fd98f4e927080ea442 |
C:\Users\Admin\AppData\Local\Temp\wcIA.exe
| MD5 | f222644c10e0c2383e59681614d0630b |
| SHA1 | a1b5c3ea8f49e79136810aa67e9581226cea68a9 |
| SHA256 | e2d180d9d66ccfe4aee4b4ad29573c70c875f51bb16c0a029d9f8c201d0ac2df |
| SHA512 | 63662c93b73f6e7c3f1f88651e38b670dafcbc46ccdf092fe229eb216134b155ea22854b571eafcde57a2e22f359df9c18e71b5f82a606379be4b140e60b7d80 |
C:\Users\Admin\AppData\Local\Temp\CQQA.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\mUok.exe
| MD5 | 3b163e7919c6c5c0e3675db943c663bf |
| SHA1 | 6e0a8c7673c2f4f312502f4aeec203e48a00bdca |
| SHA256 | 0257d392caa0aa6b5dce6ed999738344a19cb49353dacf20a3609a1dc698130d |
| SHA512 | e52efa80fe30507533d1b59b5289316a706182d07cbb25a5c1e64e93595d5b10a5d3f3ac68cf7643b5ca8089ceb5d894af183cf8ae3d666b8f900512a10e6692 |
C:\Users\Admin\AppData\Local\Temp\JYEkQAYc.bat
| MD5 | cc257acb9f291334bc85380dc762e353 |
| SHA1 | b86ec7ef916db1f9c68cc5faae12a5c1d8f5f81d |
| SHA256 | 31ca85bc610c85b917a46be8b149abb8483111c1aa8fed287dc4514c37b8feb2 |
| SHA512 | 7bf2daba31b2db408d19526508015e06f1bb5a8bf7f495b3d102168e259705e457daea75a904b0ee5b9e7772bd39a9d164f421aa2788154a668abfea0db7e182 |
C:\Users\Admin\AppData\Local\Temp\GwUk.exe
| MD5 | b48abd69e2baea40acc21d01b10a1a8e |
| SHA1 | 0e6191f0b01db456769223c12ca924a7557b6729 |
| SHA256 | 5bf6ba4b6ae9715e34b8ba9420707be97f5cd97146a91bd8ddffabf9cfc450b0 |
| SHA512 | 11474c91599c449379e59a89f2d7366e46d9525921d9ad1be4b197d5383a78250bb4827055e4b4e36a8ad56f64789f9bc4860a4fa574685894ea3f43304d9d02 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 1a49d6fcc1e71c341a6c4f1a458c13b2 |
| SHA1 | 761beaaa0bfe90f988184381e7f4158c657a37bd |
| SHA256 | c6099cf82df33c74274ae9114a7edcd43278fbff0692b3976c38ecb4f086032f |
| SHA512 | aecad0d9aebbd94c253ef9d27730144f46f4859a6f3bf2b99932055850ed7f4184b311cabe205300b1041dddda73c752b5025c6347e6a67919e5ba7cdc08176d |
C:\Users\Admin\AppData\Local\Temp\OggW.exe
| MD5 | 13a5a19b385580e0d4d6a3b7458feb0e |
| SHA1 | da43aa21ff515cc3b38b4ff395b6aeb24c094eb5 |
| SHA256 | 3288d492b28a4cad13ba8f9384e5497d6f866256eaaa2123ebdedafc0a92bd18 |
| SHA512 | a789b82aea17ce8e96c8ff35227cb9b222986479b5633cd9fa64eb720dba3e12881f761cc6483873a50f5d3bde8c098315934163d91606ee9ce98c64f7306113 |
C:\Users\Admin\AppData\Local\Temp\rMkcIccM.bat
| MD5 | c01438786bc1870e6869c47c1c6f729d |
| SHA1 | 8b8e2f3b207530d4cf80fd423e633da27f004d76 |
| SHA256 | 2c1df23e68dda15c7122e9261fe2562807c64db0800fc45df616141f957760c9 |
| SHA512 | 8e376408183e2271c590a7e14faa2a734cf6921f3ac9ea8440590b874737728d430cd2fd5123736b73ed7d492fc78f464ccc626cea84b5047b22ca0e4ced292e |
C:\Users\Admin\AppData\Local\Temp\nmwAgUYI.bat
| MD5 | 92b24b0f761cce0012c6770a8bab0846 |
| SHA1 | 17c9378e4ca30674c1ef2ffefa5851fbb26c6372 |
| SHA256 | 4ee608186cec8ea8a5cb982305a61a6d83ce3a39a5b8b2076e3f4778f7cb3b81 |
| SHA512 | b7d44b088520946e321959a06f1dd08a49888f6e0d7380134faab5f74aed3fb07d5c9adb97743ef1ed16cb3277ec3d909757526ba3375e7635937f3d117ab860 |
C:\Users\Admin\AppData\Local\Temp\yUsUgwoA.bat
| MD5 | b2fccd7951481d6910716b7b2141e646 |
| SHA1 | 8e3c9c515b6ded70fa6d4cc9a24c421a18c177b3 |
| SHA256 | 3e9e5491ce8a011a2c73a593f92623618aafed0e7721517f78b90b13b5d49a53 |
| SHA512 | f1184295fa346d3cf7e4a7877cbcb1669064f1b8c25063376d7654d99e1dff0b152dee3545cb66fe3238f1fd8c19679343e03f457130dc919b88885226dd15d1 |
C:\Users\Admin\AppData\Local\Temp\KuQkUwko.bat
| MD5 | 282575aedd0adb2f5dea8931cb5b93e9 |
| SHA1 | 8780bccf2f9b189557b633a98e8b81bda25f88d7 |
| SHA256 | e9da5c46bef9de0680649d85e3439fe029976a003c15e480b537d154ef1169c3 |
| SHA512 | cd0286904d26ed1887b40b84ad55d89c8203344b6b96f7a8e7264eb102dc2e3bc6ce6fe48ccf78865a651a870adad16b3f3b8c0de75ecd01bc7106e6093090a6 |
C:\Users\Admin\AppData\Local\Temp\CIwookEg.bat
| MD5 | 505c19f23f2c1904bdf72ef3a9747633 |
| SHA1 | 20402321ab24eef83ccf74846877bd359024e626 |
| SHA256 | f01f6e0ae6cf8ae132cc88065d7aa105ec4668683d7e8238c9848fededd63350 |
| SHA512 | 989c2126cf3b6416f8153d7916501cc892b420177e4a35998194935db6ff084c23b0c0bc676968b076ec3a63ad6de361077abe3364cc55bf42a659a0b93e9bff |
C:\Users\Admin\AppData\Local\Temp\SeQUkAQc.bat
| MD5 | 882eae47b4ccc0df59c2f02661513450 |
| SHA1 | 353cf8cca5673eca8253ba02c1df9249a78ce600 |
| SHA256 | 159467a8a9fa1ccaa4b8962981a744ec0bd405af2215893fcb0dc26810a40876 |
| SHA512 | 628adb60421b39fcf3ae6ad19300a7991262efe2bb7ee0f51c57c768a3ffd669b925e883eef42326abde3ddebe4c51105d60c82f5fb37a969e6cc76b43a21e95 |
C:\Users\Admin\AppData\Local\Temp\UowEIkwc.bat
| MD5 | 4b3c752d983170d54ec62e1c3de99e77 |
| SHA1 | 59730dd7019bb8cd5e6b7c6322641382770cf6e7 |
| SHA256 | be85755456cfd0eb45393dce2fe9f74e0787cb9e40c5a993d7853dc5132c96f7 |
| SHA512 | 0ffaf6cb45cfbeefc22b45f5dc996fabdb742718612ee9fd1906156c49044cb4c084dccc80453e7bd2a1f253517e72cbc84bc5e0d3b554185f3e010f49e6f3e9 |
C:\Users\Admin\AppData\Local\Temp\XYgMsQAI.bat
| MD5 | 1726fef29656bdc1c7852d80f765e5cb |
| SHA1 | 895d33dbbe61347628696b917c9244ae040364a6 |
| SHA256 | 72a18f958f7b0895e8f687e4d6846880e673a61a4f0606ee3b9882569b1b0504 |
| SHA512 | b370b031c5b8beed3c4a1bc2781ced1edd1d4ef88e4eb00d8dc795c70c848dc095c2e751ea459cf9a4a455487dc1163d364dec10c0a66fa15b2c884c0d56a2c4 |
C:\Users\Admin\AppData\Local\Temp\dyUkogcU.bat
| MD5 | b789b9279881e09ef3da53becb26f616 |
| SHA1 | fb0dd4d95a3c30224e89ffe2ad3dc9bb8cd90dd4 |
| SHA256 | 32182c8b5e8d1acf6481e0891738a1552a5353d16ec505b6148c72b96f0ba5d3 |
| SHA512 | 5b9cab5ec457f70327e07221e03c5b2f551778e0bb7a2ee809ba8b2c96250c69566901ab345b4162dc51f9b1b1a38829a41951794b3ab76f4a11fe8962f273f6 |
C:\Users\Admin\AppData\Local\Temp\LeoUgokQ.bat
| MD5 | 8b4c1221ab50faef57310b29f49454f6 |
| SHA1 | 9784ede566a0966f529d6cd23fba3993c62fbd4e |
| SHA256 | 812cd0c991f6a136343fed0e55145dcb26f6a5de18d192e0043ed88ba8b6d34c |
| SHA512 | 221b40652ecd3c99fa6b7d93542f4f3f00045795a2575d065612bfcf38261ebe33b368f5ce80646ac61d9d401bdc4c8daacc6b72ebaf01d4f21b9d6e52c0c0a9 |
C:\Users\Admin\AppData\Local\Temp\ZkMQQIoU.bat
| MD5 | 26a90ccf50f8c81105f83d68c2f903cd |
| SHA1 | 0500034f3677d2e22eb81c1f499d2dafb5b87934 |
| SHA256 | 61a8de275404454580d5fa9ed65150586abeb36651db55c0d867860127b572cc |
| SHA512 | 04599851baf6e7c989538c83d45cea36d8532ee52d67d70d95148807c4e62c152d1ffc27a4d68c00c58be871704ca1d6b5b921bea2a8fc9293fbd3a828f7bd81 |
C:\Users\Admin\AppData\Local\Temp\yickYoIw.bat
| MD5 | 18eceeea62092fe9a3621e517fc03e80 |
| SHA1 | 406c0222c0d3964ae63be849bee5e7c1dc5b080b |
| SHA256 | 8b7b66cb8961a35f9f4ff59bf5db10f40dc352b2b4500c0eb3cc96b3c31b5e15 |
| SHA512 | 1cd32cef918e6f812c162f484009c89a73437270a8c49434810160534fa1438d0c1692ca63c56f59bc2b8fba14bcab247c3c9a703c03e2f094145299df2faae7 |
C:\Users\Admin\AppData\Local\Temp\KGIswIog.bat
| MD5 | 072efade632e3c688d079cc315e486ff |
| SHA1 | f421670a161a60424eca88ad5a2c5f1dc6306486 |
| SHA256 | 101e3d84fea052d6b05fd90671c971d11c2b1a70a5a75008dcf796c3236a7de4 |
| SHA512 | 3a844b20da9f880a1def17d4981212a50e94fd998dc94a7385ef1b8352e60a9a0bdf480eb99eb4931ea7feeb41971f80170e7b799f9755af4c846bbd02cd4339 |
C:\Users\Admin\AppData\Local\Temp\SEcsccQA.bat
| MD5 | 0f9912576f7e2c893636e0f7e801a6b4 |
| SHA1 | 7e4548435865ed9dc15042e41201dc7d5130e948 |
| SHA256 | 693f6f1fc51739d5fc00469e6368cb93070d5a27fa1d9961bffcd246ff54020d |
| SHA512 | 63e22c8892277a672bbd9c71175b33f9f81f837e55c2d501041be8447ed28f07f0b821a3109e3824e7ca1c4ea4d6a4c3d593165f74ea8e60d84fac762e511c5a |
C:\Users\Admin\AppData\Local\Temp\UMEi.exe
| MD5 | 448388b0833f46a21ce4d3cced7f944b |
| SHA1 | eaefbfc6ed6bdca10af25e02d22298b84161daa0 |
| SHA256 | 1bf1e779b5625e436607a9b47dae0e5949a74523f7104fc6dbe2be44931b1829 |
| SHA512 | 9541a5369d9a3cfc324368e326407616194b267c590d83ff9a2ea1795fb72ddacfb7fdada13cd5a6c6619c501f0a48bc91106d0e39ba58da306889320897534e |
C:\Users\Admin\AppData\Local\Temp\IqwUokYs.bat
| MD5 | 7712de14c49a1340eb99ea571d566b15 |
| SHA1 | d5c531b3e747e11864fd4d7191278b617804e787 |
| SHA256 | 6aaa4e1357abe582d906ccca306dd4a0487ef0c8369643797f7f14757eecfef2 |
| SHA512 | af113e0b22de596ed3fad05ce2ad72dbbabacfe78c6b428be708bcc0a094576adce2004f00aa8bb63d3d0e23633706cbef8b64adc5bcd812013e2a85beb23e71 |
C:\Users\Admin\AppData\Local\Temp\uEsM.exe
| MD5 | 1643da795d7bc941e952c7ad924dba85 |
| SHA1 | a9e9775435936080be22adb55135c0d6db5bc121 |
| SHA256 | 9f68d8cb0323e68d8cdfbc5071d92725ba979a452fc6c6d1eb9a7a2372461464 |
| SHA512 | d2071de17a05995d048e78e6f77591acda3ddb418d7ab867fee0b4219911be8a975ea1a8a406b0baea1f0ff2b5dee045ccf3dbc4fec2f99cace7edf01f23565e |
C:\Users\Admin\AppData\Local\Temp\OoIG.exe
| MD5 | a21962f57aacde97f5af01bae3b0efaa |
| SHA1 | b286fae621a00b9c305a0ca3878693e10b1f4081 |
| SHA256 | a4c3d1b279d1848cfdd3f58030f4b2f30c5160fb874fdc694fc3f03bef9064b9 |
| SHA512 | c6d0fe09c455b4af636bb84a9b8ec56336cd9eb5a45592ddb405ee13505ed2ef98ee62c5c83f1c39968402bf40c513815de39a5ad826d959ca17b84c1ca906dc |
C:\Users\Admin\AppData\Local\Temp\Qggi.exe
| MD5 | d74183da400375a2492aa991add0e383 |
| SHA1 | 7353c5a062dd2e67a4f3cc9319d5090576aa2f2e |
| SHA256 | 504fb67b7dad2c65cc188cfa867ad24f2dbb1cdb13f2892b46c64c3b0ecd4cd2 |
| SHA512 | 71833b2903995bfb670210b35457160e421a96041f30ad5f39ab2e99b2f2a3db3a750e1838091ed8f7acf7736fae15b122cec85b1eed1e6f1b386cb31758dc04 |
C:\Users\Admin\AppData\Local\Temp\CoAu.exe
| MD5 | 7ff55a360f634312cc1565f4bd19afbd |
| SHA1 | e7759421f26026c40f66a57aca3bb7253b134dca |
| SHA256 | 92491fafa93092169e0770c9a31978da78c2c2cc11623400e594ae35e906c3c0 |
| SHA512 | 4b9ec902120b1573b9b63c5646fbad39272ce5f51e4cd8a4112b11c547af480584cf6e497d714dee461fceb2293ffb93f54078d9bae0b4e510cc2b6a89c19717 |
C:\Users\Admin\AppData\Local\Temp\ysga.exe
| MD5 | 0255de78a4b1b469506be8a180185f47 |
| SHA1 | 3aeaaf59f41644142e608e592ea965c1f4cd9df9 |
| SHA256 | f078a2d3ce39ee96b3a3626bd693b5194e5f9cee7eb98ffaf02efc8492004c28 |
| SHA512 | 0fdab1d31f325a2df5586118c325521eeb4434676f26f049a4c2af65cc7ecf2c332200470255486368ea95a5ce5d64f60bfeca6a1ce08674655683cbf2e47454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
| MD5 | f97d27a6061cc56550e18bd8d198bc48 |
| SHA1 | abee75f7a75f956a7df9cfa677c1b5e2cbda1908 |
| SHA256 | 3e9b2b482a2f70c19cdb68a47d0ff668313fecf3a46fd670b190ed14355ee68e |
| SHA512 | 86d890122ea5f1c2c46a4b3ca2e54f59c7fbcdc26f1942ec8ea6a0c8d314f564489559994b8e98c1a32571f7d72faae4e6304b0dda82aa8b7f3df63c76e087c5 |
C:\Users\Admin\AppData\Local\Temp\MUQQAEMY.bat
| MD5 | 1a9df9b0d9b9a7cdff609db3831a4c6f |
| SHA1 | aeb8d95236aae8a857840d08267708edea0ec07c |
| SHA256 | a414db7ad665e34ea55a5f2c1aca33ac27dd257b0aaad6f3b39aad042e1b8576 |
| SHA512 | eed2f970fb43050a39d02e763eaa9d09547cf87a04cca48cb227fb6e576348131a01f9a0fbf15519cd261b2ff0ec8228f3e7f6260f7f5b2964f0aca7a1d23727 |
C:\Users\Admin\AppData\Local\Temp\kkMK.exe
| MD5 | b49ab078fd58652e5d1af086182eb569 |
| SHA1 | 636008f152acc3d6c60e597ebfe1b08f2177532a |
| SHA256 | 0569a1406f5d7e8fb08bf5908922e18b9aaa63fd5962f10d4d5c13c3ddc3f1b4 |
| SHA512 | 14d34e9e02ab445f32cee47d358849137cc2dd0b001da6a189e1959b667871a586c0bbfee109947f2f17e7a13205d8f124023df1908c1e6afb64a9f965a5ef69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | 2a123967998c4b5f34f94fe4881bd7b8 |
| SHA1 | 746413b21c9cb7b0cccfc8b38704320c717b058a |
| SHA256 | 1380c773392472b50ad07cea1cecc87a1723e67d5c99cf79e8bafc2b6ad18390 |
| SHA512 | 18af973e0c2e2eaff1cd1fa88d7902da8a5935412db8f4df46288781030eb8666fb6d6dd2a1e1ec0bcef33de156460903f0c2724249a266fef532dd2cd736647 |
C:\Users\Admin\AppData\Local\Temp\GcgM.exe
| MD5 | 7bf349664ce7b8a6f9e96773db436f12 |
| SHA1 | 545cc3f91e1b620df8a71b9785bbf6d4cf5acfbf |
| SHA256 | 0131a3f16d58260c1ad0c68303dde521636b2fedeb05b74a3efa12295364a9a3 |
| SHA512 | 1ea672a4a70047d2921d23cce5a475693c3e74a390738055cc8d9451146e6972dbb4563051ed31cfea368bf088b329d2a696c67286db6e2e302cbbd0ce3055d8 |
C:\Users\Admin\AppData\Local\Temp\mYoa.exe
| MD5 | a7e1c177fe7f4507b7670ea29e4ede68 |
| SHA1 | e2bb813d87c8d221274c2c58de6a1b6f39af16d6 |
| SHA256 | d5fb5b75ce5b0b6bdeb3eefed8c8ae797e3fc467d5f20c342766208730b2dc07 |
| SHA512 | 752d7770f7ee2d8236510cb0105416fad156779b8431b27ba310a88585eb87ed9420085d76a123dea8c8ff960931a26af4b1a45298af2efd7de163b2a03f5e0b |
C:\Users\Admin\AppData\Local\Temp\ruEYQkos.bat
| MD5 | be1b6d78a128cefb0dac26b3c7599c04 |
| SHA1 | 765074a958061db3c122410c9376707222e8467f |
| SHA256 | f618b5dd0a9538bc74d869dfcec36087a2472c992b4aa9aabdbac24d803ca0b5 |
| SHA512 | 843446353d24c98399ac7ccbc0cbfd75cea920144ba903db6c24de2d405cda6e64020e13e0d87317dc1adeecc9ece3d11dfd59f8fe2f47aba4f6f048de8672cb |
C:\Users\Admin\AppData\Local\Temp\cgYI.exe
| MD5 | 28c81d9d463e3f171cd572e311c6b11d |
| SHA1 | a46a8481585d9b3e1df4f3893a53400a4c700b8b |
| SHA256 | 39d11f6393c51d06385870091ed8546398e2bab2c2dbc85d019322a0144796c6 |
| SHA512 | b8b68f807e02b76b6038c5312b694af7350f4db716e6860eb9f83b3760f31751788869bdba4232d1e44a93b8d62d676122e7dba2486be891296c13e26bd85594 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png.exe
| MD5 | cef59962cc2fb50c9183c554b2a510c9 |
| SHA1 | 8d94335a382c870880d646a1ffb22ff2564d25b5 |
| SHA256 | 7d8f97d6b5d3f649eac1c2e0a4bdf7dda1de643183c56ab2d1fa9d76eb3c435f |
| SHA512 | 321cf645ff0ed541a637172e3552a13add750f8ea46b6a80d4b251936bd942bc65750f1640ca7ea8bb9e75ff8fab84b90e613e5c242fe75556c9da1a5e000725 |
C:\Users\Admin\AppData\Local\Temp\KsEA.exe
| MD5 | 40ef22fd220fac47d7f95378324062cb |
| SHA1 | 68073f407078349295c4aa164e8c52e1f5c77b55 |
| SHA256 | f2d24dfd1196b8d1ff61a9b5f46a25b95bd0c52111be699212ad888f69182f03 |
| SHA512 | 0014a4eb2bda28d7c0c0f00ff4cbf2ede4d3e495bc9789b075cd5b120525f73f224a4d0b7ad4ebbc6bf6e6f3270a1ec0bedb0823a99951be5a9f3450210a2712 |
C:\Users\Admin\AppData\Local\Temp\RUkUQgUk.bat
| MD5 | b1944a233a48a86b6052abfa0ac5c3a7 |
| SHA1 | 9ab2d692f51c98aafa9b0be964168644398a7873 |
| SHA256 | 9d85cd30aced6653b73c37bb1c9889869acc466d13519afd7ccfb8ec2f4305d3 |
| SHA512 | 88fdab7a7dadc03cdef3e679757096425da9e14b4cd6c0e1f70b24eb0235f7e4828c2e1ce1070802764534cd5ada683aa7bbcff7d89b66e51ec76c52b9902f74 |
C:\Users\Admin\AppData\Local\Temp\OYgQ.exe
| MD5 | ca068571fcade00f381b2619eccdda7c |
| SHA1 | 81aceffc0db8455e88d93867d9c4657a7648e7d9 |
| SHA256 | a63a41dc82b5e180941ead0a504b268fefc7a596b6226549e507b42b2b9d68f5 |
| SHA512 | 37e0cfd1e01f6da75cf33f16f26c987f936374a444f08fbf72fe9103bcfed6341bedd134659dba2492f119369b97b0a4415cc35a560a65790faa67f2759513f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exe
| MD5 | caa344143df8b355fccbb38f20af894c |
| SHA1 | 0eca04aa4858c7d5e7daeaf967ec2f4bd39ea8e2 |
| SHA256 | 46b9e0f3c4200684aa2c9344544203524dc227a9f560162be5fa73979e2d600c |
| SHA512 | 6da6d7687fe6974dbcd5aa67d5e32045e60a33df53cb5804390740e3baadbd8489e321037327242eac5fa367a072ce1042d00ea193da4851b1b5f898336421de |
C:\Users\Admin\AppData\Local\Temp\cIge.exe
| MD5 | 58dcf3c7e537a0e74ffc9459e092c619 |
| SHA1 | 26005f02e262d2f58f2a7414388abd4fd5661592 |
| SHA256 | e6f30a780a82edc6fc8ac89d3742b0cd31c8c23dd8182689a99d7517c8d6982c |
| SHA512 | 92345a2044ddb2cb4937778b05d355e61dced6ba52ef470d21039119cd59d622d2a8a1473f843cb7f576e2665bfb4fff1688fdf134159d7d56b776f5ce273291 |
C:\Users\Admin\AppData\Local\Temp\cEAG.exe
| MD5 | 3c2b61dea8831f2c559286ebbb16b8e6 |
| SHA1 | 375cb6981041c9acd323d355c6cb95f73d689231 |
| SHA256 | 9b30a9f2f1c9e58076cc0d589c0b139c87307eeca2227bf3f8b614de831ccc71 |
| SHA512 | 227a9111d06fc9917ddd19595af8202e67d2cab412aef7da68792a37d0247ae419b46bbbbfcd6e3268fdb1d48d6cb6471fffa9da45a5e8214e12c4386651442a |
C:\Users\Admin\AppData\Local\Temp\cQEs.exe
| MD5 | 3a6375126cf43de3ebdcb353ce6b8100 |
| SHA1 | fe7a5fb1681645b3194ede0a6238f59d524f7d80 |
| SHA256 | e48b831afd8d0f51ae11e53b4f360baed4978f2017e7674ffd06c97c03917e7a |
| SHA512 | f7e066cc7eb42ed48c6550ac18bffce761ea80b7246d8d238322da32803695bd40501c6bc7fd2d9004f9722aba9554062d4c4e7ec5b3b6995907a169ce9179f5 |
C:\Users\Admin\AppData\Local\Temp\FuwwAUMU.bat
| MD5 | 9689ab3e8ecf47375cde451782ced773 |
| SHA1 | 50e2f6714d4169cdc5c2119c1faedb16ebdaf073 |
| SHA256 | f195cad6a8debebbb6bbbcd3cd6a4c1cd86664f59c5bd11fbd13b1a898af1806 |
| SHA512 | be28a18765436235d1a8c3afbb38a3f529f30fbe5ab2cbef60db5ffcbe754c7603266d452e23d221436729cf2520cf7bc6c4e1b395b10f680e92307dd2b0ccb7 |
C:\Users\Admin\AppData\Local\Temp\QIQY.exe
| MD5 | 92c28bba328075e61fb2a803fc5207d7 |
| SHA1 | 76ed129e156cd5b62da85cf834fef17f2efa8d05 |
| SHA256 | 28fbd76af55e82f03d960bc0c3f8312717f245833af9f8fd9c358baefb749233 |
| SHA512 | 280d0a5d028ac32189d18ac98a00af6229c6f24a93a7cc8ec8f9ae4ba490e7db97a1cad461eac42eff42bc6865b4e1cbf03c5784e694e60f7768c5baeae2c97f |
C:\Users\Admin\AppData\Local\Temp\mEoK.exe
| MD5 | 7877a1b24f7eb2b5015960c5f08dc552 |
| SHA1 | f05e471b6cbd3d313964bd5dc2bf250ef4faf451 |
| SHA256 | 82141583c42285756de3f7b23b7eb33c4e8331658f3619cf94dc77e1a0507dc7 |
| SHA512 | d8319ab31090cabc45ef6ba015841f8c4351c5b5866edc73644af64d3e8bf4275d1a0956c60fc5bb0392671194d61a5f93dff2886d0cc1347061e77ea9e027ac |
C:\Users\Admin\AppData\Local\Temp\QEMs.exe
| MD5 | 2f7fde867a288f297e8e324753be86b8 |
| SHA1 | 1b395a688a909ee2a463fdaa4b1c5d323ce09f91 |
| SHA256 | 8a06f8916f6680c35481278bbb759b894cb91a39b30d93501f3d730ae1a8c058 |
| SHA512 | 2b022cf99df964964232deeda40826f525da4111cde7a64892b2fcf3966ad249d88b4e799e46715de68475484fe79336fb3a548b4daa51280f662d3134b7238a |
C:\Users\Admin\AppData\Local\Temp\FmYwMcME.bat
| MD5 | d4cac16a5350517e876aeeb36752d396 |
| SHA1 | 6bba72225e5ba1c55effdb525acacdf2a90bc7e4 |
| SHA256 | cc9d3894077e563b12d6358f4e70fb4fcbd9f70d18458e274eeba891b7e2e38d |
| SHA512 | 063f9b8e203fc03492d2f21fc39234fbee072e402664277496d66b7f01197a14203ac5df54b955d2e37977f8ff69271bfe3059095957b7fce94810003e362b8a |
C:\Users\Admin\AppData\Local\Temp\mIEy.exe
| MD5 | 768c7a6df5314e88023610b2e55c54c1 |
| SHA1 | d9e36689d2b860ae6f545c6f559089732c8d0ab8 |
| SHA256 | dedb8981b62b7f00e7517e11dcbe4552dead27ceac2da38d3f4e62627118dee8 |
| SHA512 | d5f188802bd066c975aa5323fa55b3da9f23a9fab487696f01de7417d61b2b113d789e309f32c205028b2b182b4cefcb0cc1724b8cca816e2b07f90abe5aef38 |
C:\Users\Admin\AppData\Local\Temp\WkoO.exe
| MD5 | bcf73b6b215a3bd593c72cdd896092f4 |
| SHA1 | 45cfebddac0a32640d597f87c20b259bf44817cc |
| SHA256 | 81b9b4a0dc3c208d446f0374f2470e2250350f1956641ccaf58e17ecc07f5862 |
| SHA512 | e362e53d0ddd2a3fab022116742e873749354c983f780b6bbb7a3a31b4a45657d3da44cd55123e6dc368ec92c44fb50e8ab315b9dcbb9a9d0e74e34bc177f56c |
C:\Users\Admin\AppData\Local\Temp\cwAIowkU.bat
| MD5 | af11ea3580b315aa3e5e884d564a6f37 |
| SHA1 | 9843e473454d564f2f95be05c8eb399715fe2be4 |
| SHA256 | c77d566f447c6cd33f0dab15ad0b4b097e133842bcee2e67cb9989ab7e7c1c7f |
| SHA512 | 53726d17eb63a15dda99170d5740fcb404b0e9ffa5bcaee118e8f3a214ab09ebe18bdd1c916253030b04fe04915c5fb73d1ffe4c60eabec5b1c04ede4faabf0f |
C:\Users\Admin\AppData\Local\Temp\oowg.exe
| MD5 | fc0da86b43083c4c8b61343e2ff74c11 |
| SHA1 | 88cc25b3f69afdedcf70836855e100f9ed05e807 |
| SHA256 | 277326f146175391a6562ba4bb7b7ff35b75e4178add7f6f18dfceaa56c5f84a |
| SHA512 | 8abfb1aa4178dd69b871de655bfb320e612657637c22ca8ff895531873d9f561ee8cf0e6f81ae3108826f568bcad6a4675916633d9cb7ae32a31547679f936bd |
C:\Users\Admin\AppData\Local\Temp\OwAEsEEA.bat
| MD5 | 64ce9f16bc9e6ab39d17de145bb78683 |
| SHA1 | 599217f64ae20212291558b62b57850c4aa4b40d |
| SHA256 | 120e8e32e285d035d8be4ffc3567c45b9844b245174fa9ca54498dbbc9f91f18 |
| SHA512 | 23d696fdb47d102b486dbd531889545cd3ff482bc912dbf5495116a5b9f5aae2a43418818732e283cce84e5dd65bad60871240ae58806f25d9fa2584dc50f42e |
C:\Users\Admin\AppData\Roaming\ExportSplit.mp3.exe
| MD5 | 303a9875400c6c172af43e1fbd3218da |
| SHA1 | 2b2b861918b9ff92639a5c03501df539c24767d4 |
| SHA256 | bfde5a88c1dc5e298b98ac50883a0cc37cea53f8f7452ef672cd22bf692da175 |
| SHA512 | 89b52889d5cefa33864e4c2c1f0abfa7bcdf00c5db9c0843529d18530fffffa628d666d1e2ea52137084a04a038427f4718e8ea1e94d4ea3a4889bc3b805f3c3 |
C:\Users\Admin\AppData\Local\Temp\yYQe.exe
| MD5 | 33539d75ca0f5a83aed8aa0437b14777 |
| SHA1 | d444ce695a5e8491ad26f4f044845a68373d55a5 |
| SHA256 | 04e83e9bfa72395b7f8bb5a5b3e40215d12092091fc4e03a746e7e66204aba7f |
| SHA512 | 7216816a6a0c35555c4b67c54b8e0a171b87a2107354d1fda81114976f90bf52e07ee1f95e8dd13c7e0d0ec5e51e23930a7087d21a4823c6889f63aa4b06829b |
C:\Users\Admin\AppData\Local\Temp\ysYS.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Roaming\SearchUninstall.wma.exe
| MD5 | f5267e4eed4ef2e1f88b9eb58046b5f1 |
| SHA1 | 55cd1be878a8c508d1707259dbc7d586fc025cec |
| SHA256 | 79449b39fb7fd518530638f8300cb2ede2d5aeb4e9a8b6232d79dd8849b3550c |
| SHA512 | 65b3e51deaa38c1b4802f37e729de7db329a853a8bb863ce08b1fec6b1876f749a6601e56d86181082b69af28cbae4d422c1e44d50fee3c0d7eb3eaef8ef75c7 |
C:\Users\Admin\AppData\Local\Temp\oMsoQcAw.bat
| MD5 | e7b1de947ed03bafc885b95e05c710ac |
| SHA1 | 0f5072ee4995fb88b6b4aa67981d519c72263a3f |
| SHA256 | f4c1f19932d936611d6783810ac48d1581707ee37aa603da3451c5f68d78baa1 |
| SHA512 | dfeb767679ddd477784315689b432d09cfed7a342f1334ebf23f45a6edba70ac563a70e7940301821777f9ae5ff7231f9f0639764c51c3c87b7feec088d4b725 |
C:\Users\Admin\AppData\Local\Temp\ycwY.exe
| MD5 | 0b1e191ac47b2323a101517ba8f6ae6d |
| SHA1 | 2672f4d37aaca88b5c0a566762ac41b094a79d8f |
| SHA256 | d6613021a231b4552507a43401f631907c3b98ce5f8ca140a7f8c52bea7239d8 |
| SHA512 | a04508bb4b275968bd4444542c910400d593a03b117a31d8773479a89d4e90d1b40efd92a9be7ec930732c0fa3b853d883ce6d6059b0685e357567b268a4d9fc |
C:\Users\Admin\AppData\Local\Temp\AwAI.exe
| MD5 | 74687e4d30a2a93458bcd0af97e0a619 |
| SHA1 | 83871838cbac9ce4e2c8e594961c4fe105eee9a4 |
| SHA256 | 90d3a429b9a171a5f5b8bc9ab3c14cbc8a67faa48527192c5bbf70e15f046122 |
| SHA512 | d62905c4e0ac92853e6b41bb537fe13923ad3f3085da43786ebe210ab945d36657d97da7e8f5f71d3505e220bda44b7370f2bbc9ba6881c87353722c581a0258 |
C:\Users\Admin\AppData\Local\Temp\ysoI.exe
| MD5 | 9a526bb5a1f528cbdf77fc59fac4ca54 |
| SHA1 | 3c9bd3369d842e43db1931d0e50955bb525754b1 |
| SHA256 | c1f364f7f97add98004e5a66ad88b64a7dbc943cf5d7a47df1e605418227b720 |
| SHA512 | d222789d3a43c7ba0b9b08417e06c4f8d25e0093f0032a177eb627876cb6ee56a46629f2b5d9d2b9504692652db25d07a1f634983037dba0ab3208fe68f5453f |
C:\Users\Admin\AppData\Local\Temp\EWQcIkYY.bat
| MD5 | ff42f44272e6f95d9c5d27664836a7f2 |
| SHA1 | 08c436c151bd2dd2eef96aa60cd6e8cba7c3f11c |
| SHA256 | 9f26f8cf93d960dd76850a88461146f7900b1a62a82404b0a261183f794a147d |
| SHA512 | 298b8c580844085edaa236ee79b03d1f6edf09747610963aaeeac1e21c39fe074914a150b10be32e3609294d72cee4955189e9c25986f514a6444c5486718fbd |
C:\Users\Admin\AppData\Local\Temp\asgI.exe
| MD5 | 142e08b321d459e3f8c7be4935ffb902 |
| SHA1 | c79b81868f716b6d67ffa329b4858d587c4d5dcd |
| SHA256 | 23e6da01ca9215b537a99c1fb7afe3165f22e693014aae2e3c23b50e1c12e578 |
| SHA512 | f6051033be0bd086f0c44b9a0ec6f18ec579f37a877d55680715a7c279f6a89ab7898f0fe7ab9b249c57c4fe91316b0eb898e9ac2eeb34e9a90665011b89007c |
C:\Users\Admin\AppData\Local\Temp\SEUC.exe
| MD5 | 1a63376784685d927beae3bd74faac73 |
| SHA1 | 726bfba37570d291b060ebf50e1677e2a1a8ca52 |
| SHA256 | 0d8036409ff630ae2c7d2229df62cf8dd79c5e06cd2077c6e43f84eee2a53a05 |
| SHA512 | 6140a7a39244a09323c312db03eeeb77de4602097cbbc2db9045e46d189ba7f304ad3ca58ad9bd07c3382a9642e3c891e1b11ad53c8f1e60360b04240ef97e0e |
C:\Users\Admin\AppData\Local\Temp\dEQUAIAk.bat
| MD5 | 2faadb72176996a90be61ce363fefb11 |
| SHA1 | 99289a30394dbdc230495de4712bb116a2856f02 |
| SHA256 | 2a326732576945592ede6dd4af427d8ada29c17c0e4e4b82e72fe4f5cfc02084 |
| SHA512 | 350b283e09773d9ab833be27c6d213094ea7ed2993cadd56fdc16d3a26b47d801391f75ce7a48a0e6d98dbde263fca0982e67d909f48fab52ec48cab0500b03c |
C:\Users\Admin\AppData\Local\Temp\OkUc.exe
| MD5 | 7030e0a5a643a0fdc7b56257591d2b37 |
| SHA1 | 078d1e4c8ad7bcd60943e77ddb4d6f8e26c600ac |
| SHA256 | afbeec32cd4ee711f554e7f676aad05ebc44a7f5cfc8b4d0ec2fdf399b08510c |
| SHA512 | 7d65e1f2420f1b580fcce7095623c738d8863ea0bbfd5a10bf0406d37029eeac605e9120bc864f3856e4140c68e7ea49a5d89f1668a4175ede4c04b25b8f9ebb |
C:\Users\Admin\AppData\Local\Temp\egkm.ico
| MD5 | 9752cb43ff0b699ee9946f7ec38a39fb |
| SHA1 | af48ac2f23f319d86ad391f991bd6936f344f14f |
| SHA256 | 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636 |
| SHA512 | dc5cef3ae375361842c402766aaa2580e178f3faec936469d9fbe67d3533fc7fc03f85ace80c1a90ba15fda2b1b790d61b8e7bbf1319e840594589bf2ed75d92 |
C:\Users\Admin\AppData\Local\Temp\aEEW.exe
| MD5 | 339c09c5dfc7c3d7d92c1d95d1a48044 |
| SHA1 | 681b8e1741fba3dc682293f73c583e0e6a203850 |
| SHA256 | da2d5a351eb61fea5d0f33bd9b8552b2c09e7ab9b42547053df0d915f364bcbe |
| SHA512 | e983cb406893c903b825d06d57cbbfd3893da2c96d22f72f3825a502e91d78da86dd52787ae657918a7915c9b126e46a8978aca3f5c881abd298a7a534d23292 |
C:\Users\Admin\AppData\Local\Temp\iAEo.exe
| MD5 | 0c851fb4c9572309809ee7bef3921950 |
| SHA1 | f56bf557d0397844b3627b5739a8951a04faaa42 |
| SHA256 | d17b8848462c80c00fcfc0275a1adb0f45cf981750ea79667c67fbee3a1681d2 |
| SHA512 | fd157360164d5f3f1a10259c0c509dca996b948f3a936f1f0ee47ff3740eb76f4879a0aa3a20c30a28d7ea5a8a00fe58cfcd25a02194bea5adf4d0c30241c925 |
C:\Users\Admin\AppData\Local\Temp\WkIO.exe
| MD5 | 5792c786c5753e0f5e6a37019c8514c3 |
| SHA1 | f2c758f5e221813b1ed8981f1e85d6d9997ba18a |
| SHA256 | 7305f895a0086fd08807887f1fdebad695771ad0c2393730197fa07814828c26 |
| SHA512 | 75e535e45fdbb2081c7a81c3f21dcde243a7c38cfb99b25114ab81a57553daec9de4b2ab25dc95280c9e0bb58ec99914e3f11b3b21e7e8045903018f8b1edfac |
C:\Users\Admin\AppData\Local\Temp\YgMK.exe
| MD5 | a112dcc7c92db8e451fa935895808fcb |
| SHA1 | e330e340da2bdbd3c43a3f6a19cd4a5a3b0df2fa |
| SHA256 | 438f6b31020fcbee369fd5d8952350c3ff2a9b9618cf4fffcff2d3eb020c8362 |
| SHA512 | 1fd7a55ed13b63132d95e8cab13b9bff5324c98b8b6155d137de30a3a02702f1fd21ea1d3a5949fd34bb6b244c4575cb0f34f9e03c174c29a0fa0830681c8537 |
C:\Users\Admin\AppData\Local\Temp\vcgAYkoQ.bat
| MD5 | 35071ba48d1ad62097847f8fc9a8cdcc |
| SHA1 | 2ab7d13520a810e68acfe22e5fdb1256e4081c81 |
| SHA256 | a8b86d387c941c82e731a07e9a7669df64fef1aabb44326aff2d8a0a8104a3b6 |
| SHA512 | 834308d7a1e2c4f9cb52e755a92c94caa922c2b7738dc9519810869b1eddfe2e022d8eeb7f6405c3c23c3e5d09836741402a96ede3891053221828d3a03ffb19 |
C:\Users\Admin\AppData\Local\Temp\OUUc.exe
| MD5 | 77a6cd40418c3efe389693663f59d897 |
| SHA1 | 2f9f6689efea013f085427f70576bd9c5cb1ce5e |
| SHA256 | 38d856a86849bc68c3c0011767dd1468e5fff79b878c5061ca8e10bf7ed9fac0 |
| SHA512 | 3ec0927855b84ec4a95b32701ca8336ff24c10e66cc73760b3e476063cee30c34666f71642423c9c13800319e9e54c4b15b4da3d820a70cc1bd2fd2b45793b14 |
C:\Users\Admin\AppData\Local\Temp\SUwq.exe
| MD5 | 66b7666432d34ddd51809db1060c3de2 |
| SHA1 | 85a3aff47f41c317b49cf1deb131effd16c61ca0 |
| SHA256 | ea2988ae1b682ec132131ffd6d6d6f4f38fd96cf96b8e3da829767b2f47d9e32 |
| SHA512 | ede54edcc1c90999a187ab940e7de564d2eb4e1e77ae2d2878102aa03bbc0ef031d635cae94e576c782737dcbe233133cddd582d3716c7ec815914cba13e9827 |
C:\Users\Admin\AppData\Local\Temp\Skcq.exe
| MD5 | 6e77b79b3d16f3b26db15d182b1e4876 |
| SHA1 | 677d8669a142c9e1f4f6625c7fa4b181662640bc |
| SHA256 | f19dde6c57af237c7334e96c95a56b0cd231d909bd226a9f9539bbc42da6e467 |
| SHA512 | 1895b26e866cfe0a5153d3bc3747e6e4284ee6f4434c7c87b3bc2baef30f8f41c125039223be1cbeffa622926bffbc5d51b55578fea2be08687e2738e2d289b6 |
C:\Users\Admin\AppData\Local\Temp\PCwQUgAw.bat
| MD5 | f5111efe14fcefdf32e75ff6237c2c7e |
| SHA1 | 06871f0b4536a8e78df2174bd6c78bee56353767 |
| SHA256 | 0b351dcdadd944d1857fd4d230c5d3b19866bc58a39b7d782e2716b6a318e252 |
| SHA512 | c45374f53d1d7ea4ab45f4882d60cbd2b19463f6af52f5b7d5e3da37837582cfa5f8dd679a741b6166880997299669ce9bc64a2e5533330c3b5769ea4d332d04 |
C:\Users\Admin\AppData\Local\Temp\oUMU.exe
| MD5 | 0490f3a337b38ef5ae1d9c21138374b1 |
| SHA1 | 9dd4edafb879759525107aa3dd44628a03d2ee48 |
| SHA256 | bcbdf3463a67d78258fac81df7bc20feda76f52c0e45bb90fc092cd4d763754a |
| SHA512 | dfbf2b6c1712a0aea791703f9d644edd6a55409a12593488378d058caddc46bbcf7935dbfe5de7b4c17ecc88c044d5a447efbd14053a700556bc83f7c70fafe2 |
C:\Users\Admin\AppData\Local\Temp\QEoC.exe
| MD5 | 14907347986a9fb811d39cc336505570 |
| SHA1 | 76209f1052cd17650f1c6bab800a0030dd381d7f |
| SHA256 | 65b1a4000a758048ef9c937bf636aa2215c187080b9acfb16f683f89ccc3e0b5 |
| SHA512 | 4f2128d43bb111f9f7445f5539c102f7ec2fd31213a538a71f0500d8c2ed788d6276290d62422a52ae948070774b5107d2934ce23fb4d04c0cf8522dbea4eebf |
C:\Users\Admin\AppData\Local\Temp\OIco.exe
| MD5 | 2b55954ea2adb34414e11b0be5aad8f2 |
| SHA1 | daf478b1cb7a9f5dd916e40f544b6c786d8859af |
| SHA256 | 11760966528ec9d1bb998fa3a34eb045237f9d09044c285fddfe33e6bec1138a |
| SHA512 | b260765d308c1ca8b77fc132f7c504c25a4dc1874d7aad3b5ce02fe948561ce924fc7077cbe7b0d8db72e986f5c538ede57b788b928e63d3c0b3a9a95e017362 |
C:\Users\Admin\AppData\Local\Temp\XGUQMEQk.bat
| MD5 | ea2232f8d610baa18efa6ec3328eecde |
| SHA1 | 39015c409e5ecd949233ce4734afff7d67faca54 |
| SHA256 | a2b831e6b3f40f805796c6ae262e3a72fc7b7d392a4ee5ed87c6a57240890e85 |
| SHA512 | 5c500a7e07c4458e65e0f0b9c8770b55d74bce184ca65973b7474c4f6b60598a92ab4032425942f76fea0d771de8b1af5a38eb5b2b4d49b2e83e5d934d3e8bd9 |
C:\Users\Admin\AppData\Local\Temp\UgEs.exe
| MD5 | 8de387f9c2bb23b47b77318168667bd3 |
| SHA1 | b099b5762c2e3a6d1b3bbe01a7e46ac10363bb79 |
| SHA256 | d52adf7fe13b18120fa8846d4f7519897d7b202c14f587d70e1342be6e62dd7a |
| SHA512 | b081f50bb101efad84fa6855e65baf1005a4f9d113998908957851f1c0ac1e00237ebcf2838c2b2bfbb480499f77ccc1bf16625dca15bff9e619ab5bae0db5db |
C:\Users\Admin\AppData\Local\Temp\aEUG.exe
| MD5 | 209268cc37341172b6596ee0bdd54fed |
| SHA1 | fc4c4088f22a565aca7af25bf6cadbc88c985461 |
| SHA256 | a5a11d20df42c539fc372768313b7f294708019a83fd785507f4a822c928f223 |
| SHA512 | 8b208d731d302478ea7929011d62224af89a3ddb2cecb27b8c4a73e758eb7dbdbcf45f15184207cedd0b1b1f1e581f20ba02d28a7a52b90556dbb718d0c851ae |
C:\Users\Admin\AppData\Local\Temp\Owsi.exe
| MD5 | e4f44844dcd30a1ada850798b86b3c2b |
| SHA1 | 0eac1ca539d033b75fc08efb9c9ca1719b3ddc8c |
| SHA256 | 9222776156fd01349dbc627e8f49d05e7aa7607135a6e5cba7cc58f1e2c6e808 |
| SHA512 | 5681d7b8e11d8a0c00addecd18e029757041bb0cd18ba736054f9c69c09e31970e07c7d9a5b596b0885deaa3bc937cbd0948de4fc6babf5d6894371204f181b7 |
C:\Users\Admin\AppData\Local\Temp\qgocgIsY.bat
| MD5 | fe852ec077af4c19680380aad1845bfb |
| SHA1 | 4d0c73f4ca828e286ffdf6623e3dd75bd3f25625 |
| SHA256 | 349167bf8c83b9855fa062bf6194d2f4d142cec1ced8da73393a8af1c6be1f7e |
| SHA512 | 86fbed009c3878a17dac68bf6d7aab3be6662f9ec7ae81daa51ca5f59a1f97d5b6ff63bdee73bc26dbc853e8ee15f1c14337e26710a7abd132a24955a7baccf7 |
C:\Users\Admin\AppData\Local\Temp\kQEQ.exe
| MD5 | b370fdf0d7a3cff0af68b1208b917f10 |
| SHA1 | 5da52b1f5165dcf08bd5c3917566d65ffaa54e0a |
| SHA256 | 03a0bfa230479b348adbb961135bedbadb399d6ee67d5c3d5a0fb47d7665a73b |
| SHA512 | ca9889d2c4c2842b0cd52d509e88981166da45d592273bffe29f673b1cc1fc57d85545e1695dce86a5609e3a019885301088d18b5f7650d8e9e60326ca5e834b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 830b3c0f06eefd408bef621cdc4d35bd |
| SHA1 | 62c9d6349cbf136a8dd783223b632232706e796a |
| SHA256 | e8fa0b8603570710926a386b66baca4e20cd9e549a54c660552cfda0463eb95c |
| SHA512 | 27e85d339cce46839ccaf4db2f033484413d49bf876e593125b649b22383cc7de82e2b87bc0ecb0ddec00ab681181eee05bfdcb1800db51ce39229abf15af1e9 |
C:\Users\Admin\AppData\Local\Temp\cwkUoMgU.bat
| MD5 | c965918ddf404c89d45300125c50bf9f |
| SHA1 | 39efb6d126d6bedb3314a65e66d1f2a87d250f28 |
| SHA256 | 18eb3edb3bfcd6468c66562d45bd65b27a7c79a03f7119842a6418385e6d0707 |
| SHA512 | 3157adb8fc326faf1e6d91efb80b5af6dc68d04c998204368c759bdcd6ed4d1ba41009221dbec695ef30cd54e054099c9f2002a91032af0304167c22a8009a0b |
C:\Users\Admin\AppData\Local\Temp\oQQg.exe
| MD5 | ab80e4f73b5c619cf4205658782c585d |
| SHA1 | d997eb7f1dc21b2b431f34d9617a93cf036fe80d |
| SHA256 | bbb3da5dd48e9f5a319408d412e3ad2b18efb3756bd4d365062458ca070c6114 |
| SHA512 | be417411d456339f88be63f6a4da4054896b6aef021b8a6e0b236e1d0d5c6a371aeba9d5c3cac87a8d6e3f9e392de24a27574e5e4e89a532f082aec5321f2752 |
C:\Users\Admin\AppData\Local\Temp\Wosg.exe
| MD5 | 39728b7848ca5a83ddb54745784fc64d |
| SHA1 | dfa868e3ada22de983a58a1fc5bca75362184d9c |
| SHA256 | 89875efd4dad4c27c4242b0e43eccdb11f11dcb034aa9552a0247d3e70636ab2 |
| SHA512 | c376f29479a3d20e36c2c259cf75f354248e2ec58c50f7ea0076aa9c1d9a3df788a80bcca1f9c2670c9bf069d81b2ce0f8d06ab8d6b30f8328ab33e19d23df8a |
C:\Users\Admin\AppData\Local\Temp\KGAoYYoc.bat
| MD5 | 907445206a282d2309aff173cfa419e4 |
| SHA1 | 0e0d6664568402a0430906b35849615c6637e028 |
| SHA256 | 284f097d667e3ce73dc5e4a53bda34e668284d5f2397f6900af515c79e605b7f |
| SHA512 | 17eb1f2ecd2a387d6bd3d78a95969ba61c4a93f39d1d7303c2f48c784bb2e7635136f4182de1599c384490a55e2bc5d0b1f5bfa4606e2c14debd21eb72653b9b |
C:\Users\Admin\AppData\Local\Temp\IQYm.exe
| MD5 | 12fcf459b68733c7571c3829d97fe3ad |
| SHA1 | f5326b701dbb83a9511ae2432df6f7fa7ca287b8 |
| SHA256 | fc4db3e17171e41b76e038f41dece3926a78076204d398cd7bd1e6ab2c285892 |
| SHA512 | 42017703af7edf28cba9a5c4f71e6e3d47c57414f6c885b1c45941a25b26d0961ae736bf59bbce4a188e0ba77dc1908d03104242044e2d988b2a28c838c6bf29 |
C:\Users\Admin\AppData\Local\Temp\UgUs.exe
| MD5 | 77c148ceb77cc636addb8d949c0ecff2 |
| SHA1 | b0e9bdb3174aa0d2c144f31fbf9d32f890993375 |
| SHA256 | 45258c6f5275348d04a7bfcced372dfaa410f9dc25a06a59ae450c9d850b9731 |
| SHA512 | b4d9cc0ccba5035ccab43562b27f40c885c60572ed1a9ca0d717647aeb2c9309a9e3757d432ef54782a30c787898ffc26185b98a3666fbd82ae9ffa6a23cc471 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 885a8d64ee6c130e402ccf2a7583b8e1 |
| SHA1 | 3262231db9c41f2c36ad8b8f3918d8f5c548fea0 |
| SHA256 | 2a6ae1a7427e9f6a16ef91cc5d091b618bb003c143aae4339474b5541898ca48 |
| SHA512 | 67b2f528efb846df049a35308bc13aeb5e0840fa104144a789fad2cf3f6c3abf4e2b5adcd74f0c62983d2f20090d1641ca76192a6a8ef649dd37be700909b6c6 |
C:\Users\Admin\AppData\Local\Temp\aiMIYUkA.bat
| MD5 | ab490a4ff288de592a7afe52657d7a19 |
| SHA1 | df841fe3555ab81fff785d17bc18869db1e289bc |
| SHA256 | 8270060ea3800fe9270be3fa39f353d1affc5417f313d59df1b64e5e0a7c5043 |
| SHA512 | d58a671035c2d983d69b8a2da5fa2934846a5bc4487bd8b7433edf19539b0d45729c0341defff88ed76db737acf118356ea9b8365e897d1ae6f2e96404f63ff5 |
C:\Users\Admin\AppData\Local\Temp\GkYs.exe
| MD5 | ad11ee2c3d4ca46d324717472ad749bf |
| SHA1 | a6b8e76a95fc57958675d473871feeb82330b665 |
| SHA256 | 0a4ae2955c3e95a5cd0c68017a9569aca588949f508b15e21d7555badf1e87da |
| SHA512 | f2e3833aa1ea36eff30f6e89ba30e648633662090a1fc9fa4a5a57a76c23abe4d66be831b20e4cf8c06287302e43c4f68c371f3333e8e433f98f0b14ca993de5 |
C:\Users\Admin\AppData\Local\Temp\sgEm.exe
| MD5 | 95aa2ff39861a004e2d605d14c3514a5 |
| SHA1 | c79085e510240215aac1c7298aa37468c8f7876e |
| SHA256 | 58f9bacce5ef04be6237518edd6b17f7387312fb1da5511b2e8ebedbcc7dc91b |
| SHA512 | b7762343a6880601a9a60a0c1614444ab7e8f2b5dbc9b78ae4e666b65fae82a1ccb97b30afb10bbc7020f51e5109c9d5af7ba62beca9df8271fcc4b97b4c891c |
C:\Users\Admin\AppData\Local\Temp\qIUI.exe
| MD5 | bae55f3c4bb2cd7f8b21b64b642e351d |
| SHA1 | 57aa8c7996ff91fb74446c777353da97da8a99e2 |
| SHA256 | 20a9a2774034a0d80911cc16d37709d2a3febcfb8072c644b29b084eaae078ac |
| SHA512 | aa39701dbe2b687dcf2bf9d6b3eec136d1dfb47c4f97be37d29ba51b6ae6cecd0c4700104e918c7907933bc07798e6b562a205b9cf98b2278027a240d92fda0f |
C:\Users\Admin\AppData\Local\Temp\GkkK.exe
| MD5 | 1bee48f01927ea34903a63a4d1ad4f0b |
| SHA1 | 95bb9d7c5bef47e9aeeb1e721f918aef4ca875cd |
| SHA256 | 3f7506ee92a49ce38653ba26cd4ab7b17d34821db9f181ac21c7efa3491e4910 |
| SHA512 | 058033ec0852b5ef593f544d542eabc281ba47a572ea2e0d6d24bb6a38bdc5995821394542991b5344f6fbe5b33e461ca03059e57beb0bb5ee23adcba7aae8fd |
C:\Users\Admin\AppData\Local\Temp\kcUo.exe
| MD5 | d3e7b99244c77f98eed8582f1ee079fc |
| SHA1 | 50bd8fd61769d2f38b642f1ae95c140074e51832 |
| SHA256 | ee8da5c995e1996ad3f75a60cf16095a1208b5d03e82bd9de7286ea962d15a3a |
| SHA512 | f4dcbf584603bc159574b0ab258280161e5374c00660e204664af7433ca16e6c15832fe4e123a8040c02e79a17e0eebe2b72140a53888add7aa733308a9d7c19 |
C:\Users\Admin\AppData\Local\Temp\IEEgEIow.bat
| MD5 | 08792938a61383304df39c66adb3c031 |
| SHA1 | 3c899618ad68583a3c726b5d87ef6c813e0a782f |
| SHA256 | 81850151339d028d09f0d2ceda151d2895bbba4a878914b58f7ba48a6f0520ab |
| SHA512 | c080c1b22a749c80dd4e943e18b39864131319bc83d3da834de1f39dbfda26547e7170ccb0f2b51de9f7e6bf2ac3f18c5bd1eb318f815e731fe0e689cbe19d06 |
C:\Users\Admin\AppData\Local\Temp\yUYw.exe
| MD5 | e8a44018e41dcf388b47af6d8aa4c84e |
| SHA1 | 1fba1515469feb13559fbbc97bb341f1c45db55d |
| SHA256 | e42cc7df0e364dcfa467a391878426fad5d7ff36850babe01b71d12bc2a1dfad |
| SHA512 | 4aadf7142f5bd2fc7d02d73d838968118c778ba7fabbcce08347d9546e165ae323a758179f601261567acf667a2d5acf0b696bb8c0fd3b262d0b4aa376b8e920 |
C:\Users\Admin\AppData\Local\Temp\oIgg.exe
| MD5 | 1e2472430432f0c68916c4459b2b5469 |
| SHA1 | 23094b003e10697157cedd11d72356621debbd9a |
| SHA256 | 108e69a5ea6b0e98bb4d9d254b440eaffc0b74db36c8365b3c327dac51f27de9 |
| SHA512 | 8c06cbd5d6f6cc90d6756efd2d021e6d943c2484f8d429b09fb9aef39236df1510cbf1efee348ad1f97763bce27908f4bb0dba76c49a120508c42c5525d28c99 |
C:\Users\Admin\AppData\Local\Temp\qUAQ.exe
| MD5 | 3d7c3d8f477011795da4552090a06f7f |
| SHA1 | 4ea983895c1c9624a4598e6f0c227bcd81ffaa58 |
| SHA256 | 7d36d9fdb4284e0eded792cececd9c7d91f7261cda880630fe5d71d66ece2840 |
| SHA512 | 78c602f07d11279248784d72aa4e8801bb2b1fa08cfc62092ec845272f8cc4f14ec9e3c0af0e2d06f7e8ceb03881ea3ce9f86ff5392c1061f59419f364b6a26d |
C:\Users\Admin\AppData\Local\Temp\cMwc.exe
| MD5 | 3a10072c61ae7eb8a13d39528163a2a3 |
| SHA1 | 21aad4d14df15d70d9855ae1e2a584c126b39bb2 |
| SHA256 | 65ccda1e43b3fe0677d2d1bc9fdc6ebb09655a1efdf158b1a0053ad9e5bf5e2a |
| SHA512 | 5f81a50f563a839a759d9b6d70263257e6f0ab5b77897123ac81cde64a35d8dc4d5b2169d3f40f7d357179379148dac439b874f553102ecb79d643f80de51e18 |
C:\Users\Admin\AppData\Local\Temp\IMoI.exe
| MD5 | 9f0b7810bdd0c51129405412b3c76c1e |
| SHA1 | 933f0822ba2d20d457a5ee0969e0f5d03e37bce3 |
| SHA256 | 50f24f40c5e464ff52b8baf78578c44592b38c7bda7837ca92ecc926d5a53c92 |
| SHA512 | 4c05aa5bd299e06db86b169ef0d9b283a2b5b854f416cf5986248d85e91f11192f61b4b1b954f7b56a2d11ea98b6396d808a64f5c810d5232d31ec70657fabca |
C:\Users\Admin\AppData\Local\Temp\REgQooIc.bat
| MD5 | d29cfcc9cf8bf661377e800ec713a6bf |
| SHA1 | af111d005d6636799bd0fbeac8a6750b163631ad |
| SHA256 | eb2b817a0fcbc5504e96c7008a16f06ec53cb8c0a8858d5dea032682f16ba92c |
| SHA512 | 2e452047d362e5ad065aaecb83946b33f579e3be60591da06d2963c292bca5b6a566ae8f0e9248e726446399e209f3bc8fd56c17ada8803083abb692d784cb53 |
C:\Users\Admin\AppData\Local\Temp\swoa.exe
| MD5 | 9972c59c890e5d62e10b0505074a1474 |
| SHA1 | e53226aa5dc092874a2d3a78bfd8517c5e7a96e5 |
| SHA256 | 7c1cbae74ef01b2c3d2615b004bd9c4399ef0a7cbe1470d4f5fda1aff57ef187 |
| SHA512 | 372b81fa7ee80ed7f64882b3dc4e62b4ce1ce2ded4cc415fa934e15bf213f698931406c7f37ee541add96087b1bcadd21c5f6efcb5ba83145c9df38a84e96430 |
C:\Users\Admin\AppData\Local\Temp\EQUK.exe
| MD5 | 49047bbab2e094a7a18cf99e958f1086 |
| SHA1 | 18897c1846bdbe034c234bc66ed88f45b028c29a |
| SHA256 | d7b299789b8d7c95a82d54516d1047905aa1204ed038d02060a4d8a31024883e |
| SHA512 | 1a374fb2eda15fa11c77154bb64b3b3f27f0fbcdf01b340683c697932c5390ec2c2dfafaa0623c1cc9563ee497ccce0704197136e71438e6c4080b243fd6980e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 3b2e2081c792adb3d7013debdcb2fb7a |
| SHA1 | a7c8d314553aa0689c2ef2145aa6aa1a1a307416 |
| SHA256 | 87afa48f04be33c3d232d3d83891b9210cbb58940dd740c828df82a081eb91c6 |
| SHA512 | a37982996d1fe1a165a6ad68f8510813b67782d6ce340356abe40b38ff579ea73f1d4ba26f0b12bb98948bd7c7c7fdcd1e94f7cfd7b30ff9ad142559cfdda247 |
C:\Users\Admin\AppData\Local\Temp\TIIcgkgw.bat
| MD5 | d16d19602dc2b06ed7c0c14d8642d7f4 |
| SHA1 | 8a8d3439d947a8e992f87b26a5f2e0a4891df3ff |
| SHA256 | 20698ce49dd4d0081343ae36a930304788be36bb05e3c961492cf467d3a997f0 |
| SHA512 | f190a75c82bbb3c5b9bf332a397140ea6a8e1a0c1643e552d33b0a4282c58be4fb7f542b3436b0f2710746298d98fda686004842f0af6ad959da6885bc3ba3c0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | 89f926151f3804d5084da039fd83892f |
| SHA1 | 9db63f3171e5717b21e2232ea9e14d6cae335385 |
| SHA256 | c859c1a0668d3a920b4ced23568ad9365ca4dc07ada25ad91d6da21514422ecc |
| SHA512 | 6658d2b91cce6c150b0eafba506652699c7a0a79d276e09dfc272f1a513a12ada65479e2a807ce07d498f63a2bceb17d1ff70af01486f4edd51e065cf0f7aa15 |
C:\Users\Admin\AppData\Local\Temp\uYEo.exe
| MD5 | 797cc9aa3ddd939c923511fb4fea33c2 |
| SHA1 | 3865944cc43d4cb01f8aae8475bcfa89dd20faba |
| SHA256 | 1982968f45e0fe7480c9e8fb34416295e2b33492d161bfc23acabf6aeb08b552 |
| SHA512 | e58b9286a501eaf25e4d6622242b0575a6d634fbc65ff676bbf52ac40da7c5ff8fa8df5deb2b5dcc1d1d7ea53379095354dfceb16ade9272d9a939911e0e87cf |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | ba83c08290350640b279d781a54dfbf1 |
| SHA1 | f4d655aac18ad9788acc875c50de8dca9db99ae4 |
| SHA256 | 7dc76b2eac6d71aa07b4e7b77380772727916b885b254cfc95103ab4c13aad92 |
| SHA512 | fd34e6b22bcaddf5cb4e4c3f7d20a91c7a892f6976d51d1fd870c25c9620820fd43a1e9953ba0179d7e12b5a4edbb32138047235e887eb1c12c734a0af620db4 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | d8c120f33fab418ef110cfb2ca6c673a |
| SHA1 | 92fc9f470d958c3acf574452eeb874cef486317d |
| SHA256 | c3d2df916af446f5f994af6abfa9dc9b1746e2a3e74fade41d3374a2c41a0caa |
| SHA512 | d8ba3ffa10f030213aa6831f740a21fd81d424b4528c5a6899f341126d1ddb29520d2069f84a14e22e4a5ecc60db2233fcf3614407e6e7c5c1f1fff46e7d5177 |
C:\Users\Admin\AppData\Local\Temp\fMoUAAkg.bat
| MD5 | 7afc2d92fb011d08acab846f21ab9a2d |
| SHA1 | 4ffd8c8ab2f90703bd877417d7700e6a41093d93 |
| SHA256 | 6c28b38c80ada7971acb9e53b22dc6bd5207e17dac742f687a43beb95e906742 |
| SHA512 | 5788093d7de57d70938da0a29e8ba576141cd1b96cbf1dfea79524dbe34525cc3d9a75b1c2aed6710e56b40e734a03315f4bd595e10b66f8aa5ef00705f45d91 |
C:\Users\Admin\AppData\Local\Temp\sUIU.exe
| MD5 | 0491f8727567d5636e1590512dafe008 |
| SHA1 | 5eb0c5e4beb6cc41edc2c9050bfd6e98c601a163 |
| SHA256 | ef36c244c3d0c4693e3ab3c50216508e8a9558681534a243d4c2ad34b5887421 |
| SHA512 | 028bfc573d7d5cb75e20fb83491e31338fab6001a9e8e20025544978c5aa32387ca06e3a4147bdf94c4b2ca4051df99ca2b8fa375f441d4fc8afe4b965bbf167 |
C:\Users\Admin\AppData\Local\Temp\cwEc.exe
| MD5 | be53bbd0be007023cb85218ee5ef4f3e |
| SHA1 | 22e4e1728e362dd4a393a2a909ace5dff4722d91 |
| SHA256 | 9f7910a051bd1ae182ff39905da63f6a7cc081883ebcf5c3e30f0dd79912dba1 |
| SHA512 | 93dac912ae2921cb67966fcce04789061bf434cc43dd5b187e2e15f0655e6fa4385e9a544da9571c6d5c8e8784bdd0fc6bf4f3a19c95447b60a07f3485c322de |
C:\Users\Admin\AppData\Local\Temp\LWsQkcgw.bat
| MD5 | 4905ee98fa7fdce0db2aaca4cdf23ea7 |
| SHA1 | 55cd2711edc0dde5aeed5540d46e985bec84a43a |
| SHA256 | 3aea84a15e8304118883b69f2f7bdd257de70ef8c3eee1c9a76447dbdd3964bd |
| SHA512 | 0b227e5261df51538ed6e28e910169a3ad07627c84125860ab088c72300bba5b784b26afeecda343848bf5201ea67591530b0598e3596db905f925349d944f29 |
C:\Users\Admin\AppData\Local\Temp\OooI.exe
| MD5 | 1876dc9fbdeb08c541ed225bc4dfc55c |
| SHA1 | 6a43a92a65f3c6220a1aaa320b6c2a3fccd16ddc |
| SHA256 | c6b8e38f5a8aa2b4bd3d9f88bae0d6ab6a9b0f173a421aef0ff4ebbb2f81f27d |
| SHA512 | b8dd21039f884d4b361c5064b15ae0eb5880a18d0b29e7518d5aed0dbaca019a8db50e941e1bf84f829f011be388fad93a6525c94f3f7cef3512ac0884389bf3 |
C:\Users\Admin\AppData\Local\Temp\YUQE.exe
| MD5 | 93b66acb55aa23b9de3369b8c6a34daf |
| SHA1 | 98f5acc371dc5136a6f2d29bedfd8f91ea1d1573 |
| SHA256 | 0ceaa56114a4c87595df5adeda0c17b884f2096e0be27efdd47c62191ca6b22b |
| SHA512 | 8ea74541d064ab68d3c95e9e6bddce3162b15977a54b1de9a8017f03eb425b29240ddff3614574f28ef54a4877643a2800e410cc9498fa4d47e57277565f9546 |
C:\Users\Admin\AppData\Local\Temp\UQgO.exe
| MD5 | 5ce32574380ce961e4835c713e920589 |
| SHA1 | 16b60a8963532991e3a0678cb1b308ed96bacf1d |
| SHA256 | 4acdc042e40ce66c40f5661098cf0118cc46ca6bcd468b61777c5ca54d63bcf9 |
| SHA512 | 6f6622c14be9ed7d8a3ea199fdde7698dba99091039356984405ee3232ffd1f8721f1e8f7433376415204c3a68a0397454fffe1b9a55e0a49354bbf5093c2674 |
C:\Users\Admin\AppData\Local\Temp\AMAG.exe
| MD5 | f4c30d5295f2d1d0a825c8eb30706a15 |
| SHA1 | a2da3f791d016f9528a8663813318cb72fcbcce6 |
| SHA256 | c21c22e97e250930ad74fc7444e94c44f83c85bcc34309bdd5ead58c0642c22a |
| SHA512 | a7b8de18561c5a05456ff7d307244c6fcf79b8b0fa0eb01aac6788b57425875ab0d2dcb22b68eabb2473dadb8066cbdfe6da0b13b3a41cef497f4a0d235491ed |
C:\Users\Admin\AppData\Local\Temp\GIIoQQMM.bat
| MD5 | 71700f11fd37925257c5f5b266ecb69c |
| SHA1 | 0222930c89e6ba20431d93a6fe27eff51f7710d8 |
| SHA256 | a08235d8e127b0133820a64b62dd219eb105722f2eebcc8ea90ca364ade3c4ff |
| SHA512 | b143e54506c5e46863d7d335b00dba82832adae77c20c6098d1c85a141e5df49051fcf397b6c8ec0703c979e04e7087787b79c20de868cde2abc7d7ba7e2ece4 |
C:\Users\Admin\AppData\Local\Temp\EQMe.exe
| MD5 | afa7b39ccdc679ff7cdac07b2e135853 |
| SHA1 | a0daaf5e8013cffcac8a5310ddb1cf8c668952b4 |
| SHA256 | 7393fa3e8df663b45151584136b7c6dcd11bee6e9a5f3af49302896676ef2a11 |
| SHA512 | ab45c49987c89e858b68ac46fcd4102e26a5d4b02995f7c8b6dc96ecb04495304e46df1b21883ad82c4b1f6d5b65cb22a7a08b4ef519072a2fb3d8248f5b566d |
C:\Users\Admin\AppData\Local\Temp\Iwww.exe
| MD5 | b2bfa2be9f223e3928ed49d3cfa6370a |
| SHA1 | 5bbf85d47bae5762b1dd761fb99a26a2fbfd4908 |
| SHA256 | d404f6133441afa067a8f26219200ad8280a55c65dfcac284ac5b29c08218305 |
| SHA512 | 609135e8050f9eeb2d4a7e90a6b22f51ee40dd050df930398a7f0e98f3c70ce22026c4d87f4e95029b54055debabf6bcf5d4bfd8951933da488f83055cddad90 |
C:\Users\Admin\AppData\Local\Temp\EQUA.exe
| MD5 | e95b8c60bc455c090b3377f7c0b76abb |
| SHA1 | 5e03c381a56ba5f40dade1c4725be87759e1269a |
| SHA256 | 3bb74f9c6ab39c4ccca76a80a17d316ec943876498500fcecf537eba493d9479 |
| SHA512 | 4a732f649d89b089d9ed4bc1038d0a7cf4e82f18b8f9c3e08a5f106e297bfdcb2c2a9abd34281c0198ffcd91027dd80ebf2e8aac04c882f462a4e832a355cbc8 |
C:\Users\Admin\AppData\Local\Temp\wsYoYwUA.bat
| MD5 | f3ff901ea20193a70e019004be26008d |
| SHA1 | 550c70da55fd2d194b29f42576900c4073ed1e5b |
| SHA256 | ade643362c89288f00822f80c841d6d02f113642ea0c165915681c716ef50382 |
| SHA512 | f715bd7f7a5f43da48bd928cb5664c532325d8fd23367dce4bfba25ee1ecc731d4fabc4b9bf0dbb002d26e7e64b2915ff023cf137aa001a278312dc6b429afce |
C:\Users\Admin\AppData\Local\Temp\YOIQMYMY.bat
| MD5 | 7e48b2d760ded4998cee7bfc662511f6 |
| SHA1 | 50a202e4b64489d6d3923446c2caf6a69d37bdfc |
| SHA256 | a7637ef3d5201256bce75d33d11bab57666a21c5ee37e43fc83959dcf3bcc233 |
| SHA512 | ef10c6f2bdcedd019a855aa1164e7275faf9cf4c8e3f734c2d561c7f7664e33c77d78b62a43e6e7fcc094e0aabdd40c74be33e16818b423680dadbd34b06bf77 |
C:\Users\Admin\AppData\Local\Temp\csYC.exe
| MD5 | 5e99e7a7a2a736292602a06a132137d0 |
| SHA1 | 812a8382bba5e7d1ac344a1fbcfee93efc57f7b1 |
| SHA256 | 1c44686bf53351d6152c79d2a90d58e6e9010de44b4137f0146e5e7fcf9c8219 |
| SHA512 | ddac03d8f5a316de54eb5c8435e9f0fd0a969ec4dd06e8ece2e71221ee627f1c42c4948f003353c984a6e503aee6cf33198ca5e1df9b498bb53be15988e87d64 |
C:\Users\Admin\AppData\Local\Temp\IucUUwwA.bat
| MD5 | 662955e2332ac3fc5c655cd95728cea7 |
| SHA1 | 766295e0655a376654cd67b1097a7045d1496222 |
| SHA256 | f9c91c61de64a34c789e287bcb3a13fe3dd61766808e09c5cf069ab6587f48d2 |
| SHA512 | efef940221c066e7d6d736fab18afb281d9c57636d90b159cf3ff74881ec0d2582626b77ff290edc20b4a906ec4243478bbe63059592d0e06ed24c8790c99245 |
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.exe
| MD5 | 52717dc6256084472d2bea02336a27c7 |
| SHA1 | 30a40b0a99450c6814a437fd71f8f18f54207268 |
| SHA256 | 5b6882776e7f90a8e5446c16783f3ec417e98c398f4c5051ba95eb4bd21b4213 |
| SHA512 | d07792031b28f60bf5a0eca2c0013eae2dd7e81fe95178890b3a3fd058d3a88fa8cee8626fa8e244576532f11adaa29705c12d68d3c1d1e4f7b194e536d3a121 |
C:\Users\Admin\AppData\Local\Temp\UwYG.exe
| MD5 | 67af8d866ccd3b30566e512171c918e3 |
| SHA1 | ec98e75e5d12fb87009c6d859f8050646d9a1a56 |
| SHA256 | c0abc6c4b0ec439810ec54a53f8635fe130c519edc314a091c1b89e50df721ce |
| SHA512 | 82eeac7109875304802734d06a0e94e773591890f876e22c35d1ccf24c0fa716e034055855e7ef84ff0a4873600ca0322450169c77926a26b5ab68a23b95f3d4 |
C:\Users\Admin\AppData\Local\Temp\oQYw.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\togMsEwI.bat
| MD5 | f61935ad7904983d8bbc7e6d9a53b5b4 |
| SHA1 | b00ea2e80c9f6c56d67e36c328363175e27b76c4 |
| SHA256 | 33f384e5018a963927e5c146d2a6423405b73b847ca193788b1b550c29f0acab |
| SHA512 | 7c7e757ff39e2aeb25f8d1133e84b9c02679a59531acc747df26ac096d3d9dcefe46a3431e65bad0c8e7459f58dc84d9528d2ca5a9ae49f0a6120c6f3c4cb7a0 |
C:\Users\Admin\AppData\Local\Temp\iEwY.exe
| MD5 | 4046ce5a8b59bff48616ebc134d999e3 |
| SHA1 | 6f94dc79e3b4f9833b4859dcfe137f90e91941d4 |
| SHA256 | 64353d288c6aa3aa34678c8681385ec9887c0b1800de86afdfd6d151a8dd3d66 |
| SHA512 | 89788a06c38d067d820b8a66b853a80a4d2e041dfe355c32869892dc972061deeffd065ce084d3e288b48f530e2143aae5782483f008a6eb9cf6b0aebfa97dd2 |
C:\Users\Admin\AppData\Local\Temp\Ywgm.exe
| MD5 | 7d5e555d16b0a20c93f73a2e512ebbb2 |
| SHA1 | ee5638cb276cf1f296bb55232ca194d61ea72a0f |
| SHA256 | 79a3bf1376ed6e60c8788929434c70d0bafe583232feb0920b3f7db9ccbb9ed7 |
| SHA512 | 32adadc95c765f15e3ceb4d0d546baeda28fccff7a695c142989ad5a074ca62bd0270be1d900361d3c5675180a54349af1b293bc2907afb47e607c5ba763bea6 |
C:\Users\Admin\AppData\Local\Temp\SkwE.exe
| MD5 | 284b65ac21eb00195c74df19bdffc154 |
| SHA1 | 04ef9157c3129bbac053d764a2ffc9e883b3f5b2 |
| SHA256 | 97552812b975bff8068c53d023a22124fb99a23f73b30eefbf8973eb0c562a39 |
| SHA512 | 72c9ce6fd947aea92b736bc1c9a57db168aa8beec5e1101d87f57f5a0332ab9568cc44738326efd135bfbaf092e9b608a56599c57179dd5672c475af116de12e |
C:\Users\Admin\AppData\Local\Temp\gEsg.exe
| MD5 | bec3593572cbd2119219ca92beb9a58c |
| SHA1 | 5a0dede1f7b01d3d4a5963daf9b1b92dc8146794 |
| SHA256 | f247cb4b00d1eb660eab6b0e7871d7911c6dbf03ae9ab3b42ce2c6e0970d95db |
| SHA512 | ebf63387d48f6a90b6cd23292ede6c47557f5edbe9bbec575b2729dd376a5038fba4f0c50ef3d9f48d4648eb155b817b05253d15f949ca7e11aadfd3a205e19e |
C:\Users\Admin\AppData\Local\Temp\uQkY.exe
| MD5 | a47cc6415795f8eb46d2133a4a79a489 |
| SHA1 | 5b05f1e7242c61d71f10dfe5cae68a7929b540db |
| SHA256 | 47e8f2341c0c6a042c6beb9a57eec6b64ff5134698850e79fa7b682b68c89275 |
| SHA512 | bfed52d12c03d3167198ce927202faa6919793dbf6cf2f02f6f601aabfa6dee92fc3ed334d17a34dfe8be9d2faaddf7af9083c156064188525432237a94190ce |
C:\Users\Admin\AppData\Local\Temp\YcEe.exe
| MD5 | 4f7dd23eec5f0e8a73921391556d39d7 |
| SHA1 | 9a9e8ec1452938df6c8b5c7bc3e7584873192cbe |
| SHA256 | d810474b8de9492d4eb5693e582a6a4bc4fa4fe804b6bf6b08431c08e72f86ee |
| SHA512 | a5909071a552fcccc201cfe2b72c871c3bcf112f4599159cddf9379d6b77a9cf21ad4c02058ead766a2a7a5edaea777b4c2bd7c7125413eef5944082aad19ab9 |
C:\Users\Admin\AppData\Local\Temp\iQQE.exe
| MD5 | c442eda1e9aaa0748ae0e818d2826a82 |
| SHA1 | fdf1d7db4559a0091c903a6c3d6f0e4621c210a2 |
| SHA256 | 5469012bab5fb86f145b6d25e640a2985925a30de3c3ff90826dd2c5d65a98ec |
| SHA512 | 439422c50fbefb06eb2165c0edc471e6a9cf6e479c8087af79df96e33b02b2c1960b83fd3baab36bc5af271b1d8176a04b284ab66f15ab11c9d036ee51097af5 |
C:\Users\Admin\AppData\Local\Temp\ZSMwwoMM.bat
| MD5 | 5cc0a0dbd5560f3d70d8d4a5d8e654ad |
| SHA1 | fba06b09b1ae0469eb841c8f7c9390acace604aa |
| SHA256 | 56ccc704642ae90577379684e87f51bcbb46ca9034fbee543aaadc766fd11069 |
| SHA512 | 7704cafca82018aa218c35969481af48d851de605c57ca3bda156c9d5abebbde8b73795e4e17dbbae9c1a296fcaa3f90c3dd12349c703ecd2af4fcba28330a9a |
C:\Users\Admin\AppData\Local\Temp\XiAQQsgI.bat
| MD5 | 8b48ee567700fb1b64f28a75d8ee09e8 |
| SHA1 | 2150af28f3cd136c6ee429cc3313f3ff44fd8cd3 |
| SHA256 | dd943b4f4f5b9c7308269c20fcedc8ef6db4e364e268b0c5ffd1fec5c3fd9217 |
| SHA512 | 60962e9ddccb338d3877c0af6f41e83f10a70f2196547ab72bdfc2cd12b4970d73cd834fef8cc316d7f43bca03bd5449801bf0dfefb340f15211c9c13210c9cf |
C:\Users\Admin\AppData\Local\Temp\oGwEoUEQ.bat
| MD5 | fc1c749fcee3690e991915254f592b44 |
| SHA1 | 3eb44ef085b039a477f30db728f7db118a019b79 |
| SHA256 | 1c5bdb576d1c52720249593eb5f378c543ce90b259c381bf6a98da53f83efd0e |
| SHA512 | 142acfa6168fb34897341f4ec7f122885d0b9a5f08b5d854d3c16f3c080073dd066517521c5407cd13634d2fe5d63ea7719c21bee312e1009f00817c2af4cfa5 |
C:\Users\Admin\AppData\Local\Temp\wasIgYII.bat
| MD5 | f35a28da343bb9dbbe1afc68596ccc20 |
| SHA1 | 5f777a73384cc5a5c7f8ef9420da801ad26d998d |
| SHA256 | ae5964aecf05a39cafb246e2713945faeda35e2fdb64ae39f6872d715a042266 |
| SHA512 | 8ed5dd427867caaa7387faece98a2c7acfbe9479ccc7150b38346f8ecf4e9d6b5766ebc5520f4a6d8e153bdd9f964d103475e798bbde7e7fd8c9943c28ea5f55 |
C:\Users\Admin\AppData\Local\Temp\GssQYcQk.bat
| MD5 | 425035a691066cd2dcb054046d893c0a |
| SHA1 | f835bcb65ed784a33549045871a9932461d4d433 |
| SHA256 | 35fc4273bc88d5cec24aba633abae83ee2577f6fba9dd9d4cbad20dd2d2218e4 |
| SHA512 | 1c367a980b4711df0e38f6efa69c2c6c0957b3d3e100687df3734ca5dc65bdb36b7fdfa8bc57fae6159713028cb222b7b769cebc8772c0533a1491433f2990d4 |
C:\Users\Admin\AppData\Local\Temp\kKcIIkAk.bat
| MD5 | 3fa96f6595282c55e75567b6464ed714 |
| SHA1 | 2bd08eae8b3c49c2a04ef4fe10be0bea415a733f |
| SHA256 | f7a4f4e6d52625d28a7136d76889763966544697c16010ef6c9d1f4c152b2b4b |
| SHA512 | 79ca410432f1a57ac10ac560b2b378e80ce81b0ea25307054fe935052bd9f9dbcc005aacb9489aee4b899fa7e2bff721ef143fb6c1b0ea79a30e89eadcd3f624 |
C:\Users\Admin\AppData\Local\Temp\tSwsgock.bat
| MD5 | 3f10a50701c6a71171d4c18e9fc5b7b9 |
| SHA1 | abdddbc74a4a626a40da0aa77507373f9f15b50f |
| SHA256 | cee525b61578f247b65f2149ea444557cd693700e42ac3fc0f9f58227803bb62 |
| SHA512 | 7c6136a273d14e716ea35ac31d36e6240add9c25474c3924c0a538df51f2972c6b2f63ea6ea0a5e8b5e814c2ed221bece3c3995db942eed2005221b52c2fdf89 |
C:\Users\Admin\AppData\Local\Temp\RUsMMAYw.bat
| MD5 | 76e8acab460d4e186912dad97dd9a44b |
| SHA1 | 8309d3c644d5b45464e8d20914ff27e5de1f4c1a |
| SHA256 | 663e776ea17af4594bc05649a56a6b57c9f2e0a816bdbbc9cf997eeae61749c5 |
| SHA512 | 8e35c7beb678abf45626caafd002b2d2ba2f0f007d22cadfd472045aa4d693282591e211b04cee0063ce9e4054283e7aa03d6ec59d46f570f2d4293458e10c06 |
C:\Users\Admin\AppData\Local\Temp\taUMwQAY.bat
| MD5 | 35132559adf9310db1a20b4cf84b4d67 |
| SHA1 | 95342a2798054707bd439ed5eff79d3e0b191552 |
| SHA256 | d8fd7d761343ecf7af8552324469eac2d2fcbf0e64a343e342af27019f081431 |
| SHA512 | 50ea2a6ec4699ce71920950269a90adfd70626781ad6b4972a8e8b6dfd0db6a34c38221f431231549b4047187de704b48f18df849fa56be927578f67156b544d |
C:\Users\Admin\AppData\Local\Temp\PqEoMoEk.bat
| MD5 | 246fab4e91fa323bb3d5466839cc16ab |
| SHA1 | f926cd4dbfc8cfd5a06c54c92b3430754831638b |
| SHA256 | 382387f54a23f612ceaaf58dac92b0bd7e5dc39191b4b7bf966e9583236f6e58 |
| SHA512 | e1742e0dd6287d5191e38c096b3e893f43aa43e289ba12a1504e964d0f26852840ad391dd0d42a28ee5db0630a0085ed1d176310d486d6a81bbe4ccd33db19c6 |
C:\Users\Admin\AppData\Local\Temp\waYwUMME.bat
| MD5 | 5e5977f760a1bcfc8d5095ed6e94241d |
| SHA1 | 4764753dc28c6035ca6f1ea3e5c6968471430db9 |
| SHA256 | ae4ade8049513d31d4fa9df9d745bf32ea43e49219ee594d7217e369351d1b16 |
| SHA512 | 3eecf7a76eb4e87cf9eb5b81e64b3b16aaaeb54cc215e7d2fdf7ae3665b463f08a97365083fc00afaf95baf6a4e31d97a629e704b20a858e6b03f38c39ff6459 |
C:\Users\Admin\AppData\Local\Temp\CEYMIIQc.bat
| MD5 | 1c8faf6fa36b16afe6454c42b10e59b0 |
| SHA1 | 6b1b1c46807e5d9b59016c59bd3b391c0192beee |
| SHA256 | 368b5a231e149ec762ab81c236efc7a150538cd1d09efa4a13b0f33b5c930aca |
| SHA512 | 782c3da7167d1f0c6a45b0e26eb8950321e6a6abc88fec1a1f393c55f407e50b7b2d76a08dde36f873647cde419139f11671392e25aa056ee95df30c648e91a0 |
C:\Users\Admin\AppData\Local\Temp\NSoMQsEE.bat
| MD5 | c130831a5eb2081d1335812f0ab19446 |
| SHA1 | 0a689fac382238d02fd0cde00eae45880395cbd8 |
| SHA256 | 047339d26a775559782160079a4e60a1bd4d16cf59bba7d1583b9287d7047fe5 |
| SHA512 | 9c0d5f8ec14bd25ae87f5cd8068f07621a4f339f05d4b8e656722057c8ac066c3aa89eaf7bdcac6fadc2b7d994bc10bed6698fd64adb9c3ee0fdf119a5ef0169 |
C:\Users\Admin\AppData\Local\Temp\jMUgoMsM.bat
| MD5 | f0a773c246443b170119e620ee0a6b11 |
| SHA1 | 2c9f74aa77f3a49a3a3f5da69e5bf682804d2d9c |
| SHA256 | 7b6cdcb581e8d87fb3a1222da9e7bd7dd8ff77b724e8983f0a6607cd636cb486 |
| SHA512 | c61c55193d655b1bb4af991e1b121722ac07541ac0f9745117ce1173773cda9c2af5788e2bfe6ae156b05c4dd488a2040aa7d5b778d1f19e344cd11782c6f1ae |
C:\Users\Admin\AppData\Local\Temp\zoYUQgso.bat
| MD5 | 36c3c7e68d644875d2a83e93c2660aff |
| SHA1 | 65d30cb87380b88bb2d57a011e362dc848f99480 |
| SHA256 | ac338d04ee67cdfac144b7dd4ff775363769609835a22ca6be0c05621b91e2ad |
| SHA512 | 6010bc5ee67aabb3472643c99f60e0532493564e7d96ef0118de407672ddc15d289db4c68840c4c00dbd6b5f4432c83984ba300541be51b20ba92d0c8408558a |
C:\Users\Admin\AppData\Local\Temp\NIQIQUYM.bat
| MD5 | cb133f059b0c6500df463dfe2c4391a9 |
| SHA1 | d3a0c185ac81681e7375a150ce78428377310c66 |
| SHA256 | e56e204a6371ae773f2c94b7619ef16edd41f8b2c27305d6beef8dfcf72c32a5 |
| SHA512 | 1fd38f1956adfa0767812e7412f3376f26b380ef0a0cb07da81f6682b3ca8ecef8b700879fa6ee26f7c47b2c5110d15582060e8ac2b7d32bc503ef67cd8b402a |
C:\Users\Admin\AppData\Local\Temp\sykAAEUk.bat
| MD5 | a5aa00a00d602c842b3632acbd5e2e94 |
| SHA1 | 0d47d86fdba33473041a0418b795ee3b86723dbe |
| SHA256 | 3a98cd88897291effc2facb3ad38e06f74ba722ed999d0a4c3e4f4462c376e0a |
| SHA512 | 018f828f0241c2c2b222f9e30748077b206766959275ec0ff632573a875bee473ee015c57aa7d4933a55a95097d14b0a0c6da77d34bc859b797bef1a13d510dd |
C:\Users\Admin\AppData\Local\Temp\mSYwYQgU.bat
| MD5 | e807804e641956d6639cf19b844b264a |
| SHA1 | f95fce848a10c368bdcae07600b66b31d423abdf |
| SHA256 | c78d0f19ae9588e0dd8aef6b643c171fc77d1b707f2ea804a3d424d6bbe4d7ba |
| SHA512 | 0f067ed42aa668c0af84c27324d66dffd30faedc3a20eecf6d705f78395d7bd185e2170f9fa3fd187c7b8d2de3dc17711c3c23c3bb08221cb832666738269ffb |
C:\Users\Admin\AppData\Local\Temp\yiEUIoIE.bat
| MD5 | 5d822d09cfa921534f1c510c8699f51b |
| SHA1 | c1e7893882ccc0b9c47cc651acbcf2cab9080279 |
| SHA256 | 100205701778c9ed575e66e1cbc39bf8a1212eec7f305cc48cb1cf6cb1e75eb0 |
| SHA512 | 377a1dcec452cb6c0c7c308a04fc34d868d6edbd4f5dfe3f806c99e05efd39e770fc3633b7ebcb59b3ba0151bafb2989979ba9761bfe76324f703f09a919683b |
C:\Users\Admin\AppData\Local\Temp\ugcMUMsY.bat
| MD5 | 8828c79b360ada6638e9109d2a527032 |
| SHA1 | c876def1c105ff2969bf2a790373eb7c5750f93c |
| SHA256 | 814228baa31690b5a6be51460834368ff8963e7e2a64430a3e4e747d01007ce7 |
| SHA512 | 5ed022c0466e483af403a54a949e56328be08b981ab2fca2155ff11fe235944829706366fcc9a517446d2d22dfb92b2215265ffbfa6b50e66f99bfa681b88892 |
C:\Users\Admin\AppData\Local\Temp\AewgsgAw.bat
| MD5 | 2d8687add1e73476d3b9f2f3a9805a1d |
| SHA1 | 484b9aa2308adb72cf9ac974ae10c564f83d51dd |
| SHA256 | 18c1bc4ca462b2441417ec56f55c391026b2cc025c5e6415e872a15d642adc71 |
| SHA512 | 8b44f96cda04f968b0a1a9aff72a4f32256b420bb64e8773d9ab516b0523a01c63e84c290ba128b439d243124613f499251c969d3954406c288f4f117db09baf |
C:\Users\Admin\AppData\Local\Temp\duAswowk.bat
| MD5 | 4fea02bbc5508636f0203042a38c9925 |
| SHA1 | 0194f18df9bcb9e559bed8775a2818bfc668365a |
| SHA256 | 5881bfd93a533b412209ae3188315370cf9d8917cb6181830073d6274a20372f |
| SHA512 | cc890b23b2be2037fad959901bcd720fde04777d25575a660a8ea1896f1daf02990ff3db3906d4c48aa90da8bcdb3be5b44c986563c72a8a1c9eaaf5e485ac6a |
C:\Users\Admin\AppData\Local\Temp\bwkcIEwo.bat
| MD5 | e4ff6e90d9a3de26c251d47a59575bf6 |
| SHA1 | 95157dc2fc4eed058ac304a814e7f0c3a62e9ded |
| SHA256 | 7bbf55983cf4d020958a8332438f2482278ec1690b978b8d8a3c6c161670d93c |
| SHA512 | 6f8c3139941922e71099f6a4d3065dfa0c4c52ad9121114ba6a17da08c697684cb7c6bbc5d909290709f7651b48bbe173fcee8364e7ae5f8a824c599b6bfdd12 |
C:\Users\Admin\AppData\Local\Temp\NoMAoIsQ.bat
| MD5 | 87fbe911a0bd3891338919e1019a35f7 |
| SHA1 | 02805fa91cb40c882e4dc2b28daa6d1d396c87b9 |
| SHA256 | 568e35ed3b75e244c6eee41ff32bd9902160da1e8f7e9f606528ec6f5498cb6b |
| SHA512 | 3335269e25979281751ab579cf02f8917fa7734325568e63947e9f787b55cf18762d1eba67c2c3bc87b1e3eca9cebf1f2135178cc432baa8d1b8bb38377b2389 |
C:\Users\Admin\AppData\Local\Temp\ZgYIIMgU.bat
| MD5 | 19c976b1907cc945ff25c2690ab56825 |
| SHA1 | 7c82c16c8d250aa5c41c3219ea460e33e23929cb |
| SHA256 | a0d4e4385060e4efebf55319c61296eb17e669326a4084483039ef71704de59c |
| SHA512 | 0910bf09337b4242495361769afab62b7251b9ca5cd17eb6e49b9c9f7d8711b383e633ec4eb0f6dda09c3fffd56012358b3c0123958c93e9b20785ea391844f3 |
C:\Users\Admin\AppData\Local\Temp\OMIYssAA.bat
| MD5 | fadcdc4d18454cad5def00c3768425ed |
| SHA1 | 54a5cec1b1942e0e5ce4c8a137e51c0c6235b6f2 |
| SHA256 | 05b15e91a56b8c73cb8cb10921e89deb89c11acb75012d73cfa4d0f810ecbc95 |
| SHA512 | 70ecbcdb91bae27e3a18bef92c30c2ed85b2977e71f7e9654544a966471761f655c492609a20fe2ccacc206a9fd3190212316a421caa933a7c0a49e5442ef86d |
C:\Users\Admin\AppData\Local\Temp\kekgIUcw.bat
| MD5 | 6188b342d9a08e67b73879edfec11ba2 |
| SHA1 | cf49c3465208e6d2e687fd39692864d15bd06cfb |
| SHA256 | 8dd7ef7c6ea7a618343163560cfef637dc50d36844576778cb39529d8e0a658d |
| SHA512 | a0ededf70b6133a5b9ecfff2f5f8dd88b8b1c37b776be38aa03f07aed4482b102a81fb9b406b2cf748f83c1e26b40e5c57aeceb3ff5353bf08982e5919890fd2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-15 11:45
Reported
2024-05-15 11:47
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
111s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (75) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\ProgramData\eIckIQAg\PeMswcoU.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\hIsIQIQk\EWoEssMw.exe | N/A |
| N/A | N/A | C:\ProgramData\eIckIQAg\PeMswcoU.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWoEssMw.exe = "C:\\Users\\Admin\\hIsIQIQk\\EWoEssMw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PeMswcoU.exe = "C:\\ProgramData\\eIckIQAg\\PeMswcoU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PeMswcoU.exe = "C:\\ProgramData\\eIckIQAg\\PeMswcoU.exe" | C:\ProgramData\eIckIQAg\PeMswcoU.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWoEssMw.exe = "C:\\Users\\Admin\\hIsIQIQk\\EWoEssMw.exe" | C:\Users\Admin\hIsIQIQk\EWoEssMw.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\eIckIQAg\PeMswcoU.exe | N/A |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\eIckIQAg\PeMswcoU.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\eIckIQAg\PeMswcoU.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe"
C:\Users\Admin\hIsIQIQk\EWoEssMw.exe
"C:\Users\Admin\hIsIQIQk\EWoEssMw.exe"
C:\ProgramData\eIckIQAg\PeMswcoU.exe
"C:\ProgramData\eIckIQAg\PeMswcoU.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jmMYQIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWosAogo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyIoAgAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eKsgMAIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oIsYQskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIsgAgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUYcwUMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\daQcIYUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QIwIcEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmMIEooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ggEkwEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GwcgQYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEUoEEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JkEkggAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ksEYgUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SwIQAUcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAgkwgQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PKEcQoME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NqIsswwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rWAkkosk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\REMsYsoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKgAswcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmUwsMUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEgcEoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqAwwYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DeQwUIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TmgYoIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sGAwQIUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cKAQEgko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgwkQgQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LsIMMwAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQoIsYIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zwgsMEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kKQUkUIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sEcgMoMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xQIokYIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GCoMgMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BkswsogE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACgAAUEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OoAckkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\swMYoQks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUoQUsYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PKEwUYYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VMwQAoks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yQUosEEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EawAwkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKYIAIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkYUwogI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCAYAkUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ouwUgMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iyokQkIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gqIAMckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vcoUoYQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FoAQUsUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCUkgsQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEsIMMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qQsgQUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQQYIwsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AeEgQccc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LqMUIcUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BeAYwgks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WWcQsYgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCowoEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kucAoMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JeMogEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOgYAAoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yGMQQUgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UMQYEwMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOcEUQUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eUUgUgEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LoUkMAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\liAcsEAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oSkYwsAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aoosMAwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqIgUkco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hssYQAIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jQYwUYAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xmwwQgws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSAgYcMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VoAwswoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JQYQwEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OysAAYAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cIsoMMMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgUwscUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIYwMgUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZMQwkQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FYgssUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAEYgIkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lwIEAsIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tOsQUEcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UMIEcwok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYoMokMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aOkUEgsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JgsEsIQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OSYscAEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XEQkowUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QokgkcgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueoEEYQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fSgQEIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkcogQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIsMMgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AiwsMMgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIQQUcco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgkEgAcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKgwUYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SoUUsEUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UsMQcgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IgwMgggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bukUYkMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSokIgEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GGsMIIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\puUIQkQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sAwMQcEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSMUUMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SsocIkwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wWIEsMYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKAMQMwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGMoIgIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQMcsgwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OSkQokcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YUUwEwww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkQYAscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zOwsYYEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEkwwwAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cIsUYEsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LMgQwUUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rKQkEQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 172.217.18.206:80 | google.com | tcp |
| FR | 172.217.18.206:80 | google.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/224-0-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\hIsIQIQk\EWoEssMw.exe
| MD5 | b7fd8a1ab91de74dc4f14abe28f87818 |
| SHA1 | 942d1fc3e32905963a15f0a484a881541916788f |
| SHA256 | 663b00bf14dec62f628ab961d48c80628c5d794074657336ad4f2939f42cca4a |
| SHA512 | 81a05ca3cafd2d801bba5f6087f7e47f11c5a3e952b601d16bb47761c3bf1434d2c2c8856c1df6e9e9b1ade4754c067abf3cc8a36f3743af02a44e4da82145e8 |
C:\ProgramData\eIckIQAg\PeMswcoU.exe
| MD5 | 71e379a8a71ce10e0042896fd68f06e7 |
| SHA1 | 089a3a799c3d115bb9c2871e5c4a336a6d1a53c7 |
| SHA256 | 2d5ff0a3df4b64fa64d9a53bd6bfb8c128ee8f622c4400e4ca6a36a302168ee5 |
| SHA512 | 97ab496e2495691e2d6ba3e1b930372c8f66c3c5447069327a48cb4aa6020287e0604ebd69214f30d620f9d762445eb7c35ed087943961de0510007169005d50 |
memory/3068-15-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2604-9-0x0000000000400000-0x0000000000431000-memory.dmp
memory/880-16-0x0000000000400000-0x0000000000432000-memory.dmp
memory/224-20-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-05-15_617e906c7eddc96288b409e78c1ec01c_virlock
| MD5 | 170555a84120985bef1afa430a90c465 |
| SHA1 | aa3652093aafc935d3d65b65954d59c9ba198b16 |
| SHA256 | 0eba5399fee276a0834e1488637ed1bf611ca1e28da39f2abc6edb2c59d6c4c4 |
| SHA512 | cf95ce630a758dade0a7ddaa39abc5cd561a9ab2bdf73cd6abf154fbd0a84d63b04bf239626e987d595d75a6c009d53bf3a0f45b818c0512d3baae15add5d399 |
C:\Users\Admin\AppData\Local\Temp\jmMYQIgg.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/880-32-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/964-34-0x0000000000400000-0x0000000000432000-memory.dmp
memory/964-46-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2564-45-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3960-54-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2564-58-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1928-69-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3960-72-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1928-84-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4580-83-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1112-92-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4580-96-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5076-104-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1112-108-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3708-118-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5076-122-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4080-130-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3708-134-0x0000000000400000-0x0000000000432000-memory.dmp
memory/976-142-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4080-146-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3296-154-0x0000000000400000-0x0000000000432000-memory.dmp
memory/976-158-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2412-168-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3296-172-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2084-181-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2412-184-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3004-192-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2084-196-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2436-204-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3004-208-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1516-218-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2436-222-0x0000000000400000-0x0000000000432000-memory.dmp
memory/768-231-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1516-234-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3396-242-0x0000000000400000-0x0000000000432000-memory.dmp
memory/768-246-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2484-254-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3396-258-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\hIsIQIQk\EWoEssMw.inf
| MD5 | 023f8c4484ac67d0cd30423d1cd87e97 |
| SHA1 | a384eb727e3810ce15700a711a8b80c2498883ea |
| SHA256 | 1e3f824e000d7f7a38b9de5ce74c69b98860ff621e54802864e516a7a52bb940 |
| SHA512 | 1dbd5fe0fde4c39c9bee9f26babf54557c77e02bf114923f46cff910ebc32b5e80ee29f1059723fe301840d3706f83bd16df029dd89e576177686adc25ee0b30 |
memory/2484-271-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1492-272-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1492-280-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1124-289-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4108-286-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3344-296-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4108-300-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3344-308-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1072-313-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5084-317-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1072-325-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5100-331-0x0000000000400000-0x0000000000432000-memory.dmp
memory/392-335-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1224-341-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5100-345-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1224-354-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4348-351-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1644-359-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4348-363-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1644-374-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4328-371-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4328-382-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2980-390-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3396-398-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4256-405-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1204-409-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4492-414-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4256-418-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3096-423-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4492-427-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1932-432-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3096-436-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5068-443-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1932-447-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1072-452-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5068-456-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1800-461-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1072-465-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2740-471-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1800-474-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2740-484-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2084-485-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4100-490-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2084-494-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1732-499-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4100-503-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1788-511-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1732-514-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1788-522-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2660-530-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2484-531-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2660-541-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2376-542-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qoMO.exe
| MD5 | 4fd4878e5992fb384d355eda36020cce |
| SHA1 | 04dc992d27087ea8410a620e99431e3edf1a73c6 |
| SHA256 | e2d2db3a1dddf69b70e4f8a293cc38c349ebd8e02f17a3c24663b4bb4818534e |
| SHA512 | 75ba31507253833cacc5cef9be885e367e54ea0307e5b6987ed0a4bb46f0b2816b2fafcf359e189ac0d2ce8c13bd3c59b885013d191f5cc07b665fc6fce909a2 |
C:\Users\Admin\AppData\Local\Temp\gUku.exe
| MD5 | 8de9d2d88c0ea8bd75735a77735277b4 |
| SHA1 | 8cb49fc4fc149692f6b62fcc8583c1308394908d |
| SHA256 | 216ccffc93759a509509f576362885ec96a97bd4756476199d0db3e30594564a |
| SHA512 | 3b22fc44f602ab8b70933ae49103e5bebe1fe674ef6489a95c34f6ee8b52155bd994ea8f0b995d391c290516e46fa90841090d77511a7f1378502443ed906e0c |
C:\Users\Admin\AppData\Local\Temp\sIAI.exe
| MD5 | 509d981e0cf1c403f6a00da57d1968b3 |
| SHA1 | 2430d1578cad2493aad4c8076b1ce713621a599b |
| SHA256 | 0f708984a74e29f52ee3478f0461858b1a0b1a93d656b3006ff1d4ed0dfbd1ec |
| SHA512 | 967d038986af4d72dcf67c7b73df811b66544154f0607241893376c939ec0536f3e5d1a0cd5e9e9f075a712c8fae320813d09a5489872e1670b81b9ae9f02378 |
C:\Users\Admin\AppData\Local\Temp\sIEE.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\DwwI.exe
| MD5 | 0da6d4eaefe326e10ae33d28f5724fbf |
| SHA1 | c3cbb78b11e91c85b12c89deaf46ae5bc94b48fc |
| SHA256 | 61b354c62e94afeffc7fed5ade149fd6aeb004b94d29436ce2f79c67900d51bc |
| SHA512 | 80b9e3864df9ca1527ddb183e2d0680ccc61e36917573e44ab41f5c70a6c6ce1897859e24ade727e6a3e6699edd821a89c0ad78e968fb3c87d9829b4f2673186 |
C:\Users\Admin\AppData\Local\Temp\Hkcm.exe
| MD5 | 379087b7e8405e3e9a7cdf7838e76785 |
| SHA1 | 8be1452c034601346045a807be84ef132eccd33d |
| SHA256 | bb06a2f48deb4b552dea8c4fdb440facd8c8aa0472b7704eb9f82873a2fdde10 |
| SHA512 | 312ff8a4a58fd37b93d4258ffc42182683d73a088a2045fc87b698350e163ca7d93280e4b2029f1882cb4b39ac35734ec41f11dbb1e4f070900ada2d63dc7898 |
C:\Users\Admin\AppData\Local\Temp\MAkc.exe
| MD5 | 6f7e28fc2db1c370a59db1b007573a5d |
| SHA1 | 87d185c9867c1f08610952e7d4e0fc1b664f5785 |
| SHA256 | d1a184ac36670a7b81af92c7ed923105121346045a5a984e033410351920184b |
| SHA512 | e152eda84a842ba3c98e2cbcdd3d246cab2d57cba875179f41aec710f989562a6ee2f4e16906623c13b17f3c2d6d21e47878f222be01c6f94681a5e2be623390 |
C:\Users\Admin\AppData\Local\Temp\xwAO.exe
| MD5 | ece351f5c3f071afa8ba0affbb5edd34 |
| SHA1 | 58f954ea2b1227a4b15b94bc54eacc8b254a71ba |
| SHA256 | 4e90a878b94cdcc624f65d43743c9737ad53cdae41c978199a198b4c0f7fa35a |
| SHA512 | dace7e3e92d742eb0d7d73417ee78a4d522d8311a051da9d2db0db875f6e75d3a5e2f37af802439fa6e6f2b1079c729b38f38046210d88a316b79cade0df8b20 |
C:\Users\Admin\AppData\Local\Temp\Ckou.exe
| MD5 | 1aacead84ea6cba1f450930fddca81be |
| SHA1 | f359d1aed9387b7d730cc06f9e86f084f195ac48 |
| SHA256 | ad87d2930c8674733b677b92fc3d9a1f6d64fee5c7daab9d6fe5be3cf08e5061 |
| SHA512 | a71043b8a25892be472f38831e9baaa5f824508837df22e7c875440969ddb7e8cf429e727161518a3382bae00b393d10913ebe5b7d8d0e5d15845b5740ea4af1 |
C:\Users\Admin\AppData\Local\Temp\WkoC.exe
| MD5 | f8d030390759958a4dbc714d4be10d0c |
| SHA1 | b9db0aaa83ab2223d48289d185bf668123421871 |
| SHA256 | a3ee8b034594e6972a2242166ba57461de9e9ab62c8889ff7917b98c78eba5a8 |
| SHA512 | a2e31aef1c303486cf8cfec1493c047470ea68a22c4b9b5759305b1c15b28e510ab4bdfdff0c6b21879f3eb65cf2d4a035f99fd55987d594ce6375ce40d924fc |
C:\Users\Admin\AppData\Local\Temp\HUAw.exe
| MD5 | 47e1274e1af3190b60858d783e8e29d8 |
| SHA1 | b0b9b942fee50a6f234d2d44d0b3cdaeca840ccf |
| SHA256 | 136601767a7b7d9f1bcaab3573194c7004b1ca8e7d56aa71946b951b4c2f7d75 |
| SHA512 | 3dbe684e1c32993d003a27e9d27547d94b6b61a75b01e6d75472f11587ae7d920bb8883149626cf09e1b661dc2c0d679b9fbd4ba9ac676caef603c496fb97bfe |
C:\Users\Admin\AppData\Local\Temp\JkAW.exe
| MD5 | ebbaa50803a4b498963d80eed682e69f |
| SHA1 | 0ebcfada117a4c820f3dfd756599cf5e5ca6d84d |
| SHA256 | db3fa7c1b647e849d789cebb1c71f880ef42afba147510069a9f3fc54d45e21f |
| SHA512 | 22ffa38fd661f601dab9c4c9c7b2253d10c49fcae0eb6f9abbae200a115fbb973acabe9138f1ab58e2a9247d9c8ff7d55fbeda49b665e9ba286bd35ef6e4cfe6 |
C:\Users\Admin\AppData\Local\Temp\tcgk.exe
| MD5 | 26ea6875247c0eff5ad117e49551f55c |
| SHA1 | 61236fab74eb6769209ef2db1fcbc732e4ed2251 |
| SHA256 | 512b255d4d5c25f7f98e9fb99a4def6670ff606562b691aa0c460fe717ba1378 |
| SHA512 | 67b4e2d92fdfe50bf5731d4c05f24d497f4d068269f4d5055569218c2bff000d413efbd7fda7f11ca5862d47aaea3a24874764a069f73f01f19ec9abd9b87be1 |
C:\Users\Admin\AppData\Local\Temp\tssc.exe
| MD5 | 150483d84bef22087c2e460cd4e9452c |
| SHA1 | 05b483677d81d577500450669f6c4294db8b7abc |
| SHA256 | 97235ad86495fc231106a7cdf384f0e56a9df5716d3b7e6042a36c0f932577e4 |
| SHA512 | 5b51929e4e3d618aedee2e8cdca379311a24eb56d37d8353f87902cf8d99eb4ecaa0479f11f038c588507cf564d3530d88643b5493051c9bf0e429ca8cc1a879 |
C:\Users\Admin\AppData\Local\Temp\LAEg.exe
| MD5 | 321c39278b852944ad46f4fff70b3753 |
| SHA1 | 7c42e1595788ed691d389f95ec99fb5b65047e0a |
| SHA256 | e2704c74a4fa765a96fccf46a4a5fb443ea097ac799a8f2b01c52930c99302d6 |
| SHA512 | 8e62f3cabf1f490f9a61b1d0e50822a7238b34b3a13def6d262143a54eec69a49c0fc6f9f1812b5a1068b6e62d639f278158fe4a1d8d5cd18e66f7f45c8af08d |
C:\Users\Admin\AppData\Local\Temp\sUEy.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\CkUk.exe
| MD5 | 1e113aba980fcab34e5bf402fb1e3694 |
| SHA1 | f3b1cc0d09ffd5ff36874dd7000482c1cd23be0c |
| SHA256 | 8a9e0f88883a3cbd6ef68d5440320d9684e5c2bb01c382ffd2be35f65ffaeee9 |
| SHA512 | 729570681ca620653e18ad437499210afb7923ce155675999182798fbbababf5fdbb8ba47f15f1dc7f59db85a5bb6ac1c005328a5f405f3f529ed69257ad1f66 |
C:\Users\Admin\AppData\Local\Temp\zIQU.exe
| MD5 | e00aa971d93a4bdf01bdadcc8be11eb1 |
| SHA1 | 761ad69f7af087203e2e29722791ab570c4a064e |
| SHA256 | bf12ed06878debc63a38db1ad64c7347afa6f5e7e9172315976a215e08fe9468 |
| SHA512 | 325e33f2f2ae90474ec80a786947235b79d4725d4bcc7de7b23ef281ac626372cf75b17690043874020fdbe3e2d60eae9b3f3f1f930b1384815297bc5d7959f3 |
C:\Users\Admin\AppData\Local\Temp\zcow.exe
| MD5 | 16baff6916982f4cda83708975647288 |
| SHA1 | e0c058d5586d3b3689e6086f4c14c80521ee38f1 |
| SHA256 | de1dcc50dab9470cf14ad0c2a3fed331822c1d205ae1a5a730aa19a00c8e9434 |
| SHA512 | 7df86fdb4f45fc4eed476c8a929251f52a3c70917bb81fe3e06cdf6373ae1d02f3010bd46a7ea377fd5bde90fe65aee02e8fe292ad1af233f75455c76a5f2220 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | d9eb5a6e277b542881a43b9f1c153375 |
| SHA1 | 478fbad70a500c59b1a780e546bb75b93f4b0bf0 |
| SHA256 | cff44dee5a93b5f1fc9faf06b0db91fc6803d753747319898ae260a57cf9d631 |
| SHA512 | f7f368e056850c8d7282a27979bbfb895536b9066af745119f0489bfda23e9e8a7c336f9628018de3f787644fa1d5246d9573bc45eea3735928d45d2fb6e3ac6 |
C:\Users\Admin\AppData\Local\Temp\kcQk.exe
| MD5 | ae1cd42a8256efed0a276de08359eb60 |
| SHA1 | 4205101a6f18645586c1b564b86797786bf47d0a |
| SHA256 | e0888e64489cd2a7e0bd28ff0fd64da864aab5b9df3fcfef85bb703f7e6f33fa |
| SHA512 | 37a93e72c7684e55359037b4171b428e749c3793b1150420bdc8ea38ff1682b9d1e7c92ee914d8def0b3def5e137178bfb0a293778eebd4b34e6b8166855a0b2 |
C:\Users\Admin\AppData\Local\Temp\vIkc.exe
| MD5 | fe0a22b1c9577ceb5571be0623db0d79 |
| SHA1 | c3e8811b523da630f53392ec032401e182822ddb |
| SHA256 | adb6fb7529d9c420900e17bcae087339adbf30015ddaa98a64e52cbfe4ba41af |
| SHA512 | b62152dbfde1bfd0df8dfa419098a39d6c4523fea08d71eb05170053d916196a44f256c53bd051841c48df84b0e41ad476f794e4e504941586e728b3ecbf28f2 |
C:\Users\Admin\AppData\Local\Temp\rAsk.exe
| MD5 | b28781a3f70ab0f81c87128aa4c2b990 |
| SHA1 | 2b29006b5a4c9173ce3eae5b59f265180c63becb |
| SHA256 | bd5bf533771de7ac0c02b6b2df8db8d7433cb2bf3c35dc75c9c8e406f4551cb5 |
| SHA512 | 42f38ecad56301f70ee13da4202c9dba342aa26545ee56db47ca0c262f381cfad33fa7dbaca28bcfdbb025c336e238a316f3558d3b6de432238a0ad199110b80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.76.1_0\128.png.exe
| MD5 | 9176576cd25df5d48a8548f658408ffe |
| SHA1 | c4410a2da73567aebaea2a170667ed038f87b9ad |
| SHA256 | 65340b5eda3b1ad4743ec49f4ab5bd2afcc52ab7e0b1fb55d33709a0c4ef7ffd |
| SHA512 | 20eed97a537c3a70a75d134b9226939a50c246d026623a4ddd270222efa7c0058da5015c52d4253f6826755c6bdbb3b9417baf63a955cd6b06cf73fb08a13efb |
C:\Users\Admin\AppData\Local\Temp\xsAQ.exe
| MD5 | e8095f88735c5102a3fdd5db64e601bb |
| SHA1 | 88908c35b1a4ad641e99cef10779cf0e2f64c655 |
| SHA256 | 2e2003703974b7fbcbdbe25a28a42431643234fb97e8d4f6eca2bf05ee0b4168 |
| SHA512 | bfed56f7810124ea4adf86e7dc0495aaffe2e27e53bb31bf4a91ab571ec85a2a7cf7c362b43a36d3c73f76f7feed702e921a7630b531a6ee39fbf2aa0c37da4b |
C:\Users\Admin\AppData\Local\Temp\BcQI.exe
| MD5 | 0805e4f602114c090f51e2cc88dd6442 |
| SHA1 | 4cd7795990f0af2ac48915758c74fd1d4bb81804 |
| SHA256 | b1741773bfc7e80fb4bd59e67a00d38574d16d4a70d8bd4cc652fa3a8f1de50a |
| SHA512 | 8c7df4281762b21ee2dc683fbab0594adf2b85a569bf47574aa7280f939ea61243a498b47aa0a0012aa274cfda8c4007723a78b5a0e11a86e57bc88c5b83beda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png.exe
| MD5 | ce8c536d2e3d7cd997cb9380bcb17e9a |
| SHA1 | 994930f07ed2f97d3b92987888a3604918fe1820 |
| SHA256 | 67c034f66c28bc42db52377ca7faf569c9e9799eb3052a59864d6e473cada1cc |
| SHA512 | 98971393308744269e21991d2d94cee86f911956d6d218dce8225341d83b0efb787fb1875e62dd6dd4699be382a40c52d418046b051eb48f3cda297a07f74051 |
C:\Users\Admin\AppData\Local\Temp\TIcW.exe
| MD5 | 474dfe890a254aae030c95d4dd58a131 |
| SHA1 | 0a008b49ce73df37c935566225fe675250112d5a |
| SHA256 | b6bd9d304da1c1b601daa07f6163fe2ee139cf97ca7823be3b0e40592d4bf9d9 |
| SHA512 | 21b5825040ac81951996d6183e142e33d91d1b02454c481fd100250e14033f5e5a76cdc86999dc7e59311f485944cfdf8c2586949ed49f62895ee352fd8959ba |
C:\Users\Admin\AppData\Local\Temp\NIwy.exe
| MD5 | 1bdf74743d3193f8bf5b789d85c630a5 |
| SHA1 | c71a2c1ac65e3507154750b4299d7b2ba412ef81 |
| SHA256 | 599cd6f0739cb1d41975a53175644f94aa8f94f4b3accae5596054fa916659e6 |
| SHA512 | bfcc1cf20727a2fb2f56c71479f2a730507087d1e2c4ef7d7e977b3a0fd996cbd47e736223244319dd15ee3ffe2d55f216807b8ee1a097bd4a136a9e17bf951e |
C:\Users\Admin\AppData\Local\Temp\esIO.exe
| MD5 | e79598d6284888c217e810a40a29a3a5 |
| SHA1 | 6fe0109bd5cc9e5a2b5521527b5a9c6fc3c0b2ac |
| SHA256 | 972f64e04857f7bd5895f29a962253a83f4d2789f500ee9556b8e5e30e9404d3 |
| SHA512 | c833b9581a01141369b46465e7d5c06e5b3d3f6b2faa4d30efbc668847f51efd487a6e62e54126f1bf2ca8637f0976b6eb103534aa134ceabff8c430e3677f50 |
C:\Users\Admin\AppData\Local\Temp\qgck.exe
| MD5 | fc25a2b654355d911b6666fed888c8f8 |
| SHA1 | efde334fdb2ae5099154baddff34bae106a64342 |
| SHA256 | 53d6c50a0c41d3befc7b47d8783f244a260ff069ad31bc53dfc6178c8dae8e94 |
| SHA512 | f8473d6f1313492e39ad2fa61decb531314fad496bfc51a3241ca0fc8658a9826b0911c215b31f6514c2733c7d8beb2b35c011a0dfebb41e4cf63ff0a7a8a615 |
C:\Users\Admin\AppData\Local\Temp\IUgO.exe
| MD5 | bc2a2ab3b97aeb11d90c9b3437be53b3 |
| SHA1 | e7665525308f3f2dbc8bf7e8260adfcf5b340c70 |
| SHA256 | d4e67f3e729b36fcd319acfe919bed675688775c30352603ceb89f504d0fcc67 |
| SHA512 | 1a022f71c83e4425e614984a8f2df0f06356d36cc465fa629bf23bccc698b8f31efb8d08fd5d40f13ed6c22d80abe3277fac0bfb75eb1dd48305988a78cc541c |
C:\Users\Admin\AppData\Local\Temp\agsW.exe
| MD5 | 50fca46cff0fc0fb63c0e9c76a6cab86 |
| SHA1 | bb222dd3ac4b8b6d977ac164c5ffe8bba487d851 |
| SHA256 | b494e914a048ef9a6e76efb6d3aa023faea326ae5bf52943ec77e9e40d04e50c |
| SHA512 | fbdec227355c966df4c4ab1dbbca339d97f817f3948ee090edc430e122d79db6c23d82c6712e5d8c7dc6eae46994d06e9218ff65a925d3882250dd69828be4db |
C:\Users\Admin\AppData\Local\Temp\XAQg.exe
| MD5 | 20288f2eeb872935c803e19f0caedd4e |
| SHA1 | e419c1d394bcb84d9353585499500e8fa7863228 |
| SHA256 | 95f9e4e6a5b6c9822e2054f2f1c2352ff7e39fe56b0e548c7820b8e68ce44952 |
| SHA512 | 7203b2d7dc7d166f2e907218879226241d6ebc0d143b65e7a86007df0bce0902c124212ee84e891fe94f447b6b672991c82788e9f40e03d147b2f792bd7e08a9 |
C:\Users\Admin\AppData\Local\Temp\GkIS.exe
| MD5 | 2d948d640938a998ab03347aa7a64205 |
| SHA1 | f25bef618cc2c200feb737f04f60bdc535c78775 |
| SHA256 | 0b4eb025135718f8e707feef04f51bdeb27613701f631eeaa1488287e6ba08b0 |
| SHA512 | b303ab816057ecaccb8b094e7498fed1e587068eda55e332366c5c2ea5f7fea225d79588f39b06f9869e61d6cd92ab2505e8e9d8899510dab1f3e101337edfdc |
C:\Users\Admin\AppData\Local\Temp\RYIY.exe
| MD5 | d6b2bd22042ed9f09ee2c6344d299f75 |
| SHA1 | 76ffbdf9c137033b6bce9eabe624006c9b2e2a1c |
| SHA256 | d520b79fb159c1470c3f8b384c42c5f0853dfa87ab009bc58c6f7f4ae6191ebf |
| SHA512 | 9a31b31a3191bae5327ae35f7feae63d8743e2a290e8111eac017674ccf4e4e6f15fcac3b5f50d594cbc974e5512d5f8c7e7622928d712fe3172b53a995877a9 |
C:\Users\Admin\AppData\Local\Temp\UYEQ.exe
| MD5 | b9fe278ae5e8a1be579a9850e2e7806d |
| SHA1 | 5bdd2cfa3d5dda1b4e4456a475c4557b87995c5f |
| SHA256 | de0aef260659b7cf0e86483245462742bc413b60b9369a804a6cda2dafdc1ad8 |
| SHA512 | cb313e64d27501902a5f12647a444eeddc892a083a290212223ed23f06967d1c7a8fb71197906066e340fcd9f640346c51c3d0e20867bc8f43883a9a26efd5b7 |
C:\Users\Admin\AppData\Local\Temp\OoQq.exe
| MD5 | 0854582052fbcd41e18b0d1d2f5f2921 |
| SHA1 | 4c25febb3d55ebbd2c9649ce0256b144a888568d |
| SHA256 | 579fb0f133887b9437a56275b978dc96cbef47ffa226edd88fc6078f02e3a0ee |
| SHA512 | 2fc8ac429e642458e20c97c375be9e552444018566f0ae6f28977fcae233c9eb48dc9cad5b2a6a3a960d2a84547860a41ca56d7b7ef53c1a26bd73f517696dcf |
C:\Users\Admin\AppData\Local\Temp\ikwg.exe
| MD5 | d1fc0b067308bed6bcb7db1d558148f1 |
| SHA1 | a390817e393aba16579b03e4c9bc993a37583d68 |
| SHA256 | 84d579e7da3e3ca6c26fa01a6896a1e4c9989d50b28a86bd91fd108980648c18 |
| SHA512 | bfaab853926e603f33e4471a2f2f57a803c77e72e2e61a438ed83ff95527ff17940724143db11abd7c6e071fee434e8e325ff9addabf9000320215001fdc7bac |
C:\Users\Admin\AppData\Local\Temp\mgIM.exe
| MD5 | 616df97791e4018b6ff49ae5521390ae |
| SHA1 | f6fbfe48ff9ac366a4909ef828a978a4479258b6 |
| SHA256 | f78d310b23aedac2a109617053d5f6d55f082b08f360995d646e69a30f7043ec |
| SHA512 | 11acb0f5b9dac8f7c893f7fa06647b6a478510cd0fde00b98021bd4c00f9e25f0d32a901c838cebacf23dc9787c45d308ba6fea09356122b175fdb2bedf7cc34 |
C:\Users\Admin\AppData\Local\Temp\OgkM.exe
| MD5 | 9fae21c76579ed90e3aec4d7aba9b0ad |
| SHA1 | 567ffbcb8137c67509f2508d9a73311b32acb8dd |
| SHA256 | 8ab8f75035033a4ede42fbe46c9086e53e5cd731203d0d464a4fca06416e14eb |
| SHA512 | 2ed8162d78537c32ac8fefd5ce748ad7bde78cdf7ed000f50082f4b3ec64fcf7431fa5aa34420d02abca9e8ce5d1b822a4613506cd84770df387795d2669b97a |
C:\Users\Admin\AppData\Local\Temp\Bkwy.exe
| MD5 | 62cd63dc0405c964f3d9ee4b9182b748 |
| SHA1 | 57f1a06287548a7f2ebff7a71be329547cabe7e7 |
| SHA256 | d6334cc8a451cbc7dc2a56885b8130f742eff5278edd1327868fa7ed56a447b0 |
| SHA512 | b54cd6068f369a9ba46e9769deeee905ad8bc1124c66f5eaa567787c179658f9765340259f55c17194fb3504e252dc209edc1a9ca5e26830edad6f0450207a53 |
C:\Users\Admin\AppData\Local\Temp\xAEk.exe
| MD5 | 17791ec7a7921fb2aa8422a4f2b0f50b |
| SHA1 | c6864bf706ef88e30e500054d507f60892483c27 |
| SHA256 | b8cef4c84ef97478957ced003596c3c7dbbe39159fc34b8067bfef0e6f528519 |
| SHA512 | 05f23d1d0a469445c94a6efe133c3c6494c2b9fcb6c5dbdbc456314554662123ca1d84ad20a2a9eeee87606d363f3d954f39f8bf670e49e32de75bfbaeff753f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exe
| MD5 | 7edd3623a20d96ff7ab726c6a3b7a75f |
| SHA1 | fffd9494c528644be719c1b3c122541f5ba10f8f |
| SHA256 | 9f9f71715b91dd181d3cf386910fa033ea7adcf3ec57bc15216fe68ef3a5452d |
| SHA512 | 82831cda3f5e99926a6509cdd59c15100964ac92900d6614a380d38f3406f7a2c89cb205ad2dc1731da31da6e29cf5f67622672dee8387ffc298dd91ef9671dd |
C:\Users\Admin\AppData\Local\Temp\OAsy.exe
| MD5 | f4f741143a9b36363e4c518ada09f460 |
| SHA1 | 4ea4c7039ed9e2eaa6ec100f2db0256a6027f9ca |
| SHA256 | 29d65cded3df8102a4673a92415a91bea7e377a2d313188b4a513218526c9eb6 |
| SHA512 | 29e7fa35dd198cf1af49921a19504211e37e058f8abe285ee4b931d2bfee6f96d51ded09deefd77e6c7535f2d225bd2bc644adde938aaa7001c8e8b96be1075e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe
| MD5 | 90ab260d0f377abd1fe5a4fd4c874964 |
| SHA1 | 335bbb591788ff23b84e4cc2ce0a3300bc32fd01 |
| SHA256 | 77561785567535c5c7ab14772c5803fc4aff54ab399bfe4b2e8baad91e079eed |
| SHA512 | 200e2be3adddb82fa839a764eddcffb9f6c02089106a48ef49dfcc8d4d0990ead9c1b0784073c296a01855aa41bed7c35d5e61a60e5e88730a78567e4c30de70 |
C:\Users\Admin\AppData\Local\Temp\LgYa.exe
| MD5 | 29614d894aac495a01a079b1e046541d |
| SHA1 | 9c705da598abf14d8e689fa8249f2fd8493f1f4d |
| SHA256 | fe6f604dee9d6f52c3d526eb9b9d2f696f1269d70f0f5d0986b0f3c91bf5719a |
| SHA512 | 491969a091a2080efa3088efd0ce4d94dc29f1dad251934918727339784dfaba3f05468ad8761934e1ef16007d15a33bd08e411175c416d685be48998181e956 |
C:\Users\Admin\AppData\Local\Temp\gMMm.exe
| MD5 | 8872a940c7cf7df151820c5f0ef17f2d |
| SHA1 | 305b2c3bb3461389bff6ca2759045c72df5a0e10 |
| SHA256 | d396244ddb60c08dbf57c79bdbf5afff717b46429394ef8fd8cc9570f760ae8a |
| SHA512 | 1e95f6f97f283afd39f03bbdc4160c8a5bf8837fd16c459dfe3a770ffee5935d0b78c1288d429984bfe9d4c3297b5ad606ffe9ad8211842baa1eca3fcb947cfc |
C:\Users\Admin\AppData\Local\Temp\HAkQ.exe
| MD5 | 5330010e888c9b6d7628bb50736bf85f |
| SHA1 | ecb3b484e8094e89a317649e11810b9c16eaabc5 |
| SHA256 | e7e0450da8b3d993c1e995343e700dd95413d46c0b61edcc1bda1e748e6e8f18 |
| SHA512 | 9f033d4c12669b06cba7e80d345d580f82e7d71e79145675165df34da5925f0c28ea8dd509d42e80c0ee700ea615ebdb82281aa5cee1567980d79fca8de1b326 |
C:\Users\Admin\AppData\Local\Temp\DAQQ.exe
| MD5 | 7d15a823e6cb27db5b239e72cdb312b4 |
| SHA1 | f5e81643863c81ea21303a75dad509b4ba733030 |
| SHA256 | a2c33f61907044f1c976ea4a51cafd8eecba2e2c7240f212a627ec8add088795 |
| SHA512 | e19af5933df5634ac86f60a680b7b52448581dc58822b475e040c5bea70eb7c9a1008dd5b6a7b86451b44b8fed6489c1543e4a7f6787f361adc637ae7aea045b |
C:\Users\Admin\AppData\Local\Temp\oAQa.exe
| MD5 | ed164ebf426c6ebf0389e3f419866894 |
| SHA1 | f509b595ba6c11665ba04b3c159029c0412b7388 |
| SHA256 | 0e2a4268496e7a1f486b6fddbd04c2bfa366f8b8360abb27c7c58c61335c80a0 |
| SHA512 | fdad829a5beb2949265be34dd64a307a6fd90dd8923220688f2c08964b3cafe6b4c1483ebd042893b1a5fff1738b06e57eafae1e305d870a9d9d3ee431ca68f1 |
C:\Users\Admin\AppData\Local\Temp\HUQu.exe
| MD5 | c85c93a1889bda5441a579836c845696 |
| SHA1 | 1c39cc4b7b66aed182e436717fdc6b83c89c50f5 |
| SHA256 | ac92af643c346ccae7b75c1d47a963984e28604397c5bea37315ba0932c43d9d |
| SHA512 | 4abcb0f5768f9c606df7820052ceb2f9ed2f0acd54563beac1921bc9b0e3e93c68cae65e26f9acca751b73e4413b57cfae8ee3042ab9af141a5be1e1a334c88b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | d036b40d3de247d310793550fc4f960a |
| SHA1 | ec3f2b874fe9855d081df033b9d80b7879f50e03 |
| SHA256 | cd93ef78951b001ee7cb2e3c36c02c9ac2d67ba1b3b19adb7277dab070232540 |
| SHA512 | d6785979e38ad40bd7cc674e394adbaea1d66f97c7b4932a9495034b370eb2da4089fac7b32f8cbc0afbcfac8d7ab9aeef12fda00bd6985d311d9fdc19e0fc16 |
C:\Users\Admin\AppData\Local\Temp\CYMq.exe
| MD5 | 295309a76ace4847e29e9209c5c9a00a |
| SHA1 | f2e0f46d2da94ddc6891621f6f56a2969b491c8a |
| SHA256 | 76589264a13b0a3099655c9d341be5131606e5d90d081739a504ca6f3fa8b12e |
| SHA512 | 8cc9ba0527e4ba496a47d4123c96fbecb5fd494fae33c18f5d79f875f053e22eaf79a6e1ce875b0ec55e9e453bf0c553729e9b1f2e1c56b66cb395f0cd528cb5 |
C:\Users\Admin\AppData\Local\Temp\bYAU.exe
| MD5 | a2274bc44bae568ac3120efeebb1b1a8 |
| SHA1 | 213bbb986b4df0555e7b3dec8df1e099bc8f88df |
| SHA256 | e14b339af2c32ddb6ffc677025ca96e55fff407ac1b89be4bb851c18493f30e4 |
| SHA512 | fe5ff1627ee1d86572f48dcf1c00cf03c41b6525b2bec60549bcc727bf2c8b04fc6391d67939f23e64699a32f91d48b33255b14b8920bac4a4b1dc416eb46678 |
C:\Users\Admin\AppData\Local\Temp\XMAs.exe
| MD5 | 1eedbd3287ce561b14f03df0acf5eda7 |
| SHA1 | ff5f4575a2cf4ec91a49616d4dd387a854527839 |
| SHA256 | aa99de35580695850fbb4ed0c893b50af1d2475bd6b0ee9528c170a0c9774919 |
| SHA512 | a7721184d05da074534b079c33c6989bd57f0ca5f72ad271d717602ff676bb47fd93461a0809267d417c8a0efe70dcadb0cf703b956439ca99619947477b3864 |
C:\Users\Admin\AppData\Local\Temp\ckAc.exe
| MD5 | 2276f8cf4bdd8599efb29ed0903ca94f |
| SHA1 | 487bb2ec5aa6d89a4307bc5013d3e9cd89f51f5b |
| SHA256 | ebf5a390962c81fae56c9fcca39dbd49b3899660e5b0a0533e2933206a0c9fc3 |
| SHA512 | 5bbd1fa04ab5d40a86d523e91056493b3d5de6a317299201ec55db697a37268b2f9e8998a8b9bf5d4a520a7f0ad55d6b17a200e3e01a2be8fc41b8fe107a6023 |
C:\Users\Admin\AppData\Local\Temp\WQcw.exe
| MD5 | 12cfc3edf2a70563189dbf880ac36cae |
| SHA1 | 995175d86be5aa51289176e647e9e6431699f5c5 |
| SHA256 | 1b4e389200e2b581867ab624008fa41e1b6029ec5d9218d88e6ae33b7a1215e4 |
| SHA512 | ef2ae64fa6ae1588d14a877d18cdf8200dedee3fb205cf5afabd2532bb92429905a9c32442b599099700c703f3394941dffd92f86c81159a64a0d24b9de20299 |
C:\Users\Admin\AppData\Local\Temp\FMEk.exe
| MD5 | 7ae38c6812be2ddc570f23b2d1204077 |
| SHA1 | e8e8071e9c5239bbef84e6b8dd51b1ed665c90e8 |
| SHA256 | 6795756488a068fcf2d2fec93978a1dd137d764fb678bc832c31f370c3858174 |
| SHA512 | b457045a076d742471f5be334a29d74b4737faff90b46225c670517f0158dad01410615c26c7aef0e9f69d87cd2ece099039e9210449341262e7f87f3aed4cee |
C:\Users\Admin\AppData\Local\Temp\egcS.exe
| MD5 | bc31d95d0b9861ff135f7151543d0d8c |
| SHA1 | 9f2c72644dd45498954d5270dade504d886fe531 |
| SHA256 | 1bb6c25b7f7f17d5555e3f1d63c3bf027d175a3a25f7266727c3c463dbfcd957 |
| SHA512 | fd7145efd7a3af02f10e54d7d06be15b2ca0d619a63510e87e669767fc1d6f6d85541e2ea804313edfaa74ffe736cdc8277f447caf1a224b9fe7fcf4dcfee989 |
C:\Users\Admin\AppData\Local\Temp\jgAk.exe
| MD5 | 6bce02d659912bc89f3e797280736c20 |
| SHA1 | 1bec7dade23739bb8212986bcc7660b9cb58acd2 |
| SHA256 | 09347a7e5c87569b1bcb1be78885e601a86f733a2da08b706700820f7eeceb95 |
| SHA512 | ecb2aecf0a451591d1fdb36e0044932385e2e4f23942b9d90efbff38b9f2ca9e8453c8e4f189597584d64d6835dec788032a4f498bc952960f1ce839371e72c5 |
C:\Users\Admin\AppData\Local\Temp\PUQa.exe
| MD5 | 3edc391929fb7300dd8cf2694c5bf55f |
| SHA1 | 78361e9591d98429e4d58b121a0e467b4ea7e3a1 |
| SHA256 | 09ee1f0afb964d2e64ebd5a7ac36c6006e6a6834deb28bde63bd614e5cd5fe3c |
| SHA512 | 0c128bc8a388fbd2c86312ead2ad10fb77db11a7a9bd236c9f25e8b88b1821ea30eccde4a5c4f0e7173742b0a5ccd1c51173901878974edaa836ba8dfd61615b |
C:\Users\Admin\AppData\Local\Temp\RMUE.exe
| MD5 | 6d181a8eb3dcd9b4470c6bd07917bfcb |
| SHA1 | cb77cdb330384a703c8e33841d1e2e162cca7d21 |
| SHA256 | 4185863198b7904b92dd5ebef005b805c83733a35530e6b39b6ce0d6b846d621 |
| SHA512 | 75151b83d05812d0cab6c38b28596f808c10b2b847a2b5ac7adaac9009e9469b8f534f715a3d4865e6e9047179d00fd64b994086f16df789157f624a4596fe0b |
C:\Users\Admin\AppData\Local\Temp\Pgcs.exe
| MD5 | 9a47e8552e100570ac797fb6dd25e54a |
| SHA1 | ab35c010b2ccc165b763464e0b92c1111597594a |
| SHA256 | 5fb0a0272a56c57cf0a7c1d79ff289b2fd384f8d5b94498b0eb264a1a9f398f3 |
| SHA512 | e28973dda0548c29884b895abfebe64be268fc27b97682a354fdec51f5b2bd1a04a469783a76337518badb9500e2ad2bd34bd09cde52a925ec8bc1239f783f10 |
C:\Users\Admin\AppData\Local\Temp\fwMo.exe
| MD5 | 35ccc20955c86ca605c3ad2de2d7124a |
| SHA1 | 326a7d373f8ad1ad30971e9b3fbc788ca1e70c8f |
| SHA256 | b9e1000850d4f1ae487cd80e340ca667f0fe6f9fde50b5bf0b2838e193dea5dd |
| SHA512 | 49d4b554e9a88136feba4c740dc5de894eedbc1eb11aea125b383f8737cf2efa5c49709f2b63523e8986fe0dd1704b145b6daf6c996c0cac6724b3a219aff566 |
C:\Users\Admin\AppData\Local\Temp\skcM.exe
| MD5 | df36f72865910ef55daebdca040af6b5 |
| SHA1 | 7892fc5ccc7168ce629603d83f38e9006d243af4 |
| SHA256 | 0aeee51ca5146ab421a4d8705efd12664c4cdcef630f436c717747e6e302d713 |
| SHA512 | 2d01f0a076817ca7a24357a18521f3a6d2a594e221c09b4b116f30ea2bdf166bbb9678228bc907459912a77320bb478f4554b9b4e46721cf547724c8a210e415 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaCritical.png.exe
| MD5 | abf687076def6ccad092f40a9b716aae |
| SHA1 | 908f30b16659c0086fe15c9cfd6e420f22021cf5 |
| SHA256 | 74df0bd34d7020c45977ec0dbfa5bfb536749ffb6ebf1f0cce0851d5345cc28f |
| SHA512 | 6d3a3915744c49c6e3505c9b4e0885237c173cee82925ff0581ec0262cc99f0e837a5710f9afe7cd85d5c1b34e22bad650b4614108c088bf8492ed4f97086efc |
C:\Users\Admin\AppData\Local\Temp\uowk.exe
| MD5 | ebc98851539e405aa0a16a45ab3b3a54 |
| SHA1 | 5f93f0b04155fff75eaf3c0b53b907d7a583a7f9 |
| SHA256 | ee5f97cca1ad229eca8a62a4f7534c893e5e9063d5c25a5ac67a67c0dd47fb0e |
| SHA512 | 0e23b90355c265143972e7188febd12cd4f849d665bf32c41b642ba4baa61dc3fe51f5fbd796cea1b43a5783b58b8b20c8ca016dab2aa41c6331ce6b4c92de3a |
C:\Users\Admin\AppData\Local\Temp\KsEw.exe
| MD5 | eefcaa887c90a352ca68e015270c9e98 |
| SHA1 | ebc98786d7d8a3e2f8d69d9a9f9097a1cf11baf6 |
| SHA256 | 127bb42e5dd8ab7f728e83df05b34236c73c7a203c68bf740ce03c39bb61a959 |
| SHA512 | e1da944d919df425cf9e0af06a658b88db8a888507d4f8d47a0bd9f1cdbc1db5b67f778d430790c6f95858e23363931a8f680aef0e6ef4e618d5692a0b7a864f |
C:\Users\Admin\AppData\Local\Temp\pMEk.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\Fskq.exe
| MD5 | 0662f6e11195dbc86f234179f210b5cc |
| SHA1 | 9d355777fcbc96918ca0042da2f5154b18bc3052 |
| SHA256 | ce5369e0e603e21f144155d5e5f6d58699d92aa685d12f3ce3bef5fa02fe8fb7 |
| SHA512 | cbff132a59c68b50fe47af75796f7a6a148f68b1856a4ac4e838a63d58dd37fd5e8ae4d17a3c17c4c267f08c3367c64d2fdb27cfe28010884b2f4ade441a9a02 |
C:\Users\Admin\AppData\Local\Temp\ZUMo.exe
| MD5 | 77616bcaedde039b3588a8f539e305f6 |
| SHA1 | fc96244a05f37ec23e96d9b2097ba97927d7be0d |
| SHA256 | 733c5f5f3a11859677f76fe4dbe234f4fc762c6aaf42c315c4aaaae272cba42e |
| SHA512 | a33e4979d47c3dc2725939c3b469b6154bd83d34dba30dbe27c23375af95e2a5edc7940c668e1918596c7b2e07b65cea8d09a9aab83c576bf15807b29f372eea |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.exe
| MD5 | 451d4cc8f0e6466f5e5e482fc30fe93e |
| SHA1 | 61dd6026748cc9ef346d11a9af657644106c2c19 |
| SHA256 | 7b0312b675c7536fe9cca90709e2244d0219a00662ee7b99a1240f6fce940c6f |
| SHA512 | 7dd28c209b529895c16206e78717eafd659ab1b8dc96147753f533bc3992ade4948a3f180174c032b9ca72f4149a577dea1a074a25dc61111174a99144e5b6c4 |
C:\Users\Admin\AppData\Local\Temp\KIMo.exe
| MD5 | 5a56bcc492c511a19d024dd2e01f2b40 |
| SHA1 | a0a191a05676c2ab65b2f10c2103d320953d0fb6 |
| SHA256 | ace85b2c6af51cc27c966b199f068b1cf5ba72ceffa4f2cc6b50acc7a7bb24fd |
| SHA512 | 8c8bde6634a3992ef728a94dbf2a7f6c19047a7b0cc5d07b8a8ffaedf5bd2778bfb14da6eece8a9dfcb750c458ed736f0076b814447b59c2c8dbe7df71e408ca |
C:\Users\Admin\AppData\Local\Temp\BIAs.exe
| MD5 | 5c3d7feeded3d675756541baabe5954b |
| SHA1 | b30c7dd44098d401d1911afcc22e8264a2d6b1c7 |
| SHA256 | 868051cc1c1713dbd1b3ee703ae50f9d7a81752e6869fa35fb62f41e4e6a733a |
| SHA512 | 3408c12fda50b38d7b18a8bca73c99854515e8f6b8414bfef810389cabfbc677f5837320a7b9ed3c277111498603df5f5f0aa90d64a0a0703b24fbddd5362f52 |
C:\Users\Admin\AppData\Local\Temp\qQUo.exe
| MD5 | c91d1b6d3252dceaf0cf3890f71169d2 |
| SHA1 | 91b48fb84b8222e1e130166037790da58a75ac92 |
| SHA256 | f5e4885401db178427d55ddf3ec21d2c2851af2f3f2cc1d1d19e4d2353c2ba4d |
| SHA512 | 34fe1b9cdae795b5949227b5c396edf2a1697c3f8d3d5c77d9331194dba99b3804fd23a4148c2a911c11fab24c28ba9c197269268db4410c87913297af56419d |
C:\Users\Admin\AppData\Local\Temp\eIEC.exe
| MD5 | 8dd8dacfa7834a13d4fa13ed4846c306 |
| SHA1 | ba7dbd41f89bb49f43bb31dc2af28dcfa9dd52b3 |
| SHA256 | 3bc218a3f770575f4516b178d5242d3f5e7f24a63c30308b7d6437f79684e824 |
| SHA512 | b91494b7ab0f04821b529b6891311108ff2e053c804d84c1fd92151ad45f6d1742b38038f898813356c1992d130644f023609e0cd4caae276916419bc5b94802 |
C:\Users\Admin\AppData\Local\Temp\JsYC.exe
| MD5 | 2e437f54181b44ff8512f302430d2825 |
| SHA1 | 508660c9c80a9b25cdbbc867177dd394c64b4e21 |
| SHA256 | f2599040c1092003abc0b21570ef3a4904bfea61d7a5ab97a27a416419efcfc7 |
| SHA512 | 6615f365f36b18bca690b49cb0de6cd8633320326e2ccb6e59270693ad617234c79d6c9859d2652a41d0b34a4ada14fdc782cb85a30e62ef7ea9ed78439281e2 |
C:\Users\Admin\AppData\Local\Temp\HUAg.exe
| MD5 | 8d9f42f5a409f2d2fffe23820ddceddc |
| SHA1 | e160f6a2006a421bd1405bf3056d0f1fc7344d03 |
| SHA256 | ff0685dee004c2f25abbbe05157da1d0fe63c7c11c0ddbfa70d399ed6d5336ad |
| SHA512 | 14b80ce5525cddf03416983c7350147a6a9dd13fcc01b7725a90cbd046abc3eb66c256ab827610dec06456ce48339de3e8ce03264f168d62a3d31529da238cee |
C:\Users\Admin\AppData\Local\Temp\WMAy.exe
| MD5 | cb54ab179c20c26e4d09544aa855206c |
| SHA1 | ad7f6fd93cb7066b8beed80bc0b2734d2fff14aa |
| SHA256 | 4982d287e2437d45b4b2b25fd9da85aa2d3943e1129a75f03bb77e276c69e485 |
| SHA512 | ae11daaef1ba09b275a9db3b440f875d6cc5db7fdd83c0abe55288f463af8fdb17c9188b1b97ae2ea3ea2c216b427d9e181b05a4e1c9e060e3a0e1be62fff59e |
C:\Users\Admin\AppData\Local\Temp\OEUC.exe
| MD5 | e1efb53bbc4b67512efda1464820e801 |
| SHA1 | e27fc78de56b6758acbb2da5ac26c2953428e47d |
| SHA256 | 2c2e2d0919ee1b619bc0aa053eb3573002dd8f79225f63e02060c1a27b5831b8 |
| SHA512 | ab6961c6c5344cb20558258e4b9c704d38f61a0d26cfda869474cf5b2332b9ddf64a53666971b085292c3e4cf27c4831a0c513ae9de16f90c2c384527ed9b563 |
C:\Users\Admin\AppData\Local\Temp\ksMG.exe
| MD5 | dc30c43aa5259a6f1810244d3bf374b4 |
| SHA1 | 9bbf085581e63ce0783f31d347e48bb4102c746a |
| SHA256 | 50e0c4593a977c5bc55004347f320aeb50b0de698db96f0ae4fce081333402ac |
| SHA512 | 519a94227f4e788e839f7c73f3429a49e37067c78e6b2d6c151caeac4ec7c315d00ef20a7a10fd0f69e8e54dadfa84c89e8a7b5579fb9a9710e370e1c816dcd7 |
C:\Users\Admin\AppData\Local\Temp\bMQQ.exe
| MD5 | bb25e46b769516c45994383a67318b4a |
| SHA1 | 55c65feed4ce717d194db57614cc6064f615185f |
| SHA256 | 0a8e8c6831102170f7e121d3bd2565eb4639dfd8df9ee1438c033ddbf5485ef8 |
| SHA512 | 698426b2cbb361de4ed650aced96cd75e1944c6086fc4b87c8d70c9e8c455e10b8e1771e7ece9beb28e36b1924916d31db2110b44437ac76b858424dc3ef2dc8 |
C:\Users\Admin\AppData\Local\Temp\kcoW.exe
| MD5 | fe59aac955ea59bec78cc21e1cf3f788 |
| SHA1 | fee1d478d37fe55093cd5f05af09642e48c11e05 |
| SHA256 | 2dea4c809222b0b21245019fd5a5fbc6646331681053a49281f75f1dabaa6232 |
| SHA512 | 1b05b4c444fe3dac11618391f78a92d011e62aa559d159d62ade29bb3bc45ad207cf154f7ee81a6560e32c85490b67a067973ca11eb4cbddf34aaca718c339bd |
C:\Users\Admin\AppData\Roaming\StartRemove.gif.exe
| MD5 | 5ba8a03a802275a05d81391bb5d56f02 |
| SHA1 | e1411669155f7087328b3a1e2fb1fbfa434b7968 |
| SHA256 | 4339297c5b811db16684b48c49f9c6fe2b4bf28c5290b1f265fbf4fe39244df0 |
| SHA512 | 215000439bc32e7819acb80106ad1b6983214c42413e776dab2700ed6dd72bf073a929d1552d7b4ccba2139cb1860e8f20427d73c874868f1e4b7ef3804a54be |
C:\Users\Admin\AppData\Local\Temp\BQMU.exe
| MD5 | 5d79c4e5175120eb46b84d2978abb35d |
| SHA1 | 1fea8bebe0e7fd23cd3d88b00abd1b9b831b557d |
| SHA256 | 91c8d1d7db753cb464f7c3523e0bdbf1fbb5ad90a92ec06c3d3c732d76c54fab |
| SHA512 | 690fbbc984f4cb58f0be47d03d189581d517db48dd6d24841fa3dcf6072b5eef765a80d448689fe4c89150b8d711a314dcadce2844af6d95524ea597d4dba0d5 |
C:\Users\Admin\AppData\Local\Temp\PowI.exe
| MD5 | b0d742c83b7bd32b536acf2f1a7ccf2d |
| SHA1 | 7aed44b81688d0f49761f733e43e1cb716ab99c1 |
| SHA256 | 591524e546086eb3cd5ec016e52aab914a3ea67eb8bd726f3ebf5694915389f4 |
| SHA512 | 7c5d3452e533f87a73d5be7384bc7fcc9122464056dfd79220b43d3f8732fcd766f72f97bff9c973b1dca6e3de472ccaeae3aa68d31d8b28ea69e69e46b78d03 |
C:\Users\Admin\AppData\Local\Temp\AoAo.exe
| MD5 | 5fb4150d2027f4192b0354c9812e6ed9 |
| SHA1 | df2e1f661b7ca1197ffe04bac13f82dfa6b0edf5 |
| SHA256 | 1ae18192ab2671410d738f0d8612ce35e9e5912c792e1f5a840e28a83da146e6 |
| SHA512 | b96ca444c7b833233ce57d2fce4c304afe4b7f21f8f5027220ca0139e1c5138960fec6642032330bd4f43519720590113bcbcd2ffa779caea0b0d3d2c8b27148 |
C:\Users\Admin\AppData\Local\Temp\YUgS.exe
| MD5 | ec723b24cb9e11addfaf9ba994fabef7 |
| SHA1 | d1b2a59a31a4d72ee0490e2fa621ac65f13e35ae |
| SHA256 | 13f31611068f71f68760d0d4e05bcd93aff451def1005323e0a581be6c230c14 |
| SHA512 | 5d9367e7a540958d9da1684ca2a31c4a42384aeb794f61ed2327689692a6fcea3644dec856b3022dd82eceff4f226a6e3895039ea153e334bb0286cb4bfc43ee |
C:\Users\Admin\AppData\Local\Temp\MEAE.exe
| MD5 | 3fd6237c2759bf4d4ed742818e9cf4b2 |
| SHA1 | 285ca57f65868ea17877a4c85a07ff7b68e5a0a8 |
| SHA256 | a7d320823df9feaf256cee5a3b336f95c14d4adb67a78cac2985f0f3306c4dc1 |
| SHA512 | 36b7805e9669d6696f3403795c8dfb9322c81aef8ddeb93349d2ce9279daaf1ed8f94cb6707907c5e93b57ee8e635f564be614e81d8e238a9daf42e9a8e15261 |
C:\Users\Admin\AppData\Local\Temp\hogk.exe
| MD5 | 59b8fb8b4ae4b47f778fcce938ee103b |
| SHA1 | f2605c28d70307215525572deb2f70f461175824 |
| SHA256 | 68527aa63b504651bd03afecb740b69b8a3e14a5447ed3a871d71be585a0612b |
| SHA512 | 515a61c7bd803a4d1e52aa74536d65b24da006462a087b1974a6b7a4a5fd570f1e50fb4fbbe22cf2df1b9ad0774bb1c9f10549df98ec45982b00c359226bbe51 |
C:\Users\Admin\AppData\Local\Temp\Ioom.exe
| MD5 | 11cb4314f256aa8d50159f92d78e6d16 |
| SHA1 | 280fb6442069dc68da9ae617e0ebfd7d28ee77ad |
| SHA256 | 16ee9a4a988a517fa03d78d3c51ce4d4d95f5756df591627fe548ab128eb71a7 |
| SHA512 | ce19c0ac0c3e7098a9f7571e4a3b49abb122e683ad58d490ffe42adb9e0d17c24c090a33b7cdb95b3a91b91bf7d706aa2c3c3be4a88d35ab6d289337d49c5091 |
C:\Users\Admin\AppData\Local\Temp\MEUC.exe
| MD5 | c59759d1dc75246b8cf85927b6fc28c1 |
| SHA1 | a3cd0c758f9ff1b23f148a41c3c1d05a288e74fe |
| SHA256 | 0b94868b23ac0afaa0f4e9b2de7d3a16c129d664811c3fc812da2c21f08a1513 |
| SHA512 | 6d7400c70dcc06752f292d387a6c8f1e025a5a61b7a9fff256ef6df52572c412d2f691784b202c522a7fcf4996d8b92816c3d51286c6e5ebe4e654bd0f5bab55 |
C:\Users\Admin\AppData\Local\Temp\HkUy.exe
| MD5 | ffdd3343446e2cd6534870a093be90ea |
| SHA1 | f97e17c193ebc2716e0e0b67c6ce6e00d453dfae |
| SHA256 | cca5133b89c72a5082d7114e2359e4c0852b0931a93d9c05fb60b26b494dd8b8 |
| SHA512 | 6ffd38f68885acb77835f68a49469e7c5923c4ed853a0b29fc74756f52abac85061520526e4ef7d6afe3ef65c9c9afd1af431ede5d5981b87f1794b0795dee2d |
C:\Users\Admin\AppData\Local\Temp\rUgu.exe
| MD5 | 2a8bc66ee1116fd518a5315eda3b4562 |
| SHA1 | 081095a42e2c39bab57bd816c67ae2126e9ca623 |
| SHA256 | f153c5c61a8dfbf4cac773f5e0c52991d2416e33a2ac3ce15abdf2650812d379 |
| SHA512 | 65f1fc7fc968903472be70dffa2067877a46bfaf09ff638b27c549072aa8c2118a2a5b8db9fc093b214eb98b7c7b8712c3645f4224860bd79704ede0ca03c21e |
C:\Users\Admin\AppData\Local\Temp\sQou.exe
| MD5 | c6a30f95e6a4545b784054eae9338759 |
| SHA1 | f644ba3f735bca4715693860ca0159cfb175718c |
| SHA256 | 6db76c210cfafa47844c46d5603a65aa84d960764e5a99a92a14c23b0376f4a3 |
| SHA512 | 8777d841c1f230fa871d14b9df6228d70dace9721f49314bf1e3f03e1ebc7b78ce86e1d9f3a957b06c1e7410882121b48cc7546dcca70a91ca9a48a6e4434612 |
C:\Users\Admin\AppData\Local\Temp\eUUS.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\bIIE.exe
| MD5 | ab8ff6ad6e5375ec7e94b911c35b9dcc |
| SHA1 | 1992312d0a67cec6185642e8ae1bcadc19484027 |
| SHA256 | 78de537d5ecfffcb01223dfd692a03b709e7c9f805e49847d7da1cc1a7193d52 |
| SHA512 | c2f94459472b287825b7266c82ad67edf3fcd211c97e8a75c0702dd72aaffaa5d7bbed01bfd2021a1e84fde4036898b80c1f3da8a39994a68a1c51f4b297cbb7 |
C:\Users\Admin\AppData\Local\Temp\mwku.exe
| MD5 | 8c0ef4eeee51ead7213bbd036259830e |
| SHA1 | 5dbd051c7adbbb07f0dffa86e4d18f325c65a637 |
| SHA256 | 8da99f6ad632bd1e4896454bb7e9cf628c9b44fbe8cf0f12dd96202202211d7c |
| SHA512 | c30c606c417e82e83de927c8ff9e802de25ef419ffcc268432cd401a2553beede0754c72f4e293d7580e214a4e0914e6636dd585fe360738841f767dd315a7bc |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 6881f505e76dc66d8c2f0e879467fb65 |
| SHA1 | e4336d5b3a52593f73c5218b31f1ca12fb279680 |
| SHA256 | 13d379a79246f691070e874939a25deec034dd2e17b34acbd09125bd952fd229 |
| SHA512 | 24c5c96cd70c102893774b80a34d0f900d2d89edc7e633adf3c9e2b598e1944353d231dce20692aea5285159adec102e088d6a17b67f48c11b672ca8b82806c0 |
C:\Users\Admin\AppData\Local\Temp\bswi.exe
| MD5 | 7770798637fc504d1d7f6f39cd24eab6 |
| SHA1 | ae789753b5c11554b435c78f27e5d1e1d1bb1089 |
| SHA256 | 83bc13b1e00133653f857b8429f1671abf3424246a1007f391069660d7b36ded |
| SHA512 | 9305dd2fceff0996830193940c5b9a5101c033326c0bba413c6636731482608eeb513d09df9cdc288f67edcf05afe94ffe3bf72e56778f5aa9fff830d7db4c1b |
C:\Users\Admin\AppData\Local\Temp\IggO.exe
| MD5 | 03e8e33e87508f4dc8acef1b20a18b51 |
| SHA1 | 9cb739dda37d9e7aefcb68f8be0a987ec099acd0 |
| SHA256 | 73854612fadb016fd5848086a2d722394e9aa2b0553d22ca70a0c7742df202d8 |
| SHA512 | b32572a792b64042bd61ea3caf83be2a5a02f0fe87c2b03a6de1869bf184d0f81953f65afe58d4c28e5a432c3d3ffac4f261982ebd2d9a5e2f0c99cbb70670fc |
C:\Users\Admin\AppData\Local\Temp\lAog.exe
| MD5 | 5d4a1232e8533e28156656c274ec20b1 |
| SHA1 | 817785e054c3a3c8f78c9024adbd36fadb6e708d |
| SHA256 | ae2a306fd8f303e8f5482e6b028fa589b9cc29b202714f0a68313928117e9bb3 |
| SHA512 | 319b7cc3be18256053078f80d6af738fbd784ba467a863165580a3f002ef3792e601b5fa3e99a0a87fdd4f337c8acb42f2ae39d3da8d71e277853b2f62cfdee4 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | a9faef2fdedaa9d72d4767b4364f59ae |
| SHA1 | 708686dad908b177fa5733eb67170b875a355818 |
| SHA256 | 3b3d8841f2cf2ed526fa9cf29fc8cbe6eb116c7e57767aa15a1c9bf94f768996 |
| SHA512 | dec45506c2799d4b75a89163be81df3959394c04e4cc9a38455730c036b56f87a41d1acd0a20f7ee4277b1cfe9171120bb3713b5ee8e1df324c48530f15d8f22 |