Analysis Overview
SHA256
d1cee50f03156dcd11a2c062aa55667e057bca0cee3515d5234cc83225132b60
Threat Level: Known bad
The file 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (78) files with added filename extension
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 11:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 11:56
Reported
2024-06-12 11:58
Platform
win7-20240220-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\NcccgIEY\GiYEIYsc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\NcccgIEY\GiYEIYsc.exe | N/A |
| N/A | N/A | C:\ProgramData\kkcsoscQ\KgUgMwIw.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\GiYEIYsc.exe = "C:\\Users\\Admin\\NcccgIEY\\GiYEIYsc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KgUgMwIw.exe = "C:\\ProgramData\\kkcsoscQ\\KgUgMwIw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\GiYEIYsc.exe = "C:\\Users\\Admin\\NcccgIEY\\GiYEIYsc.exe" | C:\Users\Admin\NcccgIEY\GiYEIYsc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KgUgMwIw.exe = "C:\\ProgramData\\kkcsoscQ\\KgUgMwIw.exe" | C:\ProgramData\kkcsoscQ\KgUgMwIw.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\NcccgIEY\GiYEIYsc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe"
C:\Users\Admin\NcccgIEY\GiYEIYsc.exe
"C:\Users\Admin\NcccgIEY\GiYEIYsc.exe"
C:\ProgramData\kkcsoscQ\KgUgMwIw.exe
"C:\ProgramData\kkcsoscQ\KgUgMwIw.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KqMcgUIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KsYYkcEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KsQQgUEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TSQwIYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tEYgIQsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\biMoIgYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jaocEAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oKEQcEkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WkckEMAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uycMEEEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiwMkUoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gwIgkccc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmEwIIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vMEQoUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pAYMMEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\daoQcMQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XOgMAEAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mcgsokok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MGUkQgYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\umAQwwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IaocAoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lygIEUAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgQkUoUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tEEYAMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VGcAcsMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tIQsIMoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CiIIsUck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOkIMYIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qIEEQoIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCEsooMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsIkcIIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jKswUYgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pyocMosQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-432152601823027014-774366149-9698643651289123404257404629253348682-1504437297"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lScMsAwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JEEUUkAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mqgkEoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\imcAQwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GWYAIEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\scoUggUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZGYIoEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmoUAMIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\niQcQEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xUYQsQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gwswgAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMIUYwUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIMgQckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kMYAYsMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JCgcwcQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FMUEgsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGoocwMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eowwMAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IuEYIcog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iqQEQwAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yioQocsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cOAQsscI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vuokcsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xMUYAkww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HoggYgcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FMEUEUYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ceoMIYYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WaIgcUoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSkYwQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SOkYcQwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JgQwIoEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FmcYUUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dwsEAgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VCIgQosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VGggMwMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WooYkwcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IKMsgwsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AqoEoIwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MykQgcgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LSUwEYso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2856-0-0x0000000000400000-0x0000000000421000-memory.dmp
\Users\Admin\NcccgIEY\GiYEIYsc.exe
| MD5 | ec950cf688b47772e683bcb85ab06b1b |
| SHA1 | e77308d8ea96407df05961a921c7f786138ca512 |
| SHA256 | e4d2d3bb528efff121394b7b8c789436b37105c3a2f848967eb560d400dcaaf3 |
| SHA512 | 7b26d1c34633f7ffc2fc0004d2f9cdb93e6f070945de49d4817fe10b61bf3ee0adf193d55df831f0cc223011e8d400c920cbead65c22b995614960dcb1ddc0a5 |
memory/2856-6-0x0000000000310000-0x000000000032D000-memory.dmp
\ProgramData\kkcsoscQ\KgUgMwIw.exe
| MD5 | bb5d31e1501449662edf27191b181cd9 |
| SHA1 | 466bf2a8fdcccc69ca8599017ea5593062d05cf5 |
| SHA256 | 4adae98536e9657190eb8ac7f40ec921da0a021f309f22d2baec320bbc3e02f1 |
| SHA512 | d530b0c9ed7c6cf8d4f744f9708b17ec77516bec27e4ee49287798610b207b6679eb2d398a2a21eeb3d7a77003254477b5a232677210c1988b4514460b415db1 |
C:\Users\Admin\AppData\Local\Temp\qwgQQEow.bat
| MD5 | 3cf3d84a4b02bcd847b72be772b17ef5 |
| SHA1 | ae5de214c320584ff220e044b3e268c9c5694383 |
| SHA256 | 21a38b36a0ef00c26938a11946cb08d556a7d8e4338f6dcc88a44b9b558b7d9c |
| SHA512 | 01e31f12c7d2a513e581836bec7f5c203cccfd8343ca4a2352ef739a41b8a7126d913d851369a930244d0c03f2cbbbc8ccddc2e582fd2e03b130beeb8f0b91f9 |
memory/2856-21-0x0000000000310000-0x000000000032D000-memory.dmp
memory/2856-20-0x0000000000310000-0x000000000032D000-memory.dmp
memory/2148-31-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2924-19-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2592-32-0x0000000000260000-0x0000000000281000-memory.dmp
memory/2524-34-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2856-42-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KqMcgUIY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\GEsggwoI.bat
| MD5 | a309aa0ac98fda5172d3cbdc27b21f8a |
| SHA1 | c1d6f63365414ef9a423269630da624c523fbdf2 |
| SHA256 | 90ef913567c9742c08b9b733093356f6cacdba01eebcb9692e814930fd62b4de |
| SHA512 | 0ed21813081f85e8417d004efdc9a5a1094fce1644a327aad09907fa2512ba56179af3e9c235327efef641c3f729af8a52345347b816c4a16e2ed4a5ff3a9be6 |
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
| MD5 | eaceccfe7af04f19a216c26f2791a458 |
| SHA1 | 7b9087b51c7dab7be798a4e6b1c128d204f1de84 |
| SHA256 | 0d792889bd18fbfd06914b1314fc632108f4d284a6147a25b146fae82ffb9171 |
| SHA512 | 89579be17b6ec7a69b5d8dfbae36cc09b90711429a4362ab8b6a0281d88fcb0dad2cc6e9c3f3a88bb5be91310a9b67cad482558db0bd356ea025c07561a768a5 |
memory/2660-57-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1440-56-0x0000000000260000-0x0000000000281000-memory.dmp
memory/1440-55-0x0000000000260000-0x0000000000281000-memory.dmp
memory/2524-66-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KQkgwEII.bat
| MD5 | 7dac21acf36d925309f400332b4d8341 |
| SHA1 | b04a658208a7e45980d4b86a30b5a44226964a24 |
| SHA256 | b8268a88d936af7b01763fd837fde9295bb6b62da90681c848f0a02b1de654bb |
| SHA512 | b123a500f52eab92144c17a832e812965ecff8f97a6a534c5c0e4deedc7759890928384011d7bdc807481b99f05f54dc6dc6be4ec64f62752a7fcb2c9554a6d8 |
memory/2132-79-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2132-80-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2372-81-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2660-90-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsYEIUQM.bat
| MD5 | 1ccfb0531dc7d7b14ffb4b7a1881b337 |
| SHA1 | c30da0421143c6e69e62651da3d7468912ded208 |
| SHA256 | 1e9a1abbee1abacd1bd965eaa76557d414ce660a776a2b20363d98435f340ef3 |
| SHA512 | 84b4d57c206c2650cef3fba57987ed53aeea29d44543394d42a9c2ffbecd727fdd3f8cfb5e7d05522cef6885aa972107cae83c6181212c02d40bfed042980009 |
memory/1884-105-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1832-104-0x0000000000160000-0x0000000000181000-memory.dmp
memory/1832-103-0x0000000000160000-0x0000000000181000-memory.dmp
memory/2372-114-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FMQIoYUw.bat
| MD5 | f82eeeaaffb7a9562f35bee249468440 |
| SHA1 | f330864e87fb2c5e3ea95ca85be0a7e769ddad44 |
| SHA256 | f4f74721f836b32169494fe4641ef42b64adafbae6881b2cd542e718c8633246 |
| SHA512 | 8f41d8f3c646cba3e7008a6f2c90e52eb109afc97c225fc47af1f1748145bc2c1273d2b7551b1575f7b7d37a86bbd17d99c29f8ffafd81fcbb732b798d56d365 |
memory/2200-128-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2200-127-0x0000000000400000-0x0000000000421000-memory.dmp
memory/452-129-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1884-138-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XaMkQIwA.bat
| MD5 | 290a142aa0c13bbe4bc84a8b79f837cf |
| SHA1 | 13fe43d82871b059f523500d776fb6742c0af3b0 |
| SHA256 | 730c26c6fedb3b3ead67ae52d635a7944dfa4bb8a06b5fe19a23561501eaaea7 |
| SHA512 | 107141aafc27781378b13b1eadec5f822752db094367b3c9643373b6a75db7df61444e7b49822b33b7ca737d8200b4f83c10d0eeb3c6b060534f677959fb9a5f |
memory/1492-151-0x00000000001E0000-0x0000000000201000-memory.dmp
memory/2840-152-0x0000000000400000-0x0000000000421000-memory.dmp
memory/452-161-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lkIUEgko.bat
| MD5 | c3d0ef028121f80a25bc332a9519be54 |
| SHA1 | 27fb3de1e57e6420fb793636c46785a117da190c |
| SHA256 | 5ef27515f9b81e90a0c1d8384dc32efdfc409ffed477327cd5e4bb207c2f9db2 |
| SHA512 | 5b42c265dcdf331a5582efe267c66dc4c64f24ab23a17de5fce24fecacd9b023da0f3cff4816c8f70c7a5bb7c7a9d30c1bc8a15d6e2f37249258ac33f8fe6881 |
memory/2324-175-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2692-174-0x0000000000160000-0x0000000000181000-memory.dmp
memory/2840-184-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BioAkgwM.bat
| MD5 | 0e99f21b8b242f476d51037301e64684 |
| SHA1 | b0d3d18d73564f6b9c9a90837e34b3ee6782b9d4 |
| SHA256 | 881b616ab36bbfc417c84fb31339eade454df8d0a481b449c06e9e2202e8c529 |
| SHA512 | cbc986bf73b6e017199aa8f96d2125747324f267c91633721168c03b295d8165f59f1708dbe4569942e76b30d1d631e5f2f2a9580a76338ea3efe4b00f3ef5c4 |
memory/1540-199-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1948-198-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1948-197-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2324-208-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kykkEUcI.bat
| MD5 | 5f030dd2639805cf6ed91843c2836c91 |
| SHA1 | 4d0b84ee0c727b45c8cafb2f7082d4bdc555e5e8 |
| SHA256 | d5d6f16740ed1e7d639bc208a9e035f1172aa3b774d78aea0566f5dcd4b7abc1 |
| SHA512 | a91eb1f479d39a525a48ce1a8a32abdb323beb2648ca07307a2fded2bfd5b5f67f79909a58af726b78919b829b46941ea62103792db54528fedf721cd56f70d3 |
memory/2016-221-0x0000000000260000-0x0000000000281000-memory.dmp
memory/2016-222-0x0000000000260000-0x0000000000281000-memory.dmp
memory/2028-223-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1540-232-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uOksocwk.bat
| MD5 | fdd448396b522aa4b772ee6932ec0495 |
| SHA1 | 7b603ea0f058fa8d5e32b8f4616462a4d0eee161 |
| SHA256 | 16b00f3f10d486225fdd3f64ef2085e91c9cffbcb7c13c06caf47db5da4f1998 |
| SHA512 | a3854bbe8788e9740b6442d4a0334e8c6bb7ea389b572c3c52bd69bff723546b5e1b2b8ac3ec34a1d09f64f222cd789fc04f14684830e15b3bf143c353975217 |
memory/896-247-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1820-246-0x0000000000180000-0x00000000001A1000-memory.dmp
memory/1820-245-0x0000000000180000-0x00000000001A1000-memory.dmp
memory/2028-256-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\giswIcss.bat
| MD5 | b346d898000676c3f2744b87ad1cc746 |
| SHA1 | 069960c958b0d52576f440a9fc119ffa3af5f796 |
| SHA256 | 6f648dc856386c9d98824124d3d2bf55d78055e4548063d704105fda8f95982c |
| SHA512 | 28cc4beac0209c4623ad5d2a51b110adf332d0289a848f18e731379e8ed66a3ee6e6754b89f4557032d8414715c364b1ecc37e29f0e30499a9d092c629392095 |
memory/864-269-0x0000000000120000-0x0000000000141000-memory.dmp
memory/1884-271-0x0000000000400000-0x0000000000421000-memory.dmp
memory/864-270-0x0000000000120000-0x0000000000141000-memory.dmp
memory/896-280-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GsEUkggA.bat
| MD5 | b5e39220e94869ce4f082f09e66db19e |
| SHA1 | 7cd597562832efa57ba52d20a75f7af8f6daf5dc |
| SHA256 | 2d429a96322b00ecc76040ad4d27ab0edf5927624b901ef3a513627c854ea3c2 |
| SHA512 | 0ded5dfb4917d8d8193e654a47eba3430745a538dbed876078684307d10ea0862a6bc3ebd35ee578dd698461b23b13765ecffc154786127256aae0feb6a4d5cd |
memory/2484-293-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2484-295-0x0000000000400000-0x0000000000421000-memory.dmp
memory/992-294-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1884-304-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dkswkAkY.bat
| MD5 | 627c50d431d1be993d2b1102502599aa |
| SHA1 | 1942339d3e99c6c8a3b076f7ef125e23e69b4768 |
| SHA256 | 4f5213fee58c2387da5520a6ef5a8a7ea0447b8555cd21bf418cd9f6761cc0e8 |
| SHA512 | 08387d10fdcb8e48c4a4ca515eac47c54e3d8c34d60fe58088af8dceede5ccdd87a178a796bf9d6c1a8740a0ff368f8da80433e05be1b1ddea6970c1e95ac0c7 |
memory/2404-318-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2160-317-0x0000000000180000-0x00000000001A1000-memory.dmp
memory/992-327-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PsYscwsU.bat
| MD5 | c85cccd9a2e8ad0acb96713386d91ae8 |
| SHA1 | 6e2c071efdc2de12fe5e5f8b5ee30d8f148a4cab |
| SHA256 | 53a286570910f79f4ae651e33293d0f5126a9c4647166e28f6211d9a1aee5e24 |
| SHA512 | bb646b8fa1f4e09a34277487700ba01e98de0734f9f76d5d660b1aa9cb34de581658ade23787047b9b1e8c3e0118548ecc48d8927e838c5e67144ebcd4466f65 |
memory/2656-340-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2404-349-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TGkUUsEo.bat
| MD5 | d22094eaf6a280eedf4d1c0151b2ab7d |
| SHA1 | 1f94abfef147e4e73e265202cde392327f2abd13 |
| SHA256 | e08634d548fcaa6766a1f7f5f8e5f5ab6f5f6153dd2caff6ecf300a5380b6327 |
| SHA512 | 08e4f1638b7c980365cbea9b6a972383bee51254d10da5062bf54c545878405b4dbab9dcc92a22a07619e82a8845e13e0153c73b1e722add5d18d4ac311eac96 |
memory/1268-363-0x0000000000400000-0x0000000000421000-memory.dmp
memory/832-362-0x0000000000120000-0x0000000000141000-memory.dmp
memory/2656-372-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCwsgYME.bat
| MD5 | 72e019b74ff9f5d95eacad247eb93c41 |
| SHA1 | 12996b0a38d40eff94a40fd703045327a6fb6f01 |
| SHA256 | 71f21faab6ea0900e3cc23bef8050782adcf3e9f5cf673c2a98cdee032611793 |
| SHA512 | 68992df53c341487461ebd89929c015a673a6893ea2c19e6682cb1d92f7daacc60c1cd9cade064b036b99ba6abec5da42e638668c80b194396293cbcf5df5c8b |
memory/2040-387-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1404-386-0x0000000002230000-0x0000000002251000-memory.dmp
memory/1404-385-0x0000000002230000-0x0000000002251000-memory.dmp
memory/1268-396-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DsEEcEkA.bat
| MD5 | b516cec7716d63766495c48f18d470d3 |
| SHA1 | 03723d5d7d548d316b09bc667a972880ae56ef68 |
| SHA256 | 4486bcd8df5d9268b6583ba990abdf59ca285e348c33e9b0514d6d26aad1416e |
| SHA512 | d0bc276113247aac1cd8de58a4328a253e1d352180c9c5b101b8f19c619f98aab9cb781fab137f30ba2a42bcd8c8809905b222788ef506eecfffbce684892cd2 |
memory/672-411-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1832-410-0x0000000000120000-0x0000000000141000-memory.dmp
memory/1832-409-0x0000000000120000-0x0000000000141000-memory.dmp
memory/2040-420-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aakEUgMQ.bat
| MD5 | 6d9538d7aa521a4690108fffb392c4b1 |
| SHA1 | fb9efcc0e103916337376e1ff77fb2c37e1cd9d4 |
| SHA256 | f95d6c2576d5151dcdcafba231f54e8ddb2297bc875cdb40c2d64b15123d926c |
| SHA512 | bbaff0dda7e39074f9fee526ccffb10e0089a1401c427c6d5437a48ca3514d1cda99428cdf012ba2ac41d74695e46c311b3e20b4e34736ae99d0a6fe9490aa0f |
memory/1868-434-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1604-433-0x0000000000400000-0x0000000000421000-memory.dmp
memory/672-443-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iWQgUsUo.bat
| MD5 | 8858e9bc331d42c743bf96af9f644ea7 |
| SHA1 | 10feb34ec9fb6baaddcd1e2b9778359e40186300 |
| SHA256 | ee8adc7e34226e5edf1d7b80bd1631be8e1dff85d5bf31dc14bc403518a0903f |
| SHA512 | 5b45829b421b5fbfa4a35100deda29aca3fb486fb80b89f5bb675f1bf2fd1a24ff151d8e49bbd916a784164065ac34c5797189843bb098a3fd3be03408ba6f98 |
memory/2396-457-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2532-456-0x0000000000160000-0x0000000000181000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
memory/1868-467-0x0000000000400000-0x0000000000421000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\CMoy.exe
| MD5 | 1ed13c8c0890c50f19ad7a31c168afa3 |
| SHA1 | 4a6e5ddd4ef85db8e647b48baea87a380b83327b |
| SHA256 | 9a840929b4bd60cf3c7e5a4705994c5a855b62a6ef3290758ad025c9842b946b |
| SHA512 | cc0257ebb1a71653eb81855bf4a5c6100e3a2c9a9e1f436de553ca97d51680ca5979280bb8ea554325d21695d09710e469c7c850121604767ece67b5ece08b17 |
C:\Users\Admin\AppData\Local\Temp\AGwUYMQg.bat
| MD5 | d0f5f977b5e9b839f0ca9beaf0a0e836 |
| SHA1 | 93c6cd20b030f4adea4107c086e274a97474781e |
| SHA256 | 34d48b2d095321c05cd9e01e135daac1581e069c5b32b88718edef7c941e4db2 |
| SHA512 | 4ebbfeb4c67cf0241705d5dc7ce43adfdbb2fcf7b5f91be1f0dd5d2d90de5433121040855ae000e7b397c92d04714662d19bf0f4c4b2bd10acb9ae85986b099c |
memory/1408-496-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2712-495-0x0000000000270000-0x0000000000291000-memory.dmp
memory/2712-494-0x0000000000270000-0x0000000000291000-memory.dmp
memory/2396-505-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MoYY.exe
| MD5 | 1830653ae6505ccb1b7a0be0ec757a2d |
| SHA1 | cc006bdd76964893147d6407a5ed595321ac4cdc |
| SHA256 | ae3e61f4cd8a69ef224fcf5988ef78952453a559879cacff1ad9fbc6f2e218fd |
| SHA512 | 44ad56468385adddf9f54181915f4f2f11675c5445073eddebbb42b88aed511f1e6741a5c350c14def837c8a6b675144fdcdfa1526e3071b4aa4f80224c047fb |
C:\Users\Admin\AppData\Local\Temp\Kooi.exe
| MD5 | 3d247787c54d7efdf70f4a5e13c94dfa |
| SHA1 | 0fcad0579f387a6ed6af6607882019124a843b42 |
| SHA256 | d8f437369c06c7b901e8908d0d295f463c438549c89ca06dc33e71534f073f67 |
| SHA512 | 474d04bbad967f2a52de4079f4c6a9a04aa1c210e14ffe16b7e1f8161f33862adde80c505415edb9bf57f1c39278cad55aadf89518377787342ca8f7a36cec66 |
C:\Users\Admin\AppData\Local\Temp\uukEgYIQ.bat
| MD5 | 478e522032950b3deea06a8510928fe8 |
| SHA1 | c222548f875afb63128f3eb94e6c16f33340dbde |
| SHA256 | 6209bfe69f67b1498dcc240a9edddf551f98dd4798f082d38fd5cc66d5bdd463 |
| SHA512 | 9623694df13e584709ae5e2471dc96157f6c82b856ae5488d72e966aaa1c53863f21fad7a04c47fa8b97886e037fe01f0a481dbcb1e86fb604d8ee03a205eb01 |
C:\Users\Admin\AppData\Local\Temp\gwoC.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\aUoo.exe
| MD5 | 79655aec7fb4fb1912766bed0b687da1 |
| SHA1 | 9f99143c686f04eaf9c10b2b13a319de1c17203e |
| SHA256 | a75f5d4e83f121c8669f669ad298080956a031cf0963034b21270212c85c85ed |
| SHA512 | e2f768f177a5b8924d905ccde0f4186e7113fc0b4197a700ac2dd87b2d97bb2517ddc3ac88f8c157b33282ec00dab049f023ca0effcc71260dc6f2f7ac541403 |
memory/2016-556-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3060-555-0x0000000000160000-0x0000000000181000-memory.dmp
memory/3060-554-0x0000000000160000-0x0000000000181000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kMYw.exe
| MD5 | 1b7f768645ebb0361213829172eb6dd8 |
| SHA1 | 965127c9cb46b869d479bb153aa78b9f33b887dd |
| SHA256 | fa0f1c6541b85d4334e23999dfca0b09205cddc746cad8783024d671d905d5ce |
| SHA512 | c001c76fb18c9d2e3e049bf0d2304e8c17021ecc2493645bf16ea29c59385260a311b0a5a044943de3d99a546c1381b38924d6caf9b3dc4bda36c5779ae39ac0 |
memory/1408-591-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GEou.exe
| MD5 | 5971a579f2e986d2a2876eed7d08db77 |
| SHA1 | ae73a927f191de9172cd585a2e2b013f3b96fe4f |
| SHA256 | de375efd87caed6bc25c0fc37d7d7ba708dd7cb5aa13dd7f8e2656ae6b49891f |
| SHA512 | 8c8ccddfc660cfc0104445f63c997ba3ebeb76e7dcb82091f572b290729ad1313e14393ba61159d687138e93ce42632c1b2268b873b43f3ee06b28452844ee76 |
C:\Users\Admin\AppData\Local\Temp\sAcC.exe
| MD5 | 22b7ad58ed041fdcbfbbc0731f29fa49 |
| SHA1 | a5f98823d7e484670e07ddb4e3e3f6701fcd3f00 |
| SHA256 | 229c47c843f9b61052006c852dce32fb47b977a94358792e71829da92819a22a |
| SHA512 | 799d03cd1e349c88b892e0304258c48b45e5de44d4312023ccef410a9bbd3ba1d8f2dd3727976a567060719f57338524df83522fbb5464fc7ae4ad1d2b9a479b |
C:\Users\Admin\AppData\Local\Temp\aUAq.exe
| MD5 | 5a3ca2cbbc7eb87fcc8858a1f43dfc73 |
| SHA1 | adf360ae511a3504ed343a873cb759196f5e18d4 |
| SHA256 | faf54fcd64f306de8030ccebc490ed3eeefbe530271260c2f1b1510944f465c1 |
| SHA512 | 7d5ce72000e3b22a55a093fe5346b7e54467b03590b82384e4bbbdc3df78390c56d795f795a197b105376c809bf5d4bd3578fe3a46eef328d80a70b0dcd63b31 |
C:\Users\Admin\AppData\Local\Temp\agswIUUM.bat
| MD5 | 5e80ce5821cac9685fb020a8f5fd6c02 |
| SHA1 | 88b0e0e6173e65613afd37372222e735226b5a5d |
| SHA256 | b12b2fd124fd125f61550e0401f93a655df366dc375a35af3b603aa981c0de41 |
| SHA512 | ff87915db479dac3ecf8f56d387786a9bd325b645841ff3227e63f3af37172840b1cb152c7591d91858e725ba1ed6047223213bb8f81bb8acbc6baac9f92985e |
C:\Users\Admin\AppData\Local\Temp\qUYG.exe
| MD5 | 4ac2c986ca1583e22e4fed028f59fbfe |
| SHA1 | db4374d8e0cfa7cf4f49735478cc0e7e24b17d2c |
| SHA256 | 00e1ac8e2e30537471c5caf2581f969379adb56c0eea96299e83fedf86f89434 |
| SHA512 | 94111cb48af1d22151c6ae20e9584c7e22d46b2a1b777357e7306ad3e8cafaf0342c3d1d3509fd2f56f6db4a2087c4d552b3419603317809ec09fdcabc7ab9e4 |
memory/1172-641-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1576-640-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kcAE.exe
| MD5 | 1c54f59f3540394102dd4818a47ee144 |
| SHA1 | 879549ea7668a7b422c6bc92841941780160ec20 |
| SHA256 | 46ebda3cec26cc1ec752653ffd2a6166f88b27ecdf729cb7066a0b9e00771093 |
| SHA512 | 6458fb51a8df6397e92a5a467cffc3d9d5fe0c1bcbf1ba4e7a43afb4445051b70e1793533f1359ef6853296e262f55d4b3307b7c384607ff63ba561012b40e9a |
memory/2016-663-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IEYu.exe
| MD5 | afce57ba5fff05f38834f0d0d0c382b4 |
| SHA1 | 0eabbc00c9646f5621aa136d181808212b84483f |
| SHA256 | 18d84a9f8eb5d9f22819c5cedccdcea79015a74574f4d5902370951fc215b3d4 |
| SHA512 | a3285e65ef1f3722ae09187ebe1351ff29269a59e3e6b9c96fc977d5f4e21332fc15de7e87ac6e146cb700cbcadeb41bab87f39b9e35c511d645ac39087ff654 |
C:\Users\Admin\AppData\Local\Temp\KQoG.exe
| MD5 | 647fc7562e5de09efdefaf98a037f6f6 |
| SHA1 | e5853ead71bc16dc073b7b9df457b8585ddc82a0 |
| SHA256 | 75bd7cb40fe97be44655b4c0a495a944a4ff92f7ae6fb0f80674d1bf58dadb62 |
| SHA512 | 7b579f8b196af2355c5d76eb49072ea3049890dbdc1f9d6378755e1b16393b61a04c3149573e7d35fda73ee1b6af4bbe66f39754ee8b2c5983e63290386350f9 |
C:\Users\Admin\AppData\Local\Temp\ReYIgcoI.bat
| MD5 | fe31fd3b11235d3c32a0f2d0156bcb5c |
| SHA1 | 5cc486f1e405e5b8e21e50070a53b98364f5e5e3 |
| SHA256 | 27a829a10c400efaf94e4606f96412feef79026224a382951ccb21ed3362e180 |
| SHA512 | 7fab99f47757a9f9384fcae3e8c39a3d263bc317e602f72d874281959240e476be91227c2f3b59b09a804914c7cf91b72ff1081a7e2a3f80c8816af4fbcb97b4 |
C:\Users\Admin\AppData\Local\Temp\igIk.exe
| MD5 | 5dc7611773d1bba48593277c9244355b |
| SHA1 | 62c391c4bc679b646bbe81a01b5108d0daeac723 |
| SHA256 | a81f6f4d4a7e003066a6d2fd3a541cf6893a5e2d912cd9424110fa131d35b67c |
| SHA512 | cc50e5c8d9799b8f9b286aeb814ddfe67874a508795c0a6a2466f1633ab3c404c4ea30a0c0f9b8e457dd788e459c657225a77c7bd722a89bbacfb5a8218172f8 |
memory/2560-712-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2560-713-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2896-714-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gAQO.exe
| MD5 | fd0ea550590a40af6483853c36cae2a5 |
| SHA1 | 8459ea219f84a489d4e557b6941d3b1bb5204f2f |
| SHA256 | c233bea10ed0d395d8d1dfb91d5b1990671ef52d24e2a7f93deb51a5ca9c3d00 |
| SHA512 | b8beb1bbe157b4289624f17e38575a796622c7fcd18557e8a881ab45b321428a093b29c43a1b39d2c8c26eb7dbd1430c3cd2523ebd5fcac96e896b74feaaa3cf |
memory/1172-736-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uwEQ.exe
| MD5 | aab0360348b5cd2f718673b104b246ef |
| SHA1 | 88323d81661666557a5c34a00923f6af804cabea |
| SHA256 | 55f9206150fb893c852e6f5ac455797f78275f8b79461eb528d3d3a5dd9c2a1e |
| SHA512 | ceff094a1ff691ea36a0b6565d490aad9f53f47b88cc4e21ce7193c01822239b178207158480e975cd2c132df1011be76ab28178a75ebd989cfac26c2401e822 |
C:\Users\Admin\AppData\Local\Temp\egku.exe
| MD5 | b76a61e3fb44a18ebb9b245de7310531 |
| SHA1 | 9bd00e1506fe7afd1529da5861a24e62b95c4061 |
| SHA256 | d333b50eb42317e84a00611ec7913e7e0e55fe01165f93a90807ac5975836c7a |
| SHA512 | 15a9389c6bb35f6efc0c95fda182a7ea50840b842bc9c786e090825adae2156db01b859f4d9a2fbb11ea635a63801b02e36e7a92013d8f9de01f66a482369234 |
C:\Users\Admin\AppData\Local\Temp\YQYG.exe
| MD5 | d704c21bc50a4d94faf0904e390b582e |
| SHA1 | 8aa21a3fef55b61511c2fe0878263428fffcb71d |
| SHA256 | a978d38985866532e62313d83f83237c954ed906d267bc156bde1872ce2e2b04 |
| SHA512 | f99670e048543a07ec0be758766fb44301f329cc39ad363b5791b1de613db3ad437e43e1968cd4a071a814deaac21663e590b10a2cc81f57d91e9ed6812404e5 |
C:\Users\Admin\AppData\Local\Temp\zUocAIEQ.bat
| MD5 | 5c06bf9d8dddf7791e158eb6b3f13aa8 |
| SHA1 | 6a2d45f299d594160af2d76150c5ba0b1d3412a5 |
| SHA256 | a2f7cdccb9e3414853cb8c9e7bd7705f8e3ad662aa7f8c71181ad37728b26d31 |
| SHA512 | d58d5121c26c88f2a6c62eae24917237f9b1200b967cb042d91ff4a43d913b47373dd394a497bd9063d1064a2a7aeb3c364f282490df93c171a3233b14cfe2fa |
C:\Users\Admin\AppData\Local\Temp\QMoI.exe
| MD5 | 2b84c6d234ed5d3023e463b598a1f05d |
| SHA1 | 1ed90a30a8449302c550253cce53b7a0aad56a8c |
| SHA256 | 36f95c209e52a9079a1fe020baf7bc88ba99e8eded04aad1795ae01fa3cd520e |
| SHA512 | 642398af3beb58286d24cf9b7280123b50fd063fa77d9ec30d9a779d9b975ab36c8ec241e6b7c777fbed797417a4d6d7a43f3d7fece13687332bfa4e3573d670 |
memory/2580-800-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1704-799-0x0000000000140000-0x0000000000161000-memory.dmp
memory/1704-798-0x0000000000140000-0x0000000000161000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qYYK.exe
| MD5 | 657cade41a5e8e5751307de3f21e1b74 |
| SHA1 | b44e99a930cfa2b5573c6ab340fad317a57a8f72 |
| SHA256 | 7f795fb3b378bc6086da3d088919af781583b3ec4bd66c4a989b2ab44d8a7b8e |
| SHA512 | 24316551d3d83159e0597573eebf04b9735f077863ecbd774af294abebb03c0c362ff7fca8176b123d8457c8f441f45caf28869286a123a74127e9d5c3b5cad1 |
memory/2896-822-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oEcs.exe
| MD5 | e7bc9fec3c8ab7fc9e817c8ad37344d6 |
| SHA1 | 2399efa7248f2aab369c720789b0c0eb6c948221 |
| SHA256 | af20b63a9e3e05c151d2da80f2ec9b1382087114f633e36d8359eebb21413048 |
| SHA512 | 753d6f8a2ff8ab9f30de4f478ceee5a5ba861f1d35f9be4a206a285622e703a5e26be548fa04faabd92712ddc04e3976db31de558705b9936563262626b56496 |
C:\Users\Admin\AppData\Local\Temp\kUYA.exe
| MD5 | 905cc123d24185c30afb3f9b7a9c5c94 |
| SHA1 | 127475d9cfe1551a476e8e9d4e83284df1d16469 |
| SHA256 | fd60e96853b6f6478719143eff89aa2f580dddffab3f2dafe2479ffb9858c367 |
| SHA512 | 328d28eae71532fd1fb20db5e56a2826535aa79adea568700234b3448707101b8b28e1c302254ee9b3049b81aaed347670c3392b875f1fe6008dd93413092e3c |
C:\Users\Admin\AppData\Local\Temp\JwUIUkQM.bat
| MD5 | ace60b4be1927ab970331a703915407f |
| SHA1 | e28d654bfa97c60a43c9376a54a6dbea310fd3b4 |
| SHA256 | f5b129e5986ef3ee131f269e8c4209d531466c7d2438b5c1b588ccaf84884ff1 |
| SHA512 | 13f454664b650a39803f8a0e6f193ad0db726b54cb1943cbdf6ece2fff3aa2140db36f11bf0207767bbb720085665fdcd083a327eeb6409fecb11d3d623faaf0 |
memory/1648-873-0x0000000000400000-0x0000000000421000-memory.dmp
memory/800-872-0x0000000000120000-0x0000000000141000-memory.dmp
memory/800-871-0x0000000000120000-0x0000000000141000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AYgA.exe
| MD5 | 9d0802720f6a045205720299cd011881 |
| SHA1 | 3d216534a35b1eef61e7639987025ac53aa49d8e |
| SHA256 | 6658ba8ea3efb72954fe2c9f416cb1dcfcfc199216e012c058747ddc61bddca3 |
| SHA512 | 9a8153c5803fb0aa2eada8ac317b306e7cf0830193ae0ff8a295d4dbd95a85278d308bdf94192f67cb259111b3801b2cf2ecb21e2c1089e9a1503e504a246aa7 |
memory/2580-895-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aMIq.exe
| MD5 | a591b6930a4d95316e0f52ffe4b1e680 |
| SHA1 | 9f22d0a90f745dbd086dd88bf0638eb7d0057fc4 |
| SHA256 | 42f8df2ad730dddadf85a4ea4dc009c484ac63771b97538078f9def688a46ad9 |
| SHA512 | bb6083b50bc9382982b69ed440708794a4e665c4d8da9c436cd7bbde42cd463f6c40fc9ec821d7fe506c1dd72570d2c52f1785de50cad58fcc631f1fd5caf483 |
C:\Users\Admin\AppData\Local\Temp\oscq.exe
| MD5 | 4701e8ca6ea1e6fdc87188e8279b1974 |
| SHA1 | 68f3f1aae5b4e8ca27d51e06f0603c0b3fd3f6c9 |
| SHA256 | ebe24fb704463263be92b35871199d53000ede4e2a274d2a428c02201890dc40 |
| SHA512 | dc5398fc0c36e1ff9f144bcb630d04c171ddaadba1c97587f3db1893a393c2d0d55856fa0ed6bb3727659b7b7de61ff3b4967dcf3fbd5217b2a96af5cd0cea29 |
C:\Users\Admin\AppData\Local\Temp\QMMe.exe
| MD5 | 1c36ab02ba596c0c3b6f79957dc2a0cf |
| SHA1 | 61b0ba1d4057254851598a62d0e9ec266b73f3fd |
| SHA256 | 615df3451fe920835c989d6afe9f8e547471377d5c09c4a4d92c3fa6071d4c76 |
| SHA512 | 29bfdc694a29f6a624dd686260f5153fad2139c37a6388c9079cc4d0f6db398b0d77c24e13fe711ba386964b0a32afc93c64c022401b2cebabe1f11e3a4d9220 |
C:\Users\Admin\AppData\Local\Temp\QIwQ.exe
| MD5 | cdf64fc1d6b69ff957d822182bd009f5 |
| SHA1 | 6144af36829a9948a88bdfae3e8ccdf99757c0ed |
| SHA256 | 02d83917e8747f7bf9b17c368f3719e54f23c2fb4bf7d33c7dd4388c1f55e1be |
| SHA512 | 5faf94d5884abe5405bd02fd4d66a04f2426b34f87e144d3dd4d4511538b32b1d63a0f92649807285d6a06b7d13e26d06520eca2a0f6408a90e80f18b0845bca |
C:\Users\Admin\AppData\Local\Temp\IEkW.exe
| MD5 | 78553b33e8cc460535bdfba9da4af4aa |
| SHA1 | a4730c91afcf00f7cb0f497b2f0de66e16b63958 |
| SHA256 | 91ebf655bfcfd6f1591424f0c44586748d1c8d3bad81a1137d93555b69d7ed0c |
| SHA512 | 9fa8dfc64825748abcae19432ccddee45efbfa19c81094a86e18e436ef654c2afb96fb8f1d48638b21b78c4c47750997ac2e5a1c846a956a3744c446c27cafa7 |
C:\Users\Admin\AppData\Local\Temp\jCscokww.bat
| MD5 | ba12f69588bb73793b19e8234eaf138c |
| SHA1 | 6b78dcda4cd644ab82a2681391c1b1d0b07a6e64 |
| SHA256 | 8877b7de8fa48b4a9266c6ff2bcf633bf063067f464eb5acbe6c77197bb1f84c |
| SHA512 | ca6b57fe646711ff3aa9d1f23f2bc2fe95038f8ff18a8229bdabe3dfcaaf072027b7b17d589c32f2b488fdf556c8394708393929d51007f65ecbb0d5404b432f |
C:\Users\Admin\AppData\Local\Temp\SsAS.exe
| MD5 | 0c8339617e27d2df4f0852fea1da70e0 |
| SHA1 | 3d904c9a41b8da84826afb19e56428a2b9fb2b97 |
| SHA256 | 222311a9409a041eb6c1c1e3ade7d2fa6a09922986a0688c418166ab3925c776 |
| SHA512 | f075e0046a516ed5dc2bf90b895272e1ad600a13b6cedf61deb696f8de0a5250499f76285b436c6635a471b6f51e6a39eaa65e86a0ebb8a9fc41c07c623b2183 |
C:\Users\Admin\AppData\Local\Temp\CMwU.exe
| MD5 | 83b54859f6b3de90bf5d23d4b063771e |
| SHA1 | 3b85b6a2ff66b4b87767834366d9019f2aeee791 |
| SHA256 | 3038918e9be507b9e10cc502e6dd04675adb956501cfa0f522f085a44c557ab6 |
| SHA512 | 6b8ddc0cd196afc0e879e138f7c5bab493e9f9a94bdde2360432d69d1ecf16d9c9674e1bcfcd63a728e4d2b0dad66dcfdc9358c5ad04e56ef263ba40e2fa7841 |
C:\Users\Admin\AppData\Local\Temp\aswS.exe
| MD5 | 46799b321c8c17b39ce33abb0f9c2913 |
| SHA1 | 09356ba7c0409828f4133c4702d6c1dd8583ac51 |
| SHA256 | f04caf5bd0ec5386faf3762260ac5810eea9524c93076e73cdb5c9638348c45a |
| SHA512 | 17883b5a7b83850d82d2e3511fd1c3acc5447427daa13731b2510018e6e2ff3ebb5202697c9d03b31f1674f3073695b13a8fe792b540745d25d0ece20f8a79a5 |
C:\Users\Admin\AppData\Local\Temp\QIEI.exe
| MD5 | 0933d19a5e59084564f94ebfad277ae2 |
| SHA1 | 61be45b1764e808d2779dca83603cd1a80a0880e |
| SHA256 | 2099e0ff6768457978d07ef4f301a530ca1e55189605e73ef205cb7ce799ba12 |
| SHA512 | 33085bfcdf1a44dc6bf8efb2b2d60d5f67356ee5fb9bc656a2b6ad0bc2bc2bf099d49bc0c32b0c793264315c01af740bd3e581526d0cce66c43e94730a1aa03f |
C:\Users\Admin\AppData\Local\Temp\aYoG.exe
| MD5 | 03e45827e275a18c845282b21633701e |
| SHA1 | f089eaa0817a39467466f77018e908ffc95b88e4 |
| SHA256 | 5d8e3ef7f6e21dc9366ad113abae6e00dbbcdfac012ecc5dcad529c24e20a087 |
| SHA512 | e877d8ce28039a5d5a47f3fee33456b6834163207b6f5e012787d7b5c7d83867675528e2eb96aa7f66b411274affe8dae8a6421307426841e825cc9ad81a5ddb |
C:\Users\Admin\AppData\Local\Temp\XSYMEMUw.bat
| MD5 | 242415fbf27d98d4495141010024eb8d |
| SHA1 | c3bd5f7b337912498ff316b796342c3f2352a8d5 |
| SHA256 | 132208dae1443587e47150459f508995e0ac32fa4b973a5d4a0bf958e764cdc4 |
| SHA512 | 848c8e091752f29fb1cc4686ed7b93d0194179985362ce25eceddc007a7e0ffe54000e308448826e90c39d09e6831dbeebf16f8be1ea2f14ff041dd0775dd58b |
C:\Users\Admin\AppData\Local\Temp\YsUI.exe
| MD5 | 391c282bc0ffe4280e60e2ae53ce3910 |
| SHA1 | 93da8a30a79f4c0334c517fd436583d76eb5ea8e |
| SHA256 | de0f7c8824c7cae3db6920cd0cc2a237ca41b3240f04a8dcb994e7990fe719c6 |
| SHA512 | b39f96024a7f8205a9561e2cf28c0bff4c4a6d90535f2600deda2534db4ffac5a04c8310f1d924392f5b00dbff7ddd95877f3a95b319b801aa92b7de4949dab1 |
C:\Users\Admin\AppData\Local\Temp\AMYq.exe
| MD5 | cfdb4d53eb65be85df8e96ea0bcfa1eb |
| SHA1 | b46f7aaa31f2190b7664bde80d1e762c803ae23b |
| SHA256 | b730d79b7f01bd9a32c90664f462975ad13fb5b366fa6e229a81ec74fababd01 |
| SHA512 | adef056e80e3dccf532972982da9650623ea4e7203ce0cc8256a3fd99c261822b100a06389f90024e972b7e0fedf020b2681140fcf4e7cd8b14e0338a8adb57b |
C:\Users\Admin\AppData\Local\Temp\SQIs.exe
| MD5 | 1ff3b6f96c13961f7fb74b327cf87583 |
| SHA1 | 6bccc3bd40be2220430ef2a46cbedc4dbdefd2bf |
| SHA256 | 0c85aff5ec4aa4666c7807763884de311ceaa1d57168c58e507621b863a1fd62 |
| SHA512 | 13fcd1cfdc7abb736b36a961c3dff64e184f55cb15a1993f25d1dc2688c17f42f47eeb4a9d91d5d8f107d3b7e6c3fbaac5d55cdabbac92669b55d7d3b0db7b68 |
C:\Users\Admin\AppData\Local\Temp\GUAS.exe
| MD5 | ee05f79092cba06bc2ab1b3b7423965c |
| SHA1 | b90dc4de0c6b0eaee064cd645c4b26ff2f0277c7 |
| SHA256 | e93de2a4e95ccf97d492fe702edd17821e2a06e2ce35300b0fcb3e2322688258 |
| SHA512 | 56cae7ec7b158d1d69d9236468a229375d5b968d8b979284e5180c13a125ba49acd412fcceae1e97dc0a8441f9918ce2ab1045a0c9a17c2ad2ec3cb8f7ffc8e7 |
C:\Users\Admin\AppData\Local\Temp\oMMY.exe
| MD5 | 98f26dc257d801a68bb6f8bbef58cefe |
| SHA1 | ba62d77d8767ead6dac33ce0b6db4f88357e50ae |
| SHA256 | ff787b95fd794114fb5e57c075668d75b4562c2c6ef6b0c8b4b61b11e7f5685f |
| SHA512 | 8d48d2b02bbfeeba339111feeb27b3d299887dfd2a9638442f478b0a1a3bc27f4ad83cd71394893ea28d36a28394cd7e1a48d78e96d762cc34b1bbe0fb1e4a9b |
C:\Users\Admin\AppData\Local\Temp\agUw.exe
| MD5 | 8a91fd79470932aa90239efcc078302f |
| SHA1 | fff6aafe04f987ec1726d4d26a83e7ba602027a7 |
| SHA256 | 8e07e8acca67ff7bccc864a6cf286208cef921ea87af0bdd8ae4a3ad1487a0f8 |
| SHA512 | feead0a12fd155f258f89ed5012d4830ec010918c6945bb386361e339e1798465d3191fe7705a1f80090e3977993acf18157b12f584891d49108becc2d2f47eb |
C:\Users\Admin\AppData\Local\Temp\mOMUoMwQ.bat
| MD5 | 06709f2a3cc2e9d38d65bfc1bb85d6bb |
| SHA1 | 2232a905144d812c2bc5c5aeb2b69823992d5873 |
| SHA256 | bc92297db537afb3f22315ea4e230b4f97179d77d89cf2b3b68ac72897db558e |
| SHA512 | 046ff1ef9c3a6a0fbd0fcda4f807eb8b42bad48b93b0f7e6c080bfecb758839b2fd72c864012a77939ce4d3c3f519e58041a2631efdc803baa76e96db90319f2 |
C:\Users\Admin\AppData\Local\Temp\yUcQ.exe
| MD5 | f128d2423b2617fe4626cf4f22534859 |
| SHA1 | f20996d1bd0d32ef2bd1fd7ed8cf33297db68509 |
| SHA256 | 352c3e21815ed8b19f51a742b8048ede299783e43f1a1aee631ff1241240c7a2 |
| SHA512 | 25b666ec6165a874f8e54c4e7ec8fc46d2e3a38a0ef7836b2eb3315ea66a51adef783ee175000717cf648c3058a791133361356904c2abebb6b9755f18a85284 |
C:\Users\Admin\AppData\Local\Temp\eYAQ.exe
| MD5 | dc9339f571597b65af3660623cd0f4b4 |
| SHA1 | d66f2de6324085c81fc3ebec4bb04444f1597ce8 |
| SHA256 | b5df3c56ce3172de7ebba4d71df63c3b77b0d7a3cbf692b91350e3b542c7f310 |
| SHA512 | c425e7e708b7ea502c025bf966368e162dbf2892fbc4d0c5a305c9fe20d0bdb879b57fcc3f86b564625f3deb661b52c9d2f3469913b11f5098d575b5d21574f3 |
C:\Users\Admin\AppData\Local\Temp\GgUa.exe
| MD5 | 52621ac0f66944c723f52ba106a4336e |
| SHA1 | ba3271a3cb847f6c3b085c38c9b899fedee73a57 |
| SHA256 | 6eea9dffb81d11613ab19908a50552bc9ff5496d0bf4614593b9d302be351fc3 |
| SHA512 | 3055486fc45ba915d0bb713dbe24e8a4298a04336bde9049e56cb0b60f2d5b4bc84b4143bc43fa647c9f7016a387065da78d9892648db08f2ac8a609df32a76b |
C:\Users\Admin\AppData\Local\Temp\yIsw.exe
| MD5 | 0273f73ac3e7eb13a0e6ba3d0e9f4737 |
| SHA1 | 53f57db3dd49b78986ad414f0757e582c831d10f |
| SHA256 | 23a5d5ca4bc093339778c4928106bac109750b7f3e5759e49439c5ded6709a3b |
| SHA512 | ff8e27265804d107e21d40a9f130d789a1067f407300c4abdf678f29ecfc443f5ab4f35458c7f4d07d55afffa553c0abe3a4d1833df011a8d93f7a6c4620dd31 |
C:\Users\Admin\AppData\Local\Temp\GscO.exe
| MD5 | 88d389ed22991a729f0b528bde67760b |
| SHA1 | 2fb6a095341a10660036f61d978c06a46a833cba |
| SHA256 | 5ff118aadad8ea91d3a5dbf2797ff730518f7b21cd5efb6b76a3e13d64f4c665 |
| SHA512 | 5c8550378ef1b137f82fd94c4b583fb3e266e0d9757fa05d2f4bc8a7920819985cf56ec11f33cabd3759d63a6739770705bc68451ac7ea30efd03b1ff3e3883f |
C:\Users\Admin\AppData\Local\Temp\CAAc.exe
| MD5 | 21bdb5ecce8f4c35fd41310e10486676 |
| SHA1 | 90a3166f84efe0daeea96db98e1e49a17a66bbc4 |
| SHA256 | d534295ee8bbd3acf6e57b915fca1ee3c66a64726fd083783fe36b7ff4b887da |
| SHA512 | 103c06006225ff746e5894b0dd9589f2d8e61c7755d64a133e0b9a74c17589e54fb1bb8adeceb142ae1feb38790253fb56233feb95e46bcd8827a6315911ae11 |
C:\Users\Admin\AppData\Local\Temp\UEkMkkkw.bat
| MD5 | cbf7c0a57fa908cba1f8aef007203ddc |
| SHA1 | 0403fdb9f89cbed919fb27940c4ad5be73d4eaf4 |
| SHA256 | 49962772d55cb80099b08e3fee4112c0d4be0c352e3e6278183720d0ba5f4327 |
| SHA512 | 2b5f9c98a33551faa5cdb1a25772a34f3a6fb9f56456043b27a8942f41456fcf7e46e25345258f4f65788cde1a3d9b9b219eae793d0e681b90d0639fece8270f |
C:\Users\Admin\AppData\Local\Temp\gsgu.exe
| MD5 | db3103acb60521936a5de74e0811b3c8 |
| SHA1 | a765320184f91ce85742a4fb4076761514b427f8 |
| SHA256 | f33f4030fe5127a250a5ea575263a36dba67ac18c19d129cf222a0b6feb88753 |
| SHA512 | eac99e6f3a3ed6e48017b9036a75ecc8f1c520bf53e315f3e1ca8ab2edd5984dff0d870645db174cfeeeae5f08e92d27784eab591ef57d7911f19fc82a5704bf |
C:\Users\Admin\AppData\Local\Temp\IkUK.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\aMMe.exe
| MD5 | d670d4805f1a9c1a3beac6e476aac97b |
| SHA1 | 833f008d62b00fbce7c1b1d375ccd42a1b604a38 |
| SHA256 | 052677b1f906e221b2a62cf42b2f494ba74342ab956be3a5ed0ed90ef0f84659 |
| SHA512 | b83c6a7d6820530a602055fefe649342b19165bf7a93bbc82b98ced2b0d5f967bce0af307996da0445e55ac700e13878ddd148d60fcc43232b5ad8a5cd9eee17 |
C:\Users\Admin\AppData\Local\Temp\OIYg.exe
| MD5 | d21b41a960c973f6a9b7ea1268514f1e |
| SHA1 | 07aa6cf4a819a48efc35c506aece53b8242c3683 |
| SHA256 | f44b3e997fefbee4538a0e384f20dbe1344211e09b888aca9089b110ea566832 |
| SHA512 | 6b07d6abbb7d27de5051e3f3f713c4af8f07a3743bb4cfe6afade7693a2f464ce84787f9e8a7852d2da4024cdf05fefccee7c37cf8f5a5282387bb8790be2fdc |
C:\Users\Admin\AppData\Local\Temp\wgwi.exe
| MD5 | 75bd4798718f0b3ffaf1d69806cf7789 |
| SHA1 | 8c1a19f4d918d574df1f6fce788cc0590c443f2b |
| SHA256 | 0c2a753f86a4ba0e9a48445462d5003b6b14fc506813c973a4c87385892cfc72 |
| SHA512 | 9a0b767a86ddcc71685aa53f73b3ef354d816ba233577570419aa98fe0b371a9d6922bc48fad739e2d4bd32dcef1e5d56daffb927f8de344559bfc2c6c1d8a78 |
C:\Users\Admin\AppData\Local\Temp\siUoMsYc.bat
| MD5 | ba1d002d81db60f0fad0ce55a20fc4ef |
| SHA1 | 56a631fcd50e9bc0b2c4fc3f1a9d8d5d9d4fef2e |
| SHA256 | 6d9811fa87291e701143ea2a6b59512ba8e7066ea40683c90d8ec975e0e70c69 |
| SHA512 | aaca1a4ee23fbc589de7d30e1fbfaaf05c29e08725c9f2cc0b0461e9a0fb9a5d05b86ae361bfe01bad9c429de91504e71a0465efc2f4fd19a06c655f1149d92f |
C:\Users\Admin\AppData\Local\Temp\GUAK.exe
| MD5 | 25dd77d6169264b5a60de03fc372a4a3 |
| SHA1 | 66179b04525b395a4275ca014611d9d99f9d893e |
| SHA256 | bdc2e7ff0b732cc8c086eb8711c8bb4d98f7929ca3510ac77de564306af870eb |
| SHA512 | 21bfcd006692c1d70ba57a3acd9859d53551153443ddadd34826f10f121e9ceb18eab8562cf8285c4f7021b6fc9a30e20c4f8429766305b628020b65aeeefca9 |
C:\Users\Admin\AppData\Local\Temp\GQUI.exe
| MD5 | b9403dfd1d7f43cc5b015af0f7701479 |
| SHA1 | 3fd9bf2551ec2daec2c7e1ab013436071641b80b |
| SHA256 | be494b91de2a1e5812ac2c9dfc6e4d54048a6170c3a52c976299b0b936330521 |
| SHA512 | f722609fa2dbf6fd82ea74a386c6bb08fb14bb52b6f7dad70d20d7c37725a41e218c201a80890371c655fe60a389301c93565f0e5c73fc1f8eb06ea2b4703c3e |
C:\Users\Admin\AppData\Local\Temp\OAka.exe
| MD5 | 119c74ece0331961b75fc9610e05facd |
| SHA1 | 7eb0364f9d09def920880b34a09a1617e6690e30 |
| SHA256 | 84f5a410e3bcb311d47bb7a4c93f55b1b11d8dc9d3e4ada7db82e2e714e2132a |
| SHA512 | 7617920a5d171bca26810efbfb7e1ed90726849cef9a448a7236a2110da44f5264605f2ceec9820892bf9b58f53a0097b96e2dbe65a32d49777ba473296eeae9 |
C:\Users\Admin\AppData\Local\Temp\IIgYEokY.bat
| MD5 | e46d7c6eda1d1714d21d46e7a9852d25 |
| SHA1 | 0ef98897e5c44741a9231dc227e8cd5a95576df5 |
| SHA256 | c6a077635b6513d236c34423ea592fb3017b2b0ed5a67940f94650081a748388 |
| SHA512 | c8e7d2c496289cd34ee7d42b8f642ce92d4690e425aac7309ee74e5b0f3ad123d6e1d31fb72a63b169257a0097490f924d4d30a25245a82a841daf82d23e64ba |
C:\Users\Admin\AppData\Local\Temp\mUYQ.exe
| MD5 | 8fd42508cbe8237a92b7c6e2e331e9de |
| SHA1 | dcf443f5892a3e0caa9011e32b6d735fc109967b |
| SHA256 | dc3077a1ddb633fab8a64c6e91fe108d6554865f1d2083abbc9a013a2d365146 |
| SHA512 | 4bea8cd16fac7f99dd2be94c8e83743cf722e672598e9440496fae67d469abafc68ad406ceb6101be975e7630d4089ba5727f6e508a6904d03940f44126c45f9 |
C:\Users\Admin\AppData\Local\Temp\uAke.exe
| MD5 | 7fc286c0a4b6c4386036168a9c35b7ff |
| SHA1 | 76ad840e2b8e5913174081f22bc35b259ad73cff |
| SHA256 | de2639f01f8a956c63c1817c047fcd225cf68fb01bf9b3c203c7435b77b1bc56 |
| SHA512 | 958987b51e3027328674e4e8f1af3a2c37ea4369b46cb6878b136ab0d0ddd7b05e48e71623c5dd58ab79c53089f45b6eef2a1d8c2ca04b602a37fc41ec2eef4c |
C:\Users\Admin\AppData\Local\Temp\EkUq.exe
| MD5 | d84d977e4ebbcddb369f758c02e6194f |
| SHA1 | 9fa0342dea5b0feb942d086359536bc37c60cd31 |
| SHA256 | 7c6aa3e670741f2a679909360ba24257f4a124fbc7c9a0826a97d0bf28ea1921 |
| SHA512 | cf70c52af15a0ebdc1991936b3625211228596488d974e11052dcb65d5bc6fc7b35483b3aff673966f73e30f5197fc6db9b68d3bf1581a29d9ce1e862aad29be |
C:\Users\Admin\AppData\Local\Temp\WAoW.exe
| MD5 | 51882d45f23cc1c29b0ac279d48548b7 |
| SHA1 | 7e7a3256b2d751febb0d976362054ad7638f4a7d |
| SHA256 | 9409ddeae6451403be4a8fed28c3b07fb5ca02867b5fb248e66f6a38bb6e3e16 |
| SHA512 | b692437fde67830d5f5fe603eaf2e444e698e5d9b895efe2a87b6322587e988df6a9e55eab12c38b02d8107cb7096ce336c47d41321d7e6ef9c71c400568033a |
C:\Users\Admin\AppData\Local\Temp\eMYE.exe
| MD5 | 027e81dc163b84cdf051e5f9d8cfe21c |
| SHA1 | 525b3dbe30aee424d82b69fc0f772f244730e37c |
| SHA256 | 8b47b74a56a5d77f58b2533409bcad58447c7a4ee5c39d2d31f4f6a1e008b200 |
| SHA512 | 2818f2ca361b007ac2da940f300f0a53779c528f79fe644afedf88dd3e02132cbdb3e9230bb7c800af6c2930390214568d1f13cba991c84ce7f70edb65f30bee |
C:\Users\Admin\AppData\Local\Temp\ZwYcgYQo.bat
| MD5 | 7bf9d69fdd199f0e8bbd5e1256e819b1 |
| SHA1 | a67eb572b36fa675dcb0be5e73dec7b74ac7eb6d |
| SHA256 | 3cd1f2ad6c60857585be682772211580de72fe5f0c0705c09a1a2f8a70227218 |
| SHA512 | 78ea1f53120a3429a455f03630004bfa385c00ee2080d91c2a82e8cc6e190d4d80c687d0ff13a3ada5e931aedcc2f237836fc50c96d16faf87da8431d0ab30ef |
C:\Users\Admin\AppData\Local\Temp\wgUI.exe
| MD5 | 36416db4c12a3eb07d094456feb67de6 |
| SHA1 | cd5f86fd5d94efffb083960ba1f9a3b710b31084 |
| SHA256 | a9a3bd3e731b85cc1ce5ec383bebebd2b37d66a5dc4706cac02742e93b77b23b |
| SHA512 | 60de4f7fd38c5f29b1e9cfdd2162ede9a9f7c859eac85c4504905c8f20ca2337c67020468423f6aaac50ae6e7b1ca084713dc180a5dba9d28a8c85e63b3229bc |
C:\Users\Admin\AppData\Local\Temp\uMII.exe
| MD5 | 24a76fdc50ae15d8db68f159a6d9ab75 |
| SHA1 | 936a03a87d073894c5707b06a0f433b825f9199e |
| SHA256 | 37469dfc50b5eaf5f54ab48675391d2c5b6519cfa2d7507fcce6d6f603afdae0 |
| SHA512 | d056beeb6d11ff8a6f453c7ef3ed579f50e010618df0e16c527a12e9932c50827f04c855e83380afe6a81f528d8f897e2f441ac2080a38765a064d5448c8ce3c |
C:\Users\Admin\AppData\Local\Temp\QQka.exe
| MD5 | 6d10f09e0118ae3626091680df9034a7 |
| SHA1 | efc8bdade991ec45a1f800c32d24e6426afaf6a5 |
| SHA256 | 744ae423d5aa6616a58c852999cd655a31b74396280425e1b9ed99bc1e162ba6 |
| SHA512 | d1e53a5764e49560b43331b8074ab62d836c34664554195cbd5bc2cf518e4a28542d6de536cd1e517a6e9d34c12419c2183673cd69a07abb40994fe50607b91a |
C:\Users\Admin\AppData\Local\Temp\IMkc.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\KAsA.exe
| MD5 | b526dfb46bfb064d20ed82936d46f1e8 |
| SHA1 | bbf03f0239b99968feae92b4f3a7bfb18bd4c97d |
| SHA256 | adcdf72a8de28a13795b2b957a2ef84112cb29197b5f068a085e2d9e4ddf8a90 |
| SHA512 | 1235496259066a56e2420e25f50fdf48325d6b4655bc6e819e6b634625395c8ee219b5711d2f8a4cbfae28206fa6dea1385eb1e0c68c7b13dc4a0f00849de08b |
C:\Users\Admin\AppData\Local\Temp\csEw.exe
| MD5 | 1a8379434c4fb768c1bf48e926c3ebe4 |
| SHA1 | a558676f14399b96efeba5d4808503b7ad21449e |
| SHA256 | db4d75d1b2fd0e5d42aab9758f6f2d6900bdc6f8605b07fa86f531177a2351f9 |
| SHA512 | d60226e70543f8a800b88af9875050dcf39bb80dfa3c37b69ddd126dee78318fe92d461e5564af56d385ebf0b32a902e626ab2e31853a2397049e2b9451484f8 |
C:\Users\Admin\AppData\Local\Temp\SwUI.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\kUIG.exe
| MD5 | c338c3dd4b0a229519faa8f3c1641a49 |
| SHA1 | 18c4629ec155f4ed7149a8ee88f94c4b5e14d8cb |
| SHA256 | 761bcb271d39561e9fbe6eb42dba3f0df93dbe43ec928121da93c1f9fc9890a1 |
| SHA512 | e851976b54f5b1b1f7df18370540b4bc1013e018e722a679d2cc79e7596cdad0a3098973901af5a1661b335c4d8d7c4977bdd2e5933c7e0a2a1dc6ad336004f7 |
C:\Users\Admin\AppData\Local\Temp\ogEO.exe
| MD5 | 6081554173dadf2f98ab98531f73cfef |
| SHA1 | 057ffe8b6a68d34526d2e65d42ffdd794bf2656b |
| SHA256 | f5ec55b8c3a622a006c72ac4f6dac045552b8b445ff1bced09fe88a21777a0db |
| SHA512 | 665b65600629f8083f8ac36f37ba4aca8ddb4cb030f401d2179546ae110d219e21bf7b58da18a445ae34aba16d5d45b1624072ddd9551a5000e5859a1877d7bc |
C:\Users\Admin\AppData\Local\Temp\HwUosAsk.bat
| MD5 | 1ba64a53f92503e2106caf656181cbdf |
| SHA1 | 11247ef693205be807983eacc5dc58e3ad7f31ec |
| SHA256 | a19d57da16a1624746759af0f287b624644e405ed9dcf4c456fc119529fc5fe5 |
| SHA512 | 404a7b403aa8a3850dfd038aa0c6afa17849fd5b6b3ade1692537cc1aa348e0a3ba87ecbe65aa6102c3497a2b0996e583547728957f0c1770f3eeb97cd21c2b4 |
C:\Users\Admin\AppData\Local\Temp\EAAS.exe
| MD5 | 8c01e94a32f7f6a5f3dea2ba36fe1dce |
| SHA1 | 619afb4f3cf0416f1a2cf3037455022b76c05c0d |
| SHA256 | 69c6f52310e0cfdd42479c3c671d4c665c25f004e2022a7970c1adf9bb9d74ee |
| SHA512 | aa4ff9dfe40e101fc106c7f7218b345b2796c4c55fc48f053e4cf47e977d696ed13bd4da40d34d9dc09092bed46d1de8d26a05ec07fa76559a78543fe92558df |
C:\Users\Admin\AppData\Local\Temp\OwIo.exe
| MD5 | 0bc86c15e551507ccb40652533329cb3 |
| SHA1 | 7ea47d703b2cd152034ceccc31a5186953f03f36 |
| SHA256 | e13ff3e9d1418b17226174be2ebef80e3daddf2b0cc2b4a256e27175a36006ad |
| SHA512 | 812273d60fbead02639152c2fb60de8332d6473183b2b7a9f8dce2e78c43c5a9c0eaa19c0cc3ace82e9c88967af5ac693c08cb037182fd855842e09e4ba1aea8 |
C:\Users\Admin\Pictures\RenameSet.png.exe
| MD5 | 97cac1ddf3b71b465b504ffe9c381d6a |
| SHA1 | 85558ea863a3ef07f7944e904ff1ecbe5775082d |
| SHA256 | 84ebb8090f8561d4c3369a485455e143c2c50a51be47990425e0eb2abdad19da |
| SHA512 | 528e07b8aa9702de58b14a277895ea77d31c14147176b71f0109dd3e92366747bab71ea0794cda2fa029d04b833473187e918587e66f06a1ffd396fd9103eff8 |
C:\Users\Admin\AppData\Local\Temp\kcok.exe
| MD5 | d6793b9c3479d4e44e8afc7528925c87 |
| SHA1 | 631e4ce6e1b02d51237eea702bc2d5843b8cd305 |
| SHA256 | 2afb2cf720562976092aadc33a8e3af89e6367e9d707bcfa0d240f35d717c64c |
| SHA512 | 8a3454a547ccdfda102dd2837cd89f53d7e655deeb0f2177bc9d390405ab703359f36dd961450d8e000e1decac5bad7c0177f8500767b928ebf2da11486cb731 |
C:\Users\Admin\AppData\Local\Temp\iIUq.exe
| MD5 | 4105937eba4c2833fe58804480a9ee78 |
| SHA1 | 0727ffa331b4afc6eb59fdf78088ee68ada45cad |
| SHA256 | b9ad69a2712d6de516fbca72143feec07b4078a32e3688fd5d4e94d4c138f48a |
| SHA512 | 2a8a22d87d389de88293257113aff4e8be16a9ecfed2a0342e7d5849ac656954181c6341a381213119c87a9387f0fbbc911c0afb62e549529c7ee58d27e02a6d |
C:\Users\Admin\AppData\Local\Temp\PYMAQYUg.bat
| MD5 | be7dba39474dfcd60af843caf4bee78c |
| SHA1 | a116bde80650bde8442d34338edfea7a0d221423 |
| SHA256 | e1878e1ded0d198ebb52d415df58237631ffbdaaa2c9b773ea8305faadb8f90b |
| SHA512 | 9dd4250c70d3a5a83ebabafe3b570098df434a45934571b4d770dc9568a127a36ca456aba499c4b33ca55554ad1699b10e29d1baccbe63a256460e1fd6c190ef |
C:\Users\Admin\AppData\Local\Temp\kIoM.exe
| MD5 | ad81fab9a7c37b0dcbc5a31bbdd36ba7 |
| SHA1 | 307241b391a89018a17102e8281fee2da32b4462 |
| SHA256 | 6f529ca9f8d34da20220781a4d8fbc1a0958fab7e423ed488e60a6ace253357b |
| SHA512 | 7c05a06f7fac1300819e188681721e11cbe53c3e14014ab394eaab33665f87bfb54232ee049090e648acfcfa333ee280c5fb2a993a38b65cc423a9fb2c04b4c4 |
C:\Users\Admin\AppData\Local\Temp\SAog.exe
| MD5 | e0e11cf2804904bf6cee8c58d418a8b1 |
| SHA1 | 5bf8a2daab3b6fccdd3d6096cd28ab9d9c0074db |
| SHA256 | 489340d58f923001772efd4bb899b0163b750ccaaf6407fb2d87c2d9dae52d14 |
| SHA512 | ede45142296dbeb15340721c0760d4aaa9ef4d7a507a9c91fdc9c457533cb1a1ff6eef501685f2756d2aeadbd5cff06d9686b6deb925972366e37f6b71e8ce1c |
C:\Users\Admin\AppData\Local\Temp\CAMI.exe
| MD5 | 769073b4e747b5cf2523d3941d5ffdcc |
| SHA1 | 96b4f2c85c42a2b2eb4520e7badf95a6a3bef7a7 |
| SHA256 | 346e44cbcdb6bc07d5e9280f5f84efc878cf3609a90e5d288d9b9b1bda1b68cb |
| SHA512 | b347417a5f3d877ef6ca0095e69e275ea66369b751fd3693ce67c246cf8b09692e82ab63ac9f4847960c4c0e8cc1907ad209d09e7764c2cb5d70f7aa7948bdde |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | f96df3f25eca1e2e1d7139d526f65d4d |
| SHA1 | e22d8a0ee882ae994398b62dceadbaea299e4721 |
| SHA256 | f51883af3a0bf2f3b4f5b0df5ac548544f53e64ea0779bc59cab8604f5b1a223 |
| SHA512 | 0fff14e1efd7bca4fae3e0225a15ff0d1f28b420323df0c662d6b78477634a63602184f1fa28c2c27db6f69b3faa3f6c14ff33d17429d6913fcc5fded2a5d47b |
C:\Users\Admin\AppData\Local\Temp\CEcc.exe
| MD5 | 517420e09698f6372422c24154b28ba9 |
| SHA1 | a72e6b9c34febcbee5124cda37234fc0f835fe92 |
| SHA256 | 1de178fc5e800230b97efbb49d0d9646dd4f062dac22062c6b2d4d543517344e |
| SHA512 | 4e87b979a17b2d140dd0839b1e60c18345ec32c673a3e85a15b7d77b219ff0d2bf686fa9e05912b920a228a99b9f2e8fdda0b6a6af8835b95b3277e3e5c267e2 |
C:\Users\Admin\AppData\Local\Temp\NsEgQEMc.bat
| MD5 | 2432878dabbc1d04cd1e5cb62e989ba6 |
| SHA1 | c3796e4586a53f5e2133a8eff4b3a42798eb0ccf |
| SHA256 | 16fa9c8ee2f794fae2cc0b6f0c630ac9bb1e7290e96cf3568ef4a0ed43335323 |
| SHA512 | a0a210c75d25391d56a6064d54189a194a0e555b2daed0b03824ba7400cb3123a8ae4ad7d83ecdf1a10ae2e686a0f0960567d9a2d9f17bd8fe7d7747d0ab29eb |
C:\Users\Admin\AppData\Local\Temp\SQAE.exe
| MD5 | 83794a57f0452e450f3d9ab49f59ccda |
| SHA1 | a494eb883350765ce5629e59b5c87e0888bad38c |
| SHA256 | 90ee42831ab0155935386687f340ffc816b0eab445074b8a388fdb4359adbaca |
| SHA512 | 7056f98a18dabf8f9a747c1a5069b9efa214c6221dffc341f972b56f831290ff56211110f0640a954df0be141a4ae5e8f3727d00c829a0d0b300f8885f490d7e |
C:\Users\Admin\AppData\Local\Temp\AsEs.exe
| MD5 | a3b2fcb947ba6fe788a9bcaad782f167 |
| SHA1 | e8883bdbff55b6da1df038a086356b0fffa1f557 |
| SHA256 | 42426615c15ae2556396fb9ae14c82ea80c4e4deb4ca332df7a2c590f13e67a1 |
| SHA512 | 0b6493ae1bfb1bfbc0619e830d21237a5dcfa4e8b4d3f0d2f7c662edc24d45185a58008ad494547c9ecd6842a786ce5eb2ee751d67026701d4a784d513e95e48 |
C:\Users\Admin\AppData\Local\Temp\mOwsksYQ.bat
| MD5 | d51807e84a38b6a518af20e5e77f056d |
| SHA1 | 273291095541cf21259cbdf2c5e125e4320c0d83 |
| SHA256 | 90e197aa407c68f8526e594db8a2082d0a25b170ff0964f46f45cda13a368746 |
| SHA512 | d6f8c92b4a1ac9a06038a4661097e482e6aa8d44d811fea0d6fe7bdfe6b9f19354c566efe140455d05be6e2a9318d925aac4736c6da1eb4523557beae6331cbb |
C:\Users\Admin\AppData\Local\Temp\GgkM.exe
| MD5 | 29fb1a36f27a244e3a3b5a1f124e5442 |
| SHA1 | 8dabf880df079633803eb02b4323cd103a6d62d2 |
| SHA256 | fdc4461226d0b79f7471d4b2a0bd78c4346150f47081b8e7e002b217a0cabf12 |
| SHA512 | d93dfb1bc28b3e607aaf6cbb1f6baad8b504b603cd70432b089f6ee5e471b00dd04cb90b25c9a4a853c3530a4e37773ad2b0505f65d2691ffea03ef036956533 |
C:\Users\Admin\AppData\Local\Temp\mEQU.exe
| MD5 | d09f22e2605e970152f44cf6dfceeb69 |
| SHA1 | 7d3d2d5ee1cdbadf3fb11a1619324498ffe71b2b |
| SHA256 | c58d1385e9b884c307fe9e8488a102833fa9320c9062cb99ee333c63ea1183f7 |
| SHA512 | 4f7a994f0243c1fa9a8751ad3e8a3c3bcab438adabb95ec68f0d2109d8f9968f0918520af72edaa84311b0a48335ceaee56989dcfb4a1a7b8cca41dc2db2a3f7 |
C:\Users\Admin\AppData\Local\Temp\eAsU.exe
| MD5 | f554a43b15c9fb1f4f3aa6195996f14e |
| SHA1 | 477fb3730d42bcfbbfa4a2d34e100a1882ead415 |
| SHA256 | 13667377534e23061ffe0dc66eb15958515de320bc2a7ba0420e0e5385119e4f |
| SHA512 | d0c7c1e872aed88b03a9be963ffa8630e9574576ac5a9c87e105dc62d4d7b7be49bddcde988188a9a7098cf5b2ed91859ff2029b6ae8e0cc19943edb4ce0b751 |
C:\Users\Admin\AppData\Local\Temp\SEUgIYQI.bat
| MD5 | 5a4fc5487202f123507f441431b0bd11 |
| SHA1 | 2973a79e7d488d3ed6e06f24f914e78b9d4b9d1e |
| SHA256 | 28d66b10cca5b4bcaec208928017d6297f24ed47b6f31e4c84a7648264d5bedc |
| SHA512 | 8e7bfcf17ef9c0f91a299f2b3b805ced9115a9f397430a90ec9a84ce3fcbdc592360180896910ceb76debbe26145dfc0c6d0c5e354f153f73cbf1a0aa145b3df |
C:\Users\Admin\AppData\Local\Temp\sckc.exe
| MD5 | e90815eb34af258f8f54b76e2aaaf31a |
| SHA1 | ec3418c750e42a70c065d595b776d2572aff8291 |
| SHA256 | 2f5979caec3490d33ecf04bfe467a4705f0bfc5f8a9e10530df7a8c17d94275e |
| SHA512 | bd0a4a36ca9c6c8a36fa3cf2deaebafec0e2a862614bb9f58faf31536a1d4cde02e670a0644bc17d6b201270faf7e41c2fa090aa4e41dbc1814763c7c6b0af93 |
C:\Users\Admin\AppData\Local\Temp\ssES.exe
| MD5 | e08ff891f910bd2b15d79a1c01e3f037 |
| SHA1 | 4909330c4c95adeb9107933f64d98395160f8c67 |
| SHA256 | 24da92b7dc780ea5f18e4a061e64a070ef234a0bb9f7739fa96080b0fb6e4e7a |
| SHA512 | 8dc040afbe440a724be680ed02ddeb2cb5531f949b89de2dc10078bd94fb558306932be2aa65b92aa7e61ddff7af556a2651870e74580e2b21c1e712a3ffaa62 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | 136d04b6bedc5320c0b8c625666f16a9 |
| SHA1 | a5ae560200e8a17e22f0bbb9d2bc499b25fd6950 |
| SHA256 | 84cb5ba8fc2a805a905d73bb1e49cfd73785ff97ddb6d62dc0b4b24230637259 |
| SHA512 | b198bdb86f7ac5102c664e809270bd07dd3d3848574429eb744b91acaa9261c83facef175479d34782fe3974a6516e580558527c47bb4b123414a1a4a46847da |
C:\Users\Admin\AppData\Local\Temp\AsAW.exe
| MD5 | 5b7224938f2ff8b3ae75632ee3b32c99 |
| SHA1 | 374aaef6f93f8387b85775725e059e68ea5c44a4 |
| SHA256 | 754dd69d6d204052ea7b07306785f1caa1da89d291151f6edb4d6ffac99e0afe |
| SHA512 | cbc56c00cc22d0e9ae43c6eb5e25aa68462ec81c15498b915040d34af97b003d49a73d1fa2b63eaf0744e65024d73a6219cb1ce7b5454aed10412e5348c3a70d |
C:\Users\Admin\AppData\Local\Temp\OQkgUgQs.bat
| MD5 | 8c5f54fa090dac0e7dce5dbf9fba7cf0 |
| SHA1 | a9fbab1b0c2b5f1aca1b40627a782bc79a57fed7 |
| SHA256 | 4f7f3da567f0da4484d6b397ca1874f342395bea6ac989dedc14452078bb7389 |
| SHA512 | 1f2ecb6cf49a18cfe09262accc319344520babcb2420e0496ffc58ddbbc8fd92e493c633c093b8fc113d20530a0cca9461c91f53ec375ec052b3d212ac6e78db |
C:\Users\Admin\AppData\Local\Temp\kMsS.exe
| MD5 | 0ceadc10fad8d64f238c55294c020fe2 |
| SHA1 | b60e904d1c4873b4eb25134a4dec636920e7d2d9 |
| SHA256 | 583271610a84e4861688d07c124727222d93ea2c8ba2dca8001d19c19b39e2ac |
| SHA512 | 0072f73625ed9c6dd5609a9b6925826cea372741caaf53d19a8395096f70d53b09dabf8a757e1cfde1003b2bc4abe7948aea935f6f6eaecbb8a370c19a752cc8 |
C:\Users\Admin\AppData\Local\Temp\GkIe.exe
| MD5 | 7ab3f25fee65c84db1f235a9cf356857 |
| SHA1 | 76f92b89d985344b31735aa94c11f0566a646bf6 |
| SHA256 | e1634bac54ce87f7a931d5b017212b6ed591b384b4ed32d0e9b083b76465b397 |
| SHA512 | 25eb4c8a475f4ec73faa70be4f0a8c0f655c883b57e39d9422c91e229a0fa1bc8eef674e1b876df722e1f8b8f57a39eec5f8a83edd4ab3eef6710d1a9911aff4 |
C:\Users\Admin\AppData\Local\Temp\qEkE.exe
| MD5 | 4eb0dcca7718379b0182056b8c22f2fd |
| SHA1 | 1f5fb4a934e2202a7193bec7e89eda9207de59b0 |
| SHA256 | 634c5b34bd2ad2f58819a71a7c1257c095027ab7f6d417e5424c143ccb1d695a |
| SHA512 | e9c8e88894649dd52b5fbfa0602de2ded6d3533a6b688ef92e6332cce26adbb1086e030459b9b1c2a19170f0d428733ecac3407179157aec0048bb8178b4877a |
C:\Users\Admin\AppData\Local\Temp\gIwq.exe
| MD5 | eba1775a15af821dc0d70041af424852 |
| SHA1 | 07990bbd533becb45856112a51ba561c76d23649 |
| SHA256 | e7afbd6ae545d7406ce179b7b7d8aeab1ae42999b0c03979d7b4d8aa6062878b |
| SHA512 | 59dd41390c653042d169e5190de210315a4a5753170ead96c70eed88ed4fb4659d8555a7c86aae46101f23c3b2a5c9525c8933b92267398323c4b8d407109591 |
C:\Users\Admin\AppData\Local\Temp\GCYcIgAU.bat
| MD5 | d8b590928ce8783847336d3c7f5bf4aa |
| SHA1 | ddc5029df576d0df72cb0586b81bd8218dd5a7c8 |
| SHA256 | b7aed997e59204c80e5c16e14224f55fa28264a1a9e3cb0e872e2389707ef5cb |
| SHA512 | aff37883a804da8c723ae3af45b6d4fb2b4be585bf98d6a51dfb4cac664a4e1adf4d98fb5de7690b10040e4e4c22f09aad6bcbe5655240c4d6020960e4a4ed91 |
C:\Users\Admin\AppData\Local\Temp\oQYC.exe
| MD5 | 58fa1e146f50eb4f1ae89d0037148696 |
| SHA1 | 9da82b197fc889801cb8a305aef969fc2f35503a |
| SHA256 | 00ce0b3196b10897d609614273331534f54a8b581b3d42a580532c702429c080 |
| SHA512 | e9a9d37ca7e199ac2cf32c1b52f1d982fc3a4a65f0eb28e63f0ea8678ed276078e3986bd15561491bcf1be6a938305a8f724b7db4f4aafce12b50c60d16a2e3b |
C:\Users\Admin\AppData\Local\Temp\mkwi.exe
| MD5 | e3ede1c17c593a4692888aa4810105ad |
| SHA1 | d148df6f98af606ab9f8a87f6254920be231bbdf |
| SHA256 | 30d4442744eb6a5a21c4a57cf56c9f63aaf0356e23889adf990e982b2a402046 |
| SHA512 | 9628657703ee8c5b92692759d8e1ef1fa6a0f2d90a06a0c08b7722aa12bc68f67201e3b7a30f44a693d4475971fd7cdbfccdf7509f7bf781b1c2f6614cea7039 |
C:\Users\Admin\AppData\Local\Temp\ecUa.exe
| MD5 | 8cb4618810f601aec7f32252ebd7d00f |
| SHA1 | 380de1f431f5c4417fd8c4179ef5b2b3b50c1877 |
| SHA256 | 4b422207f63e6a671128dab4f406cb77b5b285d35e8b1d0be0052554f6e93ef3 |
| SHA512 | 4c2aa0bc6823d4b500c6913de378d62b97aa0c0440c1e8f4f51e6246e4d433417c53a4dd457b6c54e849eff4661baf53a8f9677c5800608e9cb3c4a507b74d58 |
C:\Users\Admin\AppData\Local\Temp\XmgssMMQ.bat
| MD5 | 5ec3080e3e8638087bccf55ab931f801 |
| SHA1 | 561943c75c645536c76cbd5b826e8f8877220022 |
| SHA256 | b37afbfcadd41d3af84e4966811b4115da00c05de12ea43ab06bd9b886141fc0 |
| SHA512 | 596b4055a6b2c20251e74a6b0271566b13681936c8eaf6ca45375fd609ffb6854aa3d462401a681440e45ec5cfbed581938134165fa5eedd8b351c3990fba6d2 |
C:\Users\Admin\AppData\Local\Temp\gMoC.exe
| MD5 | ccfbf982450a54a243cb44c218227acc |
| SHA1 | 6b631bd88106fddfcd6747d3b8ed9dbfb1e2b9ae |
| SHA256 | 2abd8b2066c76ff6d318b9b7aa8f4d52abca9def4482efd8f19b85bd30371897 |
| SHA512 | d5f325f30ed22ab0a71a6cd40ee76b2b2c03b3fb767819431156651422b2a26081387876f83fe0123cd2dac3c000a583fd356911bf69b9ee98a5d7291e4172b9 |
C:\Users\Admin\AppData\Local\Temp\usAe.exe
| MD5 | 8342a08705e3cc036f178a20c5969876 |
| SHA1 | 3e04b3ca0d818daa9eeb9c8d9a366521ec6dad41 |
| SHA256 | 6b85ee56ff7756fb437d2fe4b97933976e91d896f6a9dccc1943d593f44500c5 |
| SHA512 | e55e41785f2a7b8b2a9929852884c078801096ff2c5858525adf69f8c3bc5b03e770cc7e3080c7fbcc3aafa3aaf020242546c8ab1b8d031b12dedc60771f4c30 |
C:\Users\Admin\AppData\Local\Temp\WQIU.exe
| MD5 | a01b8c058af3cce7adcce073b9a206d4 |
| SHA1 | 09eac9bb316e3e3e007b48a47bc37bf17e131637 |
| SHA256 | 10960c846ab39effa676e624f2868422872aaad658c4597116278fdd35d2d516 |
| SHA512 | 6aac6ba231d48fee1f9092e7bc1f517617f44111e7342d8cc79ed5c01762857261af16b436fe1940443fdca8cadd70f0f6fcc4ad0c81febc321d6aa5ba5587a3 |
C:\Users\Admin\AppData\Local\Temp\DcIYcsAw.bat
| MD5 | 308b5a9fb84b32e6ce682f776c4efb15 |
| SHA1 | 7387116d7ec0808fe6e0af060b8b4c0e98a2fe47 |
| SHA256 | a52b28bfec1cf9a872838aa5a0d8aff0e54015ae921485693d77dd75c7747d45 |
| SHA512 | cece8ed98b3ea33f704f8b5ff7fe8c47f5ed37249cef8476234128f94b26aae918d1dda56484e301b648c0759942ad8b3a9f48173dd82d1d6d5dafad297c0d15 |
C:\Users\Admin\AppData\Local\Temp\QYIA.exe
| MD5 | 59eb692731964923ddc2a02ca13b055f |
| SHA1 | 6ac4a3a417eba8f60a7db46efb001df7ecdac1c3 |
| SHA256 | af48db6eab4a7ed4d05ac6564cf95597da467095ad4fc357a2dac46fdc5dc0cb |
| SHA512 | 528dca7dd05abab0f7298daba333aae18ebb2985e9b93dacb347fd9fc2da3ecf76370f863fdf0c990f1b0fdeedb01b9e35cf37b86c451efc3e0ce58625b02cf0 |
C:\Users\Admin\AppData\Local\Temp\ccsi.exe
| MD5 | 2ffc75be2de362180ebec6096fc26a55 |
| SHA1 | 032216da8b4e0b8c3772fa59a40b536b2021452a |
| SHA256 | 1cf629943cdd4d3f701eabcc1120fe946025438fb20c53eaa1852fc563124556 |
| SHA512 | 64940aab2ddc5a19a71adb335382fc0a118540eb1bcf26bd453639b261d3bcab615cdb4e842ee34b44b0db2d42986993ae5ff6fe1525227171ff4a35eef9918e |
C:\Users\Admin\AppData\Local\Temp\MIsO.exe
| MD5 | 1d3d7351d669bb8f77c2872d52b735a3 |
| SHA1 | d089cccb650f42d0575b864b01525993c9990fc3 |
| SHA256 | 846e3fba53ccb247507f06f76a113dc51654238e532697d5c6c3f6ea487570af |
| SHA512 | 62c811d20104cdfe9909c92acc0fc271d227c19912c890ae643d29dc4f4bdbf9a3bded130b2315b9646827812f5f69caede826138d12cb5420b51215bafd2d3d |
C:\Users\Admin\AppData\Local\Temp\FCccEwQg.bat
| MD5 | 3fc55e528020111d21bc5c9e5617df66 |
| SHA1 | 05a157f4cd274324432bc15ccf4dd1943421ef0d |
| SHA256 | 882d42d10fecab77328db33f72dbfa8f7031b00f32ec62278d5650502e30d1c3 |
| SHA512 | a721b742516614ed8033c72ebea560123c57d14ece368c743dcf3dd8182930e508154efceecca0473126c1c808166456da62582617c065fdc3fe8cc5041e034a |
C:\Users\Admin\AppData\Local\Temp\eogQ.exe
| MD5 | f7ce008b1801b63e7aaa422e9e2125e1 |
| SHA1 | 9ef00fbe4e74a9c21154a295b1e0063c131154be |
| SHA256 | 5aa00c7f96afb8f793d5e96527ea4cbb78f0b1af8c077c752393f2aca6c2493b |
| SHA512 | 884bf08bb4a63087ad0ec18c00e8ac615a5b13ae1ea5eca30ae707d38423e825c8748a86b2ffdf098d60bc33f83d54152fa89db32cad1912e8cd4056cac02574 |
C:\Users\Admin\AppData\Local\Temp\SIcA.exe
| MD5 | 10c7067ece86ebf0b1d8b37966331290 |
| SHA1 | 687aea9958fbe3429f7e47fe96b2090af53172a3 |
| SHA256 | fa2f669c742c44f896a3f2896f5b80625839b0d4e428942eaf8f653fe507a283 |
| SHA512 | 02587ada267ecd7ee99749bde5a6940841d4316cf10b8681485e3b58f2015d29f883c1cb31ebdbafca5b51165b6f2938fd4f995ba8e31697da7e2c60dcc7fed7 |
C:\Users\Admin\AppData\Local\Temp\AAoq.exe
| MD5 | bbe807a190395ac16df71643162523dc |
| SHA1 | 22a4bc36cefdddb49b5ff86134a1a35649efe730 |
| SHA256 | ad9b69824c5f1e6a9fc600bde00c940f8c20bbbd79aefcb4c6d6d4f0968de671 |
| SHA512 | 7aff641da0106aac0458049248d987322c9343b7479e705135c4f9c343cd24d3d28fd57f639fe5ede9d264e8ef7f2a4f5b8e71c2c28b2e77300b5ecd4c259683 |
C:\Users\Admin\AppData\Local\Temp\tGIYskAQ.bat
| MD5 | 00cb2464956350ba5b9fa089f607558c |
| SHA1 | 074de1bf5b9625da2e49942d1e42951b4feace7f |
| SHA256 | 0bbd7dd3964275535601681665f92f8c69c63fe3561506b15e39c3c607545b01 |
| SHA512 | 02519afedaf0b05e4139f55c46d0d9d560d48c3e9d999262f2a6c390144c0d5bcf934f70df8c3b72a1aa6027855cd8e60da04da217fcab8c0220186163b3ab48 |
C:\Users\Admin\AppData\Local\Temp\GYcs.exe
| MD5 | 5a6d5c91c97721d3807fe5b3cac53d56 |
| SHA1 | af294bbb2e9ef084481272088041a617be87482c |
| SHA256 | 6055fbc3673a4be543c73951581b70ec059cdda0e2292be5122b24758198e19e |
| SHA512 | 1a74059e6b9b2cf66fc214cadcf73869071ebe01d60584b199ee7d2236002104019d1788e3ccec7e9558dc6cfc2d9825816d2aec0af5a6e96d8743191d66f2bd |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | 087d3ac8877538414617a6c3b15da96c |
| SHA1 | e96865ec8ee50a9946bcb43b3d94aec62f4c90b1 |
| SHA256 | 4402fb249cf2e1341f3a54b0bdbf70f6969691396d896c06ae0d2ef412d6b49e |
| SHA512 | 91c8ddec6ab2987357d2a7eea929bbb3e061453c79a8d4e0ef8fba378b371c123a243f0225433478b25783f352fa748f24fc7a010f8f6bfb83c6f1df0e14dffa |
C:\Users\Admin\AppData\Local\Temp\emocEUYo.bat
| MD5 | 3fc8e31c09a6e2f677b791a950be05d6 |
| SHA1 | bf18ba659ac3e4cc5f10cd94f44ed24d892877d5 |
| SHA256 | cfffe0ec512ac274bb98e870d10d8a6542bf32d7e8fc97d76b191adfe06ab2c3 |
| SHA512 | c180e2c79c59a2e53ae1428135f957198a3c23dbeb170dff76f21d9f92f67ce28d683b5215dc829285c64284c1fe6688c7c0f1ebb419b67c3f011bf859bf8abd |
C:\Users\Admin\AppData\Local\Temp\IYwo.exe
| MD5 | 048c8ee7198251075806e8d26c2a5ae5 |
| SHA1 | ccf1177455118818c145dc9408de171a85c60f5b |
| SHA256 | a5fa2be760383aed0e53423ce32037acd136103eb539d357341c867d307a8989 |
| SHA512 | 16e436564d68a598ffdaf51dfc77ed5b9df367c53134a2e88ac568b2604458a4b29abc4b1031c3d9166b4f8639ba2125cddd1e07179a4785d49c49b7c66c353c |
C:\Users\Admin\AppData\Local\Temp\kQwE.exe
| MD5 | 9d031aad74f8c7e7a6071505a53daf5d |
| SHA1 | e6bc2646f6300ab0d25c4d3af0dc30badbebf07f |
| SHA256 | 16e2bc923b7375f4be8fd56166e9554993b4c9d6a6c53a19b24942160b407cb4 |
| SHA512 | fb98bb5b6902a49c7a4a71136be306ffc2a9db5e60b579e5e5d488d6443b8535c3a484b5c71121940ee2b165fd007d3965f70b4b3d69351cb34c7e9e415c3b8e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | df226391ba7f5ba04e21e076b5787c1d |
| SHA1 | 1fa958037ccbbdce0a4c8f85b5ef2ed6750f4308 |
| SHA256 | 0514d009a7c27b2049a9beabbf7a7dd5efac09514a6091a64841bb2ec9af0a12 |
| SHA512 | 75198ce453ffccfdbb3c398a7f67196eee5169faf6cac7c07ecf29560df5a56acfcdc08a5b13ac3ce5521a1f6fc9110b07ea5c7a25ef378487e088c339e315df |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
| MD5 | 4a7ed761663ec45d5e2d1fc388ff6f47 |
| SHA1 | 9dea55f27dc13630a7664e0502f92b3f68d32fb4 |
| SHA256 | 8626a860bb9d730557bc5bbceef4c03e18fb6e78434418d82c5d2fbe3e0a0dd1 |
| SHA512 | dbf69885ad2051048422fb5a2372dec4e1c4962e332dd3ed4b6e52cdf8c2944f45574e0d5ba935bc60214e8ed1d43acaed2b159546a177308b9b38778a0681fd |
C:\Users\Admin\AppData\Local\Temp\kkQYgEsg.bat
| MD5 | 133ac42ae0be056a55519001f2d3df9f |
| SHA1 | 28c58d4891ce749a7c3576588bb6723665cd60e1 |
| SHA256 | 29bbf91312c977f5156fa22f8c230e342d6b5c325874756b1b994fa749279638 |
| SHA512 | 4d1d481717b2242016433fff23f00fd232c96b57405fc8f3e35a67fadc3859ef2eff70c39b3042ee70c5248baf401fe142f7dc5578403093528119ca16aca712 |
C:\Users\Admin\AppData\Local\Temp\aoIU.exe
| MD5 | 14e093b43f039e7bc877ced5faa4f896 |
| SHA1 | 08c1e3217bfc887b3f1ed973f6f68f0de9290961 |
| SHA256 | 6cbc307ae08c8285c2c1d4b9bf67ef847a2404f049fa33e7267b0ad6ce6dc10f |
| SHA512 | 746411a92a8632c371c0817aef0b36b8cd2779e4436f92e20216aeb7256c09d099238efd478774aa6f4e3fa982b8e353c01e851022ceacc19f4b7ebf4b45045e |
C:\Users\Admin\AppData\Local\Temp\SUAQ.exe
| MD5 | ad730767aa14f6bb1fc22cf254b620ad |
| SHA1 | 7991ab59664688cb000e5af810fbb00cb30ccf6f |
| SHA256 | 840b48e93a4e354d44e97a9f0a3a67f655a6fd1e8d218251f4607bd14121c7bf |
| SHA512 | 2c3ac3e2f2d9b1a975752086d2f526efa5351ffb6d951de198910e03ca0f1db20c9c6a772c733654cf897614ff32df40490bc7fa340b1c8e67d50db9e173e62a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | f992b01bb28dce62ac0f21bb1fd69f5b |
| SHA1 | df9c8765525c34b9e8a58490f120fa96a6d8f5a5 |
| SHA256 | d2f035c55ef7acdd04c15dbc4c7b7026cc2862e412ef8fc60537f24be2bf6805 |
| SHA512 | 946b4489a670fb448fe4c8e5ec2df6f2fd44eab817e4e0291e9d7a89eac7911f7d719b17509bffc7f09deb6a2272f1f96cd4c959be9602d800220249591a7f13 |
C:\Users\Admin\AppData\Local\Temp\SUoQckww.bat
| MD5 | 7107bb57781714b4dbaac4b13929caea |
| SHA1 | 0954affa878ba08fc9d7a448580b1438f1b8d511 |
| SHA256 | b173dd008d60cd48bf0e11cb8aff93542514a40c58eeeb513f3fb36050d2af74 |
| SHA512 | d053379c18fdf6c6bbd99c1874e5ea7c97cdefaa83bfb7c07ad6b5c81153cb20371a8eb5ad0ed48487562014cdaac008ca8b29b5d96c56ad41f2219f0e85c748 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | f749363e632c902c7510f7582706583f |
| SHA1 | 1a664ea5a730fc522e0d6bdadf6366dd2c26614f |
| SHA256 | d33f66398490930aa7dd1ab6d9a829708cb5320944b29c75ecc8f9672f69cbe1 |
| SHA512 | 94956ff8dad97a7c9dbe6b835f80288e8730a11524f7982799da451cc83b357172adf1011090b8b9e82cfa0713f606dec04f9ac03ed7d9b552c7f34b2f2b25f8 |
C:\Users\Admin\AppData\Local\Temp\cKIgwQQk.bat
| MD5 | 9e608ba75b0f1ad8bd686b00f432e7a8 |
| SHA1 | 4df2b07afbfbe35867a517d9d2063cbda77736f6 |
| SHA256 | bf8e06666295e18571e43b6e8ce675f7313f1d04f0a2dbeeb39834a5b33fa212 |
| SHA512 | cf2f90d3c491d39c516aa5ee7b2e6527ef5a885f30bfb80008ad09431b8110369ba9cee223fb9a04c5f7e96688b5f65e2ed0d4eaaf56b3465985ca8d3b3d2c73 |
C:\Users\Admin\AppData\Local\Temp\zuIcoIoc.bat
| MD5 | 6e21dcbe78541ec664b9693f2b465dab |
| SHA1 | 22c8224cd1d56d0761286c90084d3ed47497222a |
| SHA256 | 9ec2b854d8e230e3898c7ec32904f2b80ccc251521ad411c3ec2a909c53acf1e |
| SHA512 | 10e7263bdd6833a6e66175413a3c6ed6f9db06ec2954adb842ec1840ea2d63ec3908bed9f4c1df5a5a8fcd0637091fcc5f0ff6a39d8e3c59e75c5390ff055c11 |
C:\Users\Admin\AppData\Local\Temp\YIUa.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\MMkk.exe
| MD5 | f56a0f31bbae6372c6e55af661b6cd5d |
| SHA1 | 0fa102f1fa5046f0e9afcc6babaee2cfc59bd821 |
| SHA256 | 13532c8bbddcfeaffb014c7ffb5682305f74d8066c5e69da15bf6ca60684b1d1 |
| SHA512 | 80f697992e6764b33e98cfdb55e773b8e10a0f9aafc79365a80d654436405a0ed2fcbd60f075021afce0918823b92c88356e2c35d525534be6ca7f30c947658c |
C:\Users\Admin\AppData\Local\Temp\UgAS.exe
| MD5 | 78e24330d0437123838fdab416625d67 |
| SHA1 | 96801ccffc14b386de66ed4f33393ea1dca32287 |
| SHA256 | a4d4131437f21cd30959e3e051f4466b2beea3110f3b660bf091281cedfaa52f |
| SHA512 | 5920fe51a90e6886b08e9af8a83134ca8f75ee21d14f7882af9b33991e032e8a41f141a5e50051b15c44ff582c9da4061f179a3d380d6cdb064de8afed54c676 |
C:\Users\Admin\AppData\Local\Temp\EIYC.exe
| MD5 | dbd9d66d9745bcfb5be281da90af3ce7 |
| SHA1 | caa4480c3d676c3294ca82cc6d0263dee10c387e |
| SHA256 | 5a4acb264bb2acd56ee2ffef226bb3f7e8b683bf9f1463a414467670e6cf3fb5 |
| SHA512 | 607dacef043bbb0b81ff65abe40c94f675626e12de187a79455b281ac8d4d31bc00b80ec41dbc84036f77b666fdcd463e327dd3f23e5eb50f71a4d399575027f |
C:\Users\Admin\AppData\Local\Temp\YQki.exe
| MD5 | 589b53cf46c1a817ea4a617b5aa224b7 |
| SHA1 | c03d9939a99c2c924931c3b2508935c82abc5f5b |
| SHA256 | 42d0d38b83f6148e5b1b84ecee3968fa57f545732ed2b73a547c19a865eef84d |
| SHA512 | 2b3a4af5b7df25e5084e98312b98afd3d2af9ba2c86a730a99e8246268a3b2f6f808682f7f8ce9488712686ea12d9a961e92d9d3b3d29241e11b8988e33c3eb4 |
C:\Users\Admin\AppData\Local\Temp\rYgkMEUQ.bat
| MD5 | 1c43a4ee7970affc286ccfb6d4a3e5aa |
| SHA1 | 09149a33208829171d31c11b43b81cf2ea1ecf31 |
| SHA256 | da92962fd14a5b0420a36d9bc36bb82bf281114a8b5318e584bfcc81504aa6d6 |
| SHA512 | 7dc429d7545926a333dfa4a0cfb32a54798ae769cffc566e030be7df7ad53c9ad4cff3d7751d0d26119bbc11cb8bb927bf57a38e249b250eb8ba3089d60cc8f8 |
C:\Users\Admin\AppData\Local\Temp\ysQA.exe
| MD5 | bfe188a9b479fd83a138eda7a8f87fec |
| SHA1 | f1a7af7535bcea323e59edba8b262b0ff4c19e2c |
| SHA256 | 1c714abf7f54e6fe1a533c2a002670101aa135c548c31220ad8cc15d86b13826 |
| SHA512 | 47ae2282049df723a3e8245b70cef21b172c1d640aab5c0f72abccaa09b8d5b8d5fbc339599085fe804e9c84f2ec034c63dc0df4e8e7e057926e3e4602f0d883 |
C:\Users\Admin\AppData\Local\Temp\cAce.exe
| MD5 | 2705a1b8617a145806f78ec5c55aad00 |
| SHA1 | 5f8d01de734a58d28ecc269891e294c52baaab0a |
| SHA256 | ceabaa94f71dc665baaca138fe0878c40eb4a65fd58291d669f972a7267b5ef7 |
| SHA512 | 0c57ccb70b7c9543d6fde8a26c25a81496e901e116cbd0dc077b4cbab9bd4ae0214f6d12a8de40f7020611edccdd8ddfc31d89558994670787f4220ef1239179 |
C:\Users\Admin\AppData\Local\Temp\Qswy.exe
| MD5 | 503c4e8dab27f2f361b841a7688a9dd7 |
| SHA1 | d7b4c153240694672b33e1d3d019f7cac6982367 |
| SHA256 | c8c93985f627c1a2ab09b2becb0a0e7147ba041a014c0806b4b649e57a0373d7 |
| SHA512 | 26cfb9749a05a19db9016af7e93128376c4e25309f920d2f7374742784b52a6bf467c932a5d09043eeeaedcf2ef5e9f85c2511e1e09951b690b81644a6026313 |
C:\Users\Admin\AppData\Local\Temp\xowkUQEs.bat
| MD5 | be815d74feda9f5617f3da0cad8a3903 |
| SHA1 | b77bdbba8f5dd2c68328f696eb79ddf002687682 |
| SHA256 | 74146bc7dc6caf2d1b7b5b37bfafc662e1edc3b1c86a509d987b2b883882de32 |
| SHA512 | 09e33404499a20b7fec98ea8272a1fad92068474eb8105643d5c55cfba0e90bd49fcabf8207001bdbd00688462c8c434304faed1d79afcc8a8a5ef746cd9f44e |
C:\Users\Admin\AppData\Local\Temp\Goco.exe
| MD5 | 8c20b7a19d505b38118a68de579be1f2 |
| SHA1 | 0b5c551d4766ba3b1c7c116d86f68fda71b407ae |
| SHA256 | ce27f8ca253b2f80746508d57b33187223e8aaa516d34c5114d3eaeceae3703e |
| SHA512 | 7b7d83ca394568a9ba3f1ab47b677db989cf0ddd882b22833315c89cf0622f2fe49c9a026ddf3a5ebafe442064d7fbd49d056237c5cb8da3703ea63eaef0a72d |
C:\Users\Admin\AppData\Local\Temp\Kkgq.exe
| MD5 | 7b9b656610b25e0ddefb90aad2d343bc |
| SHA1 | 16f72bf444ae6f61bf347fa4a25ebe9312ab2e45 |
| SHA256 | 428c014c54d7cfd7d30706701c6136309f6d45f892992dac314a24f09496d0d3 |
| SHA512 | d642dfaf07fa304ef7d8ccafa971f895802b1f617ee89a9759a2b31b996d237371505df0d8fb18095d0f5499bfee24a28f8ed63723383ba804fe7ebf4de241c4 |
C:\Users\Admin\AppData\Local\Temp\asce.exe
| MD5 | 90eb5177b49031c570aa55b0d1120179 |
| SHA1 | 820c146504fdf3901be8cb8cd248d6955cbd5b16 |
| SHA256 | 36cc06cd50db587c1d6e5c48b06c2d5798e712e263e0711802975bd4bb23ac93 |
| SHA512 | a6c35c7818b0b7fe59819404d4786b474bc13bf16ff881e5811b3a81e5cd20e967230dc94e6513c618fb61b1803975b1a113422b22d52663884641711faa69e9 |
C:\Users\Admin\AppData\Local\Temp\wQEg.exe
| MD5 | db407d1a5452519539af1cc136a94a1f |
| SHA1 | e1284dd24711122818eb434ffc57c975566ae4ee |
| SHA256 | e6d82a4947e000d75e91d917d8575d0794bf7e6e7c05883fc6ea090ff2fedc27 |
| SHA512 | bc41aaef7747961b99027b1ab0f8269e721a45ed682a14c09fedff2c51ed7e453e8ae2160c2b96398761833fe6b063d2746808d82bc6a997cfa6fb24e11fbcc1 |
C:\Users\Admin\AppData\Local\Temp\veoogcYc.bat
| MD5 | 7d084de1428596a03b10a6542eb8486b |
| SHA1 | f3359e8e6866b5daed5d55d2c81c1c21c3ea2140 |
| SHA256 | 0aecf75cf507f279368203b3805ebf2b262eb649e00d66e739e1829bd97263ad |
| SHA512 | 9c78e09a80cbf6adc282c48b305dcdb0265a831a30fa6cf3b579027cb343ba202d049c3823c93ee3a544409774421a6693998a999caf7e0513031062490a09f8 |
C:\Users\Admin\AppData\Local\Temp\oMAgwwwo.bat
| MD5 | 0d599bd9c0bc9399054c89eea32fa537 |
| SHA1 | df07dc84c6afc0e86331b3f6ae626313f9682411 |
| SHA256 | 0d3f1d299adf8169d9e3f7903277dc8d7889f9600d5dbf1e3309bf340613f7e8 |
| SHA512 | 8ef9b393bfe2a340645067f8548f84dc8786a951f8700489a41f60ed32fb92fa75e3d86bfa3155db44e5fff81b7dcb39823e6b9edfeba53cd610505a26134a6e |
C:\Users\Admin\AppData\Local\Temp\qGcYsQYo.bat
| MD5 | 66ff4efa2e13aaa7a24c04e78e54d092 |
| SHA1 | 268ca1299c67e3edd7acbd1b25304091e9c1b242 |
| SHA256 | 8dc7576ddb271cbc8fab19160286fedd45640ab985b4896d0b539aa05f7e3aaa |
| SHA512 | f5759092b62956aff190ee15a2c058d936858d1d17e8e92fe6509703ba07f12beac5ae70496d7f85b24ab866f0836f49feaa94bb4d390390f5fd52edb65f3f76 |
C:\Users\Admin\AppData\Local\Temp\KmsYwYUM.bat
| MD5 | db9f0aa482e2f9c9a76f0041a7064990 |
| SHA1 | 56c8e078f0d3bc178df4a9da0448d1f10ea95a0b |
| SHA256 | af34279a834861425df765a09d5fcc21e0af2e2cdb2dd27916f8b5a71217ca6f |
| SHA512 | 34962b3f8402559eecca1d6fd019c7c293144d7627fcbb12d25f87b93bdd79b8d916827d5f8ba2e051500e6a2a40be95624e7e0b5ad3968f28b3573ced43a930 |
C:\Users\Admin\AppData\Local\Temp\YWMsMUwA.bat
| MD5 | f7ba1bd58f075838ddfe4a9df5f81ce8 |
| SHA1 | 623408b36020c7b349ee720a0b1e841c19ec0094 |
| SHA256 | 51bcc56c5ece533b0cb79e59e287d06a223d108894e9625ef6f887970a771163 |
| SHA512 | ee05caa0a8b1f94396ebca59c92edde0bb50b0fb5b2a8624f62651b7804b180aafa1dfaca8fe3036444545a2606fa04a995924ff3b9b5ca8df469b3b2b3800e9 |
C:\Users\Admin\AppData\Local\Temp\TgsgQUwg.bat
| MD5 | fda06c207933cbd59c58910f8bba9bb0 |
| SHA1 | 641da2b85d6d975733766805cf9c73382d084ea7 |
| SHA256 | 533b7e2d59637f984515f4a69c4e913f21f9e14f13f06160c181e90ecd9ca165 |
| SHA512 | 9cdf18f47388ad7117d53e5df764b3fc8165e8bc38724ebfdd4887914f50cb785d1a9e35e156d9a829fec74906253455c3b21b9bd57585d0ef52766666fa747b |
C:\Users\Admin\AppData\Local\Temp\ZuIoAMkM.bat
| MD5 | 61145b547ccd1adbb890c19bcd2c8526 |
| SHA1 | d1f2dced993bf57560b29c822e008c4d7c4bd5b0 |
| SHA256 | 5e5a04703508c2f2e3009d68576aa6b01132ee7b0141b72c3c7429f57a27bdc9 |
| SHA512 | b7c004b05da9ae2064a1816e079b695ad9ab8cf1065d93bc9bae97aa44bde7213f76effff98176adc4b5d84c5928cfcd0166417379ba74203b9ddb4978e70ace |
C:\Users\Admin\AppData\Local\Temp\HuMYYUsI.bat
| MD5 | 76afd0a6c1a84d33d4c629dc5db27da8 |
| SHA1 | 3300f58d150155517e82440f5ccba205d2dbd023 |
| SHA256 | ccc1b81ae27481853cc15f27f306586e251ec17d03b395aa0c1bd6f855e72d41 |
| SHA512 | 1795c7f1ee37c43451e6e5849a2a5911f011b95f30bf1d3076ed97a60bb148c04ee127197dd06997c3ac73d067cd031825f7e3663aee2cca8694615da6c669c3 |
C:\Users\Admin\AppData\Local\Temp\howMoMoM.bat
| MD5 | 4363dff9917bbe628af7489c6921b85d |
| SHA1 | 22c94faa285800b4ad5e0190732d09889aad864d |
| SHA256 | 98684a4aac3eda77a21da2d2d7cb307328cf78e2f7db28eb96fe0e3ad3bd0f36 |
| SHA512 | 175e7b889f7e16193eef811f33c5fbdd157d583cd7b48376ff7f55549294670e6b2f06d1d345fd7b760c4e072d2a83e6ac639c464f11b3f93cd4b117c218baf1 |
C:\Users\Admin\AppData\Local\Temp\WWwkAUIg.bat
| MD5 | 19442a13e85d6ea8a9fa6e83b49e7fc9 |
| SHA1 | facc88125185d9fe5d94e2f8c4b7c1beb04b5742 |
| SHA256 | 7e27b98da30ebc6057adc21bd8d71ba8ec0f522aad7e3fc674eb42823dfcbe21 |
| SHA512 | c19954d838e8b7a204edfcdd61cde47e3754c8ffe858bd6aadb7dde7fda45bfc657fac6986ad0bdc68c5d62855170ddc1bde4d2243b6ae7f0a6687531f1a40d9 |
C:\Users\Admin\AppData\Local\Temp\YYowUsUI.bat
| MD5 | d3bc764ad9348837db8e317aa7a09ff8 |
| SHA1 | 37244ee0638c7549209739ac89716a0abd33448c |
| SHA256 | b8fc7fa111690332587a7f662ff551a7f96507fbe381262505eb3423b9327204 |
| SHA512 | d8b33a97c2f33e02cd23a6bf46020c5a22eb46849176b8e3deb6b515bce1ddc7e6e8da629c2887ddf88813a0bb6976dfe40a269b5c98c34d36d5f9085203499f |
C:\Users\Admin\AppData\Local\Temp\uwAEAwUI.bat
| MD5 | 29b6bb8a9dc73199872355609e87d034 |
| SHA1 | 3b4f534d95e8aa3f20a2402cee853737051c7ecd |
| SHA256 | 9c17dc81a7316ea8890fb6c9939584115682f7da866cf87e27bfaa68b92ee90a |
| SHA512 | e87333b03a12cdd89471375d47ab9cd74c6b65e33311a8d5b9057f1ef2af2b28ab1a059717a355359fa34340dbbd5d32abf3984078120aaad02f5dde7fd4b3e9 |
C:\Users\Admin\AppData\Local\Temp\SqcAMkUU.bat
| MD5 | bf90b5e513ebe883d8ba724d5042288b |
| SHA1 | 7358812cfa6adcd408712ce5b28cd76159533eef |
| SHA256 | fae4bb6155756afcd649cd787b98ef9a1fddeb7a5c75cb39a8c1843549d6d205 |
| SHA512 | 59f64d3a2f805a1b7ac0fd43247fb660cd6baed6942331c64a56c67a1149a3315795bba7581690f1f3a67d56a8441a5781aa7f6e136bdddaece38cffed576858 |
C:\Users\Admin\AppData\Local\Temp\QkYUIwUY.bat
| MD5 | e8bb3848a3db0bf89fa5ec9cdcf0b5dd |
| SHA1 | d4ec4050d098ee663d4a5feff6b1f835fc249914 |
| SHA256 | b9c84d519a6346fafc9f89f8f2de067e43f139f1872a5f3e396428df6eadb34e |
| SHA512 | 67ac3e5db3babee7d8d0e9a07454a8f621eb265394ff41507ce4bf5818917dcef514f5201766285f01631df3e59e67d04aa276dec7526ca332b573d1f09bba7f |
C:\Users\Admin\AppData\Local\Temp\HmEwUIcU.bat
| MD5 | 41f01910b993cf81156eaf34048c128a |
| SHA1 | 4dca377301592a526d2059517e95bf72a12317d1 |
| SHA256 | 9bd25e848e2a42eea45622bfe3de25a603194cd40cf185cb5de6e34a013ad304 |
| SHA512 | 2b1c788c4f60280221bb9b82705a182d4ffa24d7fbf8e2f590ee5c15f53fa7a13f06f7da69bc901ec11ffd75c687bb3f51392c2120ec7d75b2ed8e829b4b4be6 |
C:\Users\Admin\AppData\Local\Temp\fcEMAAQY.bat
| MD5 | b45f6b0da3557b964ee37ba69b198f74 |
| SHA1 | 2fd38da242429047fe428f4d49be8ff3712a856a |
| SHA256 | 203d6a7710041df27298a5b46b09e6a9f2952def039c775a789a1fb7b438bd28 |
| SHA512 | 411f3a7a3423ac571d12c03dd126a355c85135679028c08dcf929521998336c9e60a99e5f5634325ed7a09a6270b18a6cea40de5156c37f1c672f982d1759edb |
C:\Users\Admin\AppData\Local\Temp\LkQAYcYM.bat
| MD5 | 2b3e3a8ca5b8fb3dc889bf96afd1170b |
| SHA1 | 1849d1f36f60e5fb5d15b16fff85d3b9225c1b58 |
| SHA256 | 57133a43566da1e80af685a5f356478921d955f3a212e6709b7381dc848432f9 |
| SHA512 | cc4856984243b8e93950f546c058eb55f53a69a304cd75ebc4e90367ac304ef669399a2dc52aa905f65c6b57b07a22d94654e04e6b0f2584e42f1d5a63cc867e |
C:\Users\Admin\AppData\Local\Temp\pcEgggYQ.bat
| MD5 | 698a29566a76708cd0e5877bf8aacee5 |
| SHA1 | f102ce4cefa40c606b85ab9c594f5de799b6454a |
| SHA256 | 72539504b1f1f8c28f2cbef08691e6c6d621f521e750791b59adc226487a3808 |
| SHA512 | 671b2f74209c1e317791db4c301454fdb0b77418e95060c75bc53a009cef0bff1984e750324305c3e302e828624b6680b7c5bfa0220fd6d0958ee004281b6563 |
C:\Users\Admin\AppData\Local\Temp\cwUcAUwg.bat
| MD5 | 22a1d0ab83165002cd87621aee3f80ca |
| SHA1 | 374d310b2d952829a5769218c31c2aeef12c64e8 |
| SHA256 | fc0401589e85ee2ad4f0b12f7d8e279f70b8842b489bcae43c4d4d9ebf33e509 |
| SHA512 | d751864bed7cf3cd3a6c6260c16894b7fb231005625b782efa96cd102cf0e6c6b0260cba4c0f62ecc1005d628dcfbe49386126f24c495eddd7bf85d85e68e837 |
C:\Users\Admin\AppData\Local\Temp\AGgQUgYo.bat
| MD5 | d534ecf5b3eb217e02ecc878c4996506 |
| SHA1 | 906a4a3799ea4b1b6ed35fcd1d50230f18c3bba9 |
| SHA256 | b03f45a58dc871cabee5bce7800fbe577a92c27206e437654eb2e79a98ace2b0 |
| SHA512 | 2d377e6d6456cae091d42fb9b2facc06242384a5a76ac3980895127f301eabab76f5ba085e4f7fc444e1bfd61b9f497de5732ecec8f06f8a017b375eeb1d1af3 |
C:\Users\Admin\AppData\Local\Temp\UIEYAsYs.bat
| MD5 | e5cd5f91baf8dc34dccd78cedd3600ad |
| SHA1 | fac38482c025287ab154adfb2257b80d5c162787 |
| SHA256 | 51c1f96c731ff7ee374f2cec26183680fb08929c8e8e7396e37bcab667be6ad7 |
| SHA512 | b29a335a03c608df074b2805a997a5e8703b0232e2c23accf302a92f3f82e98cd1565c5c550ab5daf508b00f1746836de17405c2e33efe10220230b55892479b |
C:\Users\Admin\AppData\Local\Temp\oQEwYMoM.bat
| MD5 | a7bd22872ee3ba7b25762e44b6ec652a |
| SHA1 | c8a9053c751084a0501b4c4c20c9ba8be8ae1d7b |
| SHA256 | 0919a965ce9d540c9dec6ca3b59559ce73198f20a933cbd1847fdf6d91e53c36 |
| SHA512 | 075025a72f71995f38dd033d2aa028bf143128c1cd8564a310a602880cb77566122ada91ba1c1404612ff80186c46ae8543e28706484753018d6d128d7f8627c |
C:\Users\Admin\AppData\Local\Temp\pOAUcAws.bat
| MD5 | 622a03d2f968cbe6fd6aeac09adc318f |
| SHA1 | 569ca83a2faa468729be8a4f7661a5cdf5a788ca |
| SHA256 | 257d0f414211a7dc3d25c9ea7b928d06561bef88534263edeb1a2d6b7cbcca07 |
| SHA512 | 68f163218f1eb34754d843b2e7bcd33d58914a10e3295f08697360a1a2f0d1730abf0fbc6f96663b7e4c0c8f7f3cc174fcb516993c373bc1833e370f0d3f695f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 11:56
Reported
2024-06-12 11:58
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (78) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe | N/A |
| N/A | N/A | C:\ProgramData\TIoYcowc\JyccYYoQ.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hWgkMAsg.exe = "C:\\Users\\Admin\\eSAIEgkk\\hWgkMAsg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JyccYYoQ.exe = "C:\\ProgramData\\TIoYcowc\\JyccYYoQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JyccYYoQ.exe = "C:\\ProgramData\\TIoYcowc\\JyccYYoQ.exe" | C:\ProgramData\TIoYcowc\JyccYYoQ.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hWgkMAsg.exe = "C:\\Users\\Admin\\eSAIEgkk\\hWgkMAsg.exe" | C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe"
C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe
"C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe"
C:\ProgramData\TIoYcowc\JyccYYoQ.exe
"C:\ProgramData\TIoYcowc\JyccYYoQ.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKUYIgsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JmcQUAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oyksYkcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fgYssoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jCokEYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYcYoccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcAooMEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOIQcskI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WAEowogc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSAYgMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAwgMoYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQwoAwIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NcEIEAoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAwskkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nssgwMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaIQwUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zCUMgIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGswsUQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEkQcMkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGoAEsQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYwokwUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xisoEsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYccMkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYksgwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vQwcUUoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQQAAgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmAAwgAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmcMUIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OGIkoUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSIkMgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIgsYkkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iiIQYcQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSkUYQkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaoogIMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wogYMwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DUEwMkQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSIkoUck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jSIckYYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XaIYcQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iQkogock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bawAsMIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PywEsogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vwQsskUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RAAEEcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bIgokskg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vMoUogYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMIEwMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmQEswsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cUoUEwQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKEwsksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\laEocUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIAUsQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWcUQkoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HgocsQkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aaoYogoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XaEkYQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqkcIoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gAogsoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DAggQkwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bcUQkgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIEUMsIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AygQoogk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gsEgcMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uYgsEwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MoQAIAsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tqgwcoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xukcYMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IooAcAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUwwQcsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSEkckQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZKgYMgQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nUoUIUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IeQsAMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pkwEYEgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAYIwQcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QgwwYgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkIoYckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\macAsYgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gyckIUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qCwMksMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UckEQkQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAEoYgwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMUQIYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGgUsoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOcwQEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIskQcck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IoAcYMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mcIkMocA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mSYMMwMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEAUogMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AQcAEwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PeoUMAws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiYUIIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/3472-0-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3524-7-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe
| MD5 | db748648279051da35e99d0a3d7f2d34 |
| SHA1 | ed034d17d91412ce5a4f684d68df046078e68b6a |
| SHA256 | ade19b99a4f8b906b23fe89c788df57811deadd55cb3cbb6680eac6880c532d6 |
| SHA512 | ec8350c066640b4d1f04ed4fb762a4102f740d4eed0de78d64761296c72fc171f8c4417b848575d9a37b280f5298d9d1f74b36d5d832299920078532f2741a83 |
C:\ProgramData\TIoYcowc\JyccYYoQ.exe
| MD5 | dbe76787204f908e093acadd5f150ce7 |
| SHA1 | bfd17f6a22a1610fb786aa46436d4380937a261f |
| SHA256 | 5b93f4fc33c9039fa4a40fe00842e9952337b5a580605e3c1e90a3e6096995d9 |
| SHA512 | 987fd012ff385f7decfa1197a2f4311c056160d966499eb4103f30098b9453f7f463292134bec114b7212b8501dcf5a87bf14e68e378e408ecf2e15352fcfab8 |
memory/2604-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3472-19-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1940-20-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fKUYIgsA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock
| MD5 | eaceccfe7af04f19a216c26f2791a458 |
| SHA1 | 7b9087b51c7dab7be798a4e6b1c128d204f1de84 |
| SHA256 | 0d792889bd18fbfd06914b1314fc632108f4d284a6147a25b146fae82ffb9171 |
| SHA512 | 89579be17b6ec7a69b5d8dfbae36cc09b90711429a4362ab8b6a0281d88fcb0dad2cc6e9c3f3a88bb5be91310a9b67cad482558db0bd356ea025c07561a768a5 |
memory/1940-32-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3468-31-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4396-43-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3468-44-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4396-56-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3884-53-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1856-64-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3884-68-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4704-76-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1856-80-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4704-91-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1696-99-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2996-103-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4000-111-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1696-115-0x0000000000400000-0x0000000000421000-memory.dmp
memory/232-123-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4000-127-0x0000000000400000-0x0000000000421000-memory.dmp
memory/232-138-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3084-141-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3084-150-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3992-161-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3028-172-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3640-175-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3640-184-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4744-195-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4180-196-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4180-207-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1712-218-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4476-219-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1712-230-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2344-231-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2912-239-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2344-243-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2912-254-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2728-255-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2728-263-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1584-272-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4344-271-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1844-278-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4344-281-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1844-289-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4716-290-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4716-298-0x0000000000400000-0x0000000000421000-memory.dmp
memory/492-306-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1856-307-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1856-315-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2700-323-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3024-331-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2320-333-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2320-340-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4384-341-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4384-349-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2220-350-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2220-358-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1860-359-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1860-367-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1936-375-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1212-376-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1212-384-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3028-393-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2408-392-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2408-401-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2128-402-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2128-410-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4584-412-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4584-419-0x0000000000400000-0x0000000000421000-memory.dmp
memory/716-421-0x0000000000400000-0x0000000000421000-memory.dmp
memory/716-428-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2756-436-0x0000000000400000-0x0000000000421000-memory.dmp
memory/5016-444-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4968-445-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4968-453-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4408-454-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4408-462-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3348-463-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3348-471-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4976-473-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4976-480-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4124-483-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hcgi.exe
| MD5 | ccfb02473fd1a16b5a27629d2756f0b0 |
| SHA1 | 5d31ae9f816123b63c89dc27f1075ad02c684435 |
| SHA256 | fe05f334f08e28cb9309072406af029c5155c3a527b74efb6450eefd86c8ad59 |
| SHA512 | 38f433297ecb72b4271ada2bab5e2c290d8f47fe285e7676af5a6dc25d8082bdb72dcd7cb7211cbdd50fef51d20ea1b860d563ade3902cfe651a27f7e6367ef1 |
memory/4072-506-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RgMi.exe
| MD5 | 53f02be2318143717638256e434cf8e8 |
| SHA1 | 41affab9423b960c7f02947da735ee08f2815742 |
| SHA256 | 18cdc95202b9a34aca82d872c2e0922778fb53175307fc666cf2def953d1fea8 |
| SHA512 | 2068bf7d3e8e78abfbb01daf2df5512d46b64ecd266bcc7d71f93b01f0a77214d929a69fb60d594e0cea75e298742dc7f76eb5efd144304e09aa6774fca1c110 |
memory/4124-519-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FMkq.exe
| MD5 | ddac80a671ad2c821b0e8060925dfd2f |
| SHA1 | 9757182a6ac2861a4cff6dfdf5a0a15dd5b23925 |
| SHA256 | 4fb6e47acba3386daccd33ec3e379fabb282a3724f162cd1a4833c88306e5244 |
| SHA512 | 2357f9b18c6bc948eb44dfe274871c6947a27ccf4e215eaea4e5217383016dc0357839dafdcbf5222c4bbbde851b07629166475c27bbdaa4e55f05809da3059a |
C:\Users\Admin\AppData\Local\Temp\VEMS.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\vEcm.exe
| MD5 | c0b4e5c7eafa219481a374bd2814f77a |
| SHA1 | d124fc9ededc708118024fa6b4239d0f2c1c97cc |
| SHA256 | aeebb6d5145cdf162eb7c42551dc19bdc8a8bea6b12f18dab845540f40b70b46 |
| SHA512 | 71e5c28eb39521023314c36ea85315968883df09ecfff2cbc7c7eeb816f1e62d565b8bb529125fa172f770cf3f8314546f68c5514f5c986f4b5050f18655ee33 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | f13b91b5899573e0b34886559aebc9e8 |
| SHA1 | dc24cbf41073368fe0299baa39f795d258514e95 |
| SHA256 | 57e2017ada12c9ef8122b093ff2984fdf2d6e6a16db5fb0da670a0d95e4672fe |
| SHA512 | f10cc572a7498e2e5ad747af61a77e6834f9e585c68944b5e078f81a7f4ee2f1a3a9a4ff7809e9c6c1552b934b0034c708f280c9243fcdfa98e5dcc454e1f541 |
C:\Users\Admin\AppData\Local\Temp\Xswa.exe
| MD5 | 3ce73dbd174f404ef73e53e2c3a24811 |
| SHA1 | 89ec408c5cdeaf6f759475c530d651232e131882 |
| SHA256 | 4765f988a974df3a351e7795595966b1671f1279e24ac03071515ddb5dfcd252 |
| SHA512 | 639c9e97399be9e8d2bbccbdd31bfe92cbde7482d4fff275dcac28d84ab94ffbba3de6013a838bfa0291648484c31d92308a4e837a406cfd5efe87984b5330e0 |
memory/4072-583-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2000-584-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gQAM.exe
| MD5 | 243753af3117e5a830a41c9bfda5f0f5 |
| SHA1 | a64f2f64bf7ce85832a6d486153ac1257424d887 |
| SHA256 | ccdb92b956d63bfa5375b7512620a590d477b57f311af376246f85d0d0eae411 |
| SHA512 | ce73bf629d49abd635936856d38f41c0fb9c98372bbedfc8b57ed9f55b54d317d0a0a4d0a0f42fa659ee0229ba5afbb3c0eb724a4f7155cfc78f97781985df4c |
C:\Users\Admin\AppData\Local\Temp\lgAk.exe
| MD5 | cd89d1a6cf39c2eae586fb00b25d21ad |
| SHA1 | 854969cb6a5c0f2fe0c25b60417d47ecb835f28f |
| SHA256 | f83d8d2dc29cc8c97463b24674747fa0c0b8563c9eca0d4644f0d7635ee58597 |
| SHA512 | 63d8045ba0e599f957d4ad33b671cc661ed4f7e2bf181b919fa25736974dc5237fe14b064795dce8c04936f17b9d7bf07c6d450b55c16488902e9cf8f462a024 |
C:\Users\Admin\AppData\Local\Temp\iEMQ.exe
| MD5 | 2c550ddba24b9226fb1e3f78c2eed9ee |
| SHA1 | 4b44c2fae67505e49a9a6c3d49e130b1460ccf26 |
| SHA256 | 9975e69aae9877cddcdbb8443314fd19a6e662eab47c706c07443017ada0e04d |
| SHA512 | 26977e6c5ee6795c6835afce52422e983ea2b45a837e7ebe9cd89500f05c04e2dbedc1c5fc4420b55c86cb6202390db778c3a57200e7746eb12a6d795efd31e3 |
memory/2000-634-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4400-635-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HkMI.exe
| MD5 | f4c3733bcf2287d92e50fae22d04b8a7 |
| SHA1 | 72ad3c01212878aad2f9cb11ac9b8c93da0ca20d |
| SHA256 | 568afe10bc8b1d3d8ed7946682301bde7f13a56d12dac49a0d162492c4881f22 |
| SHA512 | 85ba90f2129735b8d8400348bed3ff28e9574c0db27efc5590c08d194087000607520bbd213d0e0eb632dc68881be77561c3b9ff456ed9be68a6bad9169f0681 |
C:\Users\Admin\AppData\Local\Temp\tAQe.exe
| MD5 | 876513dd0e87de79107f3b621e866e5b |
| SHA1 | 7c75d6edbb2906abddf3ce7caf593ba8dcfa98b1 |
| SHA256 | 51a803c4f9275185b2a4509b8daa41bba01df052f382df10861807c119bf4771 |
| SHA512 | 407bf0664da224969bb25820633e5eaf41dcd8a87221c4846e0faac08eb1447af8560c6430dc1e3364b0d6528a1ddb2b006bf0e2eb5253c51690b20057c63c4f |
C:\Users\Admin\AppData\Local\Temp\cswa.exe
| MD5 | a7390b1740cb2075bdf470551b434330 |
| SHA1 | d5a349416ca41e1496daf6126b3a60c814e094cd |
| SHA256 | 5b6b72b1d943bd7f34ebd948d5eca0b2e1dee2dd7458bb9fce17f90e68195406 |
| SHA512 | d28148329053162fcb90a8688f44fe427ba8daf91bbccb5b6032dce0b4c181a8452a17dd96c45501310bd70b2e8a63f7634170c8ee93be4eb8dd94e7d3b377d8 |
C:\Users\Admin\AppData\Local\Temp\HUAc.exe
| MD5 | a7cbf0d7e91689dd5a98c3f847161c50 |
| SHA1 | c48841398287f7c512cfcbef0a3a42bd787eb217 |
| SHA256 | 509b293931514e4d11ade1d4e7248906ca03fd800f2e9c6a835828d431ddfcd7 |
| SHA512 | 46b2e619209030499b1cc8035069eadad93d9d85757eccf1a72a60bddcbb2209262632a75fd66b90f635c0473559290b19353b3f9e0a5474236a7306145813e5 |
memory/4400-699-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\twwi.exe
| MD5 | 3f1146bf4f530b5899aedfff955cafae |
| SHA1 | bafa0e1a2d8e10c428e807e10e26213159f943df |
| SHA256 | 8455a99f87eb8d9cb7d59fe3493f4abe7550eaaa2ed57b7d10bdd72521c35533 |
| SHA512 | 07a206ac1a3c1067c43759c7ca2a5f4d39c6efaa5386048af07d6ec8d2650e353e90dfe521baada5047b0b0127b9a3f5099791c71c859c738b3cae2af38ff8e0 |
memory/1752-714-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TAIs.exe
| MD5 | 68ff889d5bf579675b7697270277bf14 |
| SHA1 | 22824a23280a8b434f1c8b9acce52ea1f592d580 |
| SHA256 | fd0d894995f02d09503627ba15e6523bea075c2b3bf7362cfb6594fbbab3c617 |
| SHA512 | 155d23fd40714ddf504d66b93b655032ef14629a854e8ae918542f3ef0c8cf53577de8a061de579c5e3ab6904e5e8771c1637464b23483f8ffe3e5c236a38b56 |
C:\Users\Admin\AppData\Local\Temp\VYQm.exe
| MD5 | 8b0c0290006e415f5ae1010db1361648 |
| SHA1 | ce6727ebd3ae10b66a8fb2cbf95fee783908a371 |
| SHA256 | 8bc4d27f1cad4219b968849d5fc603b5140f6bb97c17ff21ac190f972678ab46 |
| SHA512 | 45397c598b6792a6e0cbb658df899f80365419ced51d328235f4a56a62de8d7a6f1518d0728930ce42c3306aed9a2b3785ac3bd5ee63ee6140a15780c5ec2302 |
C:\Users\Admin\AppData\Local\Temp\Twgg.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\NcUY.exe
| MD5 | 258f6732e84d911f5effeed636eab93d |
| SHA1 | 3e775f402b17c129cc8bc2fddac8baf4f1ba6349 |
| SHA256 | ce0c184d8b9bc76cd3eaa98b54f5cd699f602ac9364eb610bc48fa182844e8a2 |
| SHA512 | 4a76df7b894f07575d423c3c5fb4c923f56e4abcdeb577d0b80be30cc1f6f2dfd005efa98048e36cd2e829d8314ef3f32ad07d7affe49cf36f1b7ba7b885c2d8 |
C:\Users\Admin\AppData\Local\Temp\rQkw.exe
| MD5 | ede1d6ed75d2589d5150d3245631bec4 |
| SHA1 | eb4261eb8f1c072857b2241a365995d3c051ba00 |
| SHA256 | f13f7ae646ed177b8060342332b3f7de3a188c3c10ddfd946d372e2a9616735a |
| SHA512 | 363afc73a734f09fe9a8ec64bef94a33327cddbbece3d17c8df3be805734d7d88626346030447740ba165c1f406db6d57408a9c727f95f25fd5e614e9f6edcb9 |
C:\Users\Admin\AppData\Local\Temp\mMYo.exe
| MD5 | 9a08b19cd1b290bcc2fadd7533e0ed61 |
| SHA1 | 2820499af55681191e7ffe2f8daa880786af6fab |
| SHA256 | a4dd2725aa9c0e56b43c4769eba6e0211ca626fc803d29464e24afd22a662ec6 |
| SHA512 | bf5500b507f04c2b867bfb21ed932209e912ff4b726fe8565a4191be5a725b5c692aab8522ab2176e2a2b4db093eca8508adeab47a18c8c5877fe6b75f6d0f00 |
memory/1752-792-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LwEo.exe
| MD5 | 84a208608190f6682d5a0bb4962c369f |
| SHA1 | 914df0b93160809d17b9d2040007260919f7ff4a |
| SHA256 | 3aafd83b0ce9b6b28393df4f9784b6107c2ada08f89e3af410effea7c22c1005 |
| SHA512 | 2f38aa4d948ac16f7d2706da0d5f039adcb63a1850d36d415a54a6d8499f492b8eb7ce1ca92fec4ab127c61c1d089670d1e0250d9f1f1dc083b9c807785f9401 |
C:\Users\Admin\AppData\Local\Temp\KEkS.exe
| MD5 | c7c62d061988f8acc86b53f2f6948a13 |
| SHA1 | 35613929ef82f4fa34fe6e499e218879e852d231 |
| SHA256 | 02f09da398d7fddb5d4087bad50510e278675737677bcf6d9d1d3a9e86dab836 |
| SHA512 | e9a43492cf9b68223f2bb29e21d27c0302c5289904e08d1c5bf91a33be0ceeaa325536d3a615fc55e3128ec90e80f6be6698efc3e9e45b67ee51320e7181ef5a |
C:\Users\Admin\AppData\Local\Temp\ZYEY.exe
| MD5 | 95b11288761f08a64f5f2ff34fddd005 |
| SHA1 | e02e5b43f8c9e6f201114efbc4fcff437a70e43a |
| SHA256 | beabab70e60453ea696847257ffce545bfb0f9d40e31cfda19181d05320d1580 |
| SHA512 | a102cca3c265fda2d8a2f09aa82667952cfa6a1017f565736f2347d7fa8d2a1a63ed347b01ff5156e6feb5c7e777fb77040515c3fe3df10e3bc6160e062d5d02 |
memory/1812-839-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1680-843-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ygkk.exe
| MD5 | 5b52bd1a73cc1aace475d9075c990f94 |
| SHA1 | 5286e72344ac315c77b5d512e23b258d1e3328e6 |
| SHA256 | f165acc4d0a505f32766e557e3e357b529a113d564fc5735d6325cb57241de46 |
| SHA512 | b6c5366f437a5b867fcc78cce680cb027698402bee0a21e6c8303a2f6d2e25ae9067a09c5deb84214d15c8c71fcf52d853c517a18732f755aeb427a9a2c55c45 |
C:\Users\Admin\AppData\Local\Temp\Hocy.exe
| MD5 | 5544a8626a82bc7a281735cdcecbc693 |
| SHA1 | f3c4fd031274ece7902e15b831a4267aca525014 |
| SHA256 | e45316ee6cc30ccc6f612220d5bc5d82c316b3187aefb02e8507e4360d167547 |
| SHA512 | 54bad50ff5377ae65e38871647ae4e45e87777cfc97d5c99bc5058b07fd2f83a66d43e76a03b715bc838aa172593454400a17818c743b512c4cd1d403bec894e |
memory/2148-876-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HQMq.exe
| MD5 | 8d012e3fce16e79730edd8d1a7d39207 |
| SHA1 | c583ab33556ef0901c644ef82f2d94781e6c62b5 |
| SHA256 | f8ea9a539380941647132d63e5d0d88c70b30e8f5f9fc0454e468d0f4aae2478 |
| SHA512 | 6a1426bcc4bf4826d126230766a0a3ea0f67a6f29b2e2515c34db308da2a8fe4014d1600ee28995b2555ca143fe87c6887021a48466619e566a894f64d59fe5e |
C:\Users\Admin\AppData\Local\Temp\bQgq.exe
| MD5 | 2fb9ff708fce624a212cbf1d6f2d0f62 |
| SHA1 | e4c8326db55be69502594ddb817c4aad018451f4 |
| SHA256 | 25d0e10d1066d1f42d314209965c0afe3ce9f0851997fea7509d79cd50421a73 |
| SHA512 | 407f4336d6701e631928f77f829b28d47636fcc2d283eae5484746946fc8562048750540fed624257e5c3343a4f5a346d6452aa1a6e758e4ca953847d706136d |
C:\Users\Admin\AppData\Local\Temp\AQQc.exe
| MD5 | 1dbfde04de92ae054e0e9045d7701b5f |
| SHA1 | a613c166696b7babbafc34684cbf59127aa08880 |
| SHA256 | cc5cad3faecf8e5042115b890ac19b6c92fe47ccfadd23b2005279b9ab876bf6 |
| SHA512 | 0130ae04e4ef9d5cc3089d7fc484500457c93a689bd054ca1f543c5c3843068bb9dc83720bd6e8f13deca3987a4159bafe1bc4c8a4991cd1dd760c88143c8ba4 |
C:\Users\Admin\AppData\Local\Temp\TQYc.exe
| MD5 | 84c93571d8a7eea8767fbe104c908b4d |
| SHA1 | 3ef6244f964da07c60d7accc5a4d9bb4cb2d5c01 |
| SHA256 | b05597bebd5fc490a1fd7258b8ad726cad793a08b5aa1710e5e93d6c717dc9d6 |
| SHA512 | 14a56e67285ae8998d624e95e4b6f91bace4f61ba229765266bf132cfdecdc017f91bcf04e8509548724d1d1b14d186d1f1e524abccb4de0a739c34bd9fb17e2 |
C:\Users\Admin\AppData\Local\Temp\JwQG.exe
| MD5 | ba8541d93cc5360aaafbcffac78da9fd |
| SHA1 | 72a48daae7a62c720676d7ce6b76741a10d47afa |
| SHA256 | 170d8e8ea346c996f09c44ba9060956ccb9952201a983dfac699fc558ba97d0e |
| SHA512 | a5f63ca65ee94ab015abe33fd150864ccbb54f95930460b4462ff3241fc13a8c27bf0085233d74a7b8c4c211dcbd53215779b297a70464f5d35c59ef9c341f7f |
C:\Users\Admin\AppData\Local\Temp\ZscS.exe
| MD5 | 98a71d7966682bf798051ba181fc0676 |
| SHA1 | e8d9c03405d8ec1cf4151fc73ed11a084a03e9fc |
| SHA256 | 83fce0f81b889ddbeafc999d218077de3b361ae0474018ce50d63a527366cdf1 |
| SHA512 | 3365ac59595ce74fe1e8e26bdb8d385fea3aa5bb83416321ed90ee63ea25ebb4ccaeda48b829fc68dde9f0a36217a574392c942e3424e333952d79d84d69bc32 |
C:\Users\Admin\AppData\Local\Temp\rAMC.exe
| MD5 | edb94de6f0946ef20ab4d0c863d08d01 |
| SHA1 | 81b2f3b07e196b612da196de987dbf126bc0d38b |
| SHA256 | b49ee467b9cf5d94b857e297a97c46b3adeeb6179c7247942e01cb5d22c45e57 |
| SHA512 | c5d3212319932777c9e0939c981fcb1abfb602540eb75ad1f8489b1f63de837c26615986ef9b66ec1fc2652f8f48d8020ad097907e7a9d82305015fdcc715a27 |
C:\Users\Admin\AppData\Local\Temp\aMIQ.exe
| MD5 | ad17ba5f56d57714c57c4360beaa0b2a |
| SHA1 | 817f7a31df7a464cbae31552bc994057b38f4ac1 |
| SHA256 | 36493a6d641d2ce1aad0863fd4a246350e726dee88d71c2cf6409bfedb30c0a1 |
| SHA512 | 73b966ebe5a9ea6bf96a910d79175b1a147517c824e67a316411e1bfa52c4e75c78ec4ce7dcd75c14649eb8d0d310c27f7f81a7d583c7bad1b354f3ec8ce0acc |
C:\Users\Admin\AppData\Local\Temp\FQAC.exe
| MD5 | dd4a130fe7849d996f6ae169d25dfe0d |
| SHA1 | b2f68ed8317c89647f7ca3849a03d0e537807a22 |
| SHA256 | 71a9ca46669017b6a58d8682d838610c57c9aee1bb62ed0d188ef6caf158ea3d |
| SHA512 | dfc58b2ea2643ab19673749d57b36e4cde7b8ee747076582edaf25df77cd6909b223ad11018c16b18c21623e481c4bf7cc8fe9c8e6adb81b70a1dba689d4b782 |
C:\Users\Admin\AppData\Local\Temp\pkQk.exe
| MD5 | 97ed61f414e7d1a1022c96548f4659d2 |
| SHA1 | 868d5cc3afff8a74394603b97f78b38ac9ee4685 |
| SHA256 | d3c90f3044b35fe8ca99edb688290220183f22b44ece2304bfb904d5f3919bc2 |
| SHA512 | a2b241b2449aab3f70deb51198a2b9526c8e993b541e8943a58b4f9f41f379a36665133c9741116b30c1ee3667d6aca5f15460508e2005ae13509bd75ec8a99c |
C:\Users\Admin\AppData\Local\Temp\fEgY.exe
| MD5 | 4821182bf299662b1586fb4a335c3303 |
| SHA1 | a6441498ca216a7c091125af1221b1618ac88326 |
| SHA256 | 8ad8ecef8c8dcf4a3364b4b60310225625a9af9c013a33e2347dd1355c6dd075 |
| SHA512 | f966961c2b66814bedd52f138e30ae5ff9f18dc9956bdcfddb134fad13aa7e80ee956d672a094f4672caf03e2e035584c815418f2a68df390ced2809f668a424 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\blurrect.png.exe
| MD5 | f6f88163b088ffabd38519bd44eb9ceb |
| SHA1 | c2eab09077dfb52ab56d67f2218fcf2abb9e50e0 |
| SHA256 | 70d6771d1c7ff14c9767457970314f70f5b15724234217ea90cb5948f956ee2e |
| SHA512 | 194d7839249cb7dddd041124f4958bba03be3a49c30de7441fe34571ae9153e0e69876901413696f2391ff088c0d6664692cae75513e3734dbcc445a43687314 |
C:\Users\Admin\AppData\Local\Temp\hQAc.exe
| MD5 | 7b038b91bb8b2f7693cbcc64f77c7366 |
| SHA1 | 61b4423b2825872b4c20f25934050b26894987bd |
| SHA256 | 52852f02058849a00d2ec5c547561c4f5bebae9b91f2c8c72907c1829545e57c |
| SHA512 | 29de65d91011c8a7022f2cce0fd7fef01576e134d351c589164dc260b9a737d632ea556289801acb7a71691be44c2f18db21218f5f8d842a27efd20be027c39c |
C:\Users\Admin\AppData\Local\Temp\CcQQ.exe
| MD5 | 7c0384ab6259b5cf49d2dc5c991cd128 |
| SHA1 | f746e60cb100c04da1db6a5dad9807decb2c6438 |
| SHA256 | 535e66a8e130a40790105582047db97aec02d0771c73e2f56d5cf70d6a41a35f |
| SHA512 | 4b1f0a4e6c57776dd83b4891bcf5918a69da08082bfd5182a3457a90b939097658539bb19bd2a188527a4c06a06f558358d3f1f843df501e0cfc896b13d9f0fb |
C:\Users\Admin\AppData\Local\Temp\ksAK.exe
| MD5 | 9f3e295bf6239b05ca3ba394285d7f00 |
| SHA1 | e7f16bd3196fda2285bc5775acb8f4422602535d |
| SHA256 | b1621fb1d7c685c37221810d98a2cc66ac563ddd435e3318190f6ad32cdfbfb0 |
| SHA512 | c5919513690d7c8839f88824d15ff552f4405e9073baef1f48a921e7f7ce625f2422343b3e13183306265906fc0ebb63fccaf9268bdf5aa9b9feb821d722e912 |
C:\Users\Admin\AppData\Local\Temp\sYsu.exe
| MD5 | 446b3a186ed5913bc10144b4eca8d56e |
| SHA1 | b2759a0ac492e4c52f16a32bf6972e7a7be5d1b9 |
| SHA256 | c19595241ac3b13d53ac07b806e841a094e55219bf184d767bb6bd9c14077ffd |
| SHA512 | 9b47747e905cc08bf8b3067a61ef4990d13a8d64131f4355ded9ff08b2a771531953a6cbd447317cae716f87f995876dff41deeab29d3083e67118a28d12c953 |
C:\Users\Admin\AppData\Local\Temp\jUUa.exe
| MD5 | d68ece0d4a77f30614c1a8991c8c61a8 |
| SHA1 | a24530b8af5ecefc911927e4fd430dbf44caf261 |
| SHA256 | deb66e4c103d29fae23d6d780ddf40a39f375e592f0e9ce54407e6eff6978b08 |
| SHA512 | 785d9513996890711642f1df90b52c3bd65fbb466480faa45d64b11597491d667f0d3093cf7440c372c01b4ed588340ff3a849574af8637b11fb3cf2e24f599b |
C:\Users\Admin\AppData\Local\Temp\OkgW.exe
| MD5 | 82e9e8e7b1d713535cc07db2c3a00754 |
| SHA1 | f3d6a89fee61eae1934c4322c7279f3bf5768f8a |
| SHA256 | 9166dbf6315a93ed4f33ff2d1f0216830ddef7c41038f0a4efbf0769aa5cede2 |
| SHA512 | ddc7714fd33d5460a77b2e4728def32ecc06ae20eefc02d72b4bbfe10bc96098503326493a1be3fbba4bd6873e193b82609b6e0d7e88be773be2dbfe2170626d |
C:\Users\Admin\AppData\Local\Temp\gYow.exe
| MD5 | fdbb45df42b810769961646988c15acd |
| SHA1 | 26bf2c1723fd1ca563d53e1852ff9837c91a9b96 |
| SHA256 | 1425f4f17fceb23eb7aaf8985bfce916053d524fd19268f462a9efb02614719b |
| SHA512 | 9cab9fd15a419f338d3c4f3a690c21d94de3ec09a6afe2eadb8d57c39a16fd2fbce05cc5e58fe282647c5830c24a8a1f78bda5a081f9bc80a37f26b47bccf5b9 |
C:\Users\Admin\AppData\Local\Temp\IwMU.exe
| MD5 | a9d7a53cf3b044ea4c2f2f9dba66d4eb |
| SHA1 | 5247986e27a4dbab3dd78ab6c297b5ed14e77417 |
| SHA256 | 0a8ba0be01faddf970f7665115e579e78d9059fb9a5da99499ffd1b4bac2768e |
| SHA512 | ffa2c2587365c4ab8038bff048ef28c3610c64f5dd8a48e1779bb028962aff24e1cac8324d3520269d0590e3bbb81ea6f31b6ab5058e4d07ee22f280d00ca652 |
C:\Users\Admin\AppData\Local\Temp\uMsC.exe
| MD5 | d812d256cf7240537ab1caabdf0c6c2c |
| SHA1 | 1a7b08108efbabc9a89186f0d73dd855807cef07 |
| SHA256 | 58c045fb400971d50fd55b810d4efa45eb5367259eed244f28c3c0e296b5994d |
| SHA512 | ac1db2bdb1ec44b8eecff3de204eb6ec3bfc4e0d9d2ecd9e91d52cd3489b7e4396e5979630c5fa41b4e2e4692f48bcfb165dc036b6c4e72d2097814226c3334d |
C:\Users\Admin\AppData\Local\Temp\DoEe.exe
| MD5 | eff4f6dc0b51cf5303498b001fa111be |
| SHA1 | 5e7341b208aa7457746dc8e5dc64bdb3e3eed5de |
| SHA256 | 296fbc8f53e276f868ccaeb9636456761ed0e77c4ec3c4ca03cd3058000eaef9 |
| SHA512 | ee179d64e300cb7355ceb38e61dae63aaf2ab43e3fadfc558be0c4a21cb6eff3affba717cdbc126336506b41d36ed8ac20760df706287b87bdf6d365b9c565fb |
C:\Users\Admin\AppData\Local\Temp\BEku.exe
| MD5 | bf0033e09b365b8a84da79ccd4510e91 |
| SHA1 | 8f0dc1d83e62c734bb1e0f3f72804537cc579401 |
| SHA256 | 2e422ce67640fbd5e6ab69513766c23b66f5a55ee6dd37af5663bc1f3c4d3505 |
| SHA512 | c3dfa1d21f8e604d06480bb6e58b6e15a7f984d503fe18f7500ed3daa743091c67c15428bd4bb60bb78a8db3885ebddddd0c1f73fbec98c633812ffc62ee37de |
C:\Users\Admin\AppData\Local\Temp\fQsS.exe
| MD5 | e2e812cbc841cf0d1cad983e20c9f66c |
| SHA1 | 6ab4470f4d99eb51ca095c7abbcd7e1421a1de90 |
| SHA256 | 8dd168e8788affad274cf3980ed23a685dff6e01ee89e2d5737b3b9f9d51e8bc |
| SHA512 | 5290cd2ef33792a73b084a9986cb9c69f79795605ae13b876a5a8abae2b3c54345713636ea495fa6170b2d93a88b19acfc97d456881a268ae09a83ba75214124 |
C:\Users\Admin\AppData\Local\Temp\AIwu.exe
| MD5 | 2274f8ae8ba50245daa084bd3256f64e |
| SHA1 | c8865d509d44fc0e7a9e373da774f6e52d5c15ea |
| SHA256 | be9bf0bd2fb50c8a7b846c1a5edd652d00ee713b77fbf32a2d5453c8b1d659eb |
| SHA512 | 53ae8be4be0e1791b22c683df95fa5165ed76ead0ddf7890440f23780ecd2dd83334c99f161a5bb1912f3f674a319182dee48b5184ef06c048d924f731f8f689 |
C:\Users\Admin\AppData\Local\Temp\Toge.exe
| MD5 | 1a7f9ab4825165562b967a2625169efa |
| SHA1 | 1f7d1ab570ab4f7ece9f21c1e7bb7cc1ce23edf2 |
| SHA256 | 6ced2b7535e783417c9a040fd662070eb19712202f80c41e09afb174ee9287fc |
| SHA512 | d2d0f157bbfc3a6a1ac2ff7bbb06f8fd2fe7b190dce4d0162d017cd372315b7ba6f5738e5697de0e58f6c9c3b3668e87300320c996b010933658ddef716fd549 |
C:\Users\Admin\AppData\Local\Temp\pkwy.exe
| MD5 | e34736e94b62e94793f04ebebfc3690c |
| SHA1 | 4418a04c39095edeb5f2933f24f78b3ec703c2b6 |
| SHA256 | 749d22e45b9d7ccf584a306e33716d27ccf80eee4c67bab77d5a701794691dec |
| SHA512 | 5dd1e52ea9d4a80fa3dd61be32e454ad39c0270966788a690b4a6bff0f34de12d72dc61abb7b3ad7da456263ed92168b828df954a949745f2148e5c12ef125f9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.exe
| MD5 | 1a61135acee38c13f38a9fe9f0ad7b3a |
| SHA1 | cd7b5b80fbaf982edc2a4d63360d9afb414c751f |
| SHA256 | e6d0ef39d1112bc72449d0424948e2df2736d91c97c3d2e363506aab5de80d04 |
| SHA512 | 484a68d9ee197a324e66fceed5c9d0a5fb4e8a5bc0bb1252eda333050a845ef3a96ab6418403d86656fc5a85862ac3a7dda4904e0d5aa432e863564028ae9d3e |
C:\Users\Admin\AppData\Local\Temp\AwcY.exe
| MD5 | 7b0d0e67b1609e9df72396eb9abe0a14 |
| SHA1 | f17a960655a70313989a24cc00768c934f4418fa |
| SHA256 | b3476dceace8a1a4c2a0df636d8349a6b26553b2be7e1f472f0a225725464574 |
| SHA512 | a4b5d17a04fa2eff60e9ab468fddb0f34b71c1fdcb73dcfb8638e1a53ce6e8ec92deb4b515f6453c8efae059859f678f1dd4b6e58c16e20ade02481ff00a6053 |
C:\Users\Admin\AppData\Local\Temp\uAUY.exe
| MD5 | 5b61b48325f87de0c93b4b7066a65fc7 |
| SHA1 | 1364b5e86ca91768e44586f667e45ab1e580dd74 |
| SHA256 | f999b43fda96aee57558b5a3b45c6f0654526de3dfd9a534238ea3046369337a |
| SHA512 | 4c72c5899d618e30aee82e7be9b35b0758119de10a53b2c4a4b232f09d4a7f2d82669a6f01b241f7585668807c4343e43cd4f5772756b6b78a4fcef279f7f300 |
C:\Users\Admin\AppData\Local\Temp\PEki.exe
| MD5 | 8f615a9db08b1ce8158ac2f599b542d7 |
| SHA1 | 5f89b8ad6ca1c65dc790cf9638640fd8351b89c2 |
| SHA256 | 3eeca7f746cdf590fff793e9fdcabcfc058acc5dc33016ad3bd5a4b68a04e4b3 |
| SHA512 | 158370edb3a219f8017d88f36ec431691c63a4861e29df4f29a0c79789df141ea7cfc1dcaf431c94a31c62ecd9370037e64d4c696b98c639455e417ec2d729f4 |
C:\Users\Admin\AppData\Local\Temp\fcQa.exe
| MD5 | 9f58c0fbd7dd944ad412e9bf9959379c |
| SHA1 | 7050842caec081d8dbc88d587e0ac57bad36249f |
| SHA256 | 9dfb01c00129e807461ead56d0ec98faaff25cd21c1dcb282537e39b544a5d4f |
| SHA512 | bfcec4325ffdb1a911fe27135a73070a52f681cd7c7e95aeb120a7862c9e2adb44772c0d59ce9c0c66a8e58ffff325ae3fca5809218cd177a88d477a48ba56e2 |
C:\Users\Admin\AppData\Local\Temp\xAkK.exe
| MD5 | d4962785627b08c355552d998ea3ac36 |
| SHA1 | a1048331f922d8040a14e3431ea63928306730a5 |
| SHA256 | 4769e81e717ae7729f50f6b9e9920fef386d6c5b4c7f4d8bc17923479f9e6b0c |
| SHA512 | a24541200ca5024e6bb9105db606f6c318da1a110926dbd1f6c05d3399dcf444effee500c4a8d7414d1e513b258367368c28c7accfe6e6ec9e8bb3bc8a003da4 |
C:\Users\Admin\AppData\Local\Temp\RwIq.exe
| MD5 | 667a00d421132abe0d8c015cff336a1c |
| SHA1 | c173c0aeb47ebcb16d629d378465c91af174088f |
| SHA256 | 9d1b48f1dc1b5e5cf40c66ee9e434da343c3cac6b179a989d377cc333426bdef |
| SHA512 | a21bd2be5ad55758c0e0d4cb10e649e75953164497b978dea856eea984788afe5b510dd99278cc498bceea21cea6ef0220a1653c81c169f5f6471f5200902d93 |
C:\Users\Admin\AppData\Local\Temp\vsMY.exe
| MD5 | 8e8d9708b6a72445f2aa5d26c2cb3b4d |
| SHA1 | 0cfc03c5e01f4f5b7292ddaea9a4d658daaf5e08 |
| SHA256 | 299d7b5f88b3a1cb467d1d71b16103c26423b8f7a32895ca17a5b139065b344d |
| SHA512 | 8d398e379d1a9156920d776888774974cdcd2ced9b4a65ba5484f2b62a7e1341d96e93f5dbbcc50a1573050be981fb00957916ac7d2f5ea991de2e1783e932e9 |
C:\Users\Admin\AppData\Local\Temp\bgMW.exe
| MD5 | 64c65ad90a2bba5e1d60a464c9a73117 |
| SHA1 | 0968deac366fc1fed32340816b6a943b4b6fe68d |
| SHA256 | 1d62d73b310bf742282007572b349e5f9659ec4f91a8cd2bff5d499871fd6085 |
| SHA512 | 8774b90820c60c285c69099339db93b87157f5bfc823b1688c27bce64b8b47a255de09090a71abd67b76bc947fa79c603af4b4eccc965343c988dac0ca0f23da |
C:\Users\Admin\AppData\Local\Temp\TIAm.exe
| MD5 | 04e80cb09215c6fb159e2bb293e37175 |
| SHA1 | 764e1cafab365463b7d94a4bd785c8c1decdff4c |
| SHA256 | f43086734c3f05442b978b81e49706b3cf4b72ae2152e4eed865d76b2ec4416e |
| SHA512 | 70674d2905d6ddfea49d695f6ddef33dc0a84511ca35c1641fb687777ef7c38fb5f014e01185000a478869610155fce79fc87a5edf208cef931282e592cfba4e |
C:\Users\Admin\AppData\Local\Temp\pYoS.exe
| MD5 | 7a16030ab423d2b19c44a2dfd682ecc5 |
| SHA1 | 9a38ac8af8908bcf3808769c43515f31054b5a16 |
| SHA256 | 8582438239ca5997ffec3a997a142e20ca1429c1532c6e2d57979679159dbfe8 |
| SHA512 | bb59d668854b0f9c6b5c2414194a54eeb1f340f2f4b95cb9ea0ccb368fc2bb63c8094704fd5fa79d2d3efa28346b35c64152e1cd93566647d9b6a5e3adc5e8eb |
C:\Users\Admin\AppData\Local\Temp\UcYS.exe
| MD5 | d6dda682698c0c563ebac5bbc0bf48e3 |
| SHA1 | 5163341c816f288bc1aa655f32051a6dbe2823b0 |
| SHA256 | 2645dfde6084132e0d5ffa302dde49b9f37b12b4858970735eb27a7c9521a2e1 |
| SHA512 | f75a36a444cd0135282aee91a262f1b5a279bc4094605f0421b821540b8d356cd0de8796024ca940271ee4baa0dc03f14bbc79fee7698c929e6d66d4ae72edd5 |
C:\Users\Admin\AppData\Local\Temp\pkgO.exe
| MD5 | 1733f23bebfa614b3acf8389b22e484f |
| SHA1 | f77ffc6eae0c01474fa6f6965eda8e029c6ec6f5 |
| SHA256 | 97baa39bf405eaa1f846e50f78c6a5ef905f8347f097285d1416880acd520f29 |
| SHA512 | 15cb906fe1a03e917f29dac80e7fdf9f3405b0d9314d9a798ef55a0b9deb3f98d401752d0024153b0ae700dd4faf5665b23935a2bfd59db358a761f71ed67124 |
C:\Users\Admin\AppData\Local\Temp\mwcs.exe
| MD5 | 1865b1f7f20bf9bc498ed4453017227a |
| SHA1 | a7bc9d9aa59d3c4e1263d4688233495d06462241 |
| SHA256 | 3c38afac0c3d8dc73685798a39a8ddfd2990773eed0e468dbf99529977875877 |
| SHA512 | bc7c2c29ba61efa517df87a84ef15e257c0772fa2bbfe0e05b9d2260e81cb3fc9298451f9d577504ac65541f2a7874f218a17d36a4362a458b36b0727d594134 |
C:\Users\Admin\AppData\Local\Temp\kgYc.exe
| MD5 | f84ad5c66b3641531eaf1c7221a32624 |
| SHA1 | 708350a27201c2aab134b44ce6ec213f1c3814fd |
| SHA256 | d39d6ef29cab7faf40094ea73c185e4cfc5436125414b9d3e129cc090ef224c5 |
| SHA512 | 793df8446a5495510bd3ca9f14c4b7da7d8eeafe82320de96fdf1b42044954535d29c4a54884185077fe5cc3543217cbd8bfd2d3085f310645711384edc74e6a |
C:\Users\Admin\AppData\Local\Temp\LMoO.exe
| MD5 | e109160642675aef0dbdec63d47a3f44 |
| SHA1 | a2a31aec040b566bff683d047d79a1eb8592c72f |
| SHA256 | 9d810ddf6a6b1d443a4cf6e105e1414db4b6dc76524d7dcb7d95d03839a042ec |
| SHA512 | 8deccd931d0e15cee7ec3defbff7689a2ae52621605380145617661b9285b5d6dfbdf462bf754ddc196e820e5fcee794b44108cac0a409bced06816e9a1917d7 |
C:\Users\Admin\AppData\Local\Temp\zkIq.exe
| MD5 | 9d279f706338025db415fdd34229c3b3 |
| SHA1 | 4844a0540d79cf42b72532877322c8b4fd8cf1c5 |
| SHA256 | 86d31334481368ee4ddc0ae54bb17da28b11f9773027be53403b6cd9a6c491f7 |
| SHA512 | c2ed4c7379c76157c01a50aabb6a4d3e52a3e79b915683bfa74e841ba309f8da418fe5530eeb05c48e19847915a3242c22bce8c8f87660fe18d9a0ebe377ec3b |
C:\Users\Admin\AppData\Local\Temp\xoYc.exe
| MD5 | 25ba16d11167f2cf2ed492ac5d544b15 |
| SHA1 | a4732c9f075eca84bd1c63da6b375dcda6349e47 |
| SHA256 | 2294b1aa940eff6f34da9b25c4dd5bc441014876a9dd5b2655c3e76467bd3492 |
| SHA512 | 2900918b52065dd6d3040ccd4b50894df0ef668bc01aec43a045ffa3cb58630cb828d7bbcf36c447420921918ba9e03e8d09bb32210e4d47ccf61c7429acab34 |
C:\Users\Admin\AppData\Local\Temp\JcAI.exe
| MD5 | e9209a58a2d9ae13dc49c6b000c40254 |
| SHA1 | 76f33b05c95ca31343975bed42a1b8f6f4134e5e |
| SHA256 | 1dee1e5dee69786e367d6aea037ed35628fe3077cdcf34b0bcf206814d64e891 |
| SHA512 | e702ad6c2c4678ae6fc3041bc339f3463883a21a94e8fe73b9bf0268224a39fa9b24bc19af137623a176f3ca3a7accd076456fad33b07607a0cf8b556b422029 |
C:\Users\Admin\AppData\Local\Temp\gIYm.exe
| MD5 | 80b7c7de2c81c3e4a7f54b093c85f708 |
| SHA1 | a4d8e1ca4a9a2cac27617c6c3cba2a8af397e049 |
| SHA256 | c7e3fde552097462b3c80597b4336c86d72d835d7b5fed3b29892d3876983fa4 |
| SHA512 | 4eb661f9cab9feb3197680638f4c43823388e9b93ace42464490a1e5bfac7f628b66aaa9b7a262fef07baba756630f5633d711081ba081250fe4e68bb6858dea |
C:\Users\Admin\AppData\Local\Temp\DMwu.exe
| MD5 | 0513ff46991630419f1ca0e85761d7c8 |
| SHA1 | 7d54c1b630ac99085033e3c66d5c20a3349f1e0d |
| SHA256 | 2f1721dbb7282a928429efcb1aede3b3c3b9e61ef648103cf790a181006412bb |
| SHA512 | 4d2dba5dad86569c2e0605e3fbcd2fa1930557d642ad599cda6a6ad8022c79bb9ce0037cef13b4ac32b809445df83266ebc7ae1f36c9112ac68406656f911987 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png.exe
| MD5 | 20005c955d55fd14eb0416be1eebfcaa |
| SHA1 | 8e27cbb8f2360d4ea4aa21103eb9255ba8968d10 |
| SHA256 | 794d04befcd381f1676a46e3bfd162e8b09dbd68fcb3733d4303139aade0ea8a |
| SHA512 | 76c7d67d518840cf816f4916361eb4943c409d60a5a2ced869484e1d0d78d90e71a66dc04d17f17f26c7d4b36e935861aca91b97e052c12be433355e22b3d707 |
C:\Users\Admin\AppData\Local\Temp\wkIO.exe
| MD5 | 3e55ee013438e929371b68befc5d8fc5 |
| SHA1 | a45447d7c80b48c563bf75fbcbf56f276bbd8b81 |
| SHA256 | 443b2e4971fa73114709216b0aa1b083c819604f98d7e30631b053ecf1e85c71 |
| SHA512 | 66ce2272492cd448b17949a1f010f175a810d9a7b1926823ff2c700868f56ebd5fee58292802d3bb2fac83a3bfd45415b52694d894e6966ef3fa32b0d2eb8c74 |
C:\Users\Admin\AppData\Local\Temp\GQoa.exe
| MD5 | b73d9b276166c50f776a7e46715b09fd |
| SHA1 | 1e1b983a5ae6081dc7c1526e0c45dd8080d5525b |
| SHA256 | 626bd5ad6341f5b41abb8ed076dcc4e9c61b7313b5aacd77f8e1e15c5184fb97 |
| SHA512 | a13ca1fc54e3d279736ad5715bd20c3469f49b1a2979e567beadfb60714d770fcdbaa6e7ad6c0902f61f98bf0215dc6090675b01ee73ddd5e135771f08115eee |
C:\Users\Admin\AppData\Local\Temp\bcMu.exe
| MD5 | ddaa38e369fddfd902cd879f82dbdb0e |
| SHA1 | e5f423480f3b62271e3accb28810b41609f2fa17 |
| SHA256 | d21dfeffe3804ab41840c735aad69e6bd6c5e05ac277d3fb72d328d761b3db52 |
| SHA512 | 780f52c618f70b65ca1240070d33504b2b496264536c8a21d5854ac4dac76c1219e25474a30b914daacda67b81f42674df447c0bd1de6857b18320c449c99068 |
C:\Users\Admin\AppData\Local\Temp\hMMG.exe
| MD5 | 145fdfbeccc928f29cbde7381882c341 |
| SHA1 | fa56ddcd02586b580fbf3fe6d120f0be385c344e |
| SHA256 | 19a39f89143484acc122f8ca012cd1470c2230a703ff589d634037c48e3b2489 |
| SHA512 | 89d4031c46554fdbe3ac1afc5161178480e3b5e59cdea2834edbf2b73daee7115682c68e226b32f4a08d758e029810a937d74a6a540971d8462263f45a88611d |
C:\Users\Admin\AppData\Local\Temp\SgUS.exe
| MD5 | 234c8a7483423fbb20b97fda67c7079b |
| SHA1 | 9f4536d8af3a711315c3f94b45ca44485d008862 |
| SHA256 | 962481558916245ddac4e4203eac5879f030b53ff45277dc1ac1725f58f15e12 |
| SHA512 | d88541859ff0a0d4b574fbd8889ce439c29e0010b4ffa1ce7e75080b66bb3c1504f6d9d691397b536c9971760e5277a62f60e6ec1d1a370af3e0420fbe15bb71 |
C:\Users\Admin\AppData\Local\Temp\tcga.exe
| MD5 | 8c7809551f018c34a7d6539e5c56d090 |
| SHA1 | f79c363e26c27bca0988593e921dfc9ac807a001 |
| SHA256 | 97e31a908ff4ec687e63f2450f62208663e27bb5b9b3bba1f9b37280d0af66c5 |
| SHA512 | 0996558c7775844e39f303eccd30076cbadb07cd9f4ddab77f4279523a3bce931c59f5d05ceccee78fb8c59dfbd42f44784081cae68fc9404b5a5cc0cd5b634e |
C:\Users\Admin\AppData\Local\Temp\bsMG.exe
| MD5 | 37010f0b15d0ecf3cb3d879d753f4475 |
| SHA1 | 33edadda10036e27fb1487969726085f5d461c29 |
| SHA256 | 5625ec08313a1b64109f1c7a1054a9894ce9e43ea9d1d190f212eb16a502616d |
| SHA512 | 92743d34f55d907a30ed6460c1841a5de96a7d0e138358eb1f7dc173082ca09f48a2e8643d118f60d384b1be7767d1edf972e9f00b74ac066dc851ce97afb0b7 |
C:\Users\Admin\AppData\Local\Temp\XcME.exe
| MD5 | 9f2de801f34135cfdce6d88e55c7bbe0 |
| SHA1 | 196cc2cde8c53afdbcd10bfe7387b4de7662b52a |
| SHA256 | 3c267fddac6a8f4a427f1f2db0cae403cc701439df5af200d7de8013e4a156a7 |
| SHA512 | 62a3178b359b87fd48175b42cbbd2c0e6abcb91b71fe6111c843e559a1950a864d2c494bf81cabbe225cf473d249f841d96f9bef0f515810a9265c4039b020b2 |
C:\Users\Admin\AppData\Local\Temp\xIMu.exe
| MD5 | 657d7627c51a99dda4658210a7038cab |
| SHA1 | d77d99998c7371765daa53c864d19b92051116b6 |
| SHA256 | 45ab2a8f5e94ec27337987f34fe0353c0ced2e90b1765f4507d65add7018b199 |
| SHA512 | a378f296d76e3b1d6bfd0a9d3245409764dacca1214de92bf2e32715b065913eafe909a7e4991003a73b7800f501dbfb2d4f0d7e189a1c63b3308a705576caa7 |
C:\Users\Admin\AppData\Local\Temp\XsEI.exe
| MD5 | 76a5448bfdffd3227166c13b85174c07 |
| SHA1 | a7ab4bf8685b04b1b27cb9e2b299abbf87cad078 |
| SHA256 | 71b745ce592aa3c85a1523c9d0fc41981c4998c2466af66de61cd507d3838417 |
| SHA512 | 2dab2fd3d8cb3cccc59c1d45652fa18e34eef7efe16f8215c2c06def6a5cdf743e6e79bbd2e60bb36deb34296932cde14f7659878406fb2b7d73cf0535a663c1 |
C:\Users\Admin\AppData\Local\Temp\Rkwq.exe
| MD5 | 6b2e5615613dca07a0ab22cc4d77abbc |
| SHA1 | a512cac9b57740b03fcd164d5d5c2b968d3f1b59 |
| SHA256 | f86d1ed2cc0cda270c5ea380cc82adbd0e0c01f6c5afd804fe320838acdf6bd3 |
| SHA512 | 7abbc5668d9246dddb5047f41187e909e38041958d4bf1ddb0e72dbbcdecbf8e7976e2ed63081e155469c4c06ae738abbcdb8f14cbac882107645f20e8c99383 |
C:\Users\Admin\AppData\Local\Temp\wUoy.exe
| MD5 | 83fc1d50e78dcbada57e8dce7fd47719 |
| SHA1 | f9d3c6fe9c4722921dd949fbd44d77d3d64b7055 |
| SHA256 | ca2711969a2f6d2bba0b085100d42929b33c077ceaf18c8b885b80f266819f38 |
| SHA512 | ad5c7a3ab2bb9c3fbf789434e095ef61b3c1691c005cb75dbece1a91df586c6a157c22c71ac4409762816bd59d53ce2cba8caddcad1096e7c50f8a707b89cd68 |
C:\Users\Admin\AppData\Local\Temp\VwsK.exe
| MD5 | eb58e6add077212cf596b37ebec57877 |
| SHA1 | bbf1380933bf00ecf6e8d561b783f80accf4b5e4 |
| SHA256 | c2aa119ae7c1d0bc05d8d73702ce0ee0beb14e544df971a6224d8721e30e96fe |
| SHA512 | 3be785c826265b21b5aa5b3d46e825922ac8259308bf968471320e596f184102bd6da13ec06382d7f27b5e29aae2bd3fa8bcbef5965629c814e537a031df751e |
C:\Users\Admin\AppData\Local\Temp\akAe.exe
| MD5 | 3783b0e6a8f16cbb035939314c8abfc8 |
| SHA1 | a49b22891c69e3da76cf9da92d9f2a322e0da32f |
| SHA256 | b9fa6312f86a7bc78a4fd3c85ca50722414e6557403dc1189ebd213939d6373b |
| SHA512 | 03d311b6b24f78efca65a25ccdacdc9ce4c7a6b16c3cb5395dde136de2eef0cdbfe8f1454d6dddfb2d802915583da9e809e72351e3b3dff13edf8a2df34ae680 |
C:\Users\Admin\AppData\Local\Temp\ZYgE.exe
| MD5 | 63a90761e1627502cebc60e67cd770b6 |
| SHA1 | 56aceac2c6b6c49fc208be373ae4684b5ea9f646 |
| SHA256 | 75771ccab5b569ead8d46734b9ed66fc85bb0b5c26178ef5678ca90ee2e234f9 |
| SHA512 | 791885eadb7cad94291bb1213bf4ba7df46c27cf2e2e939e3e251dfce00c853f8bd5fc154bb836c1a2cc6f3a3a9a8501d17427ca17e35f576695f8a21dafed1c |
C:\Users\Admin\AppData\Local\Temp\EUIY.exe
| MD5 | e8fd9888c9faf690ad14efc1f4635289 |
| SHA1 | db841acd2d164e240f10e7cbb9e34d570b2cdd1b |
| SHA256 | a64ec6ff9bbcd4cc48970c1c628db8da41bd47fe1af10ef01d08aef23ad6417a |
| SHA512 | 6674d4ab4d7ee511796285aac83861d770deacf60708dc7ccefc39f499dd6af503aa7cad80776f53462ab376cc43819dc142078c2b4cace2388b425dfadf57ce |
C:\Users\Admin\AppData\Local\Temp\hwUy.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\ZcYc.exe
| MD5 | 9112e389af34e1a2c7036abed2f153b5 |
| SHA1 | 52a7bc502f9961407d08b541ba37103254d4b205 |
| SHA256 | 5252259f5d2382a48f1c3cb47543d43752c77904d5621dd9bc89eefb8882204f |
| SHA512 | 65c32adc02b6de944940886c471c502b64982dc757a07212dd5744d3da19ad94026a5251a6b3e9931eddd3d7b4f2f532126fd5cacd5d2a8392346fe25b986045 |
C:\Users\Admin\AppData\Local\Temp\jsgg.exe
| MD5 | 782e9c84716c5b3a7fe0633e64b0759f |
| SHA1 | 978e863e61764cbfa4acea4216a8d32e6248bae0 |
| SHA256 | b9f68b6d676d60d8be101ed0fc15529f1173f40ef87ff085e68904e3a64ef724 |
| SHA512 | 936daa5b91c107080862e01aabf6519e6a0c61f4fdb68eb4d3ba23b4e32465332c6a04fcd3f7f76d7976e711c2654ddaa41b5fc2d26dc2fbbfbcecd41c6809c4 |
C:\Users\Admin\AppData\Local\Temp\NEsE.exe
| MD5 | 457bd54205c9873ef9fdf9fcaa1e5594 |
| SHA1 | e0b06fac9b151e5a606b40aafadeb8f0007624b0 |
| SHA256 | 0031c6945ab5cdaad8c1bdf4dba832e1dbe5731d35eb5f7ad140fca198fda7fe |
| SHA512 | 1f621e8cc541ebb9e1d3bc2621666c4588d75c1fc443ab06e99f045c982158e3a6ccd0105433a0a6e3b0e0e5c2b1f3ef6dcc6dc62ccec23e278bf228e7083f4b |
C:\Users\Admin\AppData\Local\Temp\vcoa.exe
| MD5 | 71eb3caa28e868ab78e6373eda527ee1 |
| SHA1 | 6ec5cc4ee3cf8cfbf90cbe69637d4cce441eda24 |
| SHA256 | dfb5fe8c732972b960a42688ba4dcf202cc15f27fcc65a6e395d024f642c21b9 |
| SHA512 | 7117014b5066aeec7797ebb00aaa76109b9ff81f1b60f29aac7c58c13740558b87fca4542bb31e005672c0ebb503536affbc7f4f1f53153a2a24dbdce77de4f8 |
C:\Users\Admin\AppData\Local\Temp\eAYW.exe
| MD5 | 4373a6efe4e3ceee67b894730aa8d640 |
| SHA1 | 69fb8614dab88cebdcb8117a77b1d461b9ea2906 |
| SHA256 | c78c7995f9f1526b283262f9847c357e1c13d99340746a8185da81a4fd37428d |
| SHA512 | 8cbfee00d17a10244fc9434ddd22b6fedc30514b75c6d94a3722bb8370dcf624b713ed2018bc7bddb34bc2c1aa2b0fd29803aedeac103758a848ac196ad85c73 |
C:\Users\Admin\AppData\Local\Temp\ooQO.exe
| MD5 | dbb78b1fa844ba478dc96add9f9bbb46 |
| SHA1 | 10f93afacbe30a179beab69aac239bd64d7465cc |
| SHA256 | ab3f5b432217cf9b89ae9f4e345126c5303edcef8df110277c9c2482b5ddbfdc |
| SHA512 | 3fc63f39cd2c0bd0b73374059276f9e0f0141df2c4b45dd7983766327566120218246ddede513ea1926d4dfe8818a817ad0172bd9487bbe12361f772a6499d76 |
C:\Users\Admin\AppData\Local\Temp\IoUe.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\dQMA.exe
| MD5 | 579a866f7d3e503694d385c2f361443c |
| SHA1 | 2475c1e910ec8554833a11049057d24c68baf536 |
| SHA256 | 150edb794220d71c1155e46d050fb77ac043f262949c0af8f2743bbce10c84f1 |
| SHA512 | 1cc81264efdf774ce2038c1a1b7a6677e898745980e36a81a098739421c6a4e222d97eba04974d63f97771830c8ba062c6e371cbd02c8c7404806627a91f22be |
C:\Users\Admin\AppData\Local\Temp\PYgQ.exe
| MD5 | 22cb0d11c6f9062441c89ced56b4b933 |
| SHA1 | 981effbe285ff11165a89cfb87181ff39df5d96d |
| SHA256 | a08d8fc7b1dd1c260c2f3647d892789c576f650947276e961e168cf8faa7bded |
| SHA512 | 476d8c5462da62a43ec1fb7add9412ca917138aa012e9494660d7aa42a8c23c7bc0885d50f7b5f54aad536c8340db01033880ea4cdecf0beebfbc3e86ffa28e6 |
C:\Users\Admin\AppData\Local\Temp\FUIY.exe
| MD5 | ba8d4c418b89aea1ee9cd0d9ef4f32f9 |
| SHA1 | 8b58a2ba638392492714f53c9b755990b857c3ee |
| SHA256 | ba9cfa58be1144c2f1a2f996a922aa1dc47edb670edfa6d3b3d90391e78cc72a |
| SHA512 | 6720b84247b33725fc919a99c8d422578de45234e5d01bed6980457bc959b9066cd0c87dc2d6d2951769908401af162e86c615fff03e1b67099007e0b9181683 |
C:\Users\Admin\AppData\Local\Temp\sYUy.exe
| MD5 | 9c593f9b8662ca12d63e9a7fbb11ce14 |
| SHA1 | b0a8a5679631d8183e0810c3d8255ece1ddb0cfe |
| SHA256 | 1e90e385cbc5ffe1f181b3ad8704181e7237bf93e2606cd7f28736cc6e7124d6 |
| SHA512 | e995e7e00e3090ad9386da8e5ca0093cfb584f3a6dca6426be18bb81230197472242f4895a89ff2dc96af10ea62eff84e744a1e33d4eca13afc28d614a6eb0eb |
C:\Users\Admin\AppData\Local\Temp\kQAY.exe
| MD5 | 93af4ed1e72aacb3c3b07ac491dbecac |
| SHA1 | a500f00ff9caa742a3dee9b92b577655d57a8389 |
| SHA256 | 5e48a3cfbb7c959a5e41a65a7a0d6a7bd3b686f490a46ff161590daa212153fc |
| SHA512 | b4e1fb933ff7601584763329d60586107b92e3a55beef5fd194afa452279f898084aeb3c4057c543ea4b480db88acf04d6b74d19dbba4bb7374e94521d96f78c |
C:\Users\Admin\AppData\Local\Temp\WwsQ.exe
| MD5 | bb5f5f5733a9ee27b3202619ec360015 |
| SHA1 | 9867bb8c7123c94e2b07f7cbcc2437df91df0d8d |
| SHA256 | 53270d24dd760c297364c67d3d64ff1885028a8cac9b129d1586ae77153cee83 |
| SHA512 | e8fb57d451660ad9ae89bd4dc0cfe68367f60b4097c17319b361ddbc2cfed0e9703f0765c7356e45465b46c7bbfae4475af167473e97bb90514335c57531aa39 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 796361392eb02c107d03514514d97194 |
| SHA1 | f345cb50877186f65192ab76a50f41ebe692b3f9 |
| SHA256 | fca73909bb81c5a27c52ff82426b2fd18b29f092c47f724323f1d3979979d592 |
| SHA512 | c0acdb7a00c37b6b9dbf4b21d7fb53494fda18e96f3edf16fab3f038c9d62452365358988297dee79d1e1ab1335d8d2fe2e0b66cf87440d5e40cc27bc47e5b04 |
C:\Users\Admin\AppData\Local\Temp\SooA.exe
| MD5 | 57a530804749bc7c2262342f4ee3abf6 |
| SHA1 | 2706ef6a33c58a9f6d1c31b04fad416fbddcfa9c |
| SHA256 | 02d661113718badb9a5fe4fe27eedb400498e0f3ca8a0f47fae59f26932d853b |
| SHA512 | 1c8bd7279fb550740deae1b3e415cbb427a0d8195d61cbafd3582095c2a530cdce00f055f2e8bcae46d8ac8737c3e01890137093d3b2d553eeda47184955a419 |
C:\Users\Admin\AppData\Local\Temp\lAsM.exe
| MD5 | 3e46e13576449cc8c71e2d050ca7b175 |
| SHA1 | ecb3fa4add0c470f1a8505b034805c4933c020c7 |
| SHA256 | 1760ac4a5f5d92203915c809270ce457769ec2b19f467d5a1ff1e72939209e63 |
| SHA512 | 764b83c770b13239604f642eaaea72346fd3b10bac8bab73ef0b17ea742f7e410b76730a24d47b4614bef0c401c8a01e7098cb4df6944bfc83f653ee4367b481 |