Analysis Overview
SHA256
69aeaec4d5c9e024ff15234ae8bc5aaf97b98f410e364fc5109a7c1c36f0a168
Threat Level: Known bad
The file 2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (80) files with added filename extension
Renames multiple (58) files with added filename extension
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Modifies registry key
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:28
Reported
2024-05-26 03:31
Platform
win7-20240508-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (58) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\JsMYYEgA\ImkowQAc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\JsMYYEgA\ImkowQAc.exe | N/A |
| N/A | N/A | C:\ProgramData\QSgEockU\iIQcMoMY.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\ImkowQAc.exe = "C:\\Users\\Admin\\JsMYYEgA\\ImkowQAc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iIQcMoMY.exe = "C:\\ProgramData\\QSgEockU\\iIQcMoMY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\ImkowQAc.exe = "C:\\Users\\Admin\\JsMYYEgA\\ImkowQAc.exe" | C:\Users\Admin\JsMYYEgA\ImkowQAc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iIQcMoMY.exe = "C:\\ProgramData\\QSgEockU\\iIQcMoMY.exe" | C:\ProgramData\QSgEockU\iIQcMoMY.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\JsMYYEgA\ImkowQAc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe"
C:\Users\Admin\JsMYYEgA\ImkowQAc.exe
"C:\Users\Admin\JsMYYEgA\ImkowQAc.exe"
C:\ProgramData\QSgEockU\iIQcMoMY.exe
"C:\ProgramData\QSgEockU\iIQcMoMY.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OwgMQwsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYwkgcIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WAooUcYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nooUEowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcQAcQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PIkoIcoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hesIgowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WEYYUgss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GeUcUYcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YaYAQEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ouIQswMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOYEQEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PawksEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xqQEgoAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RMQQsscI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAYgwwEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MAEUswsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\imYUoIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yEgsMcAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fGEAccUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FikAsowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fusogAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiscMUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KGUYcUMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oMQwYwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MAAIockk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aGYwUsAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xMQAUcsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NSUsMYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VwMwYAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nkUAYwYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QSsoMAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MGkMscYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mUMEsYgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKIEccco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RmoEUUkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DiosoUYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEQsAoQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XsIQkAUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PIEosoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gAEgUkcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uIAYgEgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmEckgIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IqUUgYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nuEEQQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PYQwUsYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LwEEwcQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kkIkwAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gWsIsYAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KGIwoYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kkMsgEUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dkosgEIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TQUAgQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VUwMEAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGMIQwEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MKsUkgYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SwwcwIks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\McEAEIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MyUYQUIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LcUoUQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hiwEoMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JUwMkcYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HoEgMEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YeQEggIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eCgYQcQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UyQkwQIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYQgkQgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vqkQgMYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DaowIgos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zMEsgkAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\saAMccks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qMUUskgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KaAgQgAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AooosIAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwswYscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TyUwkEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dyoMMYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkMUkAcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCgowMkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GSYogwUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qAccUoEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NswUIYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCQkEAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LcowoAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rkEIMMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUYkIMAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kWkEcMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycAYQwEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LqkMEgsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hmckIMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14712253531599511649-1300563445-9152581221635569782-1965350524-15639560141513202280"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1642489765-18784027707190508631243807527192807403214652285471261492331360081056"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uiIgUsIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IQQsAIoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OyQQgYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NSwgEgoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGQMAYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HwAkYwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hKIYokQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wicowgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gogYcYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoIkoIks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gKYQMYIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCgYAkko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAwgQIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zWIIkQgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YAUQcsYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oigkockc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SWogsIcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GGsUgUgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwAQMUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bqMEskgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XkwQkoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rCMAoMUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCYQUYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sqIYIIkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\usIwoQsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eYUkcQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1608-0-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1608-5-0x00000000004B0000-0x00000000004E0000-memory.dmp
\Users\Admin\JsMYYEgA\ImkowQAc.exe
| MD5 | 5eea77f4b2b471eba84623a6aa0a077e |
| SHA1 | 1fb747a3adbc02d1290b0fd5bf588f8c6983ad8c |
| SHA256 | 8659e9384bae00ee59aa157e8fa6bb337a928612b0c276c333af8f8e114525db |
| SHA512 | 4a45765fe57d92c8864429ce043ea198b93eb4cef1f33092e9cea6a3938058873e7d15ac7a265bfb1ed89c2e874290afe3bf66ab17eb5a5b26316ee4a9786175 |
memory/2980-13-0x0000000000400000-0x0000000000430000-memory.dmp
\ProgramData\QSgEockU\iIQcMoMY.exe
| MD5 | 21bdbb8c3f8d58148922de45385c360a |
| SHA1 | b124b24a0a7928fdbc3f1a9868c0db135c7071d9 |
| SHA256 | 68eb275afb2e7ff14aa84c6b556cabdda7ec5f7b2dccce25080408547ab56b51 |
| SHA512 | f6c754e7aa99699d32dd92c6922f861bd11120a724730b8c5e856de6bb9d31b1a10fd22e1331d3a0168bab393be82c11ca8eca7b4d82255bc65c0c061259ef3d |
memory/2604-30-0x0000000000400000-0x0000000000430000-memory.dmp
memory/1608-28-0x00000000004B0000-0x00000000004E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EUAEwQEU.bat
| MD5 | ccc9f55bbcc473585cc93d28292a1d2d |
| SHA1 | 0440d3cf853e49ddd9a24efe6050467e62aa73c5 |
| SHA256 | 592ae0dd81b8322f7c69d9c05c1f8f3fd7971514f11999b83a78e1d9475f72c2 |
| SHA512 | 46ce3e40080125dd779b38b5446218096a2f57854bd65da94d477e83ecb59b061c0838edf948b2c0106e89ee19a734c7b30c17152ff30ba8d2435cbb755e0897 |
memory/2864-34-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2600-32-0x0000000000130000-0x0000000000162000-memory.dmp
memory/2600-33-0x0000000000130000-0x0000000000162000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwgMQwsw.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/1608-42-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\ggAcwowc.bat
| MD5 | d94d41868d18c86ca856fa68dd9cdcd9 |
| SHA1 | 4f5cde7733daf886261e7224aa9e0bf60d8cdf2e |
| SHA256 | c7bc98ea469a99e77f2fef67b35a060298f21911f036078c9a0b4fbce61b05f5 |
| SHA512 | 88343ed54512b80d94c3e80ff1aba43d28dfbbe278cf6762358f9bdbfd018478b3d93e79a4fcdf217c57242a4dc3b43751626729f74fde07e5b7c94fd6427407 |
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
| MD5 | 672a1f1de82c3076688c129d2c89d0e2 |
| SHA1 | 02e8f06ad6888c9fb28059f5eac065b7bbfdd365 |
| SHA256 | 1d8a8607dd5b6aa413649cd3dc7187497e6a7fcb616e56c980fcfb682ee8c363 |
| SHA512 | e2a10f2636cad8f3fe790d68454b929831a0d0b23b1a8714188ac23df2d4af4ff134650050cc1bc9ce870d5200c7b5da41b18fc1a300a86556049879af78fb90 |
memory/856-56-0x0000000000200000-0x0000000000232000-memory.dmp
memory/2696-57-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2864-67-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yewMwYwA.bat
| MD5 | 8c553f2a51a72bb75b58bf1fe5a1a19a |
| SHA1 | 5484b5bfb18cd5ea23c555c5c4f4de7e9bf7eba7 |
| SHA256 | 2d2356e77edba3c1849645c800d6eec0e916dcbc3ce8316b266b58d5da7123cf |
| SHA512 | 922914bbeedbaa531f19c13618da2306cee0f461c6d37904c2072ea6d1350ded210b4a7f8cd181a4fe545e2d1645a16b2c844c92fd8c75e4216fa101282ac7ba |
memory/1452-82-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2352-81-0x0000000000270000-0x00000000002A2000-memory.dmp
memory/2352-80-0x0000000000270000-0x00000000002A2000-memory.dmp
memory/2696-91-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HCocIEcA.bat
| MD5 | 03030377c8851539efe866a2e4012f70 |
| SHA1 | fc0e7f21a0537750dd07537f21ebb3df56ee2167 |
| SHA256 | 457114c769961a1f65d66184bd2f5c41e61785c946393271daf40ac41602a3e8 |
| SHA512 | 8dbf8d5a83a6e1cd3f9b7d9740bfaabb92167bd5333ca71959037bb2b3fd714e9f2288f4ea8e27f6395d844e72b33eb806cac7d794c197fb151e6c570cf7c365 |
memory/2252-105-0x0000000000290000-0x00000000002C2000-memory.dmp
memory/1452-113-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XmokQAIA.bat
| MD5 | d0e34326c0d3f8c931c471615d832b6e |
| SHA1 | 541a36dc4523f477f07e7bb36088b3132ac49da5 |
| SHA256 | 758df1180ceea58206ddf303299c57118f9e7bdac4303a69b6b4fdd8ed65053b |
| SHA512 | 34043f508f01355db0f59340c52c9dfd9e02e99d42b357dc7d391fe74eea0a019a290f772e9aa633ef63cb2f96b01dd9b55dee4e59a8f3af6ad422cdf11b9d51 |
memory/1704-128-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1460-127-0x0000000000180000-0x00000000001B2000-memory.dmp
memory/1460-126-0x0000000000180000-0x00000000001B2000-memory.dmp
memory/2892-137-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PmYooAwE.bat
| MD5 | f0f9af79657212bf224d94ca5e29b6e2 |
| SHA1 | c87a33d687444a752cadeded3a33520662967b96 |
| SHA256 | 9c203845882415d693a43da19441c8cf592e991be8e4b0be1d4d0f1107e0833e |
| SHA512 | 8ad91674a798562a075a418a9f3bb2825dce324716fe05a1193fd60619f6df4103ce3bb4e69dcd14d5b450cf10c217845564e38c360bed37771812199b737f85 |
memory/1704-160-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1940-152-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1728-163-0x0000000077510000-0x000000007760A000-memory.dmp
memory/1728-162-0x0000000077610000-0x000000007772F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PWQUYIoc.bat
| MD5 | 122b419cacce0c893ddb76b0ecba4a5c |
| SHA1 | 551ce3cfb9b0e0f1dd66076f9b9962b7f806ead4 |
| SHA256 | 221ab6acdd179d6e8685617b12b7e877c78c8a73152dc20c2bbbee5d4c660ea5 |
| SHA512 | 97c1ab4f294abd1a75c76d23c4e538bced1eb85dfa6e4d076b56a2133ead17c66828724279835dd2957b07b6c11024d40f6a1252cd1effd2abe35e61e1027e2c |
memory/1632-176-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1940-185-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\euoQUgwg.bat
| MD5 | b215fa6b1e865af47d1a10d35402d268 |
| SHA1 | 3d101c733e2a1979a1f00801247a395b5f134537 |
| SHA256 | 19555a7a0d7aef5d56e1b1b56b54464cedee487f8e5b9e17fd3ff8fdf0830495 |
| SHA512 | 72837625374d4f87ec20d70d6bdf163e9142ab23ad39f20d17db2629d913f56374d345f4273e0f2e5161156d55185846dbfd30eee9fa95a9ba832d9406db5e79 |
memory/2864-198-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1632-207-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mOkUwEMo.bat
| MD5 | 4d885158becef0585f6bcd96c146649b |
| SHA1 | c846054ba62391ac84092ee6293d03aaad7f7e3f |
| SHA256 | 0416d04e91c60070aaac525164fc0e01209aac89a66f2c048ba1546facd0ab8a |
| SHA512 | d0a50f0ee5508d9ad2595bd008ac836a6c82a9ab9560632e87d284c30111723eb40ff3797893c9fe6ac2490aa40e310af9cae957910e8e9cc9d5eb202b3c1d85 |
memory/1176-221-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2028-220-0x0000000000260000-0x0000000000292000-memory.dmp
memory/2864-230-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\saEsYskM.bat
| MD5 | 57a3fe4094d4f6ddb9aa91d776f8a36c |
| SHA1 | 2f875293420d15e9054096c0d8e1883236c5c344 |
| SHA256 | 3a126b96ece3b4d256716f1e416deec52bb3762e942d13d92e6f06aa55476ddd |
| SHA512 | 3ab95faef78a3925297bdd942e62a27dd4c48902929ab4917851422b2dc6119ced16d3dba93ff60e7e6479296a250f1b9fc7485966cf455e2c0b98dc4da4e181 |
memory/1340-246-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2784-245-0x0000000000310000-0x0000000000342000-memory.dmp
memory/2784-244-0x0000000000310000-0x0000000000342000-memory.dmp
memory/1176-255-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yScEoIQI.bat
| MD5 | 9c6d8c2f3c7b2c3604b222a32124b0f6 |
| SHA1 | 21bb0563859ad82d1bb082b755e005fc71252bd9 |
| SHA256 | df3ad4cf9f4590b4f92e744005e86c67537fa04012fce996aa74d5daf1e7d695 |
| SHA512 | 741cc452e9d066338d738a8238627ba0f146a342633c5a1637dd95f03cd7b504f404a547330974e42d12b4907eaddd0336ea53f94669f5d427295cd3836c4b30 |
memory/2240-271-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2892-270-0x0000000000180000-0x00000000001B2000-memory.dmp
memory/2892-269-0x0000000000180000-0x00000000001B2000-memory.dmp
memory/1340-280-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PsMQswEI.bat
| MD5 | baeabfd2a7b24940b83b1a5c8104dc27 |
| SHA1 | ded36071af2ef0620ea6e9f73dd00dde7995756a |
| SHA256 | ed677315c1163bfdbc33930a4a52822b08ae53442935ae46aa27b5223d424856 |
| SHA512 | ee7d4f80968ca6a033e35a2dbc8f03f73e8a4c20712bd6e1256a3d3e5fce440eca63933f9f5efaaefec86a4ed4af3b5d053f73d0f6ca4f72b9f173afabb9618b |
memory/2552-293-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2240-302-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMIwQggQ.bat
| MD5 | f11d8367c3525d5eb519bca68f3912ba |
| SHA1 | 0ebf6af6382a411ce7679bf2a6b4607047153fd3 |
| SHA256 | 41addf2b62bcbd476871b1908b658f3d4b7baad6705804c5ab9ff7d8adf886c1 |
| SHA512 | ffca99c65d7cb24f6f7a1115cf8c0ea7decc5fe174daa996bb348eadb8efaa5fe62c3de792c2344a3f896eaeb867711ca5c9793f485ac78c1da08a71926eda3f |
memory/2460-317-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2996-316-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2996-315-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2552-326-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lGwYEAUA.bat
| MD5 | 53f6087497fbb21a10cd772d5688cdf9 |
| SHA1 | 889e003ec15b341a1e234e1366777083ff24434d |
| SHA256 | 66c2b8e69b17e80fd05fd242d7a3d2fae405ad32a254cf5258a7eb9b5c950c47 |
| SHA512 | fed10ca353dd24637dbccc3e2a29e3f0d69b996918d1d6593323565cf399fdff24d4c5379f6c077093f32ed6fcb2934b4c7672a0fbd4917ef09e65d160caf5b5 |
memory/2716-342-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2688-341-0x0000000000130000-0x0000000000162000-memory.dmp
memory/2460-351-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fcwkccAw.bat
| MD5 | c5f76b64b06d143b4fe0f0ffd6f47bd6 |
| SHA1 | 1049c8f096d36438caf765c56e209c309221ad1a |
| SHA256 | c365aac649b25c15850ff3401c249d4a99b1a627799b84377523d83312163ce9 |
| SHA512 | a9daea9fac1778d99f970bba4dfb330a463c07d63ac798cf22fbec4aa6f38c374aa8f7fba23ec3b901e0013141ac34a035b335226b5103d7d5aadafe12d7fa38 |
memory/2584-364-0x0000000000330000-0x0000000000362000-memory.dmp
memory/2008-366-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2584-365-0x0000000000330000-0x0000000000362000-memory.dmp
memory/2716-375-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yawoIsoI.bat
| MD5 | e2a614a3a20723ca629bf2547a930ec3 |
| SHA1 | 891c271eda658a357741a24d724c442aedd7f104 |
| SHA256 | 03334eb900d910e55376a67014709dda0d938b51197dbe9091cfdbcab31e62d7 |
| SHA512 | c277dcc471f93670fdeae00f4fb5410722ce73891b587271880a6ac64b93989ac920764e69af8a20da339f43c7112a9c035661551811080f4e640a6c2ce9597b |
memory/2008-396-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2412-397-0x0000000000430000-0x0000000000462000-memory.dmp
memory/1908-398-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\miIwEMUc.bat
| MD5 | 0dab3ff9b4d03aa8a5af151ef889faab |
| SHA1 | e3894c39f7463985f69ee6f735fae2af92889036 |
| SHA256 | 369fea18f9f38dcbf321c99c98c3e3d2aa7731d270257026eadf2214d24873e5 |
| SHA512 | b773d49fa83c8143ca3dd4635f4d44771fadd1e9d0e7c85be46cd4d87e317f97ae126bebc1191873327007c17f32952be914230552d61445e0c68f8af8e9c8f2 |
memory/1624-413-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1340-412-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1340-411-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1908-422-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\issMAEYs.bat
| MD5 | dd34da00cc8c5fb24e5ba8329e0b903e |
| SHA1 | 2fc1dfb24afe190057e1067319a7df2d61921c16 |
| SHA256 | 7fb4424f2e04574dcfa84758a2a20f26fc81131edbafbf6f9437ebf3313517c2 |
| SHA512 | 6c0b14d76cd221f9603ac7db7ef55b275c57abaf9a99ad609d044f83e4d2e885baf24d4ba8b496b930d336a1584253d3c4ef9e65b7972ec66de2e1905436e420 |
memory/2736-437-0x0000000000160000-0x0000000000192000-memory.dmp
memory/2240-438-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1624-447-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gqcIAYsM.bat
| MD5 | 9fc9bb241411b6609862f15fdbbe2014 |
| SHA1 | e2b90acc40331580547edc29c939a0906adf6514 |
| SHA256 | 9919f952dd18be9944f43ca4eb2b894fa12788293f23361e57377b178fa3c854 |
| SHA512 | 1f5521a3402627bd4b5e9f75bbedd67ef871eb7d9f55d62039a75dbe6e5af84e0fe7aaff38a0048b724b64bb8899de9aac443b151a5a860be65e79d858513324 |
memory/304-460-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2240-469-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DaksUEYQ.bat
| MD5 | bf7eca33a6aa3726b6286991128092b7 |
| SHA1 | d4942c8acbcfb23d781178ea272dd104b61a3252 |
| SHA256 | fe7728f98100bb7e675bd1dbef570f8ac285bec4f61e66e7f38621f3c95de1a8 |
| SHA512 | 73e680fd2d2fee5355a0429b87509e0f9f863887419b2e356273a9a47e9eb44bbf82b36f024560fb4f65fd8735cfcdc24095cbec4949c761f4e21446346c4af9 |
memory/1532-483-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1356-482-0x0000000000170000-0x00000000001A2000-memory.dmp
memory/2312-492-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zCgAwcUU.bat
| MD5 | d378a9848900efa5f3201960a0d4667c |
| SHA1 | 5bd2e37f0fa08b38d2fce136d8b2a28acdc5cd24 |
| SHA256 | 98796de4bb157b15be3c5c5f8a10a5ddfe60a9714cc1425284c9ee9a1392d539 |
| SHA512 | 59a6994aa2aa0d2a1c3aafbc0028cddff325dc5ba1e66e73719d2c59ad3e1987cd6033c614e8a7eee283d94408a2579dc7b8c7f29b4e9f274207013f915f78b2 |
memory/1632-505-0x0000000000400000-0x0000000000432000-memory.dmp
memory/768-504-0x0000000000150000-0x0000000000182000-memory.dmp
memory/1532-514-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NWwkcowM.bat
| MD5 | e586383919d4d185c576231d8ede441b |
| SHA1 | 600bfbc8647a54f1485eef1b28659521c09b742b |
| SHA256 | cfdde9c3c554690996802dc8bdb950bf457024aa720bd4ca382ce71979fbbf45 |
| SHA512 | a304b986649450fc9f218bfb72dc402b27d193dbd8a08519844db2ab34232fb81dcaad0051f39030128ae9f0f65ac1b77df7127d5c3a6c1de2aecc13130a25f6 |
memory/2984-525-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1632-534-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jwEEAocU.bat
| MD5 | 8aec3f8a8da9f1a4d1c5417f0c0acb9f |
| SHA1 | 95f82012291e10542ce15a0e70117d48f535e78a |
| SHA256 | 71867ac27550e6de7ee623a68f9798ddd34360c1d925638189f37bce45d3b1f8 |
| SHA512 | 9701894eecd3602d43b5d3bb6859de0611d3f776148e2f56b5a4d9416811a973fcf014f6ad2d1069d0a7a46211a44c617fdb461a1a1d47e4990406fdb7431983 |
memory/1388-545-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1452-544-0x0000000000110000-0x0000000000142000-memory.dmp
memory/2984-554-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uOwEMcow.bat
| MD5 | cd88f3eec093583f7380003e1b1cd5b5 |
| SHA1 | 71ed2bb15ad6024667725238611fc8ca504a249c |
| SHA256 | f1d1446526caef646f7c113510f5ef0d3be56355a5a957ae41840c64edc21eee |
| SHA512 | f890a11b26c970ad07119f4029cf0eb0b38b17be959927e6a7cb18f83f19dae8db77b057ea712ffa5ccc375f38dd09e378ffc415b2da97b7a8c83ad4926b2c20 |
memory/2680-565-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2544-564-0x0000000000160000-0x0000000000192000-memory.dmp
memory/1388-574-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ciwAEIQo.bat
| MD5 | 22b93e015d1bc8b0579fc41c4b0bdc69 |
| SHA1 | 8fdccd699dc89479a0c307179e85b752dd6c927d |
| SHA256 | e01382b9758dfc787bdfcdfae179e415a2727cea2818d85582f658327dac3457 |
| SHA512 | 71abc7a62ef7681b46b0bc2908ae7f0c101f544a2e16dabdcf66e173832ce5e57595755c32489a8e21f1b0789de88e8299311cd4d6157fa0a4ccf6cb45819938 |
memory/2524-585-0x0000000000400000-0x0000000000432000-memory.dmp
memory/752-584-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2680-595-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kgoEcUAQ.bat
| MD5 | dcb595e52fcdeeef1b123e1403012722 |
| SHA1 | 53dcfd837088faa78b597916e8ed9cefbadd2286 |
| SHA256 | a2e49c4cf16074dd984b9a73586fee2e8a260944a848b13cd65e2079aec9bcd4 |
| SHA512 | d6d76025800d464825ef64d8cc31bbe17600873d00efe787b6562c4f95ca3f57b1ffa13f31bfabee850fac366420fefb19a6b092650ff0e7c581175bc401e377 |
memory/2700-607-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1784-606-0x0000000000260000-0x0000000000292000-memory.dmp
memory/2524-616-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\icUYkwEA.bat
| MD5 | aefe3eb18f071dc24a66e1f5ff880227 |
| SHA1 | 67879b28f88882625c71bfcf3bbf40d1d67df706 |
| SHA256 | 3c67d1141caea187d0d80545d771ec9299d9f25849a649193d2996b5891f877f |
| SHA512 | 41d3e302f8ab9803f5bcbd12aaffdb2dcf9b6da14a5c79aee8d5fb008ceb7d8c7191c698714593e998a0c8a9918ab87581ab033bd2cd4104f2916810b003da5c |
memory/1408-626-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2700-635-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jcIoosgA.bat
| MD5 | 407c32957c05e2d41225011b40052108 |
| SHA1 | 07ee9d7b1d465da1bba626b5c8ca84427dee1e14 |
| SHA256 | 1057929b45a1469c6167f29f8a969f60e044c694c0452a054052284521d01b0a |
| SHA512 | 19610f65887ed1644e323321b2e5179f22c69e1292a65c10d8333014d21f5d04c66a4689068dd52ee8fca2f5be605d7a926ea6d0016452912331573f9d17aefe |
memory/2012-645-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2024-646-0x0000000000400000-0x0000000000432000-memory.dmp
memory/856-655-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TKsQMMMM.bat
| MD5 | 83fe5649840183d12162e0badeec038c |
| SHA1 | 5725a87fce7729289021624c0be07545e0120feb |
| SHA256 | 89d98c598452b67cb99d6539b44b3c3f4b8264c40dfbe6c1b9f5e539299a27d7 |
| SHA512 | a0df6d7f83be3f67b7c9373fff03bd11cfddb80f193848a6475e298f5aac6d767d87f244a6dd84457019de35ba631d1adf860f96308fb5859705e63773d4714e |
memory/2444-667-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2404-666-0x0000000000120000-0x0000000000152000-memory.dmp
memory/2024-676-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gkEK.exe
| MD5 | 30d838fa9f4f54b54b69794b38e3317b |
| SHA1 | 05946ca5dcc97c85318d9d2a443c8f18ddf84ccd |
| SHA256 | 75dd186abe644e990491745d17849d7824cdb555d4b2063804723b1885236359 |
| SHA512 | 23acc717d28d917b69d8610a6db6b41c653849891058f5db468a03d94ca25e57403aa2e9c19e6061c16d3aef2926cc0806768008fb122a23277ff3289b0b1db9 |
C:\Users\Admin\AppData\Local\Temp\rUogUQkU.bat
| MD5 | c93b45cc987ab61005b312b23386f792 |
| SHA1 | 86920052182941d5130307f851cf7500c8056ff8 |
| SHA256 | 7a4c60cae2b2c6f38120a2c17f2b0e0f0ef3b6738b06703a843d883539c0a330 |
| SHA512 | 4fbe4578d0882b7a9652d5a5d5e1c117f8144a92883d9e77b9fecc0bb825eaa66028fc393f92272c98f3b85e5e8be68700b8934eea29f2da7c3d515c5fbcf6ea |
memory/1916-702-0x0000000000210000-0x0000000000242000-memory.dmp
memory/1916-701-0x0000000000210000-0x0000000000242000-memory.dmp
memory/2884-703-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2444-712-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hiYIscsk.bat
| MD5 | 5f38f0a1f43a72de6104f3e5795ce38c |
| SHA1 | 226ecac789898a959f5dccc4278012ca02bc7f55 |
| SHA256 | b8aeb802ba7d0c958b72c5b7695d26a01ceecf2d70e5ee599fe8b156d98ffaf4 |
| SHA512 | 366970fa80de105aec4096892b5c6204dc66e24206f09989196c030f4c709b81f266fdbe4b65f3a42f49f9f1e42e58c1694b84a22a6c573cb08a789428243a86 |
memory/1728-734-0x0000000077510000-0x000000007760A000-memory.dmp
memory/1728-733-0x0000000077610000-0x000000007772F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aOIoEwIE.bat
| MD5 | fdf79165610bf43680444e604f0bc0eb |
| SHA1 | 79d30a0296c144a5841ce8510ab83d23b9a908d9 |
| SHA256 | 3d01aebed31b07a41f7e90c0d690e0afd88623af9866c1f898eb7a0e0864efe8 |
| SHA512 | 656263035579501d7483ff5d241c6cdb0fb7286960209b088513c0b2912e5e909a8dd0a2b27fd2bffc7c93770eaf23528ce965d8704435bea622089b538ec590 |
C:\Users\Admin\AppData\Local\Temp\ccoIkcso.bat
| MD5 | f34769b4374bb504236e60f45d3ee530 |
| SHA1 | 26372666ddae3b739c91ec18405617e929c4fa81 |
| SHA256 | 0c644254dac00c848dedf391e55ceaf13679b687463a07f39813d824dc02e11b |
| SHA512 | 40893f10b970b0412aa5e5d91448bc81e4dda7193c40ac66377b162294c69395cf637f45dc68bed40c75d03edd8bbde14ffab59704313c1c882876dddadea98a |
C:\Users\Admin\AppData\Local\Temp\QwIUgQcU.bat
| MD5 | 2afbd2760bc24d21856f1b67da74a82b |
| SHA1 | 84391dd74059825490dec0900a955a94595ea3c1 |
| SHA256 | b74a0498fa276694b1ed04ee0987d17c2954ade9af9d8a39069c25e27a771f9f |
| SHA512 | fb68e41ff6e3b6101659d2e164cd2a3ead375be0a3f36138a77d37af3486944c76efcf26a021418c8260a037ddb45f0da8cb947fc130619ef0f81cf5d7d3917b |
C:\Users\Admin\AppData\Local\Temp\mMAsgMUY.bat
| MD5 | b7b57c732d5437ac16996399d590f733 |
| SHA1 | 2c46b8f9da8641e70a539199e8aa3bcb591e9263 |
| SHA256 | c4dd8573edf76cdedaf4fdc8a89a533b5ec7caa2dbd8afb9701c23c182bfd93e |
| SHA512 | 919b030e670a7322fc1b79f86f493c9661ac78b21627f1f87c1bca7d1bdf9f0c46d944ba54b0e1049e722e7b950bfeeb83ad589ff091ec2e190b422432e5a566 |
C:\Users\Admin\AppData\Local\Temp\sAUYwwEk.bat
| MD5 | cc5328215febf34afffe92da2b84714a |
| SHA1 | 4ddeb0a116d9d14daf896e0cbf9b4223ad21ef4e |
| SHA256 | 3d9c2304f4a968a11e0a7754f2573ffb9149432ad7e7f5de39a0da149f478eca |
| SHA512 | 08d9b853d70f3ccab0bcea953544221c660028c8526933d3a536df2b8a0655bb4dd667630463ecaf96c8c7009b764ccd18ded85b4afd3ea26cec5c4162e77f8e |
C:\Users\Admin\AppData\Local\Temp\pQIokwYg.bat
| MD5 | 9d796fc8312b6544c5f9deb1979df5ee |
| SHA1 | b7ccc1848ca2a548ec589d5c9d6529fd1ef728a3 |
| SHA256 | af2267d1e0928f11747cdbe80648bb5b9ad01c68df22e7cc7b1a05154acdd2d3 |
| SHA512 | adc935c60f37af2001d1b5d5d5ac659a6ae6032be949f8a2919b6082d842bd8c59de6c8edda4aecc1397a23523f57903ddfc56cd1e669ecb8bd6ce086b95af3a |
C:\Users\Admin\AppData\Local\Temp\vGYIAMsA.bat
| MD5 | f8af05982a646e37be67ba5ad936c963 |
| SHA1 | 7ae73a0aaaaa9ec89ca88dfd8d6252b7066e95dd |
| SHA256 | 4a58ea857628318af88586ec6ff257b3d8305d5f287fe2080d42437aa78a4d70 |
| SHA512 | 1512f6b1aefc66da9ce3cf4f15392fa23dd1a132ad1f0c57c4e7d1538307390edf9e496c74900047399d1d4a176834cdd832de01ae07d3a5f4b1d1642325accb |
C:\Users\Admin\AppData\Local\Temp\NckAcMYQ.bat
| MD5 | c7d74f2e68ff38be23d5a171209422a5 |
| SHA1 | bb53f6aa3b9899326bf42703ab1f55366141ece0 |
| SHA256 | e4e000fbeca6416c69f3463c7630743f406c157a0e9187894516491068662746 |
| SHA512 | 111df46266fbfa8a76c98eb9c2d634aab54abf6aefb7bef44ec5c9d5df791a4dd731ffff300d032d7b20b5d83564cef13e2342ff8be0a2a4a23497b5a38baa45 |
C:\Users\Admin\AppData\Local\Temp\PWcQYIEM.bat
| MD5 | e13d61d9dc2544ca64c4153d7d481d2c |
| SHA1 | c247d0d84a90e3750f9342dd950ffc8c63d35ca4 |
| SHA256 | 3ec79e58c00e925b2e61d4be3f5fe87053b437c125cf16b0eda516cc796b1da0 |
| SHA512 | b4cf15f352ac15f0e063819b046468d15d51e08e12abaa89a3d3c43abef5b18db6243aade622f4d9ce5d7e7d36e27404533e120ec380f62ce91061b4585d15ed |
C:\Users\Admin\AppData\Local\Temp\GAkskYsY.bat
| MD5 | 5affba909f3fc6962b7f77e7b40704cc |
| SHA1 | 7c2a18ce361e9e1a124673f684603e3c890eac6b |
| SHA256 | 86774f61ec2198c07637e2c6aff64b8e2d8df26e3d55042966f95b13cd00c175 |
| SHA512 | dfc0c442d336bdd504bf8172ea3595ddc48adbb2bb88facdda18303d5c302ceebcefc5841963426d3e0fd39abc7fb030337345436e4f26a88371f7e4a9e05b9a |
C:\Users\Admin\AppData\Local\Temp\gIMAUQoc.bat
| MD5 | cfaf146ef5bf641e1e768402caf7648d |
| SHA1 | c4ac10fd3f49c7c457345362c1f4dc758b524da5 |
| SHA256 | 65f3636186b1e1fd81f532619c8c0cf7adea575b2c3e9594c06ba08753663234 |
| SHA512 | 93d707f3186e15dc640aff776ffc7878376d66380eabbb13dbb2dd653661f326ac0f2e7ac71cae7fbbfc7375f177acb557959cb951552968508326c47d94d9ba |
C:\Users\Admin\AppData\Local\Temp\ggwgIMco.bat
| MD5 | d33e1b310a7c5a922491db297cf26fb1 |
| SHA1 | a90a98300f8136925b342d95efe9387dad1a17f4 |
| SHA256 | bdfa3078a194d32fad5231b5cc464bd506f18d18fd2b4a62a336fe82bd54a329 |
| SHA512 | 582f4b4e3ebba25b1993b4fe93ad411259639540e047e1de18a94d922e56825d6e66ed5939843238bc8f51c2e2d2e6beec4079673c49ccd77e67806551f8e30f |
C:\Users\Admin\AppData\Local\Temp\UwoMkoYM.bat
| MD5 | 55195c1d6e6e35727febb7808cd3f4b6 |
| SHA1 | 5d5d00d5f32f65a76d201e165ca89e699a57dfcb |
| SHA256 | c45fc9f816e3f79117922a5ff1fc6829b7535216c8d7956f419a3f6b78d5344c |
| SHA512 | cc90ad159f93eb8083bc69fb1099610e250bccacde4d66bdac99b2dbedc28287ac26b448a281a824335648d1d64f39d259f9bbb21e28b8e067e559befb080801 |
C:\Users\Admin\AppData\Local\Temp\nOUwEQMI.bat
| MD5 | 8a9a4140249da054022781e2246bd3f8 |
| SHA1 | 6ebbcfe161e74f891ce062819a9fc34ae7ca2b0e |
| SHA256 | 3242a7af384171a4fa3c372eea4c0b6db2786f45a35b5d6b27949d4d46b9523e |
| SHA512 | 87a35b4c3b9fedbb01f30912bdba12205e1c04d416ed513d4570cd9465a35b6754d8c371029cd6eda08baddfc70496c1fe014ae6221ba87e269ec2e2ecc2af46 |
C:\Users\Admin\AppData\Local\Temp\XAEUIgwk.bat
| MD5 | 4a2b35196e90154866b0ff78b784c383 |
| SHA1 | 70418da3d0fecdbebc810143365b57a32aa2e855 |
| SHA256 | c3a067087b48b0d9f9162f9c659304757280d4f38f308b2f742b4b2576814116 |
| SHA512 | 074b7c1a3767cd35976a420622a6892fdb985c3e6585937c1aa935f98cd045ddb97e9e76142b7368454aaed4f60887ec876f981f841f92d5521e46bddab5e1e1 |
C:\Users\Admin\AppData\Local\Temp\xqEUgoEE.bat
| MD5 | f894473798dceb91ff54def68e96a2ae |
| SHA1 | 5cac1fddfdd85e1dd19a70f2ace0d5dd50dad96b |
| SHA256 | 7f8ab032da99946e36da4efeb4c01cb5cb39bff88186bf2b051a613d745b029e |
| SHA512 | b14486abb055a0dec4b21d61e06a3caf50258d1344abed63470331096539011ab1facd68b962d172f43bbcc82dd34fc33877fdb4e2a7a5dd077f29cb46c49d02 |
C:\Users\Admin\AppData\Local\Temp\bWcoUsUs.bat
| MD5 | fb5f166d48bea0d87ec1c0912653e775 |
| SHA1 | 4a555e62f65aab184eb916d40c47303beac51a4d |
| SHA256 | 0510d3c1df4a9db29c90c30d477e18ca0bd97772c3b2378a127c1478376d3955 |
| SHA512 | f402860cd682f405fc3293708032235250290e3d98817159094c55307af3d85bd5c449afa095280c07b171f505b65a065d771ff8c158b9d9525434253c596eb6 |
C:\Users\Admin\AppData\Local\Temp\gWEcswQg.bat
| MD5 | 99726ca65af34fd9785064173778720b |
| SHA1 | a1c229f4300d1941d9749d907aa1090e8aaf0a7b |
| SHA256 | e85404f7b076d9ba2e60c3034a6be641ab9d4bfd9bad3c0ce6cd9b64a90175df |
| SHA512 | 1332823b618d440a1c95fa4130af09eeea7a4a6ad92224097c7ff0daa21783f713b9a831bf2dcbea6f3c3faacace832b912e42c6e47a302d688d1da68023e260 |
C:\Users\Admin\AppData\Local\Temp\eYEo.exe
| MD5 | c8858b7e5448915a55b8aaaec09ccff1 |
| SHA1 | 931dc39ca777d129c147266449e34f62ad390a8d |
| SHA256 | a2f6801f8a23d416fd6bad636ddfc66f2f4b416d4868de12978ccc41b08823ba |
| SHA512 | e7c01cef237a51ae2f8816f345edaa1863fd927172ee2b07bda8520b1a0092fe67b84a66d0b697ee0b62d4ae7fb52eb5c734208002959ff9bb4e1fd9cc1a1286 |
C:\Users\Admin\AppData\Local\Temp\MQAQIYAY.bat
| MD5 | 3b28436bd9e3ed1aa77ed819b4fb9400 |
| SHA1 | bd16e3ff31d2f72438d819e3ae18834f686dca46 |
| SHA256 | 467d33ac8d79ad0754a0edf1bf48d162c0ec0a332695b653dfe21aaee5d74998 |
| SHA512 | c353978411209ad2d2fb81014b45de1e537554bd48c0d7f915cfe20a98c901eca6ad343ca38ba730fc040a281645662124ae11276febe4b84824ff0504727979 |
C:\Users\Admin\AppData\Local\Temp\SwQk.exe
| MD5 | 25d6a90026538a2b275e3c11c56ea33b |
| SHA1 | 3a30716a5a64fc0f1fb4b26018131d44b61235ef |
| SHA256 | 89da6285219a90c4096df6db10950336da04f70cb099fc1ae5e88c8dc955ac9c |
| SHA512 | e7be1c03603f20133309b6bb9cdfdc45f0181a5f3e03718502e08cf9eb78741a146e72b141cf44a50c001e9182b8fc03f08a4f2fbdde6ccebc2af4b0a1b68fd9 |
C:\Users\Admin\AppData\Local\Temp\SwAW.exe
| MD5 | 446e51f2e6f853e667f97af4d31996fc |
| SHA1 | cc59b34baaf366b9a5f12061166419faa606e6c5 |
| SHA256 | 8886f2adc0f6ab4bcf2973d3a17b1949d319d97d965ba6812d47fffb3da13b6d |
| SHA512 | b9df0e87183784ade9309b51e3585f4e58143c9980b261e3dd03c3fdbbffd1f50c0337a5b4644ccff8005a41131dba1c39e2f2e194c5156217339b8d623a56aa |
C:\Users\Admin\AppData\Local\Temp\QYMS.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\Gskq.exe
| MD5 | 3edb01cd190a24d1a5e12ead29a8d7f0 |
| SHA1 | a4eb5a143b3bf02cbd4cf8605da46f05faeeccf8 |
| SHA256 | f47f25ff7b558eff7a258756e4bca7f3bc7d73eaa4b02663a3c2a2878dd8a168 |
| SHA512 | bdbb18c6193f00f4b0efd14635d84991da36681f95017b54e85d58070d08b5b230f6924db5d20f13446fde95f01630ba63532feeb52fbe0583110454224f1c6d |
C:\Users\Admin\AppData\Local\Temp\YwYa.exe
| MD5 | 867a80982344cf01ec16313278000ec3 |
| SHA1 | 2748015f8eb43fa925d70ccb89c38a322a416c7f |
| SHA256 | 0cadd201553abbc5bc17ee9912ea44694ca7a11d200596986eb6f948fcca52c0 |
| SHA512 | d4befea525473be4e75cb5c191479e4a2de2d2b9af8c79c7c7e038946d7c3b42d6e4ab124dac7a0de5628629a0223abc9f1c369a0cb796f2fd375bd514ded7c9 |
C:\Users\Admin\AppData\Local\Temp\CAoO.exe
| MD5 | 48b01d61f3b4fef130014da81aadcb8f |
| SHA1 | 8a589680cab825372928a460b98f2e5242ea8bb0 |
| SHA256 | d7bbc4d40e1def54fe293ff21f8d30e06e01648779c69f5283472702a811c9b7 |
| SHA512 | dcbfaf62b1dd6da36672482c793f1420ed28f68cdddee6e1c8854e4b249425f2c3e556e5c7e78c9a025d5964af471ed86c3822229fbae5deff46ec4899668c9c |
C:\Users\Admin\AppData\Local\Temp\iIYG.exe
| MD5 | 33347eda4cdff4ce0f6e3728207449c2 |
| SHA1 | 7b3f22b8c2ff90edf1315100a3a958c522aee536 |
| SHA256 | b13aa5270800eb888f28f35278c92db4690e892e075d7b87d71fb97465702c43 |
| SHA512 | eb344b0dda030d89685c7b30d20232e251b40db636c1eaf2a63f6440997a21be92f51a849a91e53d32fec4d48983eb18cb790a1f675d177dd0280e6e41e5e2d6 |
C:\Users\Admin\AppData\Local\Temp\SwgK.exe
| MD5 | d5d85bb52d44446f75ce0b32e9d3ea90 |
| SHA1 | da63482b9d34d8b468896f411ac8e89e33a49459 |
| SHA256 | bf6892bc3af8bc90b871e71e7453643455b07ca361e93933e63de189339ba939 |
| SHA512 | 01b8bd92bfeee36b1218bc3e02fb3efd6155c7a2a50c1fa30984684836ea7d1c227f5ffade760ef787fac712b9492e787000df96797e476a45ce645bb994c61c |
C:\Users\Admin\AppData\Local\Temp\cQUk.exe
| MD5 | 5d393459d7a0d31624c1ec35fc1076ad |
| SHA1 | b76ea60459abe2c448395c4fe24920bffb8e3a1a |
| SHA256 | 5fd19b3cd78fa4361ff1e314b83918414deab735f7738b2efd998c7a9d64873b |
| SHA512 | c80df597327c02bf0a01432d8fbd8c8344ae6889521cd3a321fa25f6be79b4bb06796df651e4b5f6a1fcd9baf473bfb52c51c9f6a6195e60af1ca2781915297c |
C:\Users\Admin\AppData\Local\Temp\AOMUIEAs.bat
| MD5 | 8bfecdd092c158e859eb8ea7ca90eb4c |
| SHA1 | c001c8a8a624b4ccc8581b8468e1a5c51934d75f |
| SHA256 | 8206626aab5c12a26cd12d92dd9938147204f8b77794bdade6151f4acf897a2c |
| SHA512 | b4d54ac02ec3abb1c7a30807b2e2147d97953b599e88de234121f2b4770d6bc6a7976c375b525d10201b602ed6dff9fdf293f9db5f3b7757b923ed87ce475c8b |
C:\Users\Admin\AppData\Local\Temp\eosc.exe
| MD5 | f527c36cc9c062529b5248a8d0c6a9b5 |
| SHA1 | 60ec4725d07fce2c7a7d47682a09786d3ae1bf68 |
| SHA256 | 96f58305b1f8cc7231077347b6e8721194e66d643677dc7366ef3a2c3e6ec632 |
| SHA512 | baf9ec9b99cee05ac9aa031e87ed8c63e7102aed51daf1d2ec7814ef51ebb3b87b632135f8f87e6e1b257d710c6e8d1368111654dd2d99d6a116545dbd8baba3 |
C:\Users\Admin\AppData\Local\Temp\McoQ.exe
| MD5 | 869e23c86cedbde36e2deb0ab9d6a624 |
| SHA1 | 06b6df6523e66f146b298fe29752522a3d920563 |
| SHA256 | ecf5c327c08cd7bf18e4f799b2afd8a483c5ed5b2dfc9c92784f6edbd0381592 |
| SHA512 | cb274612617463b03cc68a269b84d8ee3a22833fabfa8ce34faea56a5526578e3d2bef6b486325a0dd40d707376a44b61b859ece03149a22bbaa6607dc721953 |
C:\Users\Admin\AppData\Local\Temp\icMm.exe
| MD5 | aa196817232f4eea09d68852808e1ba6 |
| SHA1 | a001ce1ed3dc089cd92dd3f10454a96ae9654a1c |
| SHA256 | ddef518b71e9e594b12f7e50c170ac06657a9f3b827eaae5df000ffc380e6ff5 |
| SHA512 | b9325c7bd6f3eadb2a6e54cf79e4f58900dc242666932ec3286d09c3f9a9054bb9ee821a15f112b061e375c2c84d10ebe013af528696ad80fb7c46631fbd1a73 |
C:\Users\Admin\AppData\Local\Temp\msMk.exe
| MD5 | 9f0c1cc52cd41cab32634cf875ddcd49 |
| SHA1 | 1a86f2fdf999ee51e0b0a9a3b4dd1de4621d556c |
| SHA256 | a4988ea93ffa3fbcd55d6205ffc4c29d118189cc81f6dc77bea11f717b2a1378 |
| SHA512 | 5d62c17a29e3e3ec41440267e62138cbc89b24cdd6a94ae76c308382cdf89e802bce366ade107e1a1f1145d5fbbc4b4bc5fdf1d46a203794a9c20f3ecf210094 |
C:\Users\Admin\AppData\Local\Temp\ckww.exe
| MD5 | 4297a21c01b7a3248ddabba066ee09b0 |
| SHA1 | 04646033e4dd940200ba99aa9803f6b4327f2073 |
| SHA256 | e43f33af2ba445268748b306807a2b58175be18b589d28848e98a730a34d1d1a |
| SHA512 | 4f6048ee4f9557ee93ffee1ca65782008d1ed5dd91b9b54fe374e818c7767ce953fe49d5e0d2692a5950ad9099e518526d4fb69494893b63ca947775935bc14d |
C:\Users\Admin\AppData\Local\Temp\EAQO.exe
| MD5 | e79f4866a9c1cfae7596724104a62a4f |
| SHA1 | 6617f30cacf6463a0451a4fc7ac989fdc7f2420f |
| SHA256 | b92dca21bd6bffa1093902569272f70e310201fc42f0630f2e5ebc591d2bf500 |
| SHA512 | 399a6cc3725a7639ae5535506d34baa9204760d79b9d782e52d62ac26dfc75eb73f3bfe92ce6ed94f2dd48cf5a58c59c91d4cf3200993444cdd3f4db44162b97 |
C:\Users\Admin\AppData\Local\Temp\AEQu.exe
| MD5 | 742cd631362e7993d10780f6d88cbcb7 |
| SHA1 | 5f6c439b60c94fdd7c0414ec9cb999efda4fa52b |
| SHA256 | 4387b662c30a0c4f03ccfde763e0fa1a606e57e82618ae2a57afa7f9b83c84cc |
| SHA512 | ceba1c89b71d746c389678e720520895222a79a80ba3fd4eccbdaa7b549173860b92d4b827fd2e85efe0a1695099a01d7199cfedaa32218ca3206f373a266712 |
C:\Users\Admin\AppData\Local\Temp\zQcsEkkY.bat
| MD5 | 34811d07d4a333cc6ddaff13e51acfa9 |
| SHA1 | 052ed475f23373cd539dc24b61f43d8e0a5467d4 |
| SHA256 | 1da202a05fdb71bcae32d7475ccf056d9113b9cdd585322fb00c990b62514fb4 |
| SHA512 | 966edf96c9ea1b15aa1b11a73d6c267360c653a9f027d1e02d2b2924df8e5a020e0082ceee696e9a11a1b7decacb50927a3391f20ab8dce62a5b102527584dd4 |
C:\Users\Admin\AppData\Local\Temp\SYUc.exe
| MD5 | 55133f8c189e2ae16af1894099762a48 |
| SHA1 | 214c71a3c547e0a40b9f79a972b63895925c8306 |
| SHA256 | 9afbecb082711a0065c6ac57581b54e86975e195f3898c01e0e6c0c9e6e4bb80 |
| SHA512 | 8a01e66ab1506943a12dcef45af60b80b79b2afac198068b7b553c1384d0242570b4f872aa2ae3a126522d17f38c34a9d781ae0c77e3e98cae19283bdf53ba99 |
C:\Users\Admin\AppData\Local\Temp\IYwi.exe
| MD5 | 5b96bdafc960482e697dfd2d306c9b0d |
| SHA1 | a0b7928d6445d53abd62f532004a7bc59918862d |
| SHA256 | d2f28eedaae8f03b95c9204ae1a36064a56126228c2b20ff53ed9a6a88672930 |
| SHA512 | 9fd3e2d049c15a0b78b948d60a81cca7e6498d1f0c466474a72421b458c3c95159aeb71271a2eb8144af158cb837a8d1e812528ca93cc2fae3482d003735d5ef |
C:\Users\Admin\AppData\Local\Temp\aEsm.exe
| MD5 | 16aaa21db91fb72eacc4c14dc1d93645 |
| SHA1 | 2089e7d2f8288dacb47128d2adba0ed4da8ac1ee |
| SHA256 | 52c9e5a31fe07e48103233afb845baaa8d7dc52b03b5e676def89e5b0cd3cac9 |
| SHA512 | 0a04e4515f93a452de2d1a124a9648fd0977c9276ee9e7e6661d6b50faf897dde774b6c8af06e3167839caaa86653eb33ed6f28a43146479d5ae3bc222d2fbb8 |
C:\Users\Admin\AppData\Local\Temp\Accc.exe
| MD5 | 8f2bd8acf3aa37ca1c76c16c26a086c7 |
| SHA1 | 71c04395018fc3ff8d384a3b2b9064bd12de10ad |
| SHA256 | 21961372b5fe09da0d7035285ae67337ca43703a94ed1919c83638adf3792272 |
| SHA512 | da95bf35ffa1a20a8d177e6404506ac0120a7c1466bbe33519c1df3dfc65659d62d3d9b5a871078df8eea721a9943b8e74072092ac65d986223ef75db2444416 |
C:\Users\Admin\AppData\Local\Temp\owsu.exe
| MD5 | a2b299093c074b57ecbd7d1c4c1dd330 |
| SHA1 | ada4194c45de0112db4176016eaaf11d4f891220 |
| SHA256 | a2eb683d9e02c1873210c0eb13b410f22a2e774fce415873a64614b581520c71 |
| SHA512 | 76cdba160787dedf7ff6a2f24fb5b6b9bbaff4c8790194341a884001fec6cb4393d946a3a74217d389ca3601ab79d403996b528716c8dcbb35ffc1e0a5d50dd2 |
C:\Users\Admin\AppData\Local\Temp\kEAG.exe
| MD5 | eb3cead569f3cbf57bb4fd1fe5fc9a20 |
| SHA1 | 45cee2f8c3bfca59d1b21fad416147be51896c9e |
| SHA256 | e3162ebf155861a7e95c62f65ffc928a7c4e1fcb0d6631d2909c23f0b7c7d108 |
| SHA512 | 43a8a5c15c6f08d057a62450443aeb545de7ad5660501a3740042928781ad1e1cb2f73c00808405794c6763e9ba987fdfb69f54e72d2c4b3955c3aa83f52e9d7 |
C:\Users\Admin\AppData\Local\Temp\Cwca.exe
| MD5 | b091395880857879a3fdb010279a3c62 |
| SHA1 | 707e35b75bfefcec02e50fa0375dac413955c57f |
| SHA256 | d29a07a73009195db22c819f6fbb41b284cc5c3c8656bb683eafc1420703c3f2 |
| SHA512 | af385ef1ead077399e1f4ba10f9c275fae121deba5a3baa30e933ea779be78945011d4531be90d060fd7c182eb61a256d067f2b44a2a0ae49102a44318314a12 |
C:\Users\Admin\AppData\Local\Temp\QskI.exe
| MD5 | 0ff125a205958c25f43a39cfa9469173 |
| SHA1 | 4192789404d46cc46fd039576086ba04f3b21b14 |
| SHA256 | e8ac28cbc2074be418902ad266ca134292feceb5697a403ffe719787b01c9863 |
| SHA512 | 459183d10fbb0739fb3f13c2afcc12c1eef7907d4ffbdad4dfa45667c1789690a93c9efdb5d165842c825f4e1a4c68b18582a9738aea8a9646b10a7db848a57f |
C:\Users\Admin\AppData\Local\Temp\hasYgoko.bat
| MD5 | db132b8efabe15a2237a4bc9e8a2402f |
| SHA1 | 420e22343df494f4a369b59ed37b0efebaa97fb8 |
| SHA256 | 0d2a275db4d68c34653e5cc921c970b8fc91e481e289d9e50a3bbaf43b8b31df |
| SHA512 | a6ec852fb803688f0ffbb636555cbbb362531cba25aef2d02a15daccb25dad7d6a8ec6ac13cb74ba8bbe54b2220947d6a0f21049935de1456cd022d26a24e6c1 |
C:\Users\Admin\AppData\Local\Temp\yIIu.exe
| MD5 | 41be541af0fc4af61bc9502a95222d44 |
| SHA1 | e509cb67fb38e193208be15fc85258bbbee59f27 |
| SHA256 | 4c05bae5f411d6b9cfddf6d0eee6665050c632ff94b522788ccca5d304f65ba0 |
| SHA512 | d9493480cba92858a76ad007ea0812cf4c364d58dae8e23285bfd8a60a4b4c11c8c2f64004e0f7ced82540e80113c319c10cc2a3fd9e8297ea8493a6dd9daa41 |
C:\Users\Admin\AppData\Local\Temp\aIIO.exe
| MD5 | dad7407340c51bec9e329772e80ed23a |
| SHA1 | 2e4f664e3b801a34639a3d298ea7bd6de0d8ca2a |
| SHA256 | c7a161e295a76527e68134e499b0e9e6b57e7a894abd7cfea86a04ed58db7c97 |
| SHA512 | 79b98878a99e4f5b9bd8eddd34a024be7eee2839b510ba30191106ff73682b86e16a45b9bbd940597faa7547b4b18a43157dd1a8ced4bed36ef9a18c9c8c9280 |
C:\Users\Admin\AppData\Local\Temp\qoQy.exe
| MD5 | ce18f3b004723acb41f54d4e5484e0e4 |
| SHA1 | 02a8d33229757128b5d95e12af5ad8aa0ff73a1b |
| SHA256 | c530409d0fba07a5dc851df761d6d62d6df8104099cf0319750ec8162a8eb2a1 |
| SHA512 | 92925ed5a24806a7550f1ba1cb6f3fcf5b8571a4a453057fb8198108327ee5498e145467152e01f148cd1fda7ee59dc7dbd7f25c0311e089c9fff70a9e2208fc |
C:\Users\Admin\AppData\Local\Temp\uUYu.exe
| MD5 | 483a5e9ac49b3b0191a714928d1c4a86 |
| SHA1 | 1ec4880920c5d14c3263a6a9327285f92575736e |
| SHA256 | 9f92510d3a81255347cfcdb801a28b73bc136795a984e0584954b28e01f16375 |
| SHA512 | afc7650c3b2cca71783f49f778cc5a9222d2fbb2a17d697ef61a78c416b4cf4bb5b5fe0726e80872f9309f07f552f4843dff2d4523337b8acb788b35b1bf9eb0 |
C:\Users\Admin\AppData\Local\Temp\OwAC.exe
| MD5 | 22f401684a61896f02781df524b5e42d |
| SHA1 | 93711d65295eeab79e6adff503f86bcf29b3600f |
| SHA256 | eff94961ad34b45193f3826cbbf6bd5396b751c8e04c8f1b33c06883bc158bbe |
| SHA512 | f9007fc1a815a796815a390acc8966f25bc0e299d09e6e54b3b8c75fcf68ee0a495eb1711d5cc4ca7715537fa37b320dacaa66ebae0a853bc527bb3914b98fd2 |
C:\Users\Admin\AppData\Local\Temp\soAs.exe
| MD5 | 94d48bf511b95d84c288f4eda8106927 |
| SHA1 | c1aef05666aba88ca911ad9645c7d93ffeeaab84 |
| SHA256 | bd0765c2eeb82ed7ee39b97cf61a2c56445688470ecae57082b5b769b25aac68 |
| SHA512 | 0ed6e9f554de72117231f16f99a7f990f47b1595a5d3b4506edb1d477cf775a79c485bcd5c5ddb0ce89cc0fb93d1ca4ab10feca1630bc12b01a6a3d14b33fa34 |
C:\Users\Admin\AppData\Local\Temp\wkws.exe
| MD5 | 881f8cd3197c0ec22810ae4723be0b7c |
| SHA1 | bb382362ff4dd738b64b12a034120605c6ac1590 |
| SHA256 | de35998d0111371b08a240532e44feb3f902a730f0d6339e3fcfc0df43d07d41 |
| SHA512 | a91ee77b28b951d06f650cdaf2224d7905888408c1bf33842d6bffd7e3650f5650d06d2c2783eba995fb0c6ce8286b009ea0fcaa7cba32e65c571376936e9295 |
C:\Users\Admin\AppData\Local\Temp\zwswIgQo.bat
| MD5 | 94e1d8a202606bf160407119a22fa189 |
| SHA1 | c2a68e6b676c78bdc404beeb7f08f4661f3749c9 |
| SHA256 | 92b0a6f1f293a4a6ce32887112379c8049f8808639d23b52fb8273012345ede5 |
| SHA512 | 39f1fd148b99fa791d29247ea761159bdf763c103a582dfa6ec01b83fc3eecea27ce6a576555547f2fc694418ee97e6dc4a53dc011a64759f42db528ec32c47a |
C:\Users\Admin\AppData\Local\Temp\Wgsc.exe
| MD5 | d437693f36acc5a5b1eace9880b08009 |
| SHA1 | e329ccc80a452b22493742afb62cc0358e345f3b |
| SHA256 | b1ff6a9db2682ed812a2a0d7421fee234145203e004d2ba1cb611158c1186184 |
| SHA512 | 64e8aba3fdccb1b7abe3490e69fd71f88b4b4776963be89f1d69436115caafc66df229c0eb1e2ba640a4aa895113603023251b14631a42b65c3cc6f5020d32dd |
C:\Users\Admin\AppData\Local\Temp\OAQS.exe
| MD5 | f8bbdc8c215f3d6f23af8b62d028bd81 |
| SHA1 | 161b89016817f40bfbd16cac9a4c2946246a9e91 |
| SHA256 | 1e828c56af0072de2feae26ec38f45e3a421f4f82e7a36ace25142a2ddd35b5c |
| SHA512 | 17ad0f518415b516bbd15f5f859e70d76cd358208d300f9baa665aafaa8d86254be82bdcabeb174f8d8d60c761121a761cce98038f38695c02840fbf990c5d90 |
C:\Users\Admin\AppData\Local\Temp\Okkk.exe
| MD5 | 631aaddbded9538df1c7d3d47ac3c26b |
| SHA1 | a05892dc16e4dad07cb1697c14d807fe349dfed0 |
| SHA256 | 50fb2eb95882cc032f4ec0428d1b675f97d5f2f97050b8ec931670cae7042940 |
| SHA512 | e53bbe71028f84e8f7bbeb20e92ce98a5725bbb4ae32c757a80ce992bfd5db350794fa9ef7d8408c539754225dc2183b96b045026a0e0d1c579f9ab43d34c91a |
C:\Users\Admin\AppData\Local\Temp\WQMo.exe
| MD5 | d5c9b9defbd30d3e8320ccb88a9cf031 |
| SHA1 | 9d7d1b4a903d8206bf614667e10b40db90ffd41b |
| SHA256 | e93e6355cabcd7eefbf3821b02b64b400667e735f8b8357a0794c2d493be54c0 |
| SHA512 | 03c28f82672038066a6d15c576170c9d745a8026f8d01d84a6a983a8615faffa140828a99f843243545445c2e4f73f0153222a4603c1acca61afe5fbef59f102 |
C:\Users\Admin\AppData\Local\Temp\lEkMogEI.bat
| MD5 | 9ef8d11565f0f3177742a74bc3a02d44 |
| SHA1 | 23513f6237b9dbe0401f09495167952e23d5d558 |
| SHA256 | eb3157e0036020175bb1d603cc22f34b4e051414b9a37991c30680e31d963569 |
| SHA512 | 3b952f9217d3afe328f111e6a2024c26c50f642014ba185a6992c027e357c6ddc542129c68d248a6e1340111db3a16e0c267ec80d1760ce0da6aafe67ce80173 |
C:\Users\Admin\AppData\Local\Temp\mQYm.exe
| MD5 | 28eb06de1e33378055aee61bd3ed6579 |
| SHA1 | 596d67a56eb89ddfe8f1bc2ff4acd0ae5ba96208 |
| SHA256 | 7bf3c83fd84745fb81944d23ef3c6a3e5eb8842e1547613d233b23ad8585a294 |
| SHA512 | 17c12a56aae02bcb1e2c4d94054508183f81d217c391f4e890a76c2ae6fe5b4ffcaaf75da3d2d576b189e50c490570c09db453f773af0f8cd706adbb53d8c10b |
C:\Users\Admin\AppData\Local\Temp\QEIw.exe
| MD5 | 6b0bd2482f6227410b0989187bf126fc |
| SHA1 | 2ef5e5693985f7ecdedbf5dde73c3b7cf2e1dd62 |
| SHA256 | 6cc26c417468c33c3551f741fd8e3f145e38cb55b47a94123888d12831d27e31 |
| SHA512 | 74481cd0416347296eba0a3dc37ca19190cf0be2c6da41b4ed1ca15ad746ed1ceeb5aba4b003a865255356137d1b6f146e4918bfa67ea4a4fe76a547b7732d10 |
C:\Users\Admin\AppData\Local\Temp\MMow.exe
| MD5 | 0c51bbdc7cfcdb4ad160d53978a3069b |
| SHA1 | e012436364141401e218de87e512952e73f74904 |
| SHA256 | eb81b038d11ec63ac6936bce133e899fc8855f9286abbdfec6b6466f9bc6ce78 |
| SHA512 | ba95397f83e10bdfa4cc083c55d3de15389c093374b81a596db726a5ce82b7358f265705691a45c6c934790d947b1ac080e15b9fcd710c1b5572bc2e732d6d85 |
C:\Users\Admin\AppData\Local\Temp\gcgw.exe
| MD5 | 66b9c303b368e2e1b1a34b56e1dcb8d9 |
| SHA1 | b8ec670241efe46a16d1eea6da449a9fbe82c897 |
| SHA256 | 22255f19d0db575e9e500200cbc437630a5def476115959fec87ecbd57755d18 |
| SHA512 | 84741add9ab5b2a8198bd8f21ba329fe8fa62b94bc38245e3b10ab636ab572c557b840d0c7dc5664ea9d2c0ba7a328da5199f31e9e697f8788783cd2338f5980 |
C:\Users\Admin\AppData\Local\Temp\AcMq.exe
| MD5 | ab39177ebf6c2d75a730c8b17acc2bcd |
| SHA1 | aacadbc9cf3f2999ea5c807260228a1a1ea1efcf |
| SHA256 | 78599ecbbc626b63bb754b7a0788836afa83fe654926abce024d0f6bb43b7fe3 |
| SHA512 | e2d7f0e9ea009411ddf0e13c0f70ab4aadc02159f7c681c11ff3299f0e3638c0cf8b1fa579613e5ed1f7e68576453b2bc63cc29495693fb8216cbd1192102ac7 |
C:\Users\Admin\AppData\Local\Temp\XAgkQsks.bat
| MD5 | 09e9e6229d8f3d1a3473197cc5f39d95 |
| SHA1 | f0c4426201a48f2d44cdd5c1804683ce1168140f |
| SHA256 | 29407c5d347a8e9fc0cf6dc8fb4017c7aa19da95a336fe4f3fcbad0acd73ef1a |
| SHA512 | a30d1b1715433d2eaba2becf6e0b36487a5ca9d6215e57be32b7fbe43679084b8534955bae037f4a052ab5c2fd5586d4e350be18df7ba7c076a2757312a85930 |
C:\Users\Admin\AppData\Local\Temp\AwkK.exe
| MD5 | d69b052f822baeec64453d90967e04ab |
| SHA1 | f9c073b476771da8193d1a5befbf65bfd65627c1 |
| SHA256 | 0ca51ea9751cc90bb75f9365975c13c0544fcb894e918ca9a7bfd338b51b26a2 |
| SHA512 | 2fddb600d2d882da06c7ad3b53c323929e58e263024562beba9e83b563f9ad098752c57b74aa1967d55399b0542fe02338f9672cfd894339f2822a48c9b09fe9 |
C:\Users\Admin\AppData\Local\Temp\UoMA.exe
| MD5 | 0ab296fd5c3e96271c18058c52b6df96 |
| SHA1 | 7e206d7427432aea1583227ea0bd625260789f12 |
| SHA256 | 89c4b31f9ce33ac79fb0101d8a30816c3d84cd1ce4fb128cdcd055e62b1e0b3a |
| SHA512 | 0e0ada4ac0f5ce067f96de7424bf8174b9637b6c684fe773bd4d44e02dfc2dfaebfbb90af4d8d99d72f51a0ef938aa80a0afc38e045ca053f6886c03f0ae23ce |
C:\Users\Admin\AppData\Local\Temp\IcsU.exe
| MD5 | 4f603f0464564027b6336c731958c5d0 |
| SHA1 | 004a12bd7a6f810cc7dbdee086432d9b8de1b61c |
| SHA256 | 7ba773f7d8e9aa5379e268f9c365d985b9f10ae251f0158c2d1219df158202e9 |
| SHA512 | 85a6a371fd5bac30481f5a9e20915ffc396234ab62f2e4ac58bce7f0354b7d8c2ca3ba2c5eaf70c46ba8aefff07beda2e674fb15a64f389140f62ba342966e93 |
C:\Users\Admin\AppData\Local\Temp\OkAM.exe
| MD5 | 52bab51eea03fc18f2ca1acd7b618b9c |
| SHA1 | fc9de1378922cf5cbe1542bf3ce55109a0503ea7 |
| SHA256 | 764dbec57fd6f6b6f970ea76e7d0d0c489a4d849f01b3184e7beae7edb35c085 |
| SHA512 | d60b1496027bf3773ca061c05077f374d42934c42164b27309a834a4997a4ae845cc20c439d6310da29f46b53ae7e43e528a990611c5a3865052cc6f9c4821ed |
C:\Users\Admin\AppData\Local\Temp\Kgcq.exe
| MD5 | 462f0dbba7fc772607cfbf91d7daf33a |
| SHA1 | 9633d53190d427855bee31e7cce1ebacc57b8317 |
| SHA256 | dfae5467f70aec2c54d2f1430150e8a39b1f5878f4b7ab46faafc44f3121df0d |
| SHA512 | 38cb993f64796abb9138192032f50c4dc376913f7940acb98a9fe7ee8243b50b394a2420d92f2a0e9778ca50245f898ad3663ae8b9e71d6c03cbe76faba9755d |
C:\Users\Admin\AppData\Local\Temp\ysko.exe
| MD5 | 659dacf72eddb787a826b1ca6e02da60 |
| SHA1 | ca5c4de6079b82b12444cb2dffe5f01703ce3f28 |
| SHA256 | b280fd8e8bdeb1e20623066baf4b372d51442d80df2186c37dc731e0dca447b9 |
| SHA512 | 5d62e5313c77d900d20119ec994efb06e8fcfde1eeed728b884d112bc961fa08922d37a9a26708dd17f1b32d39922e749ccf8c6dfd63efb7a97d67bc588c1006 |
C:\Users\Admin\AppData\Local\Temp\gkcA.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\mokG.exe
| MD5 | ac87c263106b5d4aab0df12ee574d9bc |
| SHA1 | d7b3d14639b490e660c475c9d8fcee54d389192e |
| SHA256 | b0dadc76402aeaaff348cd36d88ca15a3cfdd6209e3a5bef865c8bb93bd121ba |
| SHA512 | 4ca070c488fd5a6446b172e2c7aa0144368d01353ba779b8602df4f3f7340ab53ad01309fc8d9a9671ae88cb51a90a43225c9c3101130970f0d169d3a1c154e6 |
C:\Users\Admin\AppData\Local\Temp\sgAoAsIk.bat
| MD5 | 72cba8c574e038550c199cbb5f83457f |
| SHA1 | 8ed6ac93bf1789638f9926a0aaf76204c86e38e4 |
| SHA256 | fd8dc301e932cd399676a1ee806b7c0eba3bc90bc324a3a251ac8355cf1415e7 |
| SHA512 | 5140854241417e4371f40bf8f06dff2584e72598a8c894b1c3e883bb24fa1fe12538c42cc65cb0986138e49c9ab946969cdfa8782a477cb0de9ae1c7ede03e0e |
C:\Users\Admin\AppData\Local\Temp\EwUM.exe
| MD5 | ddaf1b5afe423c984ec438fdd08fd201 |
| SHA1 | fe6255c1b81b0d9542f9238a461161a46376d936 |
| SHA256 | 5a53d43879e2aa9abead1642854ddb0de03c57c041708f791a88cbd871083891 |
| SHA512 | 1f6e9dbf6da34c81e8ea765ada1ae8b92477eb6266f690d99a559e7876d18c393efa755f13f98ddd2dd6c7812e8491f3a6431c6e4d2cf2e0d7b73a15a9c0d00a |
C:\Users\Admin\AppData\Local\Temp\qIkS.exe
| MD5 | 9484d1594d446456338b74f91dad1727 |
| SHA1 | bb36c4b7dd7e15708bf441df9f77f53d684647f5 |
| SHA256 | 20464ee1d327682bf1bab494c100813b036c04f3de802bf374ab0cde94c622cc |
| SHA512 | 250f184fc2eeaffa4e9bbd1a30b84e331a57fa959e1979e81d3324dd6b456f1553396c0f3ed01fc0f33fab7dafc78ad001b772cda23f59e1e2740a32c6040d18 |
C:\Users\Admin\AppData\Local\Temp\GAowQUow.bat
| MD5 | af3f568376875aaed11cab00ebef7d04 |
| SHA1 | 6fd9a1448dd569b4f321949f03e35510c168be13 |
| SHA256 | 5655fbd6e16a74f00eaa2b0b64e3083cfa49a9bc9fbb7117c491edeebc0c8315 |
| SHA512 | 34682f673b7864ec48dff75dbb43ff1d6ee9119654727703f21da1ad341eb6887adfad7892d3e5f555b346e2f77ddd63d0ba90f07075f2e3d4009d1142349a58 |
C:\Users\Admin\AppData\Local\Temp\sYAIgYMU.bat
| MD5 | 33e53aba55ae8a0a537318069e81d858 |
| SHA1 | b24ebe171d261706107709852f0a8ad3c21d4f76 |
| SHA256 | 10970c48286ccc9fb876d8412782f04c7ad9a2eac4ee56fb804e297c774a78a7 |
| SHA512 | 6fc56134c82deb0b8ab753fa69e1acc6f5165fae7a62b43f82880839e35e306c873924c880ed030b998f9b417563a9c6bf67579932dc7227b21a6d23f59c092b |
C:\Users\Admin\AppData\Local\Temp\TmQowYMU.bat
| MD5 | 2b6133dcc13f08c4cd730eb50806c37a |
| SHA1 | e6cadfe4a6ad6632d2c0170f17e2948658c1fb24 |
| SHA256 | f2255fd927ba3934a9255587551f97acca339997f7136836c4400d6aeff9eb1b |
| SHA512 | b99d27980e46402b8ed85022c68a0b9a47c6a1ca6b8c2f0dfc47d42d64e618365a9ef3e5ca4b46cde3a62ef4d0ef59d4a3c4bb01d5f6e3584e272042cd2a77fa |
C:\Users\Admin\AppData\Local\Temp\xIcMUUIo.bat
| MD5 | e0476b36ffb58a1de5008f5667fb4569 |
| SHA1 | cd7d7cb9399cba9031f99b0f4a3cd5e68bb90c72 |
| SHA256 | 17dc86dffc94e4426b916a6d707438ff2cad6fbff81d9e002883b27297795d71 |
| SHA512 | 3d3d28ab07d85ee70de50520b1d170247386829ffcec6ee4fe9a0eb6a3527a34018f6ec0ec5d65724e3280bcf5fe72e1bd47257f11962af9c74273b0c0723664 |
C:\Users\Admin\AppData\Local\Temp\TEgYEUYw.bat
| MD5 | 2c1078a3c9f59015edb8d54784330dd7 |
| SHA1 | f18ae04422ce6030097f09d70f58f9045f1263d6 |
| SHA256 | 2f79385a76bcf486cffd430ba131991d679c66dfed66f137b782c5a8edddc52b |
| SHA512 | 812e6c8682ea61b0d8f8fcc8a93c1ed217f3269f537be1a6373fbbbfef3ad27dc858c4b0c9f7ea12548cb49704d764e171b026c264d014178ba6c3d4e7647f92 |
C:\Users\Admin\AppData\Local\Temp\bCYAkYEs.bat
| MD5 | a9656bf33e2e45dcc32635cfbd5dcec3 |
| SHA1 | fa88b1a86c0d8ded5e63446e4b2ac09882f3431f |
| SHA256 | 4240809da87b6767817ad10131ea4a3dd79c3aaab84f3f449a7af74fa79856db |
| SHA512 | 6075e5995b51e86be988955da4885b30c1e18071e048042b727878a7846083917a154e185c7f096d65820145d58f1b53044dac10580ccae8bd7faad6d56310e7 |
C:\Users\Admin\AppData\Local\Temp\uKEIkwwE.bat
| MD5 | 66f7cbf43eb934e2d7dbb9c690ba30bf |
| SHA1 | f2b7794f0c2b79e0a8e1eb3d684a06c9c2897d22 |
| SHA256 | 04663354e3e77475075914b3a0793f79f23f3fc8f501db6fd0930be479ba7fd9 |
| SHA512 | 492df01de6b7e110d3c7afb82e0f2c89eebf1d0f597ab1351e738977000ca46c2ed56d474c529a3fd06241c3ef3ee8c9ca363f01796047936d25371fd0a8900d |
C:\Users\Admin\AppData\Local\Temp\GYgcgMMY.bat
| MD5 | d3f9fd1a6ac601ec4e01dcc44253a030 |
| SHA1 | ef91b29cdd18bc89a43cfaa4927ea83a2dfdfa53 |
| SHA256 | 88606e73ea2a3310593ebf53f7947c895b020d5dc874b10a8d347ce1d4f4a715 |
| SHA512 | f296c5c27934c93f660e514b303f0a3a58d23c11360032136f85e022d52905022130a9b5bfd316e0aae24af4f053fb16dfa3be06b37c399e6a11422e1fde9c30 |
C:\Users\Admin\AppData\Local\Temp\iwUW.exe
| MD5 | 4b209e5bcf0a3e2df164d00a56047ac5 |
| SHA1 | 9de495dd523081aff67a45e81c5cc7154efacb36 |
| SHA256 | 8133f43495472a7187cab345acf3c6e2b7ea60ea0febb0feb3acc2ab8cf42042 |
| SHA512 | 8f1805c2f04abd4afd5e7afaa148d70ef2158ef54330e2277ff3988a7bddf56c8955d6add3c2635cbc74b02b285c196af12da5fa609193de10779136ff178363 |
C:\Users\Admin\AppData\Local\Temp\gGcoEIYo.bat
| MD5 | da9ea9fc98bc7c26d8b78c3c85181ff0 |
| SHA1 | 8877d0244bfc77c95e588d0fe9869930241d10c3 |
| SHA256 | 354e5cb0576d2b5a8a496e20c01a05c82ecaf756184e657e75264c3333a4a684 |
| SHA512 | 04df1fe3871e8dfd1d95603f4c77417b6a94bce56ca244711ebf7f16305ad00ade62c1f813b4a1e14f4f8555b01df90f96ae382a0137d7011703fb7c5ab1d0e8 |
C:\Users\Admin\AppData\Local\Temp\CsIg.exe
| MD5 | b50785d23aebddf108f5f3f7ef483e2b |
| SHA1 | 30db7996968b75bdf6c88236c4877225654e88c5 |
| SHA256 | ca25a3f7a56cac04eedfc053ab0cad15668c43d32386e6b4c1f500e40ae0fd8e |
| SHA512 | c5640ec3fc789dbfd86af02e46f3ac09aea37188b02cc8739815218a6d0f3c66d903d8407b9850c5bf686d0099e85e2146e6fca9c73f517154417cd73d41f6e3 |
C:\Users\Admin\AppData\Local\Temp\ucoe.exe
| MD5 | 70fd65353b875a1662b2373c1947a65c |
| SHA1 | bf6ee7bde539f9dc60509ddc91424585c5c2ef62 |
| SHA256 | f47e06a446d4aa8ca5195e5731030935e210be28bc64556fe07890e467fe4296 |
| SHA512 | 503e4df39aafc818039f6370cf8066035a6ae4ac802e264fb613efd65ca8be198beff10d9d4fb7c46b716a37a5b17630e04e753e00e4da84b2c0048ab286735f |
C:\Users\Admin\AppData\Local\Temp\uAcw.exe
| MD5 | 3d93c86cce1cc5e32a4412525632c1a6 |
| SHA1 | f8b94e9f7d0720a18f27cd917b1429a31a972776 |
| SHA256 | cab5607803177836c822aca04d1fdfb7b508a95d4b314b82bba0363b34422ea2 |
| SHA512 | 5647eb367f262423d9f72e1c40aa35e44bf9f8d26c5eb56df1f6ee6e783ad58601aa3793eaa99477065aa857a2ded28a3770128add8501fa569d6b8c819b0bb7 |
C:\Users\Admin\AppData\Local\Temp\ksUc.exe
| MD5 | 211ad84ce71a7314fcc1c81197afacff |
| SHA1 | 41a694e12a43ca57b6b70578669d7c2c381bba35 |
| SHA256 | aaeaf816b0ec21a4976880d6eae44c22478dc73683a5513b86612b968d6e08a4 |
| SHA512 | dc8b8e8a417fc791d103057e5af82ea888957dea38292bb02e0fcc96ffe0c45c6b8baa472e18e34d576d8ca691b3a3515f0f9ba641f89458656a6a91431ec8fd |
C:\Users\Admin\AppData\Local\Temp\Ukss.exe
| MD5 | 411bed405455d85a5b7fb16ef04b45d0 |
| SHA1 | ef66db8c7367ab56ca9a226f5e1b7ef75011b826 |
| SHA256 | f612b60a9e3aefdbef9e4736f7e09e0eb3d51fbe6d913d5eeff6c507f6ce3ad0 |
| SHA512 | 3df86536b4f0420571c68bb4e1fe5282166004a0e2a7559105a44b522f6e393622d44c145c3cd5f5d7c22bafcec50900ec79da33761a818abac9bb3dc7154ce7 |
C:\Users\Admin\AppData\Local\Temp\ucwI.exe
| MD5 | 63f730c45130b1aba37a7fbb9e8add8f |
| SHA1 | 44e92091f3f79f21cfbb7c39bdcf341af510b941 |
| SHA256 | 0a581f9bde59146539dcf265218d0608ce0e68d08f108650114fea3df8e89a63 |
| SHA512 | 7a74f4eb51a43929dc3f63477f98146969eb712e69640ff34fd18716f2c124dac9a7bfbe3f3e0fcbc49bf70a4ced6138891dec87869942d8b5bde74466f3d4de |
C:\Users\Admin\AppData\Local\Temp\iQga.exe
| MD5 | 7102924f71b4297af47ebba213fb9682 |
| SHA1 | 4ee581973e2c4bde4766373e58ee38fce6338567 |
| SHA256 | 6668403dd8d49683b32e6a252905433c2c98164f33d9be35add72d4d2a1a4df4 |
| SHA512 | e388572f6ba125531f68ecf146bfb24bbbc6fbe83e4810cce343d753a55232be5551a7dcef5a8623c3817ef7b337cfdfadf69f04b7ab80d29ffff6584cc2ef81 |
C:\Users\Admin\AppData\Local\Temp\cQAA.exe
| MD5 | a05339a1e28ec54eec605e8fd64f47ef |
| SHA1 | 3a252921dc1d3d1581e582519d9d428bc43428f7 |
| SHA256 | a2124228b96a5be4e868a91eab1f5526b78f69784efb43271d8817bb36da7696 |
| SHA512 | 2d08313d8568036395393e975b73de540a9f9481d414f244d2fdaa23da3504c15ef0a5fb203e6012e69a039a78aa3f561243ae55626d4e63905654f7b64a00c1 |
C:\Users\Admin\AppData\Local\Temp\ASIUkcUE.bat
| MD5 | 2848477952754342cf8765023a13988d |
| SHA1 | 1799f6124bb2198625cf79964263ba966518470e |
| SHA256 | b1a997c5cdb836da9eeababdab0e8478b3c41b3c8bdd9bd9b28c904d8dbf617c |
| SHA512 | ff2600ce98e028b25f3953be514bc3b4da281f6ca63e24accd6f9539ced83bb12afa227fa0a69b0deb8976ac54e27887657baa39eed972e39aef5e3fc5f501c5 |
C:\Users\Admin\AppData\Local\Temp\iAgc.exe
| MD5 | db71755c06d4318a66ffcac7543974cc |
| SHA1 | 4e8124072b4b2a12a5d7d687e6f375c01fdb0164 |
| SHA256 | 9216f2d98403de471dfda6d1cb0d38f513b33e42f4337d51cecd57311d340273 |
| SHA512 | 67a80889ce911281127ad4142c425708f99679c513eed6059b2e444d5c2c08fd1c0ba0873b285357e7c4869a3cb11394663d9f5cce55e9ef1859129f11362840 |
C:\Users\Admin\AppData\Local\Temp\UoMu.exe
| MD5 | 2a2dc218eb2a7351540a7950a35e1c0b |
| SHA1 | c4159f2c205d3dd88f0de9ef57d1207f1a7c8c89 |
| SHA256 | 570e8bb119ea48d703a3643e8f5ae869694430f623ff6c622c42f179d0e4cf4d |
| SHA512 | 9a93444bad814b256222bb68ae111a9c9a1c43a057ce1f3237654d25b4644cb66c11b50b0b075ecf1505be8bfb9b42e843aa46a8d229d173d2dfd0f6fda880f8 |
C:\Users\Admin\AppData\Local\Temp\ywQO.exe
| MD5 | 7211118fdc4959372616aa96ac8e8f76 |
| SHA1 | de1f2d1911deef2ee6dfd88eb92f537ec75edb76 |
| SHA256 | bb844c66297b2f58cfcb97c34ad410c0b0d132fe8b8f0f249de6ebb51200ad0f |
| SHA512 | c57552da06241f48c47f5028dce43cbe32c37191e044d6e815b2cc151111c270c6f25a6b8f3db9d3c2a68fd30b863741878761b5b8f3fa41f95d16baa6727772 |
C:\Users\Admin\AppData\Local\Temp\wUku.exe
| MD5 | bb68eb33dc274e91543f18e15e3c5932 |
| SHA1 | c9cc7d2d060e43769d685efb3c6379d35adde452 |
| SHA256 | 1194a04e04d1a13755f83a7536bfd4b1cd24e8cf19b2e0f44d4c0b111a7ef3da |
| SHA512 | cdc8e5e02630d1d52d53509fbcdaaa20d0da526515432103166d24a2dcbe7e38b3f09c44ef10f8026f8f76342e4e50752b08907791813f4135ddfe9fc00a2693 |
C:\Users\Admin\AppData\Local\Temp\nKUYIggM.bat
| MD5 | 7f1dddbd74187475e20f2dbde0da7db3 |
| SHA1 | 2050e53a52b84786fcd03fedfa7f6bbb0f6a6d19 |
| SHA256 | 4ce09ce0cadfe43fa888af2fdb7fa5a3f4cef4a93afec2195639a0dba060b1a8 |
| SHA512 | 9de789e7d77310bae5586a36ccfa4ee7c5005a33a35c74f4bf7934c57407b2035be683714f2bd672d5d0e6fdbe07569b180f855944dbc5ac7f40419d21432eb9 |
C:\Users\Admin\AppData\Local\Temp\Eskq.exe
| MD5 | 5bfe361e4e6a5ee18e9dd346858be363 |
| SHA1 | 88a45465fd863ec5e3fbca4dfe7ee2b379f98392 |
| SHA256 | 74610f20126bd437ab6423e07f16342e58c955b4aec6a20566805dab6ed15209 |
| SHA512 | f22a0c9359f7cbcf5aeeccb92d11c88f1c95aecc78359396a44901802b65455e2a71399599496da35c5521cd75b9238c1275a6ef9e28115a1b7823c0c03729af |
C:\Users\Admin\AppData\Local\Temp\Qgcc.exe
| MD5 | b0c237388823c7c5d805deb734bc84a5 |
| SHA1 | 4d7f20878cbba4ec1b1c03d4c93c4d755042ab62 |
| SHA256 | a5f5ff044c19b1888b50c70e2248d918fe121ca084869df473b1c48e2a8fd486 |
| SHA512 | c96dfcf00a5fdab1df958928474d4350bf5ece6bf5ff0e3fa17f5ff2a9da03c50ad411fadcc9e029fa3087acf323a36c466bb6abdd0fd82fe0b02ab3e7bb37a7 |
C:\Users\Admin\AppData\Local\Temp\FsUowYkw.bat
| MD5 | 17d2ed2876c23a40803c4ba59a089bc1 |
| SHA1 | d8f69ae9e2af6632b1975cec0071ede5c9879a37 |
| SHA256 | 85d284ee2b48c07081137085453d55373335790acce744d1db271bfb99ff0001 |
| SHA512 | f34a5f63042da7f5198862964e1f59165256cc5d24c49706d5cd666310b528d862b8c96557a2aa8f83395ff7a456e868f089c781b479103af011a423c05cc544 |
C:\Users\Admin\AppData\Local\Temp\QUQo.exe
| MD5 | 3f4c7d975e23d49efd6cea9d227e067a |
| SHA1 | 5029f4be5a02f2bb02800f7c9768e4041b28019c |
| SHA256 | 3e691f832231827f698a64f5e9054a5d94059073c7cbeada1423224b51e309c0 |
| SHA512 | bf2639e4a8b8e676c01493bbeb6ae94333b93fb1eeb5f3623290d22191d6e8e53c04eb0e1a66144043e10e79e38d4c1a5a71f0536a3321c6948ad206339b09a5 |
C:\Users\Admin\AppData\Local\Temp\QYUa.exe
| MD5 | f29771f59fe4e908e4cc3fe35205e96a |
| SHA1 | 56ebec91d56045bfd481627d1967f793d7872f2c |
| SHA256 | 8f8d7600ebe30cf15cc3adcba88bdb7c1ce6fff177ccead52c5d9011584e57bf |
| SHA512 | 924e2743f77c09578018fe2689cabe543cab71ab484d7239ec64525b6faab37a612ac00dfb59b65e85b9b0584a9414e74f8e7ef3c797047c866569810ceb7676 |
C:\Users\Admin\AppData\Local\Temp\IAIk.exe
| MD5 | b8be7a4f373abf3ac68d24e58438e72d |
| SHA1 | eee0daf6164d9e4659c1097613755e9e62439904 |
| SHA256 | 0a5e20f8e9a8b4ec24e513851a226e8ff528f19c0547542f4c66e249fbf237f3 |
| SHA512 | 5a981971fb7a6e3545646e7b6cfbe374607bf654f54fc6371e79caab60c562a06a8ec6254b0193eb47781a30b04f6877f019b19116e36cb8f096a938f4af7314 |
C:\Users\Admin\AppData\Local\Temp\sMQi.exe
| MD5 | 6bd2e81020d8c20af2a86453ca0bbddf |
| SHA1 | d91d670e15d153b88cb8c6b796e03b848879a9ac |
| SHA256 | 310b9bf7246c6bca00582c354e6df60c9d72c86703edd547409a9b80f6ed51b3 |
| SHA512 | 42d5ee31976ae2ea4c1cc051ab47e29f5267025c936e00b0e6114176295b8c100b5dccdd205fd23992b7d101554e421bc4472e8320b6ac230c7c2e8a77ecd860 |
C:\Users\Admin\AppData\Local\Temp\KIsi.exe
| MD5 | 34ec552e7592f02b5aaaeadb9899220f |
| SHA1 | 0e660f775ce45009de3254c84b6df9b157e1f307 |
| SHA256 | 2078136b95582a43af7a4e8fd65dbed404403d132775a252770e61310fa0c0b8 |
| SHA512 | 750897c90805d30192c66c3d157e074e38ac8ef22e5f938605777767eab05ff35d4e6fe7420b0825019b3077a27eb36bbf7a0973061182ce6cbfc7ac6b873494 |
C:\Users\Admin\AppData\Local\Temp\LIsYgsII.bat
| MD5 | 2040f394f9c01f5a66ce010cab3e66c1 |
| SHA1 | 7076edbcbf10a750fbadaee06983a3423cf61755 |
| SHA256 | de327a7c3cd2a8e45275ee8960177409a53232b06ca267ffb927fbdea6941fb2 |
| SHA512 | d447e13dd72245a5f1bd08926224518ea59fe7cf8f54a13d4bbd9bdea062690c6efcb34138e6666b0466167fa19729907c4d26ad5eb59f1221f88319f9b1a744 |
C:\Users\Admin\AppData\Local\Temp\iAAo.exe
| MD5 | f13c89e82fe1fe3a2e38d7461fe544cd |
| SHA1 | 260064b703e33b1ec762d3341ebd30248c48390f |
| SHA256 | 030ecf3869ab01e51b8160b4488cf24d0753b0e2540014dbbbc10c90ca071853 |
| SHA512 | 4da36a9bf17b419030a21f581dafd9bf7135a9f84e905ffc8e5a71c897f1b143d913167b39bffb00b2f8fa890db9f85ccc24840f9ed958e1b66b734b0f32ee54 |
C:\Users\Admin\AppData\Local\Temp\eEka.exe
| MD5 | 2ec173f71ecc0b253553eec3020f68ac |
| SHA1 | bceb5262a4f35ae4e2c44f40dbc7d3e68345c805 |
| SHA256 | 1e67fca88efe45d51e03b1f417a08cf91ed24d9cf27fd8f3929526a3db4bf0be |
| SHA512 | fc7d8fff375cecafa5cfa86608de1f05136007b8762bb8363acfe3cf65b0213571d52cfa8be3d9eee536fe3d198daa5dc2fd4b779be9a15ebcdb48b43883c79c |
C:\Users\Admin\AppData\Local\Temp\AMgI.exe
| MD5 | 84743ede8d9094031e46b5244049c410 |
| SHA1 | 7e5b73534768db64c4e1273622c442ef57126065 |
| SHA256 | d918297614ceb98463973dc52c48490d72117cc745917bce885bcdf63b9f0608 |
| SHA512 | 144867b9059cfd4e3bfe3cdc178779825067811db4040e4f159c51116f009e48b961f8c9b76a8696561c13fc0a3c2c5a24b043de5a8cbd8250578a765ebb58a8 |
C:\Users\Admin\AppData\Local\Temp\OAIm.exe
| MD5 | 61f6cef26e1ff18829dcdd2034e022d1 |
| SHA1 | 4cfb71f0cd2d9fa0fe523295bf4b4356423fc73e |
| SHA256 | 33469318937b4309940a0258c23f2c62d39eda809891909ca29acba3514c24bd |
| SHA512 | 90b43b8bcaaa75a2d839e21a3a4417e2a9728065dc9a647a3443a2c2c7cb9d178b1ef6f72cc214769591c2b323f6b73ff94113c17af15254f3e0febacaa2646f |
C:\Users\Admin\AppData\Local\Temp\EYUAAwcI.bat
| MD5 | 31b5a7ae340d3272abd647f8a7032eca |
| SHA1 | ddef8c4dc93cc13df1a8c79b9011573104c0a67b |
| SHA256 | b931769451465eef9293bfbf5491e111085fb9c81a122cfa70e003c43dba5cb9 |
| SHA512 | 5ea4d5d95f9dde26516f80ee0ff401f2715f249c54e60eaab67aef570e05406961817444e2dcc017257bab6506e14c9a1230d250d6dbf5cc11af68ba68a55ee8 |
C:\Users\Admin\AppData\Local\Temp\IEsE.exe
| MD5 | d68f5c7cd0ae8ca6dbb0877c557ed0c8 |
| SHA1 | b71c3764f7f5909dee2948bc2f61b20a8174327e |
| SHA256 | c67535ee0a3d7396b22c252f2a8bc1d0f85f4bc5ddf11e97bcb91ceb3326b5c9 |
| SHA512 | 8f956ce770839e8b20b54919fc214d1fdbdffce96275999a454f18cb0ad7d312c765e045e94650badb34afa64389194226d6d1d2066932d0a6c0c01e75e4cf91 |
C:\Users\Admin\AppData\Local\Temp\UUscAMIE.bat
| MD5 | c38ec5bd7d638a4faa0238d5881e59fd |
| SHA1 | edbffe7b98b7007ab8d92173c3ee1b4a15308fc4 |
| SHA256 | 8e5f8956db72215a93db2a172488dcf9ec19ff2270eabf930f7279b72252025b |
| SHA512 | f1fdcd4a3d099a67c3106b262a4158c975b11d39b3715de8b96b94cbfe17fe9d8426bfac41b8de9af0e61ca7e2d574879fa3551161cc890ac7db69a28dfc0586 |
C:\Users\Admin\AppData\Local\Temp\essw.exe
| MD5 | ca79f92d46e70524012c9910e2c49186 |
| SHA1 | 12b64f684e2ebe3c6b074e38a99e47dd6b02e2e4 |
| SHA256 | 3967f344772f157eac0f1607f5ef9503bc18d7d20d397d896ef9793b0e030b07 |
| SHA512 | 775657ed1aeb5a53fdd9838d3440fd3b2e2ca1aa46e7147e39a1ae3621057d92afee5a0d4b31ae351324c783c61f0bd7cffbbe762c269dfd5f1825ddd46731bb |
C:\Users\Admin\AppData\Local\Temp\OUYC.exe
| MD5 | 8d039dd0bf8cc4da672c0030bebf56b3 |
| SHA1 | 6354e0c64606e7cb06dab76448288d1336e66bf5 |
| SHA256 | 24314ade586f8c934c5853ded40bf7900f46ac0fe803e0607a8e30b5dc9641ae |
| SHA512 | 96e708972a662334cd74ca3491323788d02a4256c3268ce0cf88f0bcf30a33ec1e3be2aad407a4a6eeda3d9341845a58b51a55997660389d6103e33a2eb55115 |
C:\Users\Admin\AppData\Local\Temp\awwkIsYA.bat
| MD5 | ba025be3e8e4b1e98cc09f8410a89e39 |
| SHA1 | d2a66dfa6d5515d19451a4d7701e407257ff35ae |
| SHA256 | 355a1bfc36f74a08dc42bd6b375629bf3a08cadb857367ba3295c849a4883852 |
| SHA512 | 173f6dc6d1562da410929124a911686a980afff14440e79e49e1828a370a64886ea8c6665fbdfa079d9df17fe417dc2ede3fe6ec6a312cc89361875b7f35064b |
C:\Users\Admin\AppData\Local\Temp\iIgo.exe
| MD5 | b7304b83461b706f3c80168004858c4f |
| SHA1 | d435916ca7b4fa9a04d6f35ce4bc377e8c22a8ab |
| SHA256 | cbbcd378bc0732fa197722234201692dec56a1bd81fffb9361c8439c320f2b99 |
| SHA512 | c616b2d3cd7bcaf15726d64e0977b00ec65ecc6f6932894ee16c7c5b075178120f150e3037c07faa593fa802343554905a16fc635ec6bc25a711fe229bf2b7b9 |
C:\Users\Admin\AppData\Local\Temp\CkgMEwUg.bat
| MD5 | 4a9dfe55a364b8ca5b555755074158b4 |
| SHA1 | b60576ca5ffb3c8446c58ea5a65cf582355e4867 |
| SHA256 | b9c1f260682dca133caeb5f82f712f80182e471a9eda9f61cbce5cf3b97a5543 |
| SHA512 | b5371b916a6a49910e8e184982317176ec2ede3bda14e897a8d33ccf774ebb22b710b89052b805d101bd1af47fc16f0303b4d9c8595f14d147a91b165f63d578 |
C:\Users\Admin\AppData\Local\Temp\mUEg.exe
| MD5 | bbbc9d2e0d6463f7c44074a994bac023 |
| SHA1 | a906c0b10026dadbc9723c605533aaffbf50987a |
| SHA256 | 56dca971ceddaa64999d17baa9d47ae6f2a4faa7f48bca25880e127379ab0530 |
| SHA512 | 5fbdcd8fc71c09d68414ad0e728c39d67d94bcb43c7dfe2934cdd190805794648b2c94c08782aac8f70d4f1eba0fc64b5724afd33b23df40c1dca3110e2b7626 |
C:\Users\Admin\AppData\Local\Temp\akEU.exe
| MD5 | 35306823d212f598b248f52f97a0e751 |
| SHA1 | 04a0750865ddfd689e1048e523e631cc8a18783f |
| SHA256 | c49c5d71d410d2b112ffbed2bdbe9b71e3004ad17ceca660d451d10b83856677 |
| SHA512 | 0101ed7a784b06f2ed7c2ef570cfa4b7a6ce70833629288f5548862a5ec418883cb6ebfe4bf75caebf2bd27635b679d3b32f5bbd09b542c574c204303087ca3c |
C:\Users\Admin\AppData\Local\Temp\MYEs.exe
| MD5 | f19f92d4ec309825b42327cd2f1c9e9e |
| SHA1 | e8fb3880e694e5a560287b3774518a99ac526cf3 |
| SHA256 | a1825c6592bbdf79a6fc74ba4215dbef8eb76c02e9f4e68fa053fcf3db7a680a |
| SHA512 | 3eeaae9e244d74c53af0dc7eb0c755421660d61bd8d2e083402f10041070ce4126a7d636159cec32966a58f49fb694e28a24a7b517886ab153d24049522ef9f4 |
C:\Users\Admin\AppData\Local\Temp\ccIE.exe
| MD5 | 6a85d0dda2de958c7e2b4273981071b3 |
| SHA1 | 3cdfb0a44869a59513b8cb3b07566419605403b8 |
| SHA256 | d24de944f90c91c296b051ba4a5dfde635e3f7078bd8e0608815ed898e31af29 |
| SHA512 | 838f60a424090a8249f3549731a7e446bdae9ee2a9cbbc1320da1a22b385976ee1f54dccdd9817faa16dc81ff384bf889d1683e18e59609ffc4f1378df6df9e3 |
C:\Users\Admin\AppData\Local\Temp\wMwC.exe
| MD5 | e4da7539d196be07d1d95cbce92ace5d |
| SHA1 | fee39ba02b55dfa99da9d2f64b670a4c55436345 |
| SHA256 | 453e4e587a4f8540a39bd2c81c59e59f8bc5ee2b25391c068aff6ba76e9b2ef4 |
| SHA512 | 636799a4e5bc98c7c439d34e37d9818ae8f33a2da3ff5e43281130bbd399160580f69d7d10e1d16b938c148222c75a2fc04cd92ebbfe9e0febc9a976fb243cd8 |
C:\Users\Admin\AppData\Local\Temp\gQAg.ico
| MD5 | 97ff638c39767356fc81ae9ba75057e8 |
| SHA1 | 92e201c9a4dc807643402f646cbb7e4433b7d713 |
| SHA256 | 9367b951a0360e200345d9aa5e6895e090fc3b57ae0299c468a5b43c0c63a093 |
| SHA512 | 167328960c8448b4df44606d378f050ca6c24969fbd7cc8dcfe9ddeb96ac7ccd89e507a215b4c1debff0d20a0a239d547f1e496635fa2f06afad067c30597c46 |
C:\Users\Admin\AppData\Local\Temp\cAsy.exe
| MD5 | 7313abbd524a9530ec7874da2bb66bc8 |
| SHA1 | e239b2e271ebf83a5ba77710c138fa813d694891 |
| SHA256 | eda03266fa219ee936831cda13f8b2b91a5c1a857ad12b57d30a046d40a6e786 |
| SHA512 | 7640088aada13ccaae792a87ded2642387301810e1fbfa4844a9ffd54adb3fe4ec10a7d8c21b500d26ee60b2e79960143a9e08aa650cfb4c9c27becbcfd74855 |
C:\Users\Admin\AppData\Local\Temp\XyAAkMEU.bat
| MD5 | 9a2fa89f3037d51c85600d106cd29ba2 |
| SHA1 | fef7c4a96501dabcfcc4638e09bb8bbc1bafbe3b |
| SHA256 | 3f69b09b8e8e7036ad9cf2fd33f5cd66e4e3f5dc4c41b8f99dbf80c34da5a912 |
| SHA512 | f7da67a241e3c6b07b50b4b89aaf164b0f46454af3d139258f275c0067dc474e41647b8046840fd470b30da6bce4987f09562ce3fca995a874962d4c65aae8f3 |
C:\Users\Admin\AppData\Local\Temp\YkYO.exe
| MD5 | 3458bffcb8561fbdc5e923606d3d6c02 |
| SHA1 | f74a5496e3f220fc96c5f4da1898ca9b91cf7c07 |
| SHA256 | b04c4331ef106471711d160cb4ee10aa088ae4ff19c5767f9da26d5f9411cf6b |
| SHA512 | 39ab4a676560f5834c2be989424ecde6c86c3977c8e7dba6b5e2bcd5e7b328125702bfa72f51dccd61354c82e1741afd1dbe9a0c489ea39b2f9d0bab75d51693 |
C:\Users\Admin\AppData\Local\Temp\qkcc.exe
| MD5 | 9ec46bcb1972fdc1abe659a08a5bcd0c |
| SHA1 | 9d1aefa8c08466205341635ae4bec9ac17016a4c |
| SHA256 | b57a6764ee5d733721ac70b85b7ea38c51ccefee7a4a812d59090131fca5051f |
| SHA512 | 975a815d2c25fa6b3c1ad0765fb23a31e201778ce2def30d9c95889268fae8bcdfa38b37e8d4f0b9acd9a942a03335ae0cc1c4bd90effaf62b9c95ec0f8f4db5 |
C:\Users\Admin\AppData\Local\Temp\iQEM.exe
| MD5 | 79b2b47bb5375a6a5a40c5aee1b21982 |
| SHA1 | 71144087bda88c5551eaaa1c846a8fa604628c84 |
| SHA256 | 43c0ff30409df7aacd6db6b9e091083b7a92dd4842967c2570a15679a82feb1b |
| SHA512 | 7821f9648c241f019d88820b0058c7f4a1196409811f157247393950767b8dd4e41ec711a061b7842c067db4035125585a1a947510134ce4c9fc731553cc5bee |
C:\Users\Admin\AppData\Local\Temp\AQwO.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\SMgw.exe
| MD5 | 359c5ffcb9d1aec33668a2e956840f5e |
| SHA1 | e70cb6827d5bbb5829e87c2427f39e39789f1d7f |
| SHA256 | 756da295f8afcbadfd9886d371fb59246b57a0a610b5f93a4bbbd7c5c8f52389 |
| SHA512 | f0c2642497cedcb59a986875c33c606e5b738e4b1910661be86338750fa0c28d3f86b92d2cb36037df3fe7635641859a3ced4f2a8dea8101daabbb6eafba59f7 |
C:\Users\Admin\AppData\Local\Temp\gAoI.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\UQMk.exe
| MD5 | 91cbd1d3410254ce561b4310eb368570 |
| SHA1 | 9e4be1693271d376380bc88df99cddd81a433e91 |
| SHA256 | cf29aacb777988ee7053505ff50c02388a74ba3dff2dcf573b70fe33cf70ebc1 |
| SHA512 | ef3cbb6bc97ea495a790cff3fbe8a2b22862a509da38b3c59299049ea47c8e5f5a7505c700aadcaf11d3d0980ab2cd4e212e6d4daadce398867672bfc34aca04 |
C:\Users\Admin\AppData\Local\Temp\HeYAwkIg.bat
| MD5 | a1c348b84120fcbaf0d2ca774e672425 |
| SHA1 | cb749aa09eea5729540e77bbf7438df893674291 |
| SHA256 | 3f7ec5fa27e62df720136f35017b5ea2be56a805f458d3457a852ae3c1ce240a |
| SHA512 | a2fcaa9fb847d713944390e21f21c7e3c8df4495b508fd4736ad68220cdb344e81061d433a7bb8cc111d455d73c4aa4dfb4d7c77ae758bb0d46fe17be79ecb09 |
C:\Users\Admin\AppData\Local\Temp\MgsO.exe
| MD5 | 9848f756f02d3c10ff01d1f10484e5a8 |
| SHA1 | 5c683a3703f98be1ca3b84ee3a8487eff1da1e84 |
| SHA256 | 544646df1b18e61d878a59b658d0986c8dd3c832b97ade8314df757a1aa20582 |
| SHA512 | c0f13140901e34856b47d7b3dd34c1884b57fcc842d1b07b3cd60732d9d4214380ba1b1bf1c8ab8dcf1a1ed57b7868e733d95e00da760f764921e5d019265750 |
C:\Users\Admin\AppData\Local\Temp\skMU.exe
| MD5 | baa9571cdb07499b0ad0c42604f40ec8 |
| SHA1 | cfd3051008fd858f91880fc9c4178361e032e397 |
| SHA256 | cb6fa03d1deb64c760c2f6b1d2253d388680d6992c30b83a392334ecd689ecb4 |
| SHA512 | 0ec14e20b0cdeeaccc0fd4e54ed687d7c079c4fa66800fbc4ac76dfdac638a7dbe1058bb21f4fc983e4514c6b0a53035a4048fa8af8d3da64aa2d137d51890a0 |
C:\Users\Admin\AppData\Local\Temp\Gsco.exe
| MD5 | 9039550faa1e1982b6adc6cdfa6a40f9 |
| SHA1 | daebda76b4be28399d177e57095cc9262c230793 |
| SHA256 | f712bcb77d8265ff0199a414be3c012eb888ec44bf242eddd215ed6e71d56154 |
| SHA512 | b7f9affac04460e184988e6454efcd3a9085b884e666b6840a8a1fce193a7554bbf0e6b0ffa61935043060359e00a64133a3b01959d71be055a1562eea21782e |
C:\Users\Admin\AppData\Local\Temp\nukUIAEA.bat
| MD5 | 4675aa44d62d12c75e5e4b3826dc3697 |
| SHA1 | a3d5946b3f3ea330d0d825d02c42bdfc3fd46a4e |
| SHA256 | 94ce122d19e778d9f0f97f4cd37c4d0d439b2521b5349ef68d51132a1fc6104e |
| SHA512 | 4a4fc4dfb5d73e628bab8ff822eadbdac6402453be13691270f2be55fc7e8ca00f09e91c64e6e96028987c00a65141d9152619256263118983a0a0b835684c17 |
C:\Users\Admin\AppData\Local\Temp\IYsq.exe
| MD5 | 680b682bbb8775dea713039de9760283 |
| SHA1 | 25d813e40be838e1a157577c52318959f481bdaf |
| SHA256 | 6e5a9fa8c848e767f717bb2736374ec442a4360169433f5be3cf9326f008e964 |
| SHA512 | 55b7021a20f666e668184da99325fce92ea8c3a89cd7ca075dd6ddc866d28e78b25cb603672baa33b594d0f6f844bdd43ab072bdb1419056e331228221f5fab7 |
C:\Users\Admin\AppData\Local\Temp\EkwK.exe
| MD5 | bc2bbe65fa9d592b2aa7c1301d0ea0b8 |
| SHA1 | 8dc5ee884c8e2fdf9feef5bfd48735fe9ce89b48 |
| SHA256 | d459cc49678e9a8cf4001733062e4afcbf32d7def271633c90d535142f0232fd |
| SHA512 | fefd1a2618873b88683419340fa57d42da839c71d8d412c9a319f9a3691782a400b27efabac45f39415a7b4e078b81205761c5fc5220f9d78231111c09442999 |
C:\Users\Admin\AppData\Local\Temp\KAsG.exe
| MD5 | b070f05ae19216b4a80de5bcc2ac5ba7 |
| SHA1 | 4beab28070d3734d30d8f8c8f8c291b9fbd98104 |
| SHA256 | 446ef8d7735711cc5d7977fec847d80c1baae52478c2fcc7b6c0536e979b9e97 |
| SHA512 | 3c55724cfa30fe06963ec0044525136155dc9362763424e781a1dcd6abd180088198d2869cf2acad8d7d6be276ab60593ed481abe7a72322dad70fc9671b8137 |
C:\Users\Admin\AppData\Local\Temp\iIEM.exe
| MD5 | 5b02490c68dd40488fb4a3a408a9678c |
| SHA1 | a14baf608d53d934b29cb4c0d36cd1ab0e652005 |
| SHA256 | a9035a689da8dade604ecbdf606b97a61f9bf0a4e499b88a7e4ed22208e9ecad |
| SHA512 | 582b40b79cffee9314f2cb2802296f3b51fa20af48403599ac0fea18c8200543aafafdb60b42468a76ca0681f5955add9ddd41146dd0b82eab2c8c5627246911 |
C:\Users\Admin\AppData\Local\Temp\iUwe.exe
| MD5 | 329478221a51fdebe0d3206d67c72613 |
| SHA1 | 1f5525f7217fdfa92dcee05cd89969d9b7198d52 |
| SHA256 | 07044e71194a87995e7ea3e19fc760eaaab2a281ff272bb710c7fd173ae74d89 |
| SHA512 | 2334797880212072197d4be8a1cd69d4a0d44e1289f9f47385b7994182ef8fc32e0d40cfea9504472b5c0bc1eb8e458f152166a2aff5a772b4303146fa221bfe |
C:\Users\Admin\AppData\Local\Temp\KkwM.exe
| MD5 | 25e284be8cb9217aac2af8c9dbabd6d5 |
| SHA1 | b0b999539dd6a5342675e279e6482e9d9d7ca707 |
| SHA256 | 1e6cb4f8d62cd2fe7777da29bee383c8cdc607f6f067741717215048e5d3db48 |
| SHA512 | 4db3deac65a1e5f2e4e42252f28c2076465c5c25734713763d848554299700b2e7cbc4cd11f5bf0206c2520a9c20cd63eee70f2370c2cf89266db51a18e2c2de |
C:\Users\Admin\AppData\Local\Temp\vsQsokUE.bat
| MD5 | ae7e47eb15622a5c67f13441396606f5 |
| SHA1 | b76e3aafa7da3cd0dd16feeacf5c083ba2c54e74 |
| SHA256 | 5479c91b04431ca11c207a4884d6801f50253cbccdafa28fb4f40e39c05712b1 |
| SHA512 | 8e745acf0493e61d8de8b579b97536bc163b6c8de2057fcadbd9ab6e353508d061e606a971ba02af17cec7846e87ffea55759c27f9d9027f1b029618438f1674 |
C:\Users\Admin\AppData\Local\Temp\WkcO.exe
| MD5 | 2442185842545e578bbf1523338bd5d4 |
| SHA1 | 54d72c03868504b189298be338dd36b0a4d3ddde |
| SHA256 | b11297b6d0e03290e068220766d1507597e11a88fe1e8ecb13114cd00e364f79 |
| SHA512 | 2771fec168e4ef5d91326004b22cd6a2786bce0a6bd1c93e5c438b8af95c51a3182dc1c576540fcb974623f196e8bb6362ecafa062abb5d3c072b079977c2d72 |
C:\Users\Admin\AppData\Local\Temp\CYQY.exe
| MD5 | 15044eb07ff0c350b03d6a60cd2a8081 |
| SHA1 | da7a37c8028bc422b7c84cfb266f74ed5b66455a |
| SHA256 | 23b277c05262ead58fce6139478f3cf6dddf470869b7e34180e7d3f12bc138f9 |
| SHA512 | fbc38ec293ce34f55b3529a7461e4b3d38d5412da5812c7baa202af18f173c92c482cacfe8dee3eb8eb1fa33d08162c1afb63ae4e4be028c2030bec18d1c11d1 |
C:\Users\Admin\AppData\Local\Temp\cQQK.exe
| MD5 | ee9e57b219f19a9f85c5f2ace63040bf |
| SHA1 | f843b54c851efa5f1b7f1e062eb4cdf21d266fed |
| SHA256 | 37196fb6e12b0bf96d1eb8f18fe31e9f408bb4fcac3f39639684829536359615 |
| SHA512 | cf20af2fa5b9e1d6ba66b84a3ecf4d0a3480b7e76394da22fee29d1b40b1975bb384c0a01ba51453d6c8039dbf828b63b68d0b0cf8deee9fd90f988873df5cf6 |
C:\Users\Admin\AppData\Local\Temp\qcYM.exe
| MD5 | 43c21f3cbf34dddaa6e58fc914369981 |
| SHA1 | caaecab5753ffb8f70d3d6ba0df1fdc36f2990bf |
| SHA256 | 3cf0a15f5793d5767a4ac68618f17e70d29cf9e66f4601b5b337c9e91e8a720a |
| SHA512 | 7d8933764cb107d7efd21bdad5d9848d502f4b523674f992fca1a4d5eaa4a20ac974b9b7fb4f1f229b51341340f956c9dd3f9b3c372951c591c2dfc8c2bf6fb3 |
C:\Users\Admin\AppData\Local\Temp\gEAIwMcI.bat
| MD5 | 88d0b1049419ad73f3558a1c220abc78 |
| SHA1 | d738c1c6b1196b1b77b0f569e0276bc69be27f88 |
| SHA256 | 2baf5c03379e256c38e9626978d2a89d19d5beb1f2797a05bf13489df14eb5a0 |
| SHA512 | d0497e5f79820123e0e03dd6cea5ed1d1e6c474532558f719532b7530c187357ce6905eb96d15ef7785b76c784b5b3ba662ce6d5df0fd23754e299df36dc7e3e |
C:\Users\Admin\AppData\Local\Temp\cQQS.exe
| MD5 | aab3cfae3eb263d4c263723884afb0df |
| SHA1 | 634dc9cace5de4fb3d40a9ee870efed463c34e6a |
| SHA256 | cc1a45fa2d0b843bc8e6f7c36288bd1cde60ef337b193b6bc312a671ae42d4ef |
| SHA512 | 853be98b70f8f776a1efbe3875b6b462091f8e53a3b643e7a78772a285653ecd5c319d1339ece29ea5822183f587e522c115d9288a0a7fa34f88b60eb31c7cb9 |
C:\Users\Admin\AppData\Local\Temp\GIcw.exe
| MD5 | 8b98215b931faa2a6643b484f639bcd6 |
| SHA1 | bf9d93ee43978dc3b5c81e8df30d4825caba23b9 |
| SHA256 | dfbfcd172dd1d3de8df0bdb12a907ce9e747ce97968456be79c470af47661b90 |
| SHA512 | 12d724a9967b00ec2a2c9bb9423f9dcae92e33ef7fc83ec8379dd906de6bdea328fb97d8da6a14199267bd3fca158495916932184170f809c4b5658f33388b78 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 45e1dae3d37aa29d1df512a2863859f9 |
| SHA1 | d15acb74bff0c1fb4ebbb9fd90d9bad73aa761a8 |
| SHA256 | 0777909ddf427d07efc7b05d6fa647fb486887af6ed159df06a47bdd8335eb60 |
| SHA512 | 6efecc44ae31c3195cf9d16e38c995af092e7ffda5fa7b59fd42440fc39c5495f45e8d63de1439fd85af4866e34daeb92c822ab1d6a0330c55bd589ff27bd254 |
C:\Users\Admin\AppData\Local\Temp\Soko.exe
| MD5 | c95c245943b75bec8795fd4e664a860b |
| SHA1 | 41cf1c2be3aa2aadd3d33cd255500020e84468e4 |
| SHA256 | c183b9d6e0ea6f02eac02995d8e2206e07cacbbce1c016ac9f5e1ea14b1b4f92 |
| SHA512 | 52400006ea41f12524b207e2b1e8290e0dd867ceb83975e76db1e06bc25e429d9f236da05948e4594ae100dc1be4e852e08196afb740b67e1250d454e5e2e59c |
C:\Users\Admin\AppData\Local\Temp\ccwUQQks.bat
| MD5 | cca755853cc11ba109cadaa0be0516eb |
| SHA1 | 72c1b30d72432034eced706bf3c40f6ca345c5d6 |
| SHA256 | a2e38efaa51ed8605aa8f0cf3c4e1f55449bc623f4499ad3160ff8ce61cdf364 |
| SHA512 | e3206154d10c70026dd5697a31c0fa6344333904dcc4cca586827d67aa8c9a76de0c38ad9822d4dbb94a99a404d2f9be2ae5283dcdbf7409daa46f7061052b04 |
C:\Users\Admin\AppData\Local\Temp\kcga.exe
| MD5 | 78dc651d8b9e44b976a0ab75a886917c |
| SHA1 | 7f5f237ecce0feee3d514309c3b97a0dd57f1258 |
| SHA256 | 647376e90a5325ee8db1c99b700ff469430fd597618b566094a5d797687d67c4 |
| SHA512 | 2359b74f891a3ba67513d0d7c08c85b308856e17d6af8a7835b431647713fad13155d6d1b2b740cdfdb3faf7cdcc317621133b7df3b8721d760c44792fcd2a0e |
C:\Users\Admin\AppData\Local\Temp\sQgi.exe
| MD5 | 34dbff9a692ecffaaa7892f182c1b99e |
| SHA1 | 4a888183e582e10e9a7762ee350948c8da25e253 |
| SHA256 | affdd656fa69b79583d3d453921f93b7c8d58d2246794e3d7294f44f3a67c91f |
| SHA512 | 9124dc860775cf2c51680a60cf57b1a1b0d84676d5507bfd5766c7278a31ca33413b0515eb975a95270036ebf0d864ecbefe6905013e3f82bb6dcf6aa392a9db |
C:\Users\Admin\AppData\Local\Temp\CEYwAAcI.bat
| MD5 | 704f4f503ae47152b8c84c14019ee1c2 |
| SHA1 | 8793648b99eb39533b2e9c47e856b2ca8227bf6e |
| SHA256 | 950b5246684b291c4c3eae86167b7c3bcb08dd350ada138623d8bbfcfe11a2b1 |
| SHA512 | 2d3e0b84a851d0cbe3c1738639442056ef6365b56d2cb0fdbfb86290a833d62bbabb4fad9f0835b8c6ed321aea041c617b655317029306dba735419606bfc977 |
C:\Users\Admin\AppData\Local\Temp\gQYi.exe
| MD5 | b52ea2692f6b2f29fc0f6976b2323d88 |
| SHA1 | 0ece1631b04ade28838398d379e7c752b5fb2d33 |
| SHA256 | b14152ab49c83261667d55508209cbfd1ce5e8fdfee35e5f857c35c52afb7d73 |
| SHA512 | 36f4453e825935995e5128c3659caf6841e27fba3ee6a4614f7d2668e8ce182c6d93aa3a6acb05470efd6a0490a69bfe742162c4de3b8d985a84a99239229f52 |
C:\Users\Admin\AppData\Local\Temp\qUMQ.exe
| MD5 | 19b7a7896da0dfe6d9b94a25c8b834e1 |
| SHA1 | 51fa6fdf2fb1c91364b032b290303b3c5bc413d4 |
| SHA256 | c9156d0cae5d8385eb5dab9f4d97b26ef93070dcecc489fe1a10721ab1d57473 |
| SHA512 | 789c571c261e611eba954e19a5c74ad01df943fc11a1666b91357b02382d70d2c1b07bc169f4a46af783d58bc54f00430532ce6453b2b0e88a61e1a0ad3bd2b4 |
C:\Users\Admin\AppData\Local\Temp\UsYE.exe
| MD5 | 58424a22c88065cbe96853623c5f69bd |
| SHA1 | 07f1e472c0eacd4291e99e0ac5fab1b1917b8f3e |
| SHA256 | 42163cfb03aa5e8d97d400f91f6a01949210a9ecf8780875031e6b67c56eed68 |
| SHA512 | 73c54ee8075ede699da9aca31dc19cd4fd079af027debf343395cca01a0533ad835621de1be4573bbf6e0fb6b3f62785ab72c93b11bd3650d7e58f626afcb753 |
C:\Users\Admin\AppData\Local\Temp\AQsg.exe
| MD5 | 2f410ab4e810f84d86fe5848cf55bf56 |
| SHA1 | af4a35185921c4c560865d0de4f21a2344161d6f |
| SHA256 | 58f025b2288c065493c275f46ea9ac3303597e0493e72f9d1d672fb550a001a0 |
| SHA512 | db218ac1e2a906d70c985a2467dbe6e79ee90370e22d05adda0d5e311f4efab79b2ee87967666d2a7f02583591cc3d635fe229a96ac20dd7d5c73a169f18608e |
C:\Users\Admin\AppData\Local\Temp\AWgoUcQQ.bat
| MD5 | 1e7c64667338b0315567b2714cffe673 |
| SHA1 | 01d713a423fef2e6023daaa53e0a09bfa10408a0 |
| SHA256 | a0dcd31f5f12321109810df89ac35b027cb4aad57bdfe29af5acbcbf4fe96d65 |
| SHA512 | 731d75b59e8289f4fcefeb07bd9a2132a6e9e3a17ce105364f8cadcec214ce30b4b09f58a142e6242af62dccbf15205ca60bf41f1a30fda7dd501400e506bde5 |
C:\Users\Admin\AppData\Local\Temp\EMkM.exe
| MD5 | f69f303b4aff8eb201354a0f05e71c0f |
| SHA1 | 23c1e953a7f6c5ebe01aef39f30549a7fa379d1d |
| SHA256 | 8fcc8a0c9081538ea79b6eda851c9602f6ad1deb9f985fdbc4a88ef15f1d11d0 |
| SHA512 | e7607bf33dc00b229fede53ff9f0c9adac8e6c8401e3be0b11870d6a1adc07f61e320afd4bc6c7f0b2aa6179cf51901af855591ebbd4bfaa97e63cae08bc556c |
C:\Users\Admin\AppData\Local\Temp\OcgA.exe
| MD5 | dd9e6e41446750a98d7483da282b9035 |
| SHA1 | de0962aceadc43c1043aafb4b82d7dcefe2c2a86 |
| SHA256 | aca1aa0ae75e29542d4d3a672eef95f29189214caf7b9a7043f5f56d101f7904 |
| SHA512 | 47a6170b30ea7f721bcec4b9bcfc2c7643f48933fd9129de9d07f421e998f44df43f0fe620555097495769a0af041592989dbcdffa43e85c45ba6f6e930abb4f |
C:\Users\Admin\AppData\Local\Temp\ywAu.exe
| MD5 | 0a16a4edce55ddab6591fab7e5450eb5 |
| SHA1 | c0047bbe93ec1d8ed50f97e47ac2243d8b443459 |
| SHA256 | ac88913d04ec175627434ef420c0e8776a36576446d48f52a983f344f7abf9d4 |
| SHA512 | 49d3f5be6e7c1f5853f1c232bc4a309bc1dde992c4b2f46694065149bef7a600644fab6c2359f554c2fb6731b6d1884aff7b0d3e1d0db55dec058055083cc27a |
C:\Users\Admin\AppData\Local\Temp\QEwC.exe
| MD5 | 64ab7957ff5d694e15d843a4e74463c5 |
| SHA1 | 849545baa0f4eafd81e7e41c4fbb6ce88043830f |
| SHA256 | a690d643c26f83c6a44ef1bbf10cb535aff2b92598b572c35afe253810f001ac |
| SHA512 | 4eda3b620bdad4773d0ed27a3e0d493566abc7298dc599daf048abcbdf2be17b46526ec8e5b825fa92e712dbda444b7d646c2e7f8a7fc94cad200a1cf8f88bb6 |
C:\Users\Admin\AppData\Local\Temp\YUAq.exe
| MD5 | a838b4b83f7ca7c908c1e5992c2d3dc8 |
| SHA1 | 5248f790679cbf2e22785a3b9f98da800118ac54 |
| SHA256 | 8a23d83a5176b75c7e96d0364a929a8ad2c47d2805b1cef91fc793f9ceeaf00c |
| SHA512 | 4ea72db2035a98fa0d4239361ad723497b948f1d858fb470f18adf629485c704d207d57d392bce5952e7d629b435b6b59a9b5d0dbc6a6409d881ad9bc215d6fe |
C:\Users\Admin\AppData\Local\Temp\VEcAMYUI.bat
| MD5 | 4344d9240c54f659ec0a0820e745f63f |
| SHA1 | d799ad38a101a194bd3bb96f58a39f2c84f3743e |
| SHA256 | c97878fe20ed223dc39ecd8c36363b49782f439fc05a1aedd5bee1aea052d291 |
| SHA512 | c2346ea078a8fd7e7058fb54deb625410cbd010dfd6042cd9ceaac963bb606492fcf939e73091643518be606a74063212972416c45dac872b73e427863ffe092 |
C:\Users\Admin\AppData\Local\Temp\mUgW.exe
| MD5 | 62c5084e73226bcb474f659f48153a92 |
| SHA1 | 523e36653caf786899eccf8dc98556c596c56e9e |
| SHA256 | bb4e66a19d8bd53d769ead9ae3373dbdd1d90f417bbab46a1468c9813633cb4e |
| SHA512 | 73a2fb069a4fe3209065702c8a8da240003e7ffed1ce6aec0213e2bbc4761823728073e8d981e5f181b724728777144d62d47531f59bdc13431ea961352e6864 |
C:\Users\Admin\AppData\Local\Temp\yMQg.exe
| MD5 | 1a41a41d1fe96bed17bf9af9e0fb209c |
| SHA1 | cb822d9b4d2ebdcaa3c759dc106c8881c23060ae |
| SHA256 | e3e969cc4ec804984c5a9d8bc6e81f17907d7a3f25ae417e0c121b41b3cb3c81 |
| SHA512 | 2d0e42e83404434aa204144dc689381e4877643fbe93018406df54a4c37f8f0399f6b52fc146fb446abb9d362fecc53c735851f3c99def0a5dbb4c5887232316 |
C:\Users\Admin\AppData\Local\Temp\cIAC.exe
| MD5 | 2a8f7968faf3defb919cf158b292114b |
| SHA1 | 4b2304101fb72c06356b9c23e58bbcd069fe0ec1 |
| SHA256 | ac76cc3d74965fd06da69d4ea677041414071090701b643d40fa6e02371a0be6 |
| SHA512 | 06210a7cc991cfa59f3e386b8aa5e98d5de77a32e06d8ba9108131300b97b93e64faf60da94da0615f4ccb9355453f528ec45f9db6bcb4ffc734a7b3cc4d4169 |
C:\Users\Admin\AppData\Local\Temp\mwYQ.exe
| MD5 | 27992d186140ec6fe62a4780841d338c |
| SHA1 | 649b14432d0b543cb2722f210eebcdbb891c21e4 |
| SHA256 | 3e31ce4d88ad83bbb5c3148f666008e6891c9e8617fec674dcf2b8593be5b1fa |
| SHA512 | 830559d23e86e6ef88ed0bf38d447cd2b9711d83cf95c6233515150d86f35f000fac861b6b1b8c030e6eb729425ee576146bbca2e5ee3e538b0464e1d809f59c |
C:\Users\Admin\AppData\Local\Temp\jswgYYsI.bat
| MD5 | 57eb53d7b4f86c2df355a726712a8a30 |
| SHA1 | 873f8561433becb06e4e024d5447726104e05e34 |
| SHA256 | 7b1697acc9702769941df7ebb6739f2759b6e10f7d36265aeced6d7d992bdbed |
| SHA512 | 83e5ced787eeea26db0d399c21c110039adb23f6487b75a4ff5a4a04adf629901520e67193fcb732b7e45701fe884897f07cab3ea1e5d2a5594a699d084b1ea6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | 5a3de54fd72b4a6ee2c1b9e1ec249f63 |
| SHA1 | 8bb6857154509882b8b73e7fb0698e4475872e75 |
| SHA256 | 1f381f40d4c85feaf667110810e80bf71bdb533e09dbc40ef7f31e5f3847996c |
| SHA512 | b7bc54b55fe4b9800221e29e21f65ab8f4c5a372ece84962893e5632a9867e7204457ba4b71365368190e3ae7997b6be647fc7844eb805a8519078ee091661cc |
C:\Users\Admin\AppData\Local\Temp\aQUW.exe
| MD5 | 104344a370916a1606a83427681967b3 |
| SHA1 | 85879033764d90063c4a312c25ef1625269f4825 |
| SHA256 | 6550fd81dec3a2c41bf57186476b48a350600c023df1adb348989c8fc5574aa2 |
| SHA512 | 9632b295b966c5e100d27dacda368787d29ee1945f017e838a8b5a5f580de3ba4dfa776bb14e767ea989cff0e2f66660918c6669c25989b449fa7a4825da2635 |
C:\Users\Admin\AppData\Local\Temp\GAIK.exe
| MD5 | ccac0d2daa0f42cf9f99950e76c11501 |
| SHA1 | 311daff61f6521a7095201f39f9d84ae7613e01c |
| SHA256 | bc4961ead3f9d16807a990e9cc63e5f4d2b41f48887a7e8ae2c09065f5f634cf |
| SHA512 | 69ee77ba6388345ec4b483d7b726c41774600256488b133b942361b66d536be2b31bd450ecf17554f726b1172d847b09244c99ec20cdc46a31e63cd83bba815b |
C:\Users\Admin\AppData\Local\Temp\WYcU.exe
| MD5 | 109d29509172083c6c5f55a4f27b4b1a |
| SHA1 | 50c575cbd835414a0e85b8f8d6ac327b4ad47d27 |
| SHA256 | 39197d243cdb1d0202b27b4c64414af84648224b6978704970865a661fdc0dfd |
| SHA512 | a8a67427d0ebda6d90ce3fe93c962c91c335b01ec0a7d08c990298ee3a88cc69d38de3bdf852e2121e8fdaf1b7e2c2d4b0e178d661650980625c69f5e1d5d332 |
C:\Users\Admin\AppData\Local\Temp\veIIkcAE.bat
| MD5 | 7b43f5f4b17924966b4bdd6b145f06eb |
| SHA1 | 42619e0b70d75c81b6a09db3eec98ab538361e1a |
| SHA256 | 984f99cf1a7e4174fd27a474e70328c119a196a1207aa1cb6a5e7f4f321392d9 |
| SHA512 | 5ebb6b155d2da7eb74af6bf0d1417647acdfd720683e3dbb20415bed2302326afce012357edc4c1257d01216b8393d562445b9c3d201b1f9f69fb5f04523d9be |
C:\Users\Admin\AppData\Local\Temp\gQMO.exe
| MD5 | e58db6201b5eba3d27cd24a652f0ff3d |
| SHA1 | 16525f353f79b9833bffa30d00d35ea02dae5e21 |
| SHA256 | 95725081f9b6fb4e54f1cec956b92bbe6ffae2dc67e3438d28b0e15d0291223e |
| SHA512 | 153fbe9473fd695ede456f30d1a3d7a69f5aaef02a8546915900dfa57d0c3b4de7acf0dc33e900069a4ba55e6dd9dbaa43ea1dc86ebdf9b3a8cccff7db9c3913 |
C:\Users\Admin\AppData\Local\Temp\eckE.exe
| MD5 | 99db0f1ecc4435ee919658354bc90092 |
| SHA1 | fae1b205fdd6c594847257a851723b3669121eb0 |
| SHA256 | 8f35a14306cf236cac25c832f555cae92f59ac08ffbb509f2ab64139b0121a61 |
| SHA512 | 92069e68cf2ce4b9421f8466c314d3c01c5dd49cd16577c04f05e89538eafbba56c15515cf38421abcb2099d60c892439aabacd2e980493329a878304df96fbb |
C:\Users\Admin\AppData\Local\Temp\MkAW.exe
| MD5 | 241f650dc31492bdf87261cbcfec214c |
| SHA1 | a498cd303bdc3e5926d94d0e6873e4c3d91261c8 |
| SHA256 | a6ee833da5e5508233c3cbd96bed070d125f0c871853154dabee55a39121c603 |
| SHA512 | 960183d9c027ed53e499ec8fa63bd76e56319c05d3aea6e139a030872e77969b46ff557d7328dda6143e52504dea79beb8cc82466a6c87063113e658f39f315e |
C:\Users\Admin\AppData\Local\Temp\WGgQckEk.bat
| MD5 | 65a16da20f5f250c781b94b73e3ce2b5 |
| SHA1 | 5c95ae445359283c2e43a27171807b29232c2b40 |
| SHA256 | a840f051697080de9dec549ff542ddb0262326d2de9b7f34e021899c478c99c8 |
| SHA512 | b930d1b5a2e3ba7e047c0424ee05afb34a7d8072aec29cc96eedfbf64333946b77ae9a781f19bb8be6b97f7f2d56e3800c3030d4909a414c28a5355ef18b496f |
C:\Users\Admin\AppData\Local\Temp\EwcG.exe
| MD5 | 975fbfae20cdc17a59c9450b1cc119cf |
| SHA1 | 07d5cb8780e45d6512b51c1338bacd2037e600c0 |
| SHA256 | 390ad258a2c3255b78ee3951e2b076f0a4534572c77941ac3e1cbea7322a01fd |
| SHA512 | b1e8d1e23ef3af28c5bad92eb6a00f8b887d640759c3809f43c378a0b54ab7f538ed78e339cca7d1aecc70b2544a738f42bd109e6134e0afeead7d1f3a8add31 |
C:\Users\Admin\AppData\Local\Temp\OUYY.exe
| MD5 | ec4710f7d8cc65e3fb7b63f6deb07295 |
| SHA1 | 7d977ceaa7dbea22729e4f777ebca160a948f144 |
| SHA256 | 73f5eb2670cc4b274fb9535b9c0b40edef9f17d7c2a312516e2a76fb23a3888c |
| SHA512 | 0a6a8d2ed51ea346c4f797756c200d21db12d9259d27f90e909d0990650c4d9e2067ffd2d469d602afeabc1ceb9c706534a71f5757f6f4e90148cca1dbf09c85 |
C:\Users\Admin\AppData\Local\Temp\gMQM.exe
| MD5 | d2fdc7ac9ffad1cc1fa0b4cc0a7dbb6b |
| SHA1 | 39e9e396b186355fedcf4460ac5d3ddb7797f005 |
| SHA256 | 9933e4eaf80f47cab09e552182d9cabebad5ec22efad54ef7c4511266915b535 |
| SHA512 | 9c0f5980373d45ac868720f2c53a5a65f57f3672da5e577be3feb2f01ab843255175735b8b6e19d32a8b95784a7fb3ed288f377a1e0c8a9bb6e874cb0cc2e1cb |
C:\Users\Admin\AppData\Local\Temp\EycoIsEU.bat
| MD5 | e71770b978d8fa85023b04952f406855 |
| SHA1 | 3786a77528eec708195075a9087c703897738b83 |
| SHA256 | 47358f1d83f880900d139db8c7abcce9d26b686a21d7dd659798e9de4e1457bb |
| SHA512 | f0b70a56f5a1d87e846e7927da0199792e2730e290e65c22f52132bd6f4a0bd88cf258d727fa8dfd8a364d25a4b46c43fe171694a0f12c5831744d7c30fe5e02 |
C:\Users\Admin\AppData\Local\Temp\wAgW.exe
| MD5 | aa3d88a78e1f2bd5185ab7e251e2d217 |
| SHA1 | 80ae746de7efad22b26beb101e88cd2164ca74f8 |
| SHA256 | 763d5a402f0b9c2b166591e7378b42a89455ea199694c199491f934d37e6a3a8 |
| SHA512 | 48930ec4d4c0c9cb69525fa0f4afc27925b4db07f135d5d45c85ba6e51f003349741fdf7606d642b713c44d02d14fb011fe8db1251478e531dd9a6ebbcb11176 |
C:\Users\Admin\AppData\Local\Temp\EQUK.exe
| MD5 | ab422bf3b22112e7fe52c6a6726dcea8 |
| SHA1 | 489c7c80fde9fe93a55a79b9bfa49d0b246c4dd0 |
| SHA256 | 605641640f98a05518edd8e5663414fd7aa1bfab295becd3e43f77f8533ac6b8 |
| SHA512 | 2a17917987929e16ea693836b2c8df67b1ba329b166036e265fac7145455b310a55b70e89855d793fc077225a57e8cc8716263ad3c79803d9d172d7c90142e83 |
C:\Users\Admin\AppData\Local\Temp\iqIEUAco.bat
| MD5 | 59449e2e75692b74e4f8237eb7a63c22 |
| SHA1 | 3023f211d7008792919fc1ade96aefe468b6276a |
| SHA256 | 71b0712cc944ecddf09a5887abe7f08a2b3b132c4002a8b49fa3e7d01d6e2a3a |
| SHA512 | 89581bdf40c4d67078d9728094b12b502b1c8ba5fff29126c0f492a0ee467a23d951bbe99398b210ff68ac416ca2db8c2666aa8d53582c9898fca62e32605920 |
C:\Users\Admin\AppData\Local\Temp\isoS.exe
| MD5 | dfa7728c99175bb5b90b0357ce252dd3 |
| SHA1 | b661219a586f55a5c5405d28b57ead4f9502154b |
| SHA256 | 0fdb4211fec297876d6f9133c9c78e7964d27e5319273d2bdd9ce0d5232988fb |
| SHA512 | f27a717c5f4cd20cd35dfc3b26ff1b4f38c97a14f910e58329b428a8959c4ddf7d64ed5c8b3209b2f42881a03c43d9978e5b4043cb35bc72a149000ad3c3c64c |
C:\Users\Admin\AppData\Local\Temp\iQQg.exe
| MD5 | 9362285aeec00415c43d76da06cc06ea |
| SHA1 | 2364b94d23efce7637f01ca36f15d62dcfd1a389 |
| SHA256 | be8f453d9de1715c93caec298966e1d15226a0ce31446c64997c19aa2992b947 |
| SHA512 | 014fcaa62d7834c3d1d3906e4797eaf6aa07bf32b1ed1291ceb092447151e59b979c9e1c31375423a95f76beb4f635aff448d11db681ba3b911c5fc0cdf61a66 |
C:\Users\Admin\AppData\Local\Temp\UcYA.exe
| MD5 | c9f7266f8eea36a0816334c906e44ac5 |
| SHA1 | 1ac5b6246e447d50ae0a76338b62614cb4d47dd6 |
| SHA256 | 12f2fffc6feb6c5b04327f1a886dd3f98e851acd0c5c3a9522fbc495d396b7e2 |
| SHA512 | 1eb17ea2f7bb651c77897e11a20c3472ac708d1916eaaaa46a3be19b078fbb384aec5bea81ac1e2ffb3409738fbdf46181215546ad331fd7fa3d9b1029d0fcb5 |
C:\Users\Admin\AppData\Local\Temp\CWsYgUkk.bat
| MD5 | c511674d754faa9f10999db2506d80ee |
| SHA1 | c3cc4d76da598b71099586b33268af0037c022cd |
| SHA256 | bc33b4ea96b14fadc9173cb9199e51d2bddb7e68c550ecaa0a15339c32ca42d4 |
| SHA512 | 83385d4175b7f0e259a5317c2191050e67c3a5c5ed9d49893501759a64257c8deb8fe270c320ffc1acce54d27c149b33b72ac5722f7067b885ff037801e85202 |
C:\Users\Admin\AppData\Local\Temp\lGQcwMcY.bat
| MD5 | 003fe03a88e62b24477af990fdaddaff |
| SHA1 | 44743cd708322ccf3508c1615dfdb0e699f657a5 |
| SHA256 | 3a1950c23c44647e3f7b9c5c53c8648e113a75c213bd613252040cb42939589f |
| SHA512 | ec39e73c870b61e0e4915587d07540e70e6a6ae764f20a2e79d00288658e8b1bb353970349ac498b1061408bba446a79a855187ffd25fb1bc73f775cac746f5f |
C:\Users\Admin\AppData\Local\Temp\QsgW.exe
| MD5 | 05c6e7acd65a302b1b18e79f22c815ae |
| SHA1 | da227cb11e75a70284ef9be579c007e6e4c2e44d |
| SHA256 | e5cd058ed32892405d87f6e57a68bd4e0807716c7ccaad4f5ee24c492b645d04 |
| SHA512 | 04dca37a0fe57cb7f81a68b6c1ebd5a984067183c981b5604fd44382878fe7bce26e1b5521d3cac3769aaeb88ec19cc1959b01e69091e6b06542ad6136764703 |
C:\Users\Admin\AppData\Local\Temp\Acsa.exe
| MD5 | 08c95aab57433ae247dcf8771b75a7f6 |
| SHA1 | 64ed267f04326c281d2f5a2b04d448fb72309ed2 |
| SHA256 | 000c5921eeaf3b271dd8eee34def93169588d83ff2e4fadc4715f466f6bae6fc |
| SHA512 | ffa354e8d38e77afa010a35fd44cf802d640652e7d660a30c776503470995309bb4d55af3eaae6e5346ceb7902c56a1860d461ec37359f05c009d83ed1116589 |
C:\Users\Admin\AppData\Local\Temp\kcwe.exe
| MD5 | 9866d7c93b80bcf26d6400e8f74990a6 |
| SHA1 | 098d98e1b61e9d00340b5e373bc59b7fd629eb3f |
| SHA256 | 418c5ba0abd6a926eef8483437a30b05736bf1256ee6459fc5875b1b827e01ac |
| SHA512 | f5f1608949c619456fc5b6756ff8c1080acf9b2dd8f8bbe35c645510cc88dc4d8e682c4bcb9965536b1b1b8f3c2b52a824f7a61db363e273977f9198f832c2dd |
C:\Users\Admin\AppData\Local\Temp\CQYE.exe
| MD5 | 973f7f9634eaf3cbcef2d8d44b23ae93 |
| SHA1 | 7295b14be4634e5eba583876018ee83ec5379c1e |
| SHA256 | 889221a15261749400af2936b9e4cac31db29e135d01a25554f1f9441b802d3f |
| SHA512 | d4628475ece674a806576b41631cf2f76ad94efcfdc7454222a135cdb2311f3fc3ff12ce4d3f5a869108fecc8872808c8160cb8f2c19c0c9afe2a84da7815492 |
C:\Users\Admin\AppData\Local\Temp\WIkW.exe
| MD5 | c94b14c874ce78f4ea84c848c2fd3703 |
| SHA1 | d47dd7c8773db7b64ce2e46e0631eef72f09c1de |
| SHA256 | 0014c78b4cfa7d1067ea224f35fd73742439112af6eee043d443a3eaa926165d |
| SHA512 | 7d6a8eb5ac3f7c63e3fef2e002d587406536205b51b79435f0539c636af15eee573060bca5e74cc031aa25d2bb2eedd74803ca8fbcf63b6fdac8163d67996d49 |
C:\Users\Admin\AppData\Local\Temp\kMsq.exe
| MD5 | dc7fb8a2ccd68b77a4924a283cff13e5 |
| SHA1 | d915d8b3872eba973b2df03e2881c2ba3b1b4943 |
| SHA256 | e327deae85eec09ecbabd7f638a8853fd94e79ce076403224a7f7179bf012a77 |
| SHA512 | 7fa1f2e82c39139c80353a0337f3a8da729948061a311f308f57769df97db11a88047917f0ba89d9db1ad96d0484b89ea292979f86ced1559c4f3f6b2fac1db1 |
C:\Users\Admin\AppData\Local\Temp\mcUU.exe
| MD5 | 7c0b4fd25b4b2df6420a01b3ef5d0838 |
| SHA1 | 364fc57665b5b3f7a0bf834a97169c4eafac48e3 |
| SHA256 | 8239d8639157f1155a47a27da017372418962b810eb2f6b59a3be60fd6e94b34 |
| SHA512 | 594a3817507f232c13176e1e7c43b5391cbcd6cd6fe7d1d5d603d827dea00c6145e4bacd9a77823aafbbfaca322056c04f4ce521fa626a4c60c40a298e5e2482 |
C:\Users\Admin\AppData\Local\Temp\gUMC.exe
| MD5 | f9e060345f38039e971d9408b483ae6e |
| SHA1 | d71cea93997d3dd6df3ce39cce2b3792dade509e |
| SHA256 | 4ee2c7854c63cb6b55287f1257064dd053ec968421e87a84bc5e7882d55cce27 |
| SHA512 | 2f27bf0b728a8b59e8d0264510523ae89632756ede78da8ccb3f9d0d7a0b75e77e24c6dd1480d9a8acd1f7824b623dcddfcf27b4b25e4f4b54420ec2db288e54 |
C:\Users\Admin\AppData\Local\Temp\gIsa.exe
| MD5 | b4de0fdba2a48390910b65522c77b0b2 |
| SHA1 | 6d3b3740e238498d9267fce305ae1aa267657880 |
| SHA256 | 667f48689e9a905dbad2c02d89e9e4cd16f181543162ca3b98f86aa8f666f9eb |
| SHA512 | 4f2e974d33e7af5e6dc646f1763a476556cb643813f62d937479407936e5a381943161e478b39724ee382342491298041f98693e5404e1b73e6528c67ec571ed |
C:\Users\Admin\AppData\Local\Temp\IYEm.exe
| MD5 | b688b548192ced1ba0b57214168caa9b |
| SHA1 | a13e01eb6544a8642248d40422b9edcec93d5d37 |
| SHA256 | c30f57a7c50d45d6f87e365d65cc1eb2488867ee6605922fb5d20b403f154f7a |
| SHA512 | 9463c196242b7a19dc859c02d3b2d899470b413b05d1ca3a3949e9c0316a00322429303346a8ac218b210d05615f56fbdc23ee048618b1131dba29ae56a2ee4a |
C:\Users\Admin\AppData\Local\Temp\osgY.exe
| MD5 | b55f01a17d197b13ee40cfaf799e80dd |
| SHA1 | 35303df42e470ab45ffa729cbdf9eb134b419a19 |
| SHA256 | 9cbbcde6b31386d626b003a1d04e7c6f737b842565c39459e0f83cb067dc0b02 |
| SHA512 | a5de30a38aed0289c0c869a986e1402f8f4626335a6d90b85a571b421915bbf7f5539945cfc3a8acdf6f2ba6964c82ab8f21c76aaf5781a8e9406b465a71255d |
C:\Users\Admin\AppData\Local\Temp\GEIcgEsk.bat
| MD5 | 19fd537c867c6300432193137b10a284 |
| SHA1 | 456d757b01f0fd5112a0336abe3fe3d9f69c4feb |
| SHA256 | 3d90689c159dbda57d2d7949187c9f237871cd46f96056906fabdd275edbe80c |
| SHA512 | f972e7539603d9cd4daabb8e696f38b2a137e423f35d27be92d261d6b6275494859d83fd53c465988328c553a76f81aa920e4be9b52ae040fa42b58cd3a4321d |
C:\Users\Admin\AppData\Local\Temp\WAIsscEc.bat
| MD5 | 1a534a842c3feb6a755aadec13390320 |
| SHA1 | dbc6db998b4b87846da1ab29e6c2eee98ae5cfd1 |
| SHA256 | c7b406a2fbeb8c984d8f63e7e4c8019a0778fadd7f9372c18630c03114037e48 |
| SHA512 | 36057de39ca46fef4a4ede06a23b9e015abd3632e1b18bd090d978519aa1c9f3617588c95a6e28c100829d63225c7f461a10bf95798fdfebfc50cb19945a21a9 |
C:\Users\Admin\AppData\Local\Temp\wqUgskgw.bat
| MD5 | 953710e5b9fc6df0727c9d6048a11c0e |
| SHA1 | 06f602eb9a9de7e4f1b68d8bc879ccba521f53d3 |
| SHA256 | af252db302872a099a1253c5fc20d21ee0a07c6a1cb532f6f66293d9421ff0fd |
| SHA512 | 363db60af270acfa4e4b2b817154521aec0af0c3962635f86f07777b5ce75d66dd06de7d72b4b02d0faace6d3967a80cba00da1bfffce9ff39d4dc2fc4ad2f93 |
C:\Users\Admin\AppData\Local\Temp\KKYsMcsg.bat
| MD5 | 06ae99ed55cc5b8a19281218d01e4202 |
| SHA1 | f7c604f6b2e9de9e93e23b21374381117d1cd992 |
| SHA256 | c5d20a6ca895b3c4e6dba0661ab2baa961259a03d3a88605b0b7c72395e81dd9 |
| SHA512 | fc826b9497fbe8a9710b1523cb2b26fe69014c7749a5b327833bc4bbbbacd48946d6a90e3c62849f02c698c4546209e668b735bab9a04eaae89f6bb40b21ef8b |
C:\Users\Admin\AppData\Local\Temp\NWMkwcUY.bat
| MD5 | a8a0a0850c1f7a2db953462a35cd2bf1 |
| SHA1 | 0638bdff2eb32f04b9153dc1614d7188472da3ae |
| SHA256 | 9b0d21f31f40c9f5f20dafa4f97626f835c00c869b640060a4d8b47a13d307e4 |
| SHA512 | 87cce2858bb89bc1ab94056b72b9231f897aa584d479b46e4ba997002602297d838628c17366b331cef9c2efefa9bb34830c0df0f7c335a64635f30286511066 |
C:\Users\Admin\AppData\Local\Temp\RcIUUIwM.bat
| MD5 | b400783537c1346684616df46c682aae |
| SHA1 | 38f4276207d18e80f740652c095d33f61cb576d5 |
| SHA256 | e274fc5370e61813ce946c6312b638efa589bef4eb2656cd25420db0ca285d15 |
| SHA512 | d12f6672cdd69547edd4c9d401f4ef960a31b163f36927b49e74fd8af43d3b5b972c5df4e027849928e303baec26ab1c79371f0456bb36f3a4870703e08ccd5e |
C:\Users\Admin\AppData\Local\Temp\PsEUYwwA.bat
| MD5 | 8c29dcc4d031831742b88a2ba8612765 |
| SHA1 | ba5709207dcaca01ce125eddf95b7ea6f014a57c |
| SHA256 | 5655c736d74db4bb7dd33c48f84e2e3de8bda7309bef6f21791a0d0334d00586 |
| SHA512 | 663996137d8e23ff50414ad2c414ff1f990e8d57642bd3a1b5dbc60f9ec87bca08b42fd515e93d5e31e4b531380cdc83b96fe9d51d7629fb72164c6176e3fd7a |
C:\Users\Admin\AppData\Local\Temp\qiAAsMgk.bat
| MD5 | c942333fe62a1f7c46a13cd7feefe95e |
| SHA1 | 1b8ac8b26fe4a9ad1a2e875f0755da010c5c16a6 |
| SHA256 | acef4c75721f8e3cc7a07c2050d92ce80ce12d40c59d5f05dedbde222df138aa |
| SHA512 | 3722bffc9344610abd9fd45e82cc21001f1d19d4d7203651cfd8bdf263667b5aa58b7686d74838f42bb4d0458ef22435439c56d96c33af8b12e35639d7621101 |
C:\Users\Admin\AppData\Local\Temp\aEQscUYI.bat
| MD5 | 0cb84e7341a5fc04dc4e51c40b9eba44 |
| SHA1 | a7532638a7a9c7e29650de4958178f9f85a9e039 |
| SHA256 | 35bd405e44967fae98268b5e7e4d83b713b38edba70eb9a814f8219ab6ece7ed |
| SHA512 | d09e25684d27c45a69de1d2acea3a2613b91a1e38d6f6a07e1703675f2de23220567d15c231cc6f03e15d507ef09d5d36e2f05fffbdae6d0cc49af938d749070 |
C:\Users\Admin\AppData\Local\Temp\SqMAAsMw.bat
| MD5 | 0246e4b1f7f91edcb80e8f57344eb009 |
| SHA1 | 843d10522f5f4852b90df4247b38e3490e71ad8e |
| SHA256 | 4915d2ddecf27b50f5740c8381a3580226203ddaed23e5ff280553d279877614 |
| SHA512 | 51c773a77598c6d033d4e2fad221ee3e047e761b5f67eef6d4869af986f92eecaa3fb431c2fe3148553703b7f148159a4a69a4af3bf5723a244ef57cb345f48b |
C:\Users\Admin\AppData\Local\Temp\EQMcQkQI.bat
| MD5 | 3120c6494d211de4033e7db5d5a34aff |
| SHA1 | ba180a9611fef382713e977a8ccdbb167e9790a0 |
| SHA256 | 517de6d1f94acc62aea7d0955e92317ab9b6afcac80124d2269fc1e9f2104cb5 |
| SHA512 | f396adc8ed1929253bbfc65cdc291701ac8b6cdb7b1c42aaae4b43ef796384f5bf34045bcafa91f6a8314e768789a336111383958201195d267dce3bd3dcb6c3 |
C:\Users\Admin\AppData\Local\Temp\zKMcoYIE.bat
| MD5 | 8280df983dae4d8786fc91a8815786f1 |
| SHA1 | befe04bac0e7e0b8a4dcb181e29c8e0a9d205f44 |
| SHA256 | 70d691268979e305230dc426b3e10192ae66ced98954851d64923b07f1f63076 |
| SHA512 | 21a5a4ea353009f32e3f758ab22f4d46e29f288938048d62613f8c6e23977588af55ccd90c90a0ffbf4fb595f14ee2daa2540f0fd5455555cec3dfc7e2df82d5 |
C:\Users\Admin\AppData\Local\Temp\jOcYkkgM.bat
| MD5 | 6da46ec3da67064f4b02562e6a0bdd03 |
| SHA1 | 52acdacb1a5749e25b20b4a5ccbb756fff2beb98 |
| SHA256 | ff158d10d37fee00fe12555243f79bbd02233374e2f650150f59783c6c991c45 |
| SHA512 | 792feefd485131063aa5b6a1ddf5ba9cd4e6a0138e24f6456379239173c01dc80b7430d7458b8cb25ab9a4df210e2531f74780aab0dfae65317447b58d689655 |
C:\Users\Admin\AppData\Local\Temp\rWUUEkEQ.bat
| MD5 | ff0a4b7b9576b3a998786a57220070d0 |
| SHA1 | df600c4c3750c8d68657bd5d2cf195669458949b |
| SHA256 | a9a2762ff574a341e87d8580fa4b576502b52f430604d288467335562be24002 |
| SHA512 | 50e8579b61059943fe984f2d6d6e53b458bb2efc97cec9f460f046fb208f30bad823aba8262b948c46b11251a3ae9615bdb89216cf5575e4be846d9731c4a723 |
C:\Users\Admin\AppData\Local\Temp\DOwAsoMs.bat
| MD5 | ca4ca46dbfb1014c1cfa5d0ba64cf83e |
| SHA1 | ad0eae2b2c20628eac3d19346628b322e0d716b5 |
| SHA256 | 72867b51ebc7b50fab68a4d5e6f6b0928bf9c7acf94de92dc88d31955afff79e |
| SHA512 | 0b0cb7fed45495a65f051fdf5c069fc558ab381d1e14ed9aaeeab31177b7382a04893621218c691764d3cbd4d61c13f9aa8786d1dd276e6cf2675b16304d32d0 |
C:\Users\Admin\AppData\Local\Temp\aecAswQQ.bat
| MD5 | 7d07c63be34c3e04dc4c5923b7c02e53 |
| SHA1 | 144105df843e06c78d23e22275badf3094073159 |
| SHA256 | 052414227595c54092df16faf0f1e8dd3a16528a8119368ecc34e1245157d7e7 |
| SHA512 | d15410207cd8ef98dda745baec5f96a2175586d91bc96c5855c0ced130283f68a8f42034b0b554ea0a1632c5e3984a41fbb611f7e38c6d2aef54840d274a76dd |
C:\Users\Admin\AppData\Local\Temp\mmMMsgsc.bat
| MD5 | 4d86ff7e3239551df816d6bdecb2a5f2 |
| SHA1 | c946a4f3077873d77734f5bd6a3c02340761c9a8 |
| SHA256 | 71102b80a535d3c9e704358d1729285ad775248bc11a81617ca4ec5bc9a4c033 |
| SHA512 | 56f366c56be9a26a3d430c3c2e78247d99c7b1f4200e415315ce5014fd11b15bcd6edeb9ffa738a700525f207c7dca160b708f9ce7b110699bfed9ad7be31bf6 |
C:\Users\Admin\AppData\Local\Temp\ICwoEscE.bat
| MD5 | 461115f8a74e0f00ff2b873ddcbccceb |
| SHA1 | 91148d2e2292d93d6edddac410148ad6a6c74fed |
| SHA256 | 7b23003e6df79447d57904c1f34d532115638a165892cca25ac8821f9837b105 |
| SHA512 | e9e605690bf8b9a6db4cdcb858bc96ff032f81b9ab62fb7d221d6d315deb14312cbecabdae8e439820d022e0bf9e1c238abd6d1a958214ff0c348d11e4772e0b |
C:\Users\Admin\AppData\Local\Temp\DccQkgko.bat
| MD5 | a848b3910020a99570e338422ea29c13 |
| SHA1 | 1c4daed30f4e2908b7b72cddb963d341a4ae51ae |
| SHA256 | 84b73d2e6d004511743e6d68e3542cad840932371c4d0aca64d85564e9b33893 |
| SHA512 | 3492a81f2b6b3f186d335963a0cd280c7a83a2316fd48cfc5b01f6c1641c84b3cc4f1b08e8181461fc800e57a19d3a3acf363a850cb9ff4fb13e6ed0396d96a4 |
C:\Users\Admin\AppData\Local\Temp\RWgYcYwQ.bat
| MD5 | 5d241dd8ee23b75a82b0b139bc923407 |
| SHA1 | cab5e01ea8e14275fde9c467604e5ebcb1b147c5 |
| SHA256 | f5d1b47e1c750e35317ae6f98759df6ba8815937e5910dd8322ab007bf1baf69 |
| SHA512 | 3f168bba1f0f6f1399bfa9d08f2608eba6444cb91554fc2217b78f1e79c2286c169b100e439132b96ee98d1703ca46e8eb8760eebe9b23827dfdd68c9c3f625f |
C:\Users\Admin\AppData\Local\Temp\vyUcUAok.bat
| MD5 | 6fec3f429958fd86235745ffa556004a |
| SHA1 | d3bb46d229ea0981813f675a5d36e96e24375f40 |
| SHA256 | d83f94243a6cd3246dd2996340c69cd8363c512bd263b791fab0c2a512d5fd59 |
| SHA512 | a81696e8715f162b38b081aab760495d495f6a0af8672f274d34e1a51888e5725534b2ca9826dd191e30c75efab9a294aa3e1da3133e33eb121b25e207906145 |
C:\Users\Admin\AppData\Local\Temp\BeEQEwYk.bat
| MD5 | e08d8311e03e2288e098d88a50e9f092 |
| SHA1 | 0e2a76f9bbd94d6a601ec75f912e468938206362 |
| SHA256 | 68c120feb74654810e92ca9b143b6f0a96530fdb6a843e8ad4651181b17e07aa |
| SHA512 | 08dfa122294ecb4e22cc51fc970cbaaa7769017b55184128ae33b53baa1e6776503ed7f3d7ae19079aad925a05c0c5320f9291434c0fe431e2ab410981585b44 |
C:\Users\Admin\AppData\Local\Temp\lGYIgcYc.bat
| MD5 | efcedf87b8a6b1f28002ef641aa78771 |
| SHA1 | 30e53bb95e1147e3a62b15f16ecf393fda99b986 |
| SHA256 | 991737abf77b88b1bb6b7bdfde8df19394f219879e880dadb904407c75bb281f |
| SHA512 | 7a738eb9418efc0f84fd95b0ec0be33eb2c6ce285b0dd1268b6292305836d5ec460e87f97e7bc768379330389bd5b0b4ca67fa14a1198872c0453110170a219a |
C:\Users\Admin\AppData\Local\Temp\OEwwAEUw.bat
| MD5 | 7e6fe61606c2783e4e2c94f6843e7c1b |
| SHA1 | ce6c052dbfc93860a6ed9dbd98a1ed34d055d229 |
| SHA256 | 96b7d8a20d1289181bf5dda58fac5519c90d96fa80f0b1651890709969950bdf |
| SHA512 | 9fb2f1eeb820b7608c1313cf7cc7fb19d3ec7f4837ec05fbeb3f97263c9ef350548c1b1b6e9703185557fc81587d2bc1d7d922ff1abe61291a38947b5ad40a65 |
C:\Users\Admin\AppData\Local\Temp\AWcgQskE.bat
| MD5 | 39e1667159507be193619b32dffd8bfd |
| SHA1 | 66bb9db6ab456732df21ec809e0b3d4162223693 |
| SHA256 | b8057a461659eb83c203d4aabe03baa2088236df57d1754aef40532ddbc9e72b |
| SHA512 | 2c79d8be6dfb81009d1e282765e9a6b904c37523f3f66c4f801377f3c7945079cb28b3fbf2cc8e6ad0031cc13f8d1b05b32174655870a83eade69ad8c2089986 |
C:\Users\Admin\AppData\Local\Temp\uSYAksYk.bat
| MD5 | ebd7872efc0e44b078b0d6bbe5320668 |
| SHA1 | 943a61a0f1b293b6b29c9f78137c52899897d0b8 |
| SHA256 | 0c53661d12551468e165c5818c1a5a51d6849b796c042cdd27f21695b80da697 |
| SHA512 | 99e4e6b663335fff1c0bd862339c0b5addafb412847f00c6426a329afe7d052305b984546687c71936074ead7508b9375d9781e71e5b4ba701b848f246763512 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:28
Reported
2024-05-26 03:31
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (80) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\lCwsksAE\sUIQkAwE.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\lCwsksAE\sUIQkAwE.exe | N/A |
| N/A | N/A | C:\ProgramData\lgYgAEcc\WGsskQYE.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sUIQkAwE.exe = "C:\\Users\\Admin\\lCwsksAE\\sUIQkAwE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WGsskQYE.exe = "C:\\ProgramData\\lgYgAEcc\\WGsskQYE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sUIQkAwE.exe = "C:\\Users\\Admin\\lCwsksAE\\sUIQkAwE.exe" | C:\Users\Admin\lCwsksAE\sUIQkAwE.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WGsskQYE.exe = "C:\\ProgramData\\lgYgAEcc\\WGsskQYE.exe" | C:\ProgramData\lgYgAEcc\WGsskQYE.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\lCwsksAE\sUIQkAwE.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe"
C:\Users\Admin\lCwsksAE\sUIQkAwE.exe
"C:\Users\Admin\lCwsksAE\sUIQkAwE.exe"
C:\ProgramData\lgYgAEcc\WGsskQYE.exe
"C:\ProgramData\lgYgAEcc\WGsskQYE.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RUEEkosM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGcQcssw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmcksoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\feMcYgIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GykksMMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAEosIsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgMAsAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PGoIUQcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkAwMAgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZMEkYMgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GwkwQggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WCswwwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SqgwcYgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEIUwoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQUgMocs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jGwIEQks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xmoEMIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSsQQAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AQEIQoIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OwYEgowg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYowQAUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jKsMwIAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEsUIEII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSsUgEgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEMQEQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wooYkMck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wosYkgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmQQQscU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vKEoQgEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYcUgwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZeYMEsME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYgYockg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cosYQsMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SWAAYoAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YIEEwQkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DssMAcYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rcEwUIAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tIEYEwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XKMMkgAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MUsUEAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CwYAsUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqgwUsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\psYcEccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmQkswQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKAQQsMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQwgYYEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yIEEgcMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAsocckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okMUcIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZUgEQoEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vwwgMQMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TuQYEQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOgoocsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mcQwIoIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EmEkcIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKYsQAok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OIsIAMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vqAgIQcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEgQAkoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FuocMIUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsAcYEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mqAsYowI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SaAsMYgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqAgYIQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqIcgkks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgogoAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmUYwMAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZYQAIcMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgEQsAok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UaUcAwIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYAQogkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gugwcocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQMEAoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HmEMMcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lQoMIoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkYUMsAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uwEsYgMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEoUAUIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hMcowsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKsAAkoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FaYkwUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vUUcUosg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SIocoYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuQQMAAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eMckgkQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmccQoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgMMgskM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGcwIgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DIYAooAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ycYAUEkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kGIUoEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kCYEIocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tAooMkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XqYsAMoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FaEsUAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWEMsQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkgEYMos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QeEQkEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqEcwwEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAoYEsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\byEgYUoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FKsMYoAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tcAkMwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\magQwkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OIAswwoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OCcsossw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sooQkgMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XGYEMkgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dGsAEgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jCIQgsEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nuUoYQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gAIscQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYoQsgQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iogQsUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FmoswEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HgUgIAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jeIoAMIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yGQYwMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qGcMkMgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aIAAoIEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wCYEQcos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VoMcIIMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIQcMUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PqMUscoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKoIEEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ASEMIEsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MeMsQAYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kqgUowcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vIkYUkUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TeMYEQEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkAoQIIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYkYEIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGQIIocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YIUMYwoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waoQwMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PwMwAEMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pWQIcQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bYEcIYYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IioQUIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sQQMAEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
memory/3364-0-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\lCwsksAE\sUIQkAwE.exe
| MD5 | 62de8deb65263f37257f0516d6442362 |
| SHA1 | 379a53dd57e7d313d49090b55f25a96322c0cc97 |
| SHA256 | 3292336536c67141895f451f0d8b18589360d84c3a86a649ba63f2c1bd4ff7a1 |
| SHA512 | 681f37a8a0be8e31de5fc36c57518c4f464ea25b2c8bac44ad540761f031e7bc2523200b00d9355a14acb4ad167e6c71f2ceefaa5441cee345f051bb87c7320e |
memory/2372-11-0x0000000000400000-0x000000000042E000-memory.dmp
C:\ProgramData\lgYgAEcc\WGsskQYE.exe
| MD5 | fbd7e5774c2bf7038539b2e350782081 |
| SHA1 | d15a2f265e586792150bec7fd3e86ae02a608ca4 |
| SHA256 | bd048686366c62c2d91ea96aa401d0d2ae57e8b9473bb8f7e954981f777d76dd |
| SHA512 | 93ab0bcfcf815c9d4f1ce71a80a32ca2f98a6a4727d3c390d88f1ea0b81c6935112be5bc68809ea0eb6aa0657b998dbb4cfc4899d93ebc0c6ac85e95789e059c |
memory/4616-15-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3364-19-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RUEEkosM.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/4896-22-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-05-26_213e54e8e0cfc370f9c7839facb48323_virlock
| MD5 | 672a1f1de82c3076688c129d2c89d0e2 |
| SHA1 | 02e8f06ad6888c9fb28059f5eac065b7bbfdd365 |
| SHA256 | 1d8a8607dd5b6aa413649cd3dc7187497e6a7fcb616e56c980fcfb682ee8c363 |
| SHA512 | e2a10f2636cad8f3fe790d68454b929831a0d0b23b1a8714188ac23df2d4af4ff134650050cc1bc9ce870d5200c7b5da41b18fc1a300a86556049879af78fb90 |
memory/4500-30-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4896-34-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4704-42-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4500-46-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1800-54-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4704-58-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1800-69-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2844-72-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4700-80-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2844-84-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3988-95-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4700-96-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3988-107-0x0000000000400000-0x0000000000432000-memory.dmp
memory/972-117-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1264-121-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4288-129-0x0000000000400000-0x0000000000432000-memory.dmp
memory/972-133-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-141-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4288-145-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-156-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1092-170-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4460-169-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2812-178-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4460-182-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2704-190-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2812-194-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2704-205-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3048-206-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4952-216-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3048-220-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4592-229-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4952-232-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5088-240-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4592-244-0x0000000000400000-0x0000000000432000-memory.dmp
C:\ProgramData\lgYgAEcc\WGsskQYE.inf
| MD5 | 380ba586bd197cec8ffe8538f46b606e |
| SHA1 | d41d50722927824cb31b48fad97488db49f57d47 |
| SHA256 | e6a6bd1cfe72fbdf57a22b37560fab1421bec180b9364249dfdc1a0f5a3d4d2f |
| SHA512 | 23fd377df5c16110e867a26c395e543748bd9c848310e9a1775f85ebdec51435e86ddfacbd232291c41c160b008e16227da3f665a6f62a5e785b723865a15bb2 |
memory/5088-258-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-257-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1212-266-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-270-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1212-278-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3684-279-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3684-287-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2804-290-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2804-298-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-299-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-307-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3036-308-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3036-316-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2604-326-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2936-327-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2936-335-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4608-337-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4608-344-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3912-354-0x0000000000400000-0x0000000000432000-memory.dmp
memory/740-355-0x0000000000400000-0x0000000000432000-memory.dmp
memory/740-363-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5088-371-0x0000000000400000-0x0000000000432000-memory.dmp
memory/368-372-0x0000000000400000-0x0000000000432000-memory.dmp
memory/368-380-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2252-381-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4280-389-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2252-392-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4280-400-0x0000000000400000-0x0000000000432000-memory.dmp
memory/804-401-0x0000000000400000-0x0000000000432000-memory.dmp
memory/804-409-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3528-416-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1176-420-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1692-425-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3528-429-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3116-434-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1692-438-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3116-446-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4804-456-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1832-464-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5060-465-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5060-473-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4608-474-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3948-479-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4608-485-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3948-493-0x0000000000400000-0x0000000000432000-memory.dmp
memory/996-495-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-499-0x0000000000400000-0x0000000000432000-memory.dmp
memory/996-503-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3908-508-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-512-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4944-519-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3908-523-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5084-528-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4944-532-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5084-540-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1852-548-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1372-556-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kkUM.exe
| MD5 | a05dd84fd0c5bc441ae9006774ef4ab1 |
| SHA1 | 5adba4a3033f6d4bd2aec44657caa3b6b5dbf86b |
| SHA256 | 87e99b9ce47bc16eae4be479205106c967dc0a54e119bf35a035a15e0ac2cc96 |
| SHA512 | b1f62f3732b9b40bb24e0ed175460ea9eec62eeed003b1408720100a97b9991a6d3858bf7e8f2ba24599f08cbe739f5f4e6fde3841bbc0a8dacee7b6c705251c |
C:\Users\Admin\AppData\Local\Temp\IYce.exe
| MD5 | 409e4623481ff442e9775c34ac19b14c |
| SHA1 | cd682038add5cdbe7be4b5a87655a59e4400dbd5 |
| SHA256 | 61909d2748999317da07f97a736ceab9067901ab8336eeb5e021a959761cf74c |
| SHA512 | 3a2c1940df289457e580ded62bcbcb3e33704f038fd4534f81be7f5d72fdd35dd6dabf311b16c188c26690dd68dbd4f11c6f7a9ee54a4d9ce8f7e1f225dcd94b |
C:\Users\Admin\AppData\Local\Temp\gckc.exe
| MD5 | fd8149f477cf47e22e179d6d1354c64c |
| SHA1 | e335c836f24c2e4ad84e574600b381c500852172 |
| SHA256 | 1cd8edcbd3af20f47a3935c0238f4730232968c84172d9aba6d772ad279445be |
| SHA512 | 567b489a22bbd3a193407f16513fc7018327965b62886621d90d16d2937ad874432a37e551578a93c75be1827d5146c9f2a42f645792391faeeaaf7a3b3da1c3 |
C:\Users\Admin\AppData\Local\Temp\iYUm.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | c724085431acb05a0e1e90e284bb2535 |
| SHA1 | ecdf4d987a28d2b6f18cfd1d2290f3d37a97a92d |
| SHA256 | 3f108d9be62594d488177627cb87e2f240abe6bfeeb927fd1ad260c346c482c8 |
| SHA512 | 49a45c882b7770a8c1b2e3c668ad6680fce9988fa8ec6437800c89f895a9d6d458eab6ab6188a421e06cfe961eb0f8206cbadbc03146e9599f15a8da2b84b9ad |
C:\Users\Admin\AppData\Local\Temp\qgcA.exe
| MD5 | 42cc4c48bd4c67e2aec0d2b9404fa47a |
| SHA1 | 4de0a552e68d4f0814dbb007d1e45b358ab1215c |
| SHA256 | 59f5e72afca8f6495b84febfd3f222d137855abf5fd6636e8a39a09b34048c3f |
| SHA512 | 1a839bccbc32e5c8bf5f21160d41df4d53386560707c964f5191a240c4df092199af154ce385b0c9110317fdf1d2f4927e1c977854d5808a91e4da4dd90cb93a |
C:\Users\Admin\AppData\Local\Temp\QgAY.exe
| MD5 | 9b0ea57beca0fce36ff2adfe21443969 |
| SHA1 | 8a0d4f93d9dc89574ee5117da5a2d607ef5c91c7 |
| SHA256 | 6564514e1d31e847ae22e8d111e2527abcf7a9275753e9ae7a66c296527adfea |
| SHA512 | edaad78fad328dc4d527a3b61dfa5a5a00d22a8a242784120bd8f57d2716ee7e6357d24f8fa5cdc4f3ee6590c8eaf67fe6b5fa20f80440a382618541eb2334bc |
C:\Users\Admin\AppData\Local\Temp\oQcW.exe
| MD5 | 9b45c0bfce631ee37a9637db9a82dc33 |
| SHA1 | c7f7480781c98835d31d0fa8c20e795b23e76eab |
| SHA256 | d058473eb1483351eadc1afbae18379882c5e447d82cb31bf6c15e052acdadd9 |
| SHA512 | fb8c16717b29bdee4cd439b8ebcb46f20ebdaa5370650abe87964382c66a323c223d7b60020ddacf5f84dfc673131f461c2d941be3490ebcb309d54d9de13602 |
C:\Users\Admin\AppData\Local\Temp\cAoo.exe
| MD5 | cd28826a63db728bfacba350b3d5b5b6 |
| SHA1 | 86fe8ab2257eca436252e4da33bae0a0c5a1b4ec |
| SHA256 | a806896a279031dcb3256ed1f9f58aed6c00ed9701206234e8e843d4c64ece45 |
| SHA512 | 4de11ec5de2dc7be77cfad3999e2c107ea69d996e56288d0a9b4e9dccee1fa799164f4ee6aaecb57a35c0c028430eee8b0949391935076fc4907bfd71e2200ee |
C:\Users\Admin\AppData\Local\Temp\QkMO.exe
| MD5 | c55147619bd34eebab95ec3a858cddad |
| SHA1 | cb0a595a0096ba02a807a39c0fe7a62f9067e220 |
| SHA256 | 79a6918d6f848350ffd9b7fd3fcf85b30d0f712aa2e61a62b9cf4a4462780039 |
| SHA512 | e896d3a2b1deadb2d270e978bd94369a6e2a213d58491b70eda88abcb10e0522a2a283f2b7d411da8de9c10092cb9ad1b3db3520574c44a45e5e005b35f8ad45 |
C:\Users\Admin\AppData\Local\Temp\gMMc.exe
| MD5 | 1e84f83b5ac4e27530af13ba96292d4a |
| SHA1 | 8076cde37fb76f028bc4576f2a693f4e96ba854a |
| SHA256 | ae725f2f554b9c4ab52f86b51a4715174e7710d1e743f8bf7f2dd9ec48e24a5a |
| SHA512 | 56ddc81257c0a6be74020295ed4a660523b60430ccfde622fa97bffcca25da1d1e055ac60ec01edd574090cec70de17a3fef8e30a930a4e8f3a10095f0fa925b |
C:\Users\Admin\AppData\Local\Temp\GksG.exe
| MD5 | 8c582a3e68e6c24b2b4de6b8a3dba48b |
| SHA1 | f7fa7fe16dc0d3b2a2eb8bb7a4f1199b2ea59c8f |
| SHA256 | f443f34992921fe1e28f5d65af8d2bbf5ec6cef9a11b30280afc6474c0e63937 |
| SHA512 | f4854b32b1b69cd24248c256c91623453868cab547b54bf509fd8236897b48b1613858d3628a8e7b9dd06bd120306b9f62f8044bfc206eb03b16399cf5780564 |
C:\Users\Admin\AppData\Local\Temp\wMcE.exe
| MD5 | 565c3722edaf39e68af5e21ea561f717 |
| SHA1 | 4e06b8643571aa17053de0069144284aa3b10c4e |
| SHA256 | 24c6a5a080a687a2c7c8f9b293c7b30b299634d8f6c74d21e37afe377497889a |
| SHA512 | 7cac132150cc7f5cf7007b563a635c952ca21ed6f8b3e4599ce778a16ddd62f2ff221267cdee1a05d19d6e29b764a6c96cd3b16bfb4478c6cae4bb265e9f12e4 |
C:\Users\Admin\AppData\Local\Temp\iEEi.exe
| MD5 | 4a0cfc7144f0e5e2d2d6830825db9344 |
| SHA1 | 81c50463103840143b1d55cf6ff39094389e3d17 |
| SHA256 | 1688691de0d9e335a02e5c8fb9ad91f6bfbaf0c74f912af2e61e0351974b11a6 |
| SHA512 | bde7852e03026a60156e8d73b66481d8ae8b8a95f8a97b0bc70561e277a24353f5a836f29fc9f26f4507a7fc313828f9c29c2222dc615944a3bc601c94e4c2d3 |
C:\Users\Admin\AppData\Local\Temp\EEgE.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\qMQw.exe
| MD5 | 220dfcfaeeadfbd3dac61d1b1cc6f00d |
| SHA1 | 151e1072582e93338d5c4da659ac57b42f9f1c2f |
| SHA256 | 4f534fbf6ee8080aaefb946f97251aad73994049e8fff33d62bfd9a5477acfe1 |
| SHA512 | afc4f1276d6bd9731b34087afea5bde323de3ce448450bf2bd6a447a1c7e210826f5db8669e5c9d95d6a0a7e5889e638d020dd24201b58059d13943d13fd8062 |
C:\Users\Admin\AppData\Local\Temp\occU.exe
| MD5 | 57d73a8f0e96f6ea22b0c9050dc0a69c |
| SHA1 | ec86e1485744b7e5549ece58c282add2a9283c7d |
| SHA256 | 313e6b662ba542d2f0e2126dff9a0fbcf0597dbff4d1ba542d332eece9ccd689 |
| SHA512 | 2e2adc622bee16c4b893278fa94bb4c8051dc562c6541ea8dfbd32c3d76c8a73c4b69ff28988550a68815a83f2f415708f83235d7734672597c326a1025008b0 |
C:\Users\Admin\AppData\Local\Temp\owEK.exe
| MD5 | 515960044dd0d75efb548920f53c33aa |
| SHA1 | cdf5c0fd375d7781d1eef39702b00845db68b8b7 |
| SHA256 | b70acc64d6fddac7eba9ab934a53598c746ba8712ea32d63e5d435e9cb662368 |
| SHA512 | cbe25e95e0eb5d263cdd632259a9030f7ac8d0cd14e596ab581f990b69ad3743edc54acf963f7976987a5c5365821906fb8a5eb4a2b875207c4020178aecc377 |
C:\Users\Admin\AppData\Local\Temp\EYcy.exe
| MD5 | 080e27d174e9513a68803dac0226f890 |
| SHA1 | 76baf34d63581a197515ed345e213802f17ad033 |
| SHA256 | 0ba0337044e684dfd968d7d8dba0167f660bdc4aca40d18a9618eb4f5fab320f |
| SHA512 | 83b42709154ff2338da506bc573f9f582ad61d441301b77b19e70215ed3541151f4378f1e654f2cf5efb15018ddbb277eca418f24b78dada72e765a7ce5b9dfc |
C:\Users\Admin\AppData\Local\Temp\gQsY.exe
| MD5 | f45936e36abe8d39c20a88b1c41e4af1 |
| SHA1 | 473750013e39f8ba435837625e0018faf09ed426 |
| SHA256 | 3c262de570cc21d232b12577aa65a663dfdd42a17917e97b0105315a47ded49e |
| SHA512 | 2e5aaa38465dbcabccacdf33acb42af3cb214d1cd8a7eb68efe6a48413f15d5f7ae3a3fe931208ddfd3a051e224b4b164488d61133724948ca3a6862aaba755f |
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe
| MD5 | 835d97c0d6a05e40fefd3f6e6db8bd39 |
| SHA1 | dfd70b3a151bed6d7f5d3c904f998e227ce199d5 |
| SHA256 | 5bbf8e084bf883108429471222336fe0f538d6104102685464e0d62d51067861 |
| SHA512 | efd4892fd84a62bc7164d519917aa6345b8f9ab5d65657c65f219517df218118bea257ef3ae7bb1507183360f5b26584df18ce678b4b80ce63e2e2c1c553fd0f |
C:\Users\Admin\AppData\Local\Temp\scwA.exe
| MD5 | 48a77b1342b76139b3663983a0c9915e |
| SHA1 | de0a30d6fe252a15716dce769d49e37e9812fdea |
| SHA256 | a3d3d5e433c97f55169dc1ebdd8fa3ed7c3225e9801e85e737c9b75f17025e90 |
| SHA512 | 1a974ec7556bbae7573c6a73ebafa718011312584ee63fc0c24c99ecf360e02e0f4d3974b1bc2feb0f253df36c6e9e8f5a81c97cf020e2d8ea223f31f8015f47 |
C:\Users\Admin\AppData\Local\Temp\sEcs.exe
| MD5 | 4bd457aede676a1809a91704ca258657 |
| SHA1 | 66986394b40f6e696ed4742062002d1c0cd6a365 |
| SHA256 | bd8b85db4e221d942933c1969180a3cfc6a2aeb5d47ade96c0913bf64dbdd325 |
| SHA512 | f1819b9007ea224a33c2b732d31ff2e36f8af83b6ddae118cfc3a2f08364ba26791bbaa7989cf127b20ec4305a9d41c196491473a28f3d2c300af7f8eda460fd |
C:\Users\Admin\AppData\Local\Temp\ysQA.exe
| MD5 | 6a98e101817a198b2a080a5eea7e3e0b |
| SHA1 | ec7e0bc21982a299f7602ad2469584e131d8f41c |
| SHA256 | da1103f834365f14bcdadf8f93f064985618f33c477b368ae036844f1b80449e |
| SHA512 | 477a37a8b838a66549c23f08a1261aad4422f3ffab03f1f42bee1141b7793db993a31e0b93b4f16819946dd949455f4e5fc0ae27a5fcadb37a4e3851613d22ee |
C:\Users\Admin\AppData\Local\Temp\scsG.exe
| MD5 | 5d309fef71a9ca425d76790aa37da0ce |
| SHA1 | a8cfa9d78823bd9223b2cd08914f8328943d7c75 |
| SHA256 | 1d20edbe73ece3fa63b6a0c61831a31ce8e414d74e28ca857572c30c2363bfb8 |
| SHA512 | 5c1fbe47d7db957a9cc6dd017753b0f3d778defd0505980f806a4e5bb16088ac79c59aa45639890744abbb11183d93255c4e6380b6d54a59b6953010c03638b1 |
C:\Users\Admin\AppData\Local\Temp\SQQU.exe
| MD5 | f8408edf0da1d2218609c2763ad5f185 |
| SHA1 | 1ea3b020e1c27da99ce3f0abb81ac5d6b23b6006 |
| SHA256 | 7634567469d9974bdac4e58b0c28c7d1aa7df68b1db93d95f0aa749b3ea676e5 |
| SHA512 | b85ce39dec1c06ed000b20f2bdc49249211719b4c34efe0c66d17f4570068fd5cfef0c2e0a1c9fa5540d0c069dd8269abc2c651663efd7b0cfb3cd3d9e5617b2 |
C:\Users\Admin\AppData\Local\Temp\kUUy.exe
| MD5 | c4245d435a53ef7ca0a758ddfbe54b6b |
| SHA1 | 47aab24114c04ca657e28b91438b6617beafdcff |
| SHA256 | 7ee2cc6d45bf72393e55e336b561e524e44ddb1a1e7c7a1318fadbdc0b547455 |
| SHA512 | 557bb079683dc5f4fde6d628962c73df3a70a365b3ef84b4f7fb2b785225dee4006bebf1c0e43555baa5adef9e464d8e61636e61fabe34db4c897b30b74ce657 |
C:\Users\Admin\AppData\Local\Temp\OoYs.exe
| MD5 | 78d5b57b9c0a5669359176da0ca96c99 |
| SHA1 | cdf5ec70a45d583fff0b16484b1507b7ee006b00 |
| SHA256 | 26c23bec22cf8ee123a4ef202aed5effebcb5e879af4f72ee6f44f1de8532121 |
| SHA512 | 88f7c36bfc6f020cf96ddc18df33cc93eac99a8bb23b40ab48cb80dbfd39e997b786b5d2adc1556dba01eceb82ff722905c3dcc2d692a6047606344ca623c503 |
C:\Users\Admin\AppData\Local\Temp\MEEg.exe
| MD5 | b6a7650569b7d4a2e1e9578d76db3c7b |
| SHA1 | ca2ca67a7903f4a3fe72b6c891b38adc4ed61604 |
| SHA256 | b8b41d88d11cad16cb0b42994094e5441e0c8cd0b367bfecba4100c6218c1162 |
| SHA512 | f00ff131824d3c58b24085c90acaa5301dd50aebb1f37c25a752e69a60c14e62621851c4824166c7539a26e564fc68d92390f99e9d0e78df57675b96b16af754 |
C:\Users\Admin\AppData\Local\Temp\qQMi.exe
| MD5 | b8f45516e912cb8a0b8d7b2b7acd192b |
| SHA1 | e3ef1ba850d07b1d1e7d89380d73125e9b994d2f |
| SHA256 | fca9cb022eb878df16670bf0edfcf30a5b6bb076e5354ac6a86f07f0a7916eb9 |
| SHA512 | 297114a345f89efd29f2433a74b5033658413531387e607ee68cd7b1d8a8c19478b70514d2e345a38bd817fc971944e90d26edf29b277829cc478d387c625148 |
C:\Users\Admin\AppData\Local\Temp\EcIm.exe
| MD5 | e3f5a73c84630c66cafedc84960ac95b |
| SHA1 | 366bbd6fdb67c34a50a6f34d2c98dd11f3dd604e |
| SHA256 | 9a7708533f8636973be30c7055454ed86dab78842bc5f2b516ccffbc16a43f04 |
| SHA512 | 0bfa7a0b2f95eae7d6317d389bb3c0e9f53c66c44ae67ffb9de52a364013becac20cc3b8e0f46be56bae117b3bd88435a54b083c7cf5c0ae329f46218bd8c367 |
C:\Users\Admin\AppData\Local\Temp\GQoO.exe
| MD5 | ed6830574e169a5f64d1d8267360261d |
| SHA1 | b4f20c8d76886a433c9344e2ef1764b55933c883 |
| SHA256 | d3c057606729ffe330193176987545385d32de040adc60304d028f8e3c9c0e83 |
| SHA512 | 485db60858fa23a01e5d6e8f76314c0ca17cc504efeb7d2d8b7a466d900955bb4725c0ac4b0e8cde0e6a611fc0dc30d2db27d984eb333836431e6946f6d293d6 |
C:\Users\Admin\AppData\Local\Temp\CgwY.exe
| MD5 | 63e7b37f42c3eb26f9771961d3ced6a4 |
| SHA1 | 2482de767c234a820691a89cfca482379c8a4309 |
| SHA256 | 6a5089f6c6fa5d0aabc6a61492ad24e2170cf131bb4316a67277c433b1807f01 |
| SHA512 | 328c1a3208f220e05f6d16cb2b2d6f43eb8b53247cb43ee7c4a0c31754f5bc82df381a1d0cc231732fb24fb074ea0877136685f96ff8d51483142645cbe4870c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | cb5a7ab6d23519dcd42d0920e7b3a6b9 |
| SHA1 | f824663160e63112d6ba6469e31310e2bd5fb139 |
| SHA256 | 902160b6a9ff8bc160004dd06077fba9122ebac821b1497d4fce666bb86a7a72 |
| SHA512 | 6412bcde18f45386281470616af66d277dcb6115079ca3a24bbb2282f9ad764e76ca13dece858568d50aace39730be24cc4c3c8fb71b5703828407e54efedc36 |
C:\Users\Admin\AppData\Local\Temp\gMMY.exe
| MD5 | f67f8a14a6286433c95a45dabb7efa50 |
| SHA1 | 34add9a767b97a1099edd196e90909794045930e |
| SHA256 | 831d32e6d191ed8edaf83ea628b6d6601565c66e27e28d991efee4bebddcc4cd |
| SHA512 | bbbae4830ef0d5cfd1a4367f7bf98d1fb038817eac567cece380545c9c162dcd22bd82235f500906a3976450f6d3c2966e48f34334e5752896d6867e9c2da766 |
C:\Users\Admin\AppData\Local\Temp\wUkE.exe
| MD5 | daac1b5b26a4cd2da2efd743fa4310ef |
| SHA1 | 3f9c89a5f985140a03a38e774cf5c72e7fda0c52 |
| SHA256 | 03399a228fc28c53212eb20354ea07a9eb7dc9e200539408c96afe42a6fe436c |
| SHA512 | dd83ebbe5a670859d40e7af371917d8c869c96dbb06deaeebff6eeee90a2272d8f4ffd5c3db5fa2ca11fc22aeb9c2d9235265bc1dbd79e521953514bd58bef6e |
C:\Users\Admin\AppData\Local\Temp\IIgE.exe
| MD5 | 5b134a9490b0d725b3db05ba9d77558d |
| SHA1 | 4f27d544d10d543582717545d8cf94635c39aa1a |
| SHA256 | 715ef1791456e059bf781f9742bb477b23ca192b0df512a18ac8a6d961ee8a14 |
| SHA512 | fcd2880cd19b7b9d968a12cac06b4a6318c4fb3446495c67a0586a3ae3106274f0c0c3246ddc30e5d36c2ba97bcd283edf9d47fe9e2421a3f99fc5908c920908 |
C:\Users\Admin\AppData\Local\Temp\kQsS.exe
| MD5 | b6d6c6602c4ba315979d71231bf68492 |
| SHA1 | 603144b3c9c36268fab9ea7bc91fe3f30b81a56b |
| SHA256 | 0a8b9ca8b32f88e2feba365a7290083fdd7148b2059e4c2caf486a0e39ab8328 |
| SHA512 | b1fc335363417960027cc2f2b247b4700fbe80ff6595d9d671f3e357ade0983f87f7fb3ff165c71d06f8eb5f8e038ffd0c46cbd7ddcce050f6d33ca176654de7 |
C:\Users\Admin\AppData\Local\Temp\gcYC.exe
| MD5 | fa5a3ad77cd79af5d441d0f051842c89 |
| SHA1 | 6740f2afc379546b1298ecf2d76d7348da9fe131 |
| SHA256 | 295dae555082af65d1f741f25a2da18bf7ae815c0bd7aadfb10a08d8ec63b453 |
| SHA512 | 33e6f4385a655f4bf85aca235699df23adb018192ece25ed3323b3ea6df0b74b6eceacf37822162ef4bfcce476e408d34d5f4194418a1a9800a4e69ae22336ba |
C:\Users\Admin\AppData\Local\Temp\eEAq.exe
| MD5 | 09c60cdb009fa6f964621f86085b8701 |
| SHA1 | 7c60b55b1028cb80e7eeb7aba70618a5b854c57e |
| SHA256 | b06508cf06192c2458ee359a9710b28ba44c70b452d8df62568c6a9172d02381 |
| SHA512 | d5f104f474f96112c75ba4918415a894bea022b6003dcc98ce60393679702955e538a3a4691b99d742029deeded3d61a115f61da12a541b7276b0bb09ba735ef |
C:\Users\Admin\AppData\Local\Temp\Wwwm.exe
| MD5 | ac811077e8c7adfb9fdcfa16bc332202 |
| SHA1 | 5f315473f7588d8b5bc591c06ff9ded16850ccf0 |
| SHA256 | bed317e9fec72169122807d13d81bc79a601d536125dabd318a9b8aab9812075 |
| SHA512 | 003b62459db92331b38e2d5b6897be4c71ad38b746c708c09fb585814437ce9fa4ca9fab0d20d352af5a0fe1b04ccd3152d6a3f1071df92b3793c6107b304b99 |
C:\Users\Admin\AppData\Local\Temp\agQu.exe
| MD5 | 283713b9fa65ad809c90804f140a46a2 |
| SHA1 | 78ddd1bf95e23b05ac142ffa398a66a8a8e7b0d8 |
| SHA256 | 09cb9a61791fc4d468f4f2c46169058ba7b17310c48acb85bd5d61c585c68ebd |
| SHA512 | 77e603dcb45b5acb960248e4ec57873cf8272a5860fe769b20255e9a5d0eb55584f0c084dfa9d5db0f4cb9309e083e92d05ff4ec914dfeaf69b8b01089ceaf45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\128.png.exe
| MD5 | d810b3750005cbfcc21fad60bfd5cd4c |
| SHA1 | 07a9e83e121f0e76ce95fde8cbec9e0ab45cc13e |
| SHA256 | d69a1c667b7f73c1c69c82fba1f54aaeb0c99c67098c194a0d4ffb2896e94475 |
| SHA512 | ff28c532e75195e0c8a678b47da7c60e869939046518b043b8db369c0597d7ffa4f807847ea2aaa1a00e338a17dd24bed7fa7d15a9924299407ef77531d95ccb |
C:\Users\Admin\AppData\Local\Temp\iQcq.exe
| MD5 | f94eec28febe844ce22313a583790294 |
| SHA1 | 4ad569eaf943b7e218c5d135625f5b87cc28f999 |
| SHA256 | a9b9a390776d93b7929733ee3bd39789c115dc621771af4573e74fe72d3c3343 |
| SHA512 | c9be1d2463e941a7349fb72aae807c8e2492b043a0c1571f0ce318959612adfa071efcfe5f19aa2b9cb849388222dcddc3c5b65fd53e5fdf7c52834143faae3d |
C:\Users\Admin\AppData\Local\Temp\sEww.exe
| MD5 | 56c670d2a2d55e2b313eb89372b1283a |
| SHA1 | 138adf841c37e9173a57642c65ea21c6020f8fe7 |
| SHA256 | 55c0383f09775a640b75406e46f502f4ad28027ef119f0fa6090972d0ef6bc4c |
| SHA512 | c7ecef0ac09b535f47373e6a1bdc203c99a2c0ca6a8d5f3f5b252afd0aecac5f3a13b18b3e6b4d3726bc91ebbb5f3c7d3c4c29c099c8baa2d445c642e8e8af55 |
C:\Users\Admin\AppData\Local\Temp\UgQE.exe
| MD5 | 0ac0cf8dbf92254d3a852290da49d32d |
| SHA1 | 7625584a3a7e735d9e214552741ac3fc052744b1 |
| SHA256 | 1a956ad9b0df5a5a12de857cb872b0ea17678aa9eedd2ae72fb3bced6cbb223b |
| SHA512 | 8a15ca6cc7d7a28d1c913ff9456d1e854581820f70cec4beae078135a45205f811fe9938b2cb36b531fc8e521bed6c245f6cd136ff23b0f681c319e481dc758a |
C:\Users\Admin\AppData\Local\Temp\AQYC.exe
| MD5 | 8047ef3ecce5bcfab6bde4d0599c148e |
| SHA1 | 225e948bdeaf9b50d290b471f760f334d78cdcf0 |
| SHA256 | dcfb9d7ea2b5739f1d7cdefa119bc39476b43ebf861d4fe6fc33221897c474cb |
| SHA512 | 31e565f2a9ee8a10dbacb545b07da5a5b191cc7cdb17b0c1a41873c04f17552fdb86cc0e93cde7c29c31036ec37349b3556e26c1e5180408b411aa3196d6c5e0 |
C:\Users\Admin\AppData\Local\Temp\kAEe.exe
| MD5 | 506f0a4bd381c9cd9268e8622302e515 |
| SHA1 | 5dea03576c876b2e32b10adaa1e92db63f3bc5b2 |
| SHA256 | fddf4aaf5a86acaaffc5906ab999ee54c168ddaf48b357f3b25e8dc4b8d97220 |
| SHA512 | ec1222a75bc0dbe956072c4f52bb90ef45a7427642910a8c21bc7298e5566c80f247f4bb65dc687c513a2b14d89b993a96bbe9c03be0bec13c04cd743f6f06f9 |
C:\Users\Admin\AppData\Local\Temp\UcAk.exe
| MD5 | b967ccd07dc7712620ab9ed017eb595b |
| SHA1 | ee6c52543423abdc07d143f4acf262f0d9e39686 |
| SHA256 | 9deddf33f542bcfc6006244fe5390256e67a5b0105e8543335fc790b1c2b375a |
| SHA512 | 557d8bd5ce5741ab86e1e829ef5ea2e8a65699c52ac9279f57b70a209c2b8276306e5898fbb2e76d97cc44aa11ec6fe9e9f71500bd726d13d548d76e405c763e |
C:\Users\Admin\AppData\Local\Temp\esMm.exe
| MD5 | 97c876599445a374b22da87beef38270 |
| SHA1 | 6baa02c0cd67afd62dd7f8ef894422c3382529b4 |
| SHA256 | 4e79c19c71af402c0d5651798fcf996f1f85d0369aa2fd77e264db9c45936b19 |
| SHA512 | 0539fb9ce919305101b1afea57b626e57ead3f6a2a3ce822fcb668617125fa3103cb8868df5ddaf5907da7852010305cd8cbf3284cc872a73159ff212a3bfb24 |
C:\Users\Admin\AppData\Local\Temp\CQcc.exe
| MD5 | 6501275b8be6176e840d49f8b203e7b2 |
| SHA1 | a17a6c5613809463c3d354770bbc66b712d66aaf |
| SHA256 | e11862f41e0d295c62faa3f80e5622fc913821dc8f4666883b0eb1b261d5bc1c |
| SHA512 | 120bcf751d7b269e01b6fd52b8c06ba05f78b4b5bf8a6f1debceb449fca27c47968688cba8a84fc39cef424262b29992f86e567c0d882c4eba52cbeb54cc6c6a |
C:\Users\Admin\AppData\Local\Temp\ucUa.exe
| MD5 | 2a92cb9720381a2e7c9677e35fa6409a |
| SHA1 | 6a2e1ddb0199b5531587cf7bc0fc56ef3a64e30a |
| SHA256 | 078ec5d49e398b0c11dbb73aa00f0b70111000c51f9154f857601c90945cfe67 |
| SHA512 | 2120b3da3a0a4f5a2a039873799483830daf6ac9033b63771280d8e00fc66390d883f382049aed213afe51947c546a811e3c6eeece208510410b8a65e5e10dd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | 65b621e47ad14255a0685e253d8c9a94 |
| SHA1 | 5097ced65e6e8047c37233b24c5006e34ee8101b |
| SHA256 | 300da980d51cee10fcbb9b20b00b3640c87fabe18fd10d2dd0c9eac2d4a8c2e0 |
| SHA512 | 661a99859c39ec35680057b5a16a14923c938a77e97d37bcba271a79f783efa079c7a2d183377bc2a9da635ef10cc7df5f100a44d5964882109b416b96710551 |
C:\Users\Admin\AppData\Local\Temp\mAkk.exe
| MD5 | f3cda372f03f5f8b78c2eafce8b7f0d0 |
| SHA1 | 27c706c151787f658a91c8cd1ec5fcd0f0616575 |
| SHA256 | f4e8ff58d6a8c0b2d0dce461ee82ef397bd4c7ae8b72ed0796127a14433f4884 |
| SHA512 | 410be8de5da9d0a6e5f74e32f5713a0c4df670d11b92df132e8c2c155368d0a698431c95d497c7f898cca97b72412a697f4fc2bb17f63dde0f64322522a8b6da |
C:\Users\Admin\AppData\Local\Temp\kEQS.exe
| MD5 | dabf109bd0542245404146b5167ec08a |
| SHA1 | 91812ebe741cbb492179936653818e77952f44f8 |
| SHA256 | c27801e6c5b3e4d0cf3d65c288f5446ec4e0e7a35a35b694bb73551529c46397 |
| SHA512 | 686c72b4ee8792e5ee04c4605f002453e139bdbbd2d4e5fafc2aab65bc2e647be32335f160562c0fed30d0dc850b622bfe64cfc767240847bc7361c1cabbda8c |
C:\Users\Admin\AppData\Local\Temp\mYUU.exe
| MD5 | aa34f8de4e7ae1634158225f2557c408 |
| SHA1 | 235e497e56174571365ba5ee7b934981f9fe49da |
| SHA256 | dc43f68452bbf11a8f8498be65d6e0a2f514ea5749a042c1a9568559cc70538d |
| SHA512 | 6bf4076098eb6bede01c51857326be19c0d7909b00a4f36d04705c4a3a0d78f61e9fab95e139d9d3d84e6ac50070685a9b6584e7f74e423ea1aca266853a6d75 |
C:\Users\Admin\AppData\Local\Temp\GcAG.exe
| MD5 | c733260dfec9339bb8c95cc6d5c12e31 |
| SHA1 | 89fd76c9e3d14756ff785a21a0ee7aa4ed5e517b |
| SHA256 | 2f79cb8b95e799f3eae3902981abcd9f7c44203e17c61642eb4a48b88f749947 |
| SHA512 | 69d42194fd575e3f3eaf5dcc037e5c9494cd6026eb1b9314d5ff64d542a45ce76570b3625892d9c080a337b059f308b16af5681b1a9bf377f2cb1720f4e5c324 |
C:\Users\Admin\AppData\Local\Temp\CIQM.exe
| MD5 | 9079e1f681046a2d46199c0bd5801cc7 |
| SHA1 | df757700c21846d811d87621894ed8917fe8c453 |
| SHA256 | 2a0f5b86d3dbd00fdd1a6b3984df6a54aac33bc0d993ce8257c0f357a6c422c9 |
| SHA512 | de56cead7bbb21e94f2db52290414150864db1cf17b64e28276caa0dc8881defdea9839babb18f1485932bb3d709276b3b6cdb719a5e6740344f41fa98bf30b8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.png.exe
| MD5 | 3e783b3714c410ea317579d2b6afd52c |
| SHA1 | fca33b194a71069a7d918e617332609c8ce90f55 |
| SHA256 | 53bf901da8e2236d9a4cf27aac84e6c75aaa898c385c4582d75fedc4452f7f91 |
| SHA512 | fd79969676c4bd1c4ec499720b0231bcd17f4329f8a4989acede24fedc9392074bcdc4ee69a023c653a064ef8f832cf15dc752089ff7427d4fdd9df05db5cda9 |
C:\Users\Admin\AppData\Local\Temp\mggW.exe
| MD5 | ea524904fd423e1e9e935e9b6f2e0049 |
| SHA1 | 216f5af00234b5516dd990407b36ea55a3c84532 |
| SHA256 | 4f1ac6e5069ce9961e28a40bd8f846bc471ed5aabfbce191fe0f61a12922bf57 |
| SHA512 | 52325daa5f2daed9923a9ccdb8703a24d0c81fc4b7f85b8a47aa9c364a51f488241a360249ea16d3ce02f61c205b434864db3a5e491d84e11cfea11ff5a41c27 |
C:\Users\Admin\AppData\Local\Temp\GsAK.exe
| MD5 | 4d8f9df5081741fe4023452e432d9879 |
| SHA1 | 3287ca5af4a2d1c4cbfdfdd64d6f245758850525 |
| SHA256 | e5e203ac146114e7c14954c2a27776870c40da9c42179092566e523b84e9c3e9 |
| SHA512 | cff71d787b889597e7e8771e6c7aa7c3bf1ce07bd900a0c63cf3774f007555b26cc5901241656989752c7fe62bd73b6dd4c67a18df99c53299a473954c135d88 |
C:\Users\Admin\AppData\Local\Temp\IkUU.exe
| MD5 | 467b3c00c58e37088c654eee1fbfe284 |
| SHA1 | 1586b20ab6bc10ae52ca0e7ee5b8418d3ade278f |
| SHA256 | 05c038ffc0c84749fb4a824ae879809c787712d668b2f0159a71476b48ef15f8 |
| SHA512 | 0188dc1a06cfa3e61eba457231ba85641bce707f357b77d290da0c51d74f287a8ed4c685f6ee071f07d1b52c402e3080af2bb93630913724cfb13201e80034f1 |
C:\Users\Admin\AppData\Local\Temp\AUIQ.exe
| MD5 | 808c850b6c1755ca4a17e52480fb53d3 |
| SHA1 | e0a875a18712b6351487b6eaa692b094a43f7ec0 |
| SHA256 | 8195fb1f2797f72ef63e1bc73da8ca84837b36a81d8bb02bb18656a4d895fbe9 |
| SHA512 | 7ed99a312a3dc0e410f7e5c83321db0d8956aeee03b0f56f8e80ff7e0ef53c6ff326a49b190cd2f7e967d8411022ce828462e3e900d378683649e6be61711456 |
C:\Users\Admin\AppData\Local\Temp\cgQW.exe
| MD5 | e84d6bb3e0f5f856a6bb150f56ac0727 |
| SHA1 | f5b3d5129ce548fd98e75ddb5be69a064c919d1c |
| SHA256 | b617a1930e0441146a9877caeddd8ea45ed5909b755bdb2db4e9926ae4d3be14 |
| SHA512 | 083fbfffe9dadedec033c7616633175236b8e285f5d60d38425f6d48092ddc2e05c19eb405603778b2e9019feff3bee8dc6728855e5ecaa21b90516b9faff902 |
C:\Users\Admin\AppData\Local\Temp\qgoG.exe
| MD5 | 065f66435ccef4cdc0a960023722d101 |
| SHA1 | 08714794c85c521a0c95d8f876bf5da0c47b32fb |
| SHA256 | 5409b69ee94b78eee126a5305dbb3f69c03b4995e489d1374a4ce89f3a3ef12d |
| SHA512 | 846aa3a1c76832bfc7dcd0a364dbff5282bd242e54bba10594da495bef9483e2f23a3fff6390a06780474b5d0f74a1cfd850448e81c7cc878d4c4fe2766a7b6b |
C:\Users\Admin\AppData\Local\Temp\yMcy.exe
| MD5 | 7b9706bf8afcf5587f1b94cc6288afa2 |
| SHA1 | 3f67fb7a945a866df9a27df075a8efc4b418d1c7 |
| SHA256 | aca92ad49fc977146bb50134669b07dbb21467b44e1b05f726a7f81758859dcb |
| SHA512 | f6d4ea9da488c6bf4117eda4d569d8af90ac255c4afe4dac89a63933ba424db9e3c7223f54eb709cf8221bbbda2601c391ee43fcf9d52d2df489e8fac10450f7 |
C:\Users\Admin\AppData\Local\Temp\YIUc.exe
| MD5 | e982aafc5126306f90a96e323b3ec015 |
| SHA1 | 1621282e7a73314bd8399814d83bf64ba8bca7e6 |
| SHA256 | 6764fda83523ec62975065fcd3ed87dd0aa22d094f24114943e903c297fbdb85 |
| SHA512 | f0951d8f618c608421e2cb40b65550eb93e42d4faea99e826de829bfb3b117c73b124a1e477e6448b22cdba61e65076399b8f37ccf2fa5fa675994dce34df837 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe
| MD5 | 1229323a9e6a2c7c7e075c0d9f7f6b5f |
| SHA1 | 1ba55e4d7bf0ac6af282167efd8ffafb6e57651b |
| SHA256 | c3457dedb212a5aff05585e1f041ce1d2b0b07cbf68ff24b920c9fb611cf1574 |
| SHA512 | bf50cee6f17789a44ac87795429ad8973cd379d00f8143dde1394b09669450a221ac91fa4123e96d5faad00bcc2be14976c2051648ff06027e4d43a23435e46a |
C:\Users\Admin\AppData\Local\Temp\isIS.exe
| MD5 | 3eebd63041879f9695aa09cd3e77c62c |
| SHA1 | d04a1fb6b5a04ee5f745be0aefcf73008bc7f04c |
| SHA256 | bbce5600eedeb32cffe3b3a85ccd15a7b41106fdb9d3b20938fd0035d471b4c7 |
| SHA512 | 3d7497f13f1894e3f3f192a26bcd6fdd612dadc3aa7247bfe2fc15333e53b98e98abbee2987e468a28b525923e08a4fb301c39a4408ed41cc178bddff50e2d0d |
C:\Users\Admin\AppData\Local\Temp\wAwa.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\AoIw.exe
| MD5 | 7a0d2073ea0ea7d1b289a477b5145866 |
| SHA1 | 2abed85b8d7af99c0e280de1e9a524bdf572b725 |
| SHA256 | 12a60a169fc13d59fdcc683da93b5b7c4757ed446d61f39b76e3da4cc70aaeb8 |
| SHA512 | 5b7ab26856afbbbbdc6c42374aa28429dff9e7fe69aeefc3781e50f1a9cb392c5d2e14b02586135df257effac75e9666235e27f345abe89fcf882464889955d7 |
C:\Users\Admin\AppData\Local\Temp\QYUg.exe
| MD5 | 7ae2cd0ebd705afc8e34f4f554a5bd31 |
| SHA1 | bafd44eca43b5e9fefb42a1f4f47ca59122108a2 |
| SHA256 | d05bd4894ae853fdd8c7041093fdc5133b21d6dcae9c0fbed5389495dc100086 |
| SHA512 | b5665d6a4a242ae621876b5482f0a5bf01a339482a47577b29c92c463f9d4beaf60c0c116d203997f9a45ec18a9043e65584f40c1cda9535b0eb05b9e5b3ebe3 |
C:\Users\Admin\AppData\Local\Temp\UAcq.exe
| MD5 | 523d0762432de77b14fd646d69cc8eaa |
| SHA1 | b3e1f7e5a0ab2dece4a06618683e7dac2871bd95 |
| SHA256 | 4a7a0a1f85e6b0de7c458acb86fae506c11fd6d5c4e06aa5d76290a752a8ce8f |
| SHA512 | 95c9511ae8099bf6106f11b98fe7ded7815f55230434c7fdc40e007a275944bfb0e2e6b1c8cac91f7d7519e2828a617c77366c9b1e2a71fdf36f89d2237926b3 |
C:\Users\Admin\AppData\Local\Temp\WQMe.exe
| MD5 | 8a56dc199e5aa5baeecf5f686a22ce8c |
| SHA1 | b46ae53253f82c08c02a651f2af2a1fc61a89b30 |
| SHA256 | 99872ea96620240036c07dfd54ac070474c00a80d846c17eab881152a127af1c |
| SHA512 | bd8887c1d3b5bf882350f80af8d89ccd371a86def1da7fced42d5b60792e36654f81bd2e5ae1f1b2db34b3826f73d6911a3199638204988cfa38bdfd53531ccb |
C:\Users\Admin\AppData\Local\Temp\gMgI.exe
| MD5 | 33c217f6cec62a013ecab0adc0cfddb6 |
| SHA1 | 6185ab24e20ea294a3e01dcac6999de1ae1c3882 |
| SHA256 | a281dbca31927e93c386e7828c3623d6eca00052ebd0493e6a2873908b4df9f0 |
| SHA512 | 4352c4352c941c9ed48c6540b2a08faf23b2e779660998ba6f942a4bb35144267add0a3cf4502f9109e64883ed93797f365fb4112708e7f82464910a1772e611 |
C:\Users\Admin\AppData\Local\Temp\GYkk.exe
| MD5 | e9f4afcd4ac0220fbc93f25e6f18c702 |
| SHA1 | f2710acd8b6a4249364a1bc6e5cc7b66f41bd934 |
| SHA256 | f9961119cc63de303c7d15dd895ad199216e3d10f9481942a16ffaee982ca10f |
| SHA512 | 9dfc0d355fdf066963cb9a05d94569e449ac392edf2bc9d9e54bc0c674ba9f6e0b9ff6f4da0d31eb4835ac8bf7ad56601a2c0d04b656b92d5a62adbe35dd82a5 |
C:\Users\Admin\AppData\Local\Temp\UMEW.exe
| MD5 | 3022f257839121d4edb757d87debe7ab |
| SHA1 | 2141497a3c522505af88eed75f40161973b04dbc |
| SHA256 | 5bc0a0009fc4bf5bd451468167134212d67106c7bd245ed5a1549f9232f849d4 |
| SHA512 | a97a7e18993176b1db9ae41c3a9750f1ddbfb43bb098104a0912a1c04311435afbcb89e0204e612ba9ea7b19bff5a0117d57138bb8830e072d7b10a89ebb6a9a |
C:\Users\Admin\AppData\Local\Temp\oEUI.exe
| MD5 | e35ed3e2331dd443ceae13616407b8a0 |
| SHA1 | 3ec5864ae500da66a425900d4993c6d2d48f095e |
| SHA256 | 6859a7faf3e9f5f3201c93e81af93a6a9874d8215fac755a3b55b564c79134e8 |
| SHA512 | dfd25e6373db5325c9fd4581fe34cd901889d812adc5bb62fad26c816c7f6b0f7e43da966d6254721d8bcaac5c26b7e9ef1b5168ab5f1a7cb268241823c31022 |
C:\Users\Admin\AppData\Local\Temp\YoIM.exe
| MD5 | 88495ec032577453135b58f2bb82ff5b |
| SHA1 | 484073077fcb069739a85ba68e464ae420ce5a93 |
| SHA256 | 5e7b85c8fabb19755548442f5ee497461c3b9e0c1eecf6f5c27d4a6a3b9175a4 |
| SHA512 | 3dd4f751b634d59fe5e57c4da4b51c146153760c7fb0f1d1d0c4868df956161701d1a210020ff201691cda6f3eca70d97b0b87ed15bdec2601634cf6dd81c174 |
C:\Users\Admin\AppData\Local\Temp\YEsy.exe
| MD5 | 5d5548e4c21864c389daa99e6b774955 |
| SHA1 | 0fd16f27f1516c49953922fc6df01d1140a85e7c |
| SHA256 | 36efda70a3ff2f70970c26e49dd045fb6166c2c840bd4eeeab9d34fe6cf30447 |
| SHA512 | 93ecfc588d66ec1f875251aba1d9b6d683b51013c404d13c50388aee727b32cceedfb4a19add9d358b5486fb56a40d08b9b5916f0a87b9c735932bdad89f622a |
C:\Users\Admin\AppData\Local\Temp\EwMe.exe
| MD5 | 1849ec73b3029922c1b4c7ce9e04acd9 |
| SHA1 | 8a33b43d8458a6fcac09f9dd1f3df657af6323f2 |
| SHA256 | 9ea796fb7a67fd533f552e8a71d62f55c13612f7fc22b867a43059e7e07235df |
| SHA512 | 4ac90624840d0998780febb579143dc0ffd61b96f398e55e98b840dcd0c39472b96e35c98a6c62521fe54d1899689a11191c5e30ebc03afe191753b54d8cfe80 |
C:\Users\Admin\AppData\Local\Temp\OQIw.exe
| MD5 | dfe6fd06779a6a1d2a9d5ec651c17064 |
| SHA1 | 546706e5fa3f5d3a1932586d6713ea06affda67f |
| SHA256 | b8cbbddd2f9cc6b10bd34f782242d6ecac69674a7ef98a69ce830e8a2027b58e |
| SHA512 | 5a8c1da866e5fa5927a9584f0a9f87a8ee3679a69f412d06955f5c1679b73d4ba10285e789064b7fda153a3698ffaa64f93a00a97f5408b889741c3e98393b48 |
C:\Users\Admin\AppData\Local\Temp\WosS.exe
| MD5 | 4b1a09b890567a659588339c66e6da46 |
| SHA1 | 30479385812d12bd736f0ba63579066088531b8b |
| SHA256 | a12035852fc7f100272192c0cba6a0d21025d55a66ee104d45ceb683724c05ed |
| SHA512 | 06a5cd43ff33184c15ae85d6861874d4f7a4df091eab1657efcb4fb5b811fe816f51c2d20fca78ffc80a2361c9e83afb7c9720d90bf5f25e6dac1b1050a4aa24 |
C:\Users\Admin\AppData\Local\Temp\YYgs.exe
| MD5 | 9f1d4d4dc114c114e3643503f0abb6c6 |
| SHA1 | c00a51683cc41f1832bd52897114086d74be8c2c |
| SHA256 | d7975b7b7b6fc835ff5beebe5f881c0185cc09aa00b561deed9c4da9dfb5e963 |
| SHA512 | 0d35759d5ca472f45486bb5db323f6d52ed9602cb16e25dccf727941af15febe90ba63cd9ed4ccde7d94b4e1450a994f8e473a1f6b122c8bcce7d7e1e0cb2dfd |
C:\Users\Admin\AppData\Local\Temp\sMcm.exe
| MD5 | e9b52690677f0ffa27343c730dcb39ed |
| SHA1 | 7a66e6797685f1aadbef800a17667a5611f3ab79 |
| SHA256 | 3217ee6c14ae98266cf9d5b7c9de794f356e2e85540f703a551b792d9291bb9e |
| SHA512 | f5d4220e231dba8bacbc4e8eb925d1e7ecd7d7c432f22e54586495b53af386b32c2a86baa805a507dea6bad14bae741be54378e5f843eb70a1a861f504761f27 |
C:\Users\Admin\AppData\Local\Temp\ykUq.exe
| MD5 | 69cd308afbec297865ffaaaf880ce093 |
| SHA1 | 2c8780f6f748408dc5588d6d362684a9a52e2deb |
| SHA256 | 3b7c27795879a3188303978d439d7c33d324ddd7956aeb11154d18c387124f37 |
| SHA512 | 6904b7c823eb2de4b5ac16a08126c8ee054d4563c45c726e2403b02368f0a90468221087f8af7c6ecd605eb1b64ecc90604d3d753b8c28abf05dcd12a63827d2 |
C:\Users\Admin\AppData\Local\Temp\OkoG.exe
| MD5 | 449a7b879b1bd9e6f111f9b1341869ae |
| SHA1 | 0ed266655f0fbff473e6edc3f9796925af26100f |
| SHA256 | 3af801d29f26d69ea74a188f41acef53f351ae4c6295d12cf932a66013946c83 |
| SHA512 | 2dec6b09c796e968a383881efbdb44820265e1efb37fbdb18baa5fda6bb3afa7bf96bad212fd9917d8d2a1fe53b82748fa26bf063b0d15c947ff4e807dbcbebc |
C:\Users\Admin\AppData\Local\Temp\YIog.exe
| MD5 | 1d7dc4bda9bd51d3a8a43806e3702bc3 |
| SHA1 | af0dbee94c34a325e5a80594ce0be6b174ae9009 |
| SHA256 | 8bbe17d5d462969e4d35dfb9ea36f933cc2bf8cc78fd8aafe45484402c631020 |
| SHA512 | 5658b412f3e9ca14701027a62f7624f4514cb413e05b772d158bbe82f74adf8b18184f4982cd9418ef4e2e9086c6025685f68da38efcdba18614fdcb3c780b28 |
C:\Users\Admin\AppData\Local\Temp\gsgM.exe
| MD5 | add078017576d02e90670f32585fa19b |
| SHA1 | be3b8b20137f2b1bd002dc64695890fe2511471e |
| SHA256 | 9737433820c99d2f31242e9c19013e2d29e2178157c460f90e9cf55906c708e8 |
| SHA512 | bdc2c4e2293dd1f582cdb8d8b3fb98a3917b244794b04b26a8e500a56e18a1a853e79e80cc9c25dfdd8f3f0b2db1188644d12987a7e556f0e320a6d74312a6fc |
C:\Users\Admin\AppData\Local\Temp\aYwQ.exe
| MD5 | 70506b76ac9ba435c70273d13ceb7871 |
| SHA1 | 8802ccfe7764fbc843ef61f63071ca3c30951324 |
| SHA256 | 7f8a5c3ec70063994ff00a6357a8f49eab7e91c04942076e50321bf62c2aa57a |
| SHA512 | bbab120a9fd8b3c1ce3bc5e811719fdb5a1c3487377039afce79d6a83f413f437e6fad3c88ac4e4579ac2165cb1dff71ebf6f05a35c119daeed9f169ac5b67f6 |
C:\Users\Admin\AppData\Local\Temp\GgEA.exe
| MD5 | 182f76c65ee93bd01a97c57152fc25a3 |
| SHA1 | a58d0a16af46dc89efd8d1778776d03997a843df |
| SHA256 | e26f0d6ba2104eec3ea6637f53c890d1b81a0ec544e1546f5cd3b808f45e72c4 |
| SHA512 | f86347ef0d9d0d8d55776612b5ffa87346ce9613a147013e54712853d81d235638307af74770cc1d66d1a3ab7fa197ab6e8463fb45345c776fc10a5f171c91f5 |
C:\Users\Admin\AppData\Local\Temp\cwsM.exe
| MD5 | a1b7b74f6eaeecbb07b2ba5a4854fcbd |
| SHA1 | 8ae40d6da474fc6387ea4bd24daed61d603aecf2 |
| SHA256 | 0adee830efe1013f5726ed21a93f3a6d2c7df2c97e08893b280703712249ff12 |
| SHA512 | 2673181edc891c628384b0830de7ed5c9f8a99850941418c6ccf3687a39ab3cf1e6027867c6d76c5cef83db3039a7fe454bbfdf2edc3e05bdeb9f32500797a14 |
C:\Users\Admin\AppData\Local\Temp\GYoe.exe
| MD5 | 67ae53905af543fb77a17c52c745f761 |
| SHA1 | 82280e5c9feb020a7a3c58c1ee5de9b5495e8242 |
| SHA256 | bc29fc542adbfc2adcfa58477fc0eb7db1b101f284a9a3768b9f3a30b0b2447c |
| SHA512 | dea4e283216d17e52235325be9d8ad9c87d22bd0f058833fb7f8ad741b6901e47ebac592ccd1a09990e47f943d97545cd52d5e3b7963d93591bfdd8f66aa9e6e |
C:\Users\Admin\AppData\Local\Temp\sIwO.ico
| MD5 | 915b89b32206268168c5789d7c55f7f0 |
| SHA1 | 37aa8ac4a21bfd3756457063f300caf5150d9cbe |
| SHA256 | 1aa540b0acfa68f313963ae32ca68a5b3cefb49217cbf3b9e0b9eb98b9b94b6a |
| SHA512 | 35ed5562ec9fcefca9bc1644dd8fd7c28ead223eea2100eee38c51224332cc071cb7a122f750144d1d2b38b3580dfd8025cc59e0942a97f729ac39bf3fbfb9ee |
C:\Users\Admin\AppData\Local\Temp\GEsE.exe
| MD5 | 132e7e6836c0bbaba59b898092a3d957 |
| SHA1 | fd05e253c6fa894e58f5c0cb712ee89751637805 |
| SHA256 | a858c5a92d83016f1335d74689794b56142fb991da4d62a8ab148181b7281649 |
| SHA512 | 4782d297769742baecb1b5c8baa156d945bc3980cbf9c7cc012f7ae7e6bfa5b0c45ae74de9ed40a9f7eb1916c626d3bdda73cd8d2620a720dc0b421ab11c0d5e |
C:\Users\Admin\AppData\Local\Temp\ewIW.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\ggIa.exe
| MD5 | 85383a09e36826ebe1a35ede9fa3d4f8 |
| SHA1 | 049b43a585db65624779feefa586ba65b04f34e6 |
| SHA256 | f58e575f6c19524b8dac7cbf9b918f74d838b8ee4dcbeba37164f1626629b6e4 |
| SHA512 | 215571ad9f4ab2280cff57f563dc2972060dc1cf72fbfb86d2124d0651a9cb87ce8049627e3887ff9e2fd6f32e816b22117d86c9071a6324b50bc4cc37a4f4c5 |
C:\Users\Admin\AppData\Local\Temp\AMwa.exe
| MD5 | fba70f743895c869a1555ee71a500ab6 |
| SHA1 | 5c87b891eb9fba25e5c97fd1cc1e1e617f859619 |
| SHA256 | a8211a21e06406e6556e3b8a896d9400e9faa064a0b3061c54a7acf005cb9c74 |
| SHA512 | 65793abcd3b2c44d9641edbe966b27f15d96635c06d95f1f3eb6a641baeac0cd364e4aa995b58c068c1d8df7c8eff8d541f8674a1778460ee2b8bb3574169c88 |
C:\Users\Admin\AppData\Local\Temp\iYQs.exe
| MD5 | 0d74ae643941b9b2291d660528282fcf |
| SHA1 | 16532ebb008f722a5fb48c862371b5a976bf6162 |
| SHA256 | 11f5a59c52bab4fc0cd3f6fadc63b66cbeae68ff7cdf555b929ca3898919f34f |
| SHA512 | 377c98a993a4e3dbb0a90b67066cb96daa5f76ffe924e78fe52a92a85687227aadac05be61ae530b1343a09215506c6428d35e45a2910848dc300a4765cc25fd |
C:\Users\Admin\AppData\Local\Temp\Akks.exe
| MD5 | c535cf9b52ceb037895bb203a6e25620 |
| SHA1 | 3963951620aee6dac5f88e45e92efe71ce5c0442 |
| SHA256 | 10fb2c82f75b98924d92e9e4677471e4740050e8140e55e61759305017141b4d |
| SHA512 | 0b850479f794721ad089ab0a3dabc33aa46d79869f656e79c220b2d9c13f1ecb11565db6d21058f653346d7463a926996de9296bed65be55272c294b54deaf09 |
C:\Users\Admin\AppData\Local\Temp\goIE.exe
| MD5 | d6073f02b424d504ff5bf648ddaab146 |
| SHA1 | 191f62b16584e031788605b6883535dbb1f2ad4d |
| SHA256 | 794172ff9db9d6cd85bb22905ec886e8428ed397cb3528730abac9409d5f14b2 |
| SHA512 | ae3b2dece6b369da2e17ec4a853e12bb968ae66b0a5869fcc39287103acdadbd117bf8df17e24b3c03eab5001abfd2b2f74437c802cafc1fe9a2e98ac20f8256 |
C:\Users\Admin\AppData\Local\Temp\IcYg.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\wokW.exe
| MD5 | 2e4293a210f674e10c93d68c4d578da5 |
| SHA1 | 6b8b6dcbe541ac587b5b57cc1475a8b802cea724 |
| SHA256 | a3c8d22c31a4fca2f7bacb608f3d1ea5a265939cfa93417c1a79970ab92766dd |
| SHA512 | 7c714361618494a86bf3dcd778782cde25faa33174b05c4cc9a7f5377b4d4e1860e10938ea2c1e42b7db0510a3764b8c21c506583f6aae085f48fa63f8f8229e |
C:\Users\Admin\AppData\Local\Temp\gogE.exe
| MD5 | 100d17f54ae2c0ba1557b6e3e8d26170 |
| SHA1 | 6ff4486661acc1cc4c913525da00ea7c79fb64af |
| SHA256 | 84acf441f199805669f3e41f9e4478615870a07b845a704efc57aea4335ab211 |
| SHA512 | 521c76c41319695d706ac45e8803a6046ff4a0fdff8bd63cc72c451b8c05ceefaa5d49ec67cdc631e4c36209eb05ea9fb5f5621132a2965d5426bc68c411f00d |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | cdd365df7da8d4d0bae51c1824bf7ce6 |
| SHA1 | 44af0668c1fc31f48146137896e340e74570a223 |
| SHA256 | 515bb101d1c7fc9f53f77add4ae3894165307bd4f61a3b2e4a6137ba2da72fc8 |
| SHA512 | 106389a0237a9c2f3c5957ba6d4119883a041fa480be2a800486614facf33f08a1f8abfbda25bda0012e6ca27c4d335d06a66ce26810422f53ae8c9cd8c94cda |
C:\Users\Admin\AppData\Local\Temp\qIkc.exe
| MD5 | d604483b0f3946f934ac2380ef477bdd |
| SHA1 | 95fbc7f23b3e26469ee280443f0b5963312cc500 |
| SHA256 | 982067988591789c44d822b1c0a62f9c3bc1910273bb22f86a223f8981080e83 |
| SHA512 | 351edf47c8e1dec1caf8a0791981dcd4d5890dd129fe659905c36ae405a703e1219b86a24abce0563144a1af38a216cdfe046b41fbf5075519816683e726a367 |
C:\Users\Admin\AppData\Local\Temp\ogMW.exe
| MD5 | a5505a5d82d37c265ceff9c3e96b2f56 |
| SHA1 | 5f68cdffe2814736d602f4074a8bf8bf4982a34b |
| SHA256 | 4622ff3b726ae342d42193ba7acfcd5f8efee4b98d5121f37cb832047943e913 |
| SHA512 | a11c77b3e6bf09c6e2659ecc64291214ebfbb9de6c5a0d023c9396c5de04b0cd2a2491d85e97069d2ed317ee2384eabf6dbb6f68695e25628171bae4c720cff7 |
C:\Users\Admin\AppData\Local\Temp\qEQM.exe
| MD5 | d6febc49fab81247e99d86bf2e967ee8 |
| SHA1 | 14d50109d2443010ffa6a9394e1dc38cedf3b8ac |
| SHA256 | d12ed2d810301716665aecf96c1a13f238ffffe5db671ae3d9da5fda48f68545 |
| SHA512 | b07e56925b897c018847e3e223b52b4d9fe77f4670f75163798b36c9b95924cf0bae0ecb731c4c952a0393b7dc0ddcb40bf9cd994c7e48a7a3971e37e0ec5d22 |
C:\Users\Admin\AppData\Local\Temp\ocgG.exe
| MD5 | 3297bb52f89a1600613c4c88cb7a3007 |
| SHA1 | c4b0c1ddc4dc87617097b79ccbc2043beb414d5a |
| SHA256 | 9afafd9bb958250fb156a6360f001c39227f325f83919fc8f279f2d8f8b96326 |
| SHA512 | 62cf81b5867924fb0e8741bb41f2707e121c9414b5656422a8b050e3121b4ce4589e325e03cd4f82ddde3810918068e989dc5a4af9103a630e73ae06863d599d |