Analysis Overview
SHA256
324d5e5bd8f3bfdc812a4728bd2d95aa68ce1d52a476e73b3abb2d0fe3808f00
Threat Level: Known bad
The file 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (88) files with added filename extension
Renames multiple (61) files with added filename extension
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 17:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 17:48
Reported
2024-06-14 17:51
Platform
win7-20240220-en
Max time kernel
150s
Max time network
120s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (61) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe | N/A |
| N/A | N/A | C:\ProgramData\AeYQsoUI\aokEwEks.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ggQMAIcg.exe = "C:\\Users\\Admin\\FiYMQcMk\\ggQMAIcg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aokEwEks.exe = "C:\\ProgramData\\AeYQsoUI\\aokEwEks.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ggQMAIcg.exe = "C:\\Users\\Admin\\FiYMQcMk\\ggQMAIcg.exe" | C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aokEwEks.exe = "C:\\ProgramData\\AeYQsoUI\\aokEwEks.exe" | C:\ProgramData\AeYQsoUI\aokEwEks.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"
C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe
"C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe"
C:\ProgramData\AeYQsoUI\aokEwEks.exe
"C:\ProgramData\AeYQsoUI\aokEwEks.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CYUgooMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iKIsIgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MKggIUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TYscMMoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWAUooIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RcQAogQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VigsYgQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KkcoEccM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CWwAEEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iKkgkAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCsgIgss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AIAcoskU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NiscIwkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bawQYsQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XWsowIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwYQMEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\waMoQYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yGwUYMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oAQYgsMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Cyckkwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fGskUEcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tokQMwMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEMooMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pksccwQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fKkEAAwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQUYUUcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qWUcAcAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MuEcYQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qMUQoYkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\paYwMskA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\reggwIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LOwUQUQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NIsIUEIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKUcUoUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YYkUwEgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOAYwQQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKUAIIwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OqQAIQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQIMUcIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lyYcgkgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkIYskIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWYAQooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GygIsAIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGwwsIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uYUUIkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AqwUIEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcQcgUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PeAoscwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\foAsYswo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HAgcwUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwwQAwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KUUUowsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\amQcMwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cKooQMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoEMsEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LIskoMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FsIQUAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vykQEcIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcEsEIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lEMMAQEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qcEUAAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUYcYUAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gAcAQgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQUgwwQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWYgokkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FcUwIssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lekMswoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PMAMkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MawMcIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wAgwQQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qasoUUgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcMIMggc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tSgkQwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NOYAUcEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DOYcMUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TYIEgUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VcYsYgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUYsgIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KycYgcso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AAEAwocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iiwQAgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PMoUUAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FoUIcEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BWkoYIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lIQgkAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KmowMQwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SEUYMwog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aqMkkAgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yioocoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LyUYUEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xEIwcUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rekAIIMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tkkcowQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oEIswYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAosEocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gSwoosUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XkIUOgYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vSkIAAoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\POwsssgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vQsAIkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwsYUoIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GwEswIMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\usUYIYMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cogMsYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BusEAQMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwgAwIMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWMAEksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMsoccwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xQAUkQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIgYgYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoQMkkUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ImogMkYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGckYsUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWwcIQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jWMwkoUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\deIwMgYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fgMAcQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAIkkAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCoIQYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MkQwIYIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CmIgIcUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sSAEQggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bMokAIUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PikMYEYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hOgEkYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XAkwgYck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmQAMUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIgUMkAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MucoIUYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\suAUsoIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUgUMoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AyskIscM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAoogQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsUgAsUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zMgIAIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGogYYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QUowIgAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkUQAQkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2860-0-0x0000000000400000-0x0000000000435000-memory.dmp
\Users\Admin\FiYMQcMk\ggQMAIcg.exe
| MD5 | 9451410877438bfda4c282d108a837e0 |
| SHA1 | e8e9d61f22a5b98d3f1600f8c4a1b8f5c8fde3eb |
| SHA256 | 9f3b933436ee0019f46c3e0e7ce4af6091a37539ad81085d9def852588f287b5 |
| SHA512 | 4e51807c32841f1bd8f5df08bdc04ed2905e6ef771c1dd5b87eec5ef7c1ecce0a360aeb34d62ca3bb05690d7dc32d55a21bd471442ff6dc3f0d0f97c872bd4e1 |
memory/2860-5-0x00000000004A0000-0x00000000004D5000-memory.dmp
\ProgramData\AeYQsoUI\aokEwEks.exe
| MD5 | 85f6035374639c46d83f24c45b0227fe |
| SHA1 | b7bcdaec7deec3e232f94daed53ac6dff3e68d55 |
| SHA256 | af6f86c826b6f4e7473d1a227ac0dc69bf4f4597acdf103474dc1d658d9137c9 |
| SHA512 | 717779d606f0703ba766367b373565862ada0de9d0b34108b07267cf1b754913206a71ae06cefff2855a75c15fa79166feef55e8c4098491bb6c40fefceffa20 |
memory/2860-20-0x00000000004A0000-0x00000000004CF000-memory.dmp
memory/2252-15-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3024-24-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MSsUEgMg.bat
| MD5 | 42aef8fc3ef804de95e5e0467e364721 |
| SHA1 | f735f4dee86520cc1271daeb6a12abab185fa768 |
| SHA256 | c3aec8f127485392347a3b7f846ce4eb94174331f6ab2f589dfea1c1056774f2 |
| SHA512 | 48ba8ff2291f5cba819de0b99a460252229e5b1ea5e92663b0c2d52e502d3ac60f309281d8d016f62b7c1aeb57e477bfc9cab3c15576b3e5989a5f5ce68e71d0 |
memory/2796-32-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2648-31-0x0000000000120000-0x0000000000155000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CYUgooMc.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2860-41-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
| MD5 | 4b8a9dc8daa40ee3fe9ca2406b0a6201 |
| SHA1 | 2209e19a1af6e0b4ef96632136e449635e3585fa |
| SHA256 | 07d3aeca5d09371344e66abd6cdf2151d2f05d84a568d31307bec54ef850600c |
| SHA512 | 63d8df0a7902bfc6d83697aa34d14f70ded087591a0c534ce68e2ada936a63609344b6e717b9e09c736c8e2edf371e83837873317d21ac1b20c1fe40f2617cc3 |
C:\Users\Admin\AppData\Local\Temp\eEQUQUwo.bat
| MD5 | e92e38777024b4f23dc5ac3675de7b53 |
| SHA1 | 1febe5d3c84f22e31d798cd96b445a6c0763a80b |
| SHA256 | 379082a56cad1646f5b56feb28aa3831a229d75b417233a8ea391fc7861c4102 |
| SHA512 | a7aff69a0236c1d1d79bb167e2acf45b7b8aa5ef0ce0369cea349053f48b15fb69bbeaa83717ac505ce221b2b53a59ddadc0764658d3400eb96cef4f5daebd44 |
memory/2452-56-0x0000000000270000-0x00000000002A5000-memory.dmp
memory/2452-57-0x0000000000270000-0x00000000002A5000-memory.dmp
memory/2616-58-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2796-67-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iYkwwUUs.bat
| MD5 | befa18264f7f370b488deb6ecc6a03df |
| SHA1 | eb32e78951d888f8676d20fc90f70cb8bda139a7 |
| SHA256 | 178a267cc23a49cd625250746526c989578fa63314d7e5803c22e0e3b6dd6f6d |
| SHA512 | f9862d26453cc88679dbbe6e08a177599f18aad84b902a30030dd08c69c053dbdb0078417610274f20f1888d99873907fd7ad29267c7919c81cd20476d67c912 |
memory/2128-81-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1860-80-0x0000000000130000-0x0000000000165000-memory.dmp
memory/2616-90-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eEAAEQIE.bat
| MD5 | 7e74df57832055aa57e914815a65aa5c |
| SHA1 | fc99df96d52c49718fa3113cc5de32c3062eeb94 |
| SHA256 | a0acafee8a52f20805d0c25258da56126dc333f7b1d24b0f12a0976d3852fa65 |
| SHA512 | 3393d77fbfe47a2b9edb4c75a910c4ced228d2790512bf8db95ae6e97d806162f64c2a4315a8413385c3bc99f3b34a4c477eae7681f1ddb7faf5cfc5aa61ce7a |
memory/576-104-0x0000000000130000-0x0000000000165000-memory.dmp
memory/576-103-0x0000000000130000-0x0000000000165000-memory.dmp
memory/1396-105-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2128-114-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fAUwAcoo.bat
| MD5 | cf491458fc72ae025cb82b8e26d217a3 |
| SHA1 | 11c04c5f78beed3c61892f2944cd21b3873f1d68 |
| SHA256 | 5c721c712cd7e7def7c3a40b85500cd8e07b9279cf7b74a504321c77d2cec349 |
| SHA512 | 9d0dc4334d61864356aa0086873466eafa4abc965faf67d75b8971e020d9c6c82029cafb62aaa63be917031d56d5bf529a77a9df73b6d23e2878b323b8e418a4 |
memory/964-127-0x0000000000160000-0x0000000000195000-memory.dmp
memory/1396-136-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\heQIQIgU.bat
| MD5 | c74d1bc129b60129cd556a802d821ba6 |
| SHA1 | d6f2bb49dc31253518ebf49d10f6ad369ab4905d |
| SHA256 | 5924ea6961c5bbf4a44e03bab22cca7794476ff0f2bdc5a4db0902608c6a09d4 |
| SHA512 | 2c6c57329bb4b8061d78a443a6f3aee6ebd1d07cde452928048d38349f6d14ee13db6a3170811f3b6de7155b3ee5631e5c0586ef0faf5541f377201d5f12bdb5 |
memory/2068-152-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1220-151-0x0000000000290000-0x00000000002C5000-memory.dmp
memory/992-161-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DswAYAAs.bat
| MD5 | 9b36316e272c6d892e38cda0df85dcb8 |
| SHA1 | 2b5bb31ed6bd4c7bc42e60820cd2ab2c80d28d9a |
| SHA256 | 2ccd07988801c374d5e2af7a2bd1b8fff0ca51c151ea6af06254ceb43124f932 |
| SHA512 | 8c035368541ca5b246e0ef3b4805015d68a0568a257a49057e4a1079361e77cad346783783946b530588c6e4829041ba8c39b4df4da91e1854743a6e42d850ef |
memory/2556-174-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2068-183-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SYEsMogw.bat
| MD5 | b54f11c6f99b5430057ac8f2141bb415 |
| SHA1 | 79c946eeed0ff1cfea1fcc46b9c6b70536b2806d |
| SHA256 | 2ea0c73482a5e7e2883c70ca221b13f496156fd649de83922b8bea4f64b9f12a |
| SHA512 | b1dc86bd00177a1d7264132fa1640659ad133eec0d9211ec7bc8843de764bc7aa703855dd4c5994e2f584b2020db96505640c92964e7fc3e97a3208adcf5c6e6 |
memory/2176-197-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2672-196-0x0000000000260000-0x0000000000295000-memory.dmp
memory/2556-206-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oGAkUAQo.bat
| MD5 | c6a420e5862a873a3b4e1331a944c1db |
| SHA1 | 90770780f52b08ac5153e83a47d86b7360c79bff |
| SHA256 | 2b54174298824ad1b299194c0b10b1eb79f7679ad3bdfdd2becc581bcc783659 |
| SHA512 | c8bfad5f7847fee244fa5690a8122ea8273ebcc657157c3c2072bebbd304e99c06505343efcf37ef259aae2efed0078120814cc906f6f02e59ed709bf4869123 |
memory/2616-220-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1568-219-0x0000000000120000-0x0000000000155000-memory.dmp
memory/2176-229-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QKgcgQQM.bat
| MD5 | cbfebe7c25313e4888afad1e97ecfbe6 |
| SHA1 | ffedfd2f838568b35e81b1521260e1967a559a4c |
| SHA256 | f5f560c594284e1cc4681fe82843da5dfe303cd09383c79a2f3dca3ce1a46704 |
| SHA512 | 716f879a9ea168fa6f5d602c6c21e74110e67d88f78e5421be45f3fcb2e53bc91ea70fc497a74691f99a750f46fa2d3267cd7609bfca0a9cd61c091626eee76e |
memory/1432-245-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1412-243-0x00000000001B0000-0x00000000001E5000-memory.dmp
memory/2616-254-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OIUYskkk.bat
| MD5 | 19e7ec84a4effc3f70652c14fbb3121b |
| SHA1 | a3189f64848d689538d1fa2b952bc029d7ee4270 |
| SHA256 | f8bb3d618275a6d5a810517dac7075055bb90addf30e6b4d94033fbdf1271843 |
| SHA512 | be671faaf497e30c9b822175cf90eb5fd58f240f4ce3f059f510e19a4799fef04b874ff0112073d3c8e7551505cb719c0ba332dd7931472eb889ed323c914383 |
memory/1540-267-0x0000000000120000-0x0000000000155000-memory.dmp
memory/876-268-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1432-277-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UUgUMkMc.bat
| MD5 | fd2c102a1cbc7e8405f14eb5623fd8ad |
| SHA1 | 997b2b806d5219b1a45b7e72a5dd3102d0a29150 |
| SHA256 | 22534e2be894bba38e45c3d85d7f978c0853a438bc3c69ca32c163422e457fd1 |
| SHA512 | 05a46b1a88279b864cba48c8e4eaa2f3a3ccc1b72f4834341541e432977e7fa5eb56e590da8a98eecee60ac8040744b8f631ab8cb1d7d47e8e75b55a180aaf27 |
memory/1676-291-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1264-290-0x0000000000120000-0x0000000000155000-memory.dmp
memory/876-300-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zSIIgUww.bat
| MD5 | f32a637d77f1e387863034e2cc055302 |
| SHA1 | 69c796e3906c3b672e80114cd9dc490bf13d0343 |
| SHA256 | 7f7610cdf824b64ef907c848504b11b4bd3f626872dcbe9b5b099f5f213ed26d |
| SHA512 | de64e9d2e0457cb12429bad8e0637cd613522774a87be72e9abb7b6afa15227f2d42b3fbe59953007b46d1b5ed9fa90bf71bfed2ba06ad588a0c810000d501ce |
memory/2684-314-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2708-313-0x0000000002230000-0x0000000002265000-memory.dmp
memory/1676-323-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XaAQUAww.bat
| MD5 | 2b23a6eb44cc6c7cb21da4f817554a73 |
| SHA1 | 45cf7f352769749a5a9f2d29eddedcfb84a73675 |
| SHA256 | 706d94e6dad4de75450186f0809df437e31af97aac3ccd0adf6aabbd5a01a243 |
| SHA512 | c14408cdbdfd989af87db43b7c8e81872cc221e159f55b2c8c211ddcb274f933e8d774142f13228ebb5c84f40a18f8242231fbf7fa6444461d63987533674e92 |
memory/2276-336-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2684-346-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RMwwAocM.bat
| MD5 | 2cfcb493f0803372f23bbcf8e58981d7 |
| SHA1 | 6a4fb354f9561b8ecc3016ee004b9d8cde5a5906 |
| SHA256 | 137277a43c1801b3a7ca1270808bc82170c51c7b7d119ffe44e9d83d4a136347 |
| SHA512 | 4cdc20a235ce95ba221ad545629ec39c7093724992c1ee841a136a7e92758fd749166a16225fafef8e82e3af1d517f9a352951a5a4dd9518fd4ab5b018fdc7da |
memory/1456-361-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2196-360-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2276-370-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lwUgwEQQ.bat
| MD5 | 3e23c0d3f99ff4e4a701289471ffb2a6 |
| SHA1 | 5a4507f12439350904ec636402d8b5ea81da7b25 |
| SHA256 | 2c3d20cbcae111cbc3e6f475b6f1d92e780ad0de860f11c023ef05ac11b5aa7c |
| SHA512 | 3340953537beb77b12c04edbea2f301520f0b0d8d368f7fc3c63f37fee4d5831990ad1eee2656c7e462ff2e2dd9b344bc9bf6e2a100f61dc3a570fd35ba5ca91 |
memory/2756-383-0x0000000000120000-0x0000000000155000-memory.dmp
memory/2756-384-0x0000000000120000-0x0000000000155000-memory.dmp
memory/1456-393-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CQssUsEQ.bat
| MD5 | e5db48c94c54a05b263d6f2555137cab |
| SHA1 | 6e95ebba6ea193652901d095963bfb3681e15194 |
| SHA256 | 9f1e6abfaa0528c584604c814df1fee89165d753cd52f72ea81bd08dc4472bdb |
| SHA512 | e1e85dd7444e699412026ee30abef35d76d1dae7c88a57df54195b0bb85884ead511db1ed41028b1f9d2f945237cd6cd22650c0c40f8d195028228b3b8c26c8b |
memory/772-406-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1720-415-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CIUYUQcU.bat
| MD5 | 901e0bf86ac8d8dd159742440c86132d |
| SHA1 | 24d9e084118ef8a478f3c273918c3880694df023 |
| SHA256 | c4d7eaffcb442755b514860f2972332c200ffdedfa654da570177c5814a0ecb7 |
| SHA512 | 30a183d7010043937c81653d4eb0da8a9bee875cae773eca7f4cd6f3981bfa920552c93950b32d5e532590b684e9a963ed91c720a7aa474e86d3e9e84727735b |
memory/1316-430-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2268-429-0x0000000000380000-0x00000000003B5000-memory.dmp
memory/2268-428-0x0000000000380000-0x00000000003B5000-memory.dmp
memory/772-440-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EmYAYsoQ.bat
| MD5 | 8c2e3a0d2aabab72c9a61bc884e71d78 |
| SHA1 | 623b85ff2c9bd817022a5d60fb7facbb6e5ee754 |
| SHA256 | 11d287454c3749cf1d293c6963b49945b21b0084a919cde6b834070ba8f7920b |
| SHA512 | 4258a696aaf4e4f58d43b6a35b54d1df628a7bb13059f41673156fe7db5740ba399d1cf8cdf79cb987a5bf47afdad2e36e5b7662ee24a39a04598f41e0c001e7 |
memory/1220-456-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2504-455-0x00000000002C0000-0x00000000002F5000-memory.dmp
memory/2504-454-0x00000000002C0000-0x00000000002F5000-memory.dmp
memory/1316-465-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CmAoEUEs.bat
| MD5 | 5b88610cbb18b827f3f952724537e775 |
| SHA1 | cb1d465a637388ac862c0cf5519f2ec87c210125 |
| SHA256 | a663e050c0f307c9e23e69d8201cb57be68849bb22d5dce78de4ccbbd43e322c |
| SHA512 | b72a3b532143ff8f5986d366c0ac2b06939c3e427cfd58d7fd38e97fe8bf6384c326bf846cd04ea62d113fac73cffefd569cd91892fba5c44db4bd89916fd153 |
memory/2960-478-0x0000000000180000-0x00000000001B5000-memory.dmp
memory/1632-479-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1220-488-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GSIkgUUE.bat
| MD5 | 89d09fdc37f14776d4a34b9b42339df1 |
| SHA1 | 2553aa2b03e4bc20cd0009d597186189d38b9b88 |
| SHA256 | 237133b861c8d50e301a0cf220b61a206dad906bc005b37fe9b763761b8f2056 |
| SHA512 | 1e456e33a46fc59eed82776ed4f2237b41af7d64e553f0d88587022a28a665e075699b4322cd00907751ea60b6662c5038cd1d3d091b80016f1db60762781eb0 |
memory/2272-499-0x0000000000290000-0x00000000002C5000-memory.dmp
memory/1632-508-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hqcwYosY.bat
| MD5 | d33a8b663298cfea67fa1ac3d79071af |
| SHA1 | c0bb2fd3eddee4acefd1be922f975fd90b0b078d |
| SHA256 | 14a866c9259817a30388fa9b2ca02345f354b2e6ca714078a9116c94102d7bac |
| SHA512 | 4cde493687db90bb5f0870501d11938e15da216831af4dbc9984bc3aaf02b3c2a34ecf03a7e590d699c5d06e65847211623a8d753590a7871d27d9bf09fbaaf2 |
memory/3032-518-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1856-527-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xKAUUowc.bat
| MD5 | 6cc099ef466b399fd383af579b099cd5 |
| SHA1 | b59bfd8c948e458f439db9ee3e9a9c376c6d67d8 |
| SHA256 | 2c22d050938226e97a23ef282c84ab89defc63802c802d143850fa2ce18adfbe |
| SHA512 | 3ab3df8cfa3c0ffa89d6a3473ea432e6fd860c0562f26d3361b75d30f5cc3b1cde81cfce01daac10bf3cc3a1ac38fa0fa7d7ec718c6ddc322944a7d803a5ece5 |
memory/3032-549-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1344-540-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1484-539-0x00000000001E0000-0x0000000000215000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RYMwEEAk.bat
| MD5 | 7f8d5c88f7f6476219f4d09b1b35f23e |
| SHA1 | f269ad6307d151a98900dd7358675d104d8dde56 |
| SHA256 | e81a01e31777ad0b3c2d16fee48f3dd161362aea1bbea89e50afa166603c3362 |
| SHA512 | e58871fc9b17b6e28be0fd3e8ae1bd5fb0e93cfe7592f118cc348a3b324db895a78335a5f9fea2ef293b8e607b8f90cb06639e91df87cc7f7319f4442e348b10 |
memory/2920-559-0x0000000000270000-0x00000000002A5000-memory.dmp
memory/1344-568-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rCAwkYUo.bat
| MD5 | f23e91cc60c6d6aaed181e5cf1ea3306 |
| SHA1 | 486d8a25c38d523f109588c61b502f0e602aaeee |
| SHA256 | b4e097f105e26e7252ee2445f5221bd34d197e3b7e4e755fbf348c32a8cfbde9 |
| SHA512 | 8d1c509f1eef37189df626b1559d6f28ab4b4b1f6287349abaffd134c1f57a0bd07bf368bd479f38ce444be413d244f951c6dc8b97f8bec2b6894abdac2ccc48 |
memory/1868-579-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2664-578-0x00000000001E0000-0x0000000000215000-memory.dmp
memory/1728-588-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QqIoAosk.bat
| MD5 | 1e28ecbb9564d0e594b06f91b6449fcd |
| SHA1 | b3450336ea7217d3cc0d977ec9923a4ec32fb60b |
| SHA256 | dddfdc1749f91d93cacee81ab942190beb3bd317f0c3218795486424e164ff09 |
| SHA512 | 858e2d2bfae014648b801aca8f1ed54cca4741f9cab68dba815d7d15e8c72fd4b72294484f047ea54b4f751991cf073682fdee9428136b66548546d339e173fb |
memory/1472-599-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2764-598-0x0000000000160000-0x0000000000195000-memory.dmp
memory/1868-608-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kmksUoww.bat
| MD5 | 0a4ade978bd4644f14a16fc91ac51331 |
| SHA1 | 701c8f1e384a7716a891f5d5e089c12e03adf342 |
| SHA256 | aaeb8188ef262786b3538f58f6e68c788a71ae00b5a0a3fda7d332dc2d35ff72 |
| SHA512 | fcb51deffab6436d6fb2eae86f6ec6059d9cc4025cdf877ef9e4378628e9aacc75e57b41e40ed4c0ef89503b725dd2d9087cf64eac9ca0d56c47c7fe69c37111 |
memory/1440-618-0x0000000000270000-0x00000000002A5000-memory.dmp
memory/1888-619-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1472-628-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eksoAQoM.bat
| MD5 | 1ce49d760124c6e8a2fe070534d2d5c3 |
| SHA1 | 97a14ae3c361fd15e80a791190f8b6cd610e6beb |
| SHA256 | b8335a17a77f24f1d1be946dd5ba6f8a1083a54d83143df82ddc69d669095631 |
| SHA512 | 3454513e0fa9c9d33acd49bc8a1f1db45a19aefcf8ff8814a19668bc1e75b9b0219519e86a0ed555238ae008b8970bf43cf6d2a219a9151b8a5c55ce1c75645d |
memory/2892-640-0x0000000000190000-0x00000000001C5000-memory.dmp
memory/2892-641-0x0000000000190000-0x00000000001C5000-memory.dmp
memory/1888-651-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1416-643-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AoMoIwUc.bat
| MD5 | eb1d39046124db0111d3884b4f4ec63b |
| SHA1 | 886f3379a0b54e709ab3c5ee164ee74b5c9607c6 |
| SHA256 | 41b3593613847dd63bc9fc7b8aab67c1ca2d4249a10d49cb41a870b5817d7490 |
| SHA512 | 05df51c969caac7900fcae29effb029696f37eb5c402469fcf28fb5edb7ea531d3f92b9a2ca931faeb96eede8f554916d45c145dc01104217231fe54a267bf87 |
memory/1860-662-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1984-661-0x0000000000120000-0x0000000000155000-memory.dmp
memory/1416-671-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eqoUEsYM.bat
| MD5 | 1e8b70703f6c207b070755a37bdf9654 |
| SHA1 | f1c83a5a9b8b698d0e4a2cbbdfc7edbfa907560f |
| SHA256 | bf575f600273ab67cca2743bcfeeb1d5574b95cad019f77dd55edab5f143a021 |
| SHA512 | 7d6f1e72aa01dcb9088576dfcb9f2cffe1b4a06a95e534b22e01cfbe40fd6a9a0f0a0723c0d526bf4ae367a03bc98f56e6fe22c97ff56ab3597d91ea71374b6e |
memory/3004-681-0x0000000000420000-0x0000000000455000-memory.dmp
memory/1396-682-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1860-691-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nEAAsYkY.bat
| MD5 | 2299b55f5a50785defeb42f7c8757704 |
| SHA1 | 460040098e6bd76013cb4692cbe83f5939957eec |
| SHA256 | 3ca5319e64804ba212b014b4f42c9d340669e3f7cc686aa137c443284f07d63b |
| SHA512 | 585a675aab7d50d7d2a5ded9422548c9ecc314b584afbd31a679e05eced6f297a76516c2952983384346bd907ce156a595be2f3d4bea5f52024527c6648ea59f |
memory/2692-703-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1400-702-0x0000000000120000-0x0000000000155000-memory.dmp
memory/1400-701-0x0000000000120000-0x0000000000155000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iocO.exe
| MD5 | c95e8ce167fdad67dea87af0cf5b9773 |
| SHA1 | 0af37ede240c0fa3fdf4ca513349fdad0b655c4b |
| SHA256 | b1ce0a2e11410b10cba1f835f25f853f3cfb761e31e2b3eea94366cea674ad2e |
| SHA512 | 2ce9ebf1755ef68b33c5549b3bd6148631e44e6caaf4fb637e74b61bb522bc1e265beba601c661cf574cb95c4b2ed13ee32a7e594ee77dcf1ff7420a77a1faf6 |
C:\Users\Admin\AppData\Local\Temp\lYYcsckU.bat
| MD5 | 9c9fc1c430ecfd0fc63eafd3edacf06e |
| SHA1 | ac70d1fea45b97a6ab8c93a50d73501a999ebf55 |
| SHA256 | 3f0310922e2ae3a46fb896681ae707e153bd26fe4ec7fdfaaae01b704d16c4b8 |
| SHA512 | 17aa472d9787baa036455267c8877be9a618f00b5a912b8d3a71a234a483e2ba911237e5bdebebce6f5786f160ee522bfdb38cc042221e33311644d1eb321b06 |
C:\Users\Admin\AppData\Local\Temp\vEkIIgYc.bat
| MD5 | 689b9e4415316d5bbdc2bea6988ddcfc |
| SHA1 | 8d7ee69e895dd682488cc952d6242601f716a7cf |
| SHA256 | ff24c3c3eaefa3455cd7c85f08f6ff3784aa98d6bb620fb3fa467abc5168c7b3 |
| SHA512 | cbe71ba8abf2fb03179e6542771b81d3517f642423cbd299572094773d5c81ef2657622544ea4654f2ad17de0c5f6b68bfae01b9d24752ef8c6e8147ea695f14 |
C:\Users\Admin\AppData\Local\Temp\HEUAsYcA.bat
| MD5 | abfcfdada576706fb99290126da2d5ad |
| SHA1 | 94307937e01e17aaf658d1615401a840957d5402 |
| SHA256 | 5e9b113b5bf17560812ff979115a1713d8747c069569e928f27f97cbb56d4a36 |
| SHA512 | b5ccf523de4922530f56cbad67cc445bf02f47d93719db8fb43df672f7a6e84366b257e85dc71f51b05c75a20f9f9dae765e189d2f7da114510fd4c000b2fb1a |
C:\Users\Admin\AppData\Local\Temp\IOwEAYEs.bat
| MD5 | 6476e07b60de82c57d79c40aee225349 |
| SHA1 | a2fb260d5b4d760d08f5c641d197810194b10bdd |
| SHA256 | f3a96236ed5047876f85a8aaae414a4c45d4c5c4d77256595119027c1c15eae5 |
| SHA512 | e6b83e95af31755a03e8395702fb0baefa8eccbd77cf3eb2485d06b71240045a60f0ee2252126ec537fa80b7c8abae08a3f940ab55dbdd5e1901c506fb989549 |
C:\Users\Admin\AppData\Local\Temp\mCkcoIoU.bat
| MD5 | d8e055968021344109631ab63a3eb440 |
| SHA1 | 423585bd11e63f883f08392748dcb79b594b17ea |
| SHA256 | facae04f23799693c1e613456b627e6ef1232102d5630ad408443c8fcdf342db |
| SHA512 | 1bc123e05b5e3f4d42ec91c90ad32bf36cfc6a5067cdbe9356a5ba0b34e09ba727e5aaf95467002a5b21b8243d8585c3b8b8645b9ce45e577a1037f7530da436 |
C:\Users\Admin\AppData\Local\Temp\aQkoQoEE.bat
| MD5 | 15553e75236e909e7dc2df16690d3797 |
| SHA1 | e239be82b035054cdff2b777cdc6a602ddc2127b |
| SHA256 | 002c6bdb8e981f58c6eaa5ea3e9c334bebc97c5b952807f84915316f90ed4c64 |
| SHA512 | 69008f33fba9dfe3e0a7c8306a32095ea90712d99dcadc6320c20a4e4f123845dd44f18cff46714bcabd43df301ca5f297090600cc335bf3abf82789b3d4c5fd |
C:\Users\Admin\AppData\Local\Temp\mUsEMYEg.bat
| MD5 | 2f85bd4a6387c381f7377e7f7f5929a9 |
| SHA1 | 185af93bd0895d6e017a82b1ad28acb3d0a55668 |
| SHA256 | 14eea5064a87b3d7a34676535830bff1b3fb9cb06a9772920fb6e8e810cbece5 |
| SHA512 | 77b63d99435091d1262e4b73a46e7c3a0a3d8d8e2c0944a31c0d2a00e2f609419f66c8af60c884725872e635548d663c676a36880fa894cc6c78ae2c7ffc2e27 |
C:\Users\Admin\AppData\Local\Temp\pYIcAcYw.bat
| MD5 | 72dfc38d88470ad999f4c25b48bb7a0a |
| SHA1 | 4ca0a9be1936187f872dd1256c0e0e507d4a3717 |
| SHA256 | feacd352b9447c518efcf7e3d042f627333c577e75508b06007845342eefd2d8 |
| SHA512 | d889b66ae7336c3236b4969ef87a22a7edd8d30dc3b553a721d37dc4d7fc88baa151ec7a833b74526de99cd241484ddfc24ebc26f254e63b276aa7460d94fae4 |
C:\Users\Admin\AppData\Local\Temp\rYcMEgok.bat
| MD5 | ef2bcf759d264d4894acc6341ebd84f3 |
| SHA1 | de0bbca9133267bbae3e2b20f89686196400aeb2 |
| SHA256 | 45336c5858a628085d118f8bc4abad212530f2bd1202b646bba0614b086e36e5 |
| SHA512 | 30aa50eee2db4413cfd523b9304e42fbf5bf7ccd87ae3f8d62bd52b6fec19169adcff3fcf91e8c6d4e91d049f73b22a812d1e85570383d9b5edf9496b1936a44 |
C:\Users\Admin\AppData\Local\Temp\ZEAkQgkg.bat
| MD5 | 93f704b20a2bb38bda0f61830237a8a8 |
| SHA1 | 2c2c1c37fc11f03aa3552605ffda288806ed9256 |
| SHA256 | 07a69e4033f5364f435cf6e56a9776fd74332e174ff9bd8aaa041dc6098ced7a |
| SHA512 | 32d441592afde69043f76a1ff6206c35eb2dca331ae3d5353db5cec1927a42913256e8b1f13e83afe15cb6e802fa54f23958d6c860d36463af89af3fcdd523df |
C:\Users\Admin\AppData\Local\Temp\NEUMUAwE.bat
| MD5 | b2544832b0949cfbf3304c163e62334c |
| SHA1 | 7830ed0f46c4cdf8bffe5afb526084cde290066d |
| SHA256 | cd5316ed391d3242c09d2efc592ee3699fe9b098c1fa5fa2b5ab49fe475dbee1 |
| SHA512 | 447ff2e2ec063508684866dbca6697ee9abd25cd25acd825650194be32055474197d584bd10f79d532428e3eba734173d45f3515ce1cae613b36111660652b7b |
C:\Users\Admin\AppData\Local\Temp\uSMAMAAE.bat
| MD5 | 0401c7da11c7c924a3193eedf9150788 |
| SHA1 | dec0982a97970d545fa8c2e25288180ce1a89237 |
| SHA256 | f6d19f95ff7b85064f58ba765a05706b25134d2985aad19671d71235ff784026 |
| SHA512 | 58bf94375fe34a3772667198dd21b97b9a1718fb3bd7297257e90f6f359425fec4b024fae42f9d32308be912829b7dc4cd357bf8bd2286d19b77e2c6255720c5 |
C:\Users\Admin\AppData\Local\Temp\gsIAwEQs.bat
| MD5 | 32584671e103c10bb1f9b426098466ec |
| SHA1 | 9259b17ccbb500c0fa12e3eeb3373be4dd5fccbc |
| SHA256 | dda4fa5c90f554a9ce64a364d758db016efdf5bfb9018d527105954175d69698 |
| SHA512 | f302b34e0167fddf54ced2d42fcf0269f8a81cb5d5653b4d9aaa09caa09279f54c1377a7c4a3d95eeae8c881a66543a30186a25e64ad64a5ca01ca559a004fcf |
C:\Users\Admin\AppData\Local\Temp\yeMwsQgc.bat
| MD5 | faae5e4afcdf175c4836731f62b3dbd4 |
| SHA1 | 44f0b83b9eb47d00fe9048dd7605520b804bb37f |
| SHA256 | 8b6d65eb40b625886c75e75f50969a32ae97dcb65dbdfc36441abb099fd5e7fb |
| SHA512 | 2401488340d6769fcbfadf5e4a02f254c6d1dce6b40adbfcfac1f8224c56cf001ba148e068296e8aeca0d9dba1e8ce66cf4fcac26bc0cc3c4cb39279c693c054 |
C:\Users\Admin\AppData\Local\Temp\OiwMogsI.bat
| MD5 | c43248ec7f91cff36018c0878495844a |
| SHA1 | 574b5659ab29d08f7f55190872cc730aaf1ebf4d |
| SHA256 | 3ead1b195d166732e3c69f52f1ae6bd1b25381f7ae2e045e11036c1950b5fa35 |
| SHA512 | d24ac97b463ee627e303b4babcc4d17e262e4040d035b9225bd439d8a4367a9e08a7451f541ff311ed1d915ab3606f9d9ed9a4f75bfcabfd2fe4b236d20a306a |
C:\Users\Admin\AppData\Local\Temp\oIgcgkoc.bat
| MD5 | fa7067a5395dc251e4278cbb10c9c750 |
| SHA1 | e2d4e0a6b7a30ace30093e0d3730e39f673dd180 |
| SHA256 | ebbb10d3aa8cc93bf894e76e26c6fada55f7568e27a84178008a463f136dff9c |
| SHA512 | 522f81399b2f8e8e79717661abe4d547c95a22b9800bc784397b14436b3e5b9afb74c827b46debd1cdbdb1155b02db169b65882c3c1513e8497926e7e143c9f0 |
C:\Users\Admin\AppData\Local\Temp\HEAIckQM.bat
| MD5 | f7afc6218e2ad15a5be80e107c303c05 |
| SHA1 | 13face091804870ef980159f3e46f13d31857943 |
| SHA256 | 811f8be4446a7eb88b981181b1428254d5fa720bca980aa40816e63b6d8359f7 |
| SHA512 | 04fac7f6e6b8bb69de6bf5e54fed9f0e5664453e1344667b4b6dd0a5a0a639fc5c562b3015283506359484fc429997716cb46319bece31e1ee5e6b9152fc924e |
C:\Users\Admin\AppData\Local\Temp\fWQcQogA.bat
| MD5 | 5195de43ee45d25dcba7adfcd63f031f |
| SHA1 | 240be45e24a2efa3f97c5d73f3f78f8860884522 |
| SHA256 | 4d70c0313711cf5f2522f38ea401723b455834db18b2e2208f2cd5f8bfda8bd7 |
| SHA512 | 2bcf16a9b26042c97da9c7e2b982ea640e783259ce1bdd3aa95362dfe528e091943f610b013508975bb671b3834d6c1a87e33e93eb0f5e51c4666c7922e0ecbe |
C:\Users\Admin\AppData\Local\Temp\FgwwMkkk.bat
| MD5 | dc07dcd6f5ec129527b3e3a19974ea3a |
| SHA1 | 1d6188225ed6dde3c9920439a0727272b1354fb2 |
| SHA256 | 86dbb90509936cabe843ee40ca22667165e77af66ee0211cb5d750046509652d |
| SHA512 | 867f3d9771524b3b4974a78510336e0f358dee64537cd3e17919b325ab96b96062a5ced52866c090e100331ebdf25541aa613d8139eddab148ad754f26f94fc5 |
C:\Users\Admin\AppData\Local\Temp\DEgQAYwg.bat
| MD5 | f68ed458b84c4a63850c63e6f784d49d |
| SHA1 | 4c7018867b33e3431b3a7e195837a57e27f7c8b1 |
| SHA256 | e51c016c7a6a4ce5426359475275ec27b24bb3ae3d1877836aa944c26775c5f7 |
| SHA512 | 14582702f9afd96231a3383d4edadc23eb7753600d59777ab4de583bde31831788dda66f1930e383ad65ed1c1c4be825efd1b9fe8c3ee73bd3cb8aecce912275 |
C:\Users\Admin\AppData\Local\Temp\CaEAMQkY.bat
| MD5 | ae7a2319620d40881ddbed49745f3da9 |
| SHA1 | 49d76b8c39058b8db4a821dc2e3aadd13e0c93ae |
| SHA256 | 17cfa54963b2df7711cf4a320cddabf5648386527aed54b82e81b43b826a612e |
| SHA512 | 201c08c69e83c97cba1723982d906bc6d52c2e254f50c0605c3c225a77c680724c08f0bc09df46553c4e07dc4bfcc93c94e4af3d56f8cb592f20f909ae952485 |
C:\Users\Admin\AppData\Local\Temp\AWMgwgEs.bat
| MD5 | 87464a6a7dd0d0b90c9ccf7de3e49235 |
| SHA1 | 36dc2064f546cb8b4f18f8681c5401138ad1f4e0 |
| SHA256 | 4eebf6e69f41cd855f2c5c130dc8e9da58049949011dc6effb1e1273fc75a8dc |
| SHA512 | 3b5a837127db7c7fffffbc6ae60ef0ef3f9247e0bbab7e084b565a0f52891768db7c44981789ef245d76ea5ec806dc5880fd1befea0d4a272ed4de448e226efe |
C:\Users\Admin\AppData\Local\Temp\AYIe.exe
| MD5 | f9ffcffb8726364d9da58ab2e6f1ae3c |
| SHA1 | 9960e59b18390fcbb91c268bbd3048b1e8f55176 |
| SHA256 | 723b6653fac804595c3c049f46dda6484640b37466fee071a114ffd764557bd4 |
| SHA512 | 8390e8321077ac40c70d125a133879e0dbd618074acae9e6c7614b3d05e750dac887bed7ad1f4b1b38fab3ce3ab73fc29ace6c21f9c4886b8850a951b1e22605 |
C:\Users\Admin\AppData\Local\Temp\Kkgq.exe
| MD5 | 33274f8c5b8c7081f71794faa891f66d |
| SHA1 | 7e4633e76c941abb4e61bd05fb9042ebcf22fac8 |
| SHA256 | 359a6854a693c065be1f8fec554d5c3f0ab7462ecf7b1783bbd427ad843b3f9d |
| SHA512 | 5a739f270b04f7881885b599fee3f95cd1b7c1bb5bfd69351c3cbe568c5d010c74ae927f7bf544b59298a8690dff3090d7f4323980bf845bd76af1fb61317452 |
C:\Users\Admin\AppData\Local\Temp\eIcYUMoo.bat
| MD5 | e23d8e1037fab903dff9d6849a1476db |
| SHA1 | ab73882d84ca1e4cf15435e56bbfb827c6508eb3 |
| SHA256 | 04956fefddc923963ef9f3120954c80b0758049dbaa9fe88745bca72a9b7f04c |
| SHA512 | 4f8d8024b66e0c37484ed0c42603e281b7d450964908687f3af24f27bed4ad9502d51c19ab98ff0594385b7bd3bda33d5ce9b05758cfd944f1826bd4ed8285bc |
C:\Users\Admin\AppData\Local\Temp\EUUS.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\KUQq.exe
| MD5 | ba9d65db0ee3af7e69cd4b14a9bbabaa |
| SHA1 | c4d6ec0f2250c654698ba496532446f82fbd4a8d |
| SHA256 | 668b814d9e27e79b95040c0fea08bfe2eef307d3fa3da7d604cdbb0a18cf168b |
| SHA512 | 2e680d3561d6908d39863b1a68e92c3d211138a265a07278a885ac0057ab2c5100e77409acde4b6aa4b2c01a0f2c1ed060c4cca3f6f1615d76cbea86c38c8d08 |
C:\Users\Admin\AppData\Local\Temp\kkwO.exe
| MD5 | a0fa2804968982d1ae845bcb84faed45 |
| SHA1 | 888ec5ab40d04a6cb3403c238c111b52d4f67992 |
| SHA256 | 2a72354a0b1845b52d98934198b6aa737a5c49b536e2e977e8a6ed0021e6eff4 |
| SHA512 | 7dc867495d3dc99e887c0f2d57fbc881e5ff4cbad09baeb5b3d0786e1b67f6c8262e780316bb6ddf89eac84f61169a5b2352cd76bcbaf21a35e303f79b65c437 |
C:\Users\Admin\AppData\Local\Temp\cAke.exe
| MD5 | 0ed6d16d5f16b425cafab85c59b8ecb6 |
| SHA1 | f80528f94d102351e4a6f87063bbd960ea0bf386 |
| SHA256 | ba568fb282f50178afd5cfc98f85e22517e03414a63bd82e375d241b95976ce1 |
| SHA512 | f258545e88968ea91917fc84e7a087fff5a52d94f7279af509a8e0e987741c3a3d0f48336406cb4656ad949fed7ef47d0fccafd390fe6b1e19a806171d9db3eb |
C:\Users\Admin\AppData\Local\Temp\Wkog.exe
| MD5 | b9d68a02b1c14088d7cba7273773d179 |
| SHA1 | 89c24775af6aed2795fda77b965032afac317149 |
| SHA256 | 75040f2c2b608f8085bcb1b5538ef52ea1b65af71e77b8cead065277ada52798 |
| SHA512 | a0ec215215aa62840f2a77980268b6c4071abf998108fe7de41d2f00473306ba460fe4093351be7936eb7648df04d24e58378a3a6721d5cf680625fb79f19fe8 |
C:\Users\Admin\AppData\Local\Temp\IsAAQoAQ.bat
| MD5 | 8cbd387e12ca7e0da707ac8874b5e33c |
| SHA1 | 60bf9ab37540a161e52c51ffe6b7e61eca5b9e09 |
| SHA256 | 672b667d58a7a8c5acd7a77f6d3f5e930073952ccb4d9a17830afb9dee9087c1 |
| SHA512 | 69f97d55ed6413c98a2d7a60ebb9f074f6c2b8bd24f76b94e52fdde98ebd85c624f3a867158ffef02e26d9b6319c81ce7f149abdc37dae9a6096df205f1429c0 |
C:\Users\Admin\AppData\Local\Temp\qksu.exe
| MD5 | 24a87e2ef34e359910964650d4a05da1 |
| SHA1 | 4ee5f2269978451bf4a64f89f9d33c2707e70641 |
| SHA256 | 58aa8863eef5c9cf5e5fd8fe8fbc11e923d5039451b22abe46a143b41aab5d14 |
| SHA512 | cf52db15aaeaa9bc7aab3a5c4c247d87d3447c28d78ac1e60496ad8127c552dbd33ff623e04a9facb1688b1f8988572ee104417b4191cc5c9c684ab0e8eb6efb |
C:\Users\Admin\AppData\Local\Temp\wkMg.exe
| MD5 | ad3207f813aed2b987be652008c9e722 |
| SHA1 | 77afc1a1b683d5037961eda4b2345a2198f2bb7e |
| SHA256 | b52f25222528d682ba6a2ff5f16785dd8c739c7f2cdb45f995d23a753b517b8e |
| SHA512 | ede1972696bcd9c98393e454de60a240ab5402b9a22d43dccdef3c289cde22369f05d5f433a7742fd9f1554a8e0a8cd2ddb950f8489a710ed65745a807a936ea |
C:\Users\Admin\AppData\Local\Temp\GcYU.exe
| MD5 | 6a10ba9585b291743f0e1ce15726edd8 |
| SHA1 | c19ea1f89a81f9e3681b4777b05e86a8ba8580a8 |
| SHA256 | 5782b5ab4fb1946d0b7b9f9c49a155a47386084d579ff508753a2e22eeb88c6b |
| SHA512 | 663a690c296c56f7621827c3deb665727b21423192beb00e8faaa3a74200c0401c41cf5d68b64bd4a747e2c567739c0d6cd0a7d7c49ecec936494e656d9cb7e3 |
C:\Users\Admin\AppData\Local\Temp\eMUw.exe
| MD5 | 30d49a4a7a9b31728c271cffeceba3b7 |
| SHA1 | e74f8a2a580a1cfc914740b04a830b242278eda2 |
| SHA256 | 97cc0e62e0ba979980f7c39bf0ca4b1f49443410f330575e23256455cc75c006 |
| SHA512 | 5c569a8b97ccb9e8b2173ea42b895edb071c81508c9f3f764906917a1703561319c20aa837daf9e16d2068f79d44a98f7bbf48efa7c2094533b01a5ff13e7dc0 |
C:\Users\Admin\AppData\Local\Temp\CMwS.exe
| MD5 | 9ff73cec5c3c94d12cefadfda842dfe1 |
| SHA1 | fe3d3989ca114d557ad62b4aeb01b77e9229a63d |
| SHA256 | 8454a505690449480929bd20ad1d04c3bf386fc80d708cff79829549684629c6 |
| SHA512 | c6e834e62b832d2d984e02b627dc6707b8f9d99ca5777a8612a51b1500a5f0161e283832690b9f723b7ea3f17bb4ff6e2e3d6478b61d256cf5d58ed8168bfaf6 |
C:\Users\Admin\AppData\Local\Temp\YQsYoIEc.bat
| MD5 | e0726edd95cbaf5a38eb21f648fa6593 |
| SHA1 | 68025a836406a6b120a5d36abb5a9ae071351e2e |
| SHA256 | 2762cd0aff5dfe8a3b351e3e61e0ad53423ecaad189b1c37fa54e9008bec2b9e |
| SHA512 | 6829a26f3219f673b90b936dfac0c7b2b51282e7d40a88fa46f88352bf9a14299bf92a173e94f3ac902dd65592d693ff9d16047cd376e677de33e73eb9a59c1c |
C:\Users\Admin\AppData\Local\Temp\uYAe.exe
| MD5 | 8f5cfebd8b57a4cae406dd2e121fe66c |
| SHA1 | c74e46212e5d3a03406019651fc143a5632fd532 |
| SHA256 | c1bedce8942f6f3f7ef70b269efab9b66af7780a32231a0df42edde1cc7afaa8 |
| SHA512 | 39bd8a5533e8312fa6d42a2d78a091832ed7b959b3172ad6ea668b2cd8a09b7b183873995784d0510ed3b4d0cb330c6d8ac2e799889eb8496386711df915367f |
C:\Users\Admin\AppData\Local\Temp\qAEW.exe
| MD5 | 35d94d2c329e23734619244e0cb17daf |
| SHA1 | 83242226aa89e090683f1e8a17cb4df23c546556 |
| SHA256 | 2a9457d5ff1e8a039095bff2c1909ef9cbe26da7965adcb77fb59b3afa741d9f |
| SHA512 | 22b7455703b283ec8ae45693e6e686403d08eb7ea09b2045b040e71f9d5ac9984d40868a7d07a0c0bfbd11d029aebb7ed08b549a94d81dcd5b19c54266804324 |
C:\Users\Admin\AppData\Local\Temp\ioce.exe
| MD5 | 271b212fe21dc031e15868f979f23633 |
| SHA1 | ef2c48c7f6922d1f85e0d17ed06f56499a7207ff |
| SHA256 | d5ab2ad55ea4b2b1ce3588dcbe05bc0a21e79a70793e1a29e2e5b939fcbf17bc |
| SHA512 | 07508168f586021551aade04de36e8b1cc3c42849412a30294a40983ba063cc2be53a0f3d6bb09dae56f64b56b38a5009709faaaf671351d5da7879de7b1dbbd |
C:\Users\Admin\AppData\Local\Temp\kEIO.exe
| MD5 | d6e1ac45e0ad97f1a7251f9e68a9a4c2 |
| SHA1 | adf8a39f5851edfa575c19406fbe246a2d167d82 |
| SHA256 | 6b9ac852ab9ceba0d4c52794b1c0aa0f34273a7e5ccbd8990238ddbf811b5948 |
| SHA512 | 086e92e3714fbc30afcab8d69f48fa7cd6d41f1dcfb028c52f45ca1ac9a0a9ffc345ee0fe00d974a0afa1bbf209e25b88f8a93ccd0a360926d4b7f04d807d8a2 |
C:\Users\Admin\AppData\Local\Temp\QEEo.exe
| MD5 | a878c2ba0678471c8ca6629413fd73b3 |
| SHA1 | 40201838703e9ce4df2c7cd8d863e4c11827037e |
| SHA256 | 263a8d2a6601aca1bf9ebdcae27d7e592cfa36769c7473f8a9f230c08a0d213e |
| SHA512 | a62daf8b06bca896af6c89e9560c3e8b079c80099382f8afeeebf0b543cd922d9e889fca71e58e389af3187e36eaf283ddfb029225495ca92bc2b81a70d11a81 |
C:\Users\Admin\AppData\Local\Temp\cYEA.exe
| MD5 | af2b8f7641ca265d402adc2e43c334cc |
| SHA1 | 3cd28f3d643d3e6134e9fe04c894c1604b84ed1a |
| SHA256 | 8d4c5086f4780c13c4b9c87fbd16101c246c4330e1e797b3b1818beceb0fec4a |
| SHA512 | 057ee3fb21b7d798fc8f6aad5b12f97bb2fd8941d87ea4402cd6e232a50a0b932701b93aac890d64263cdd7bfcf462292f47c4f2b839ccc6c4bf24eca73c0c63 |
C:\Users\Admin\AppData\Local\Temp\uIQM.exe
| MD5 | 6dd8a852f1ae7021792f89de72581789 |
| SHA1 | 3bf9766200eebfbffbccb33a1f4b680ed102b78a |
| SHA256 | ea98955b8a683702698f9844ea7cf2eacfbe7c53358daf78d0830b4bcfa471cb |
| SHA512 | 74e467ee8a0ac1badbb9718d61240c9d20d33059048b28b6dcbdead6bc0b63015da0d33ae1bc93fa0fa89c4b5018af47d75c40c61c4d188a392f7947666ebf51 |
C:\Users\Admin\AppData\Local\Temp\UsMU.exe
| MD5 | bf722e5aa5c176c37cfd62e79d058aea |
| SHA1 | 93573097fe3f320d428d7118d5898970cbe39fc5 |
| SHA256 | 6750af13fb1c489e02bdd6a886b24b59def3c0b5f628d0e9969294ca107bfa0a |
| SHA512 | 13dcb708ad604b9656a934c44b1587e09dfc44207ec85463e89202144d1ec4ae8580656f052c0cc7f8f1eae9ce2158c74d1e4f49aff6e0d3faaa6771ff0ce068 |
C:\Users\Admin\AppData\Local\Temp\jyMwwYMg.bat
| MD5 | fb1d92bd4d0bf7fc1e43b596a92262dd |
| SHA1 | 51d6504a85ecba7f19fa52b491f7049b30028d0d |
| SHA256 | 5d0ba35387aef698add4e67e58424c6a710e875a52fcfae83aa37ec24d5043de |
| SHA512 | 8c5afd456ba645d48748527079d45e13f36c5413a5f592cd7010e9c7f6e69a53e408bbb09a5cdbf9d4211724cf0db555b7887197e403e7ce9520dccf3a7bced8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | 87aedae330eddbe5cc1c5f362168e9f2 |
| SHA1 | 9e652d44a3b91e9ea5ab08e3a2f490d44f832edf |
| SHA256 | a805dac7c8c290dcf1dcc76dfbb4bb8fc24ff639a60f3516cdd71fdce1960fd2 |
| SHA512 | dab669ef94c32d957bffa33f298ed2be3be921bd9e14f12362c041730a882bb3014b28103d3c7280bd67379cc6f6d8f8fc2aa136dfaf8e5c4db811ddb98a4889 |
C:\Users\Admin\AppData\Local\Temp\sEwa.exe
| MD5 | 9fcce42e5584aa87fb587528d765bcc3 |
| SHA1 | caefd96ac11c70b4f39888db0cef873bf545044a |
| SHA256 | 8ac2271323e1dd9bdc9c606125e68ef6deffe93e7be5deeb1e1acb6a369e57df |
| SHA512 | 2fae4c843deef221f07cf450ab1ed2507829686cea0986d147abf279a8c873cd04f2213695563d384f01da856c994bdadef3db045f8c78022e286fea32bf7a73 |
C:\Users\Admin\AppData\Local\Temp\sMcE.exe
| MD5 | 2ea9a1b696c1a68b3bae057494a37bf9 |
| SHA1 | 24befaeca3185bca62f716d40dcf90f3c1cafc12 |
| SHA256 | a9a0b55b89d33ff4f2a8bb5b61a8a99fe6b9aac1886aaba77276d284cddcf47b |
| SHA512 | 675caf927401feddae0df3124d997760e731a36cd5bd1563b7880d978ef4891f2606445279dc98d3ccb6465eb7e1f5f53b7c43b2cb0022ea930ef4cebb6576c1 |
C:\Users\Admin\AppData\Local\Temp\Ssck.exe
| MD5 | 6de0bbd1f9c494836566e6a9e51894bc |
| SHA1 | f244f5991be0203843e730087516593cacad1a8e |
| SHA256 | bfe1e93809fe9bfa214399c46381367a458a5a232c868d0f6a528e50db754005 |
| SHA512 | 98cbdacdc07ce1d6126a4ad1674e9425ccb2fa9b3486cf613184f83c04b0f0eeddd3c0a000c78f875cc8a0e94c0f1cc9e1989828fbf1c1bc51418168e1e029d7 |
C:\Users\Admin\AppData\Local\Temp\bCkAYEkg.bat
| MD5 | 1beb78002393bb358fb82b15069b9fd1 |
| SHA1 | 44da7c2100cb2bf804a8525368eda076abedec56 |
| SHA256 | ab9cca22fbe6296c485c16f542ba25df7ab869b55c5b4fb46850ae038eb48f9d |
| SHA512 | cedf3ec4c499f0fc867c569318502b06f54133e3077e9d5f9172896cfb2def99b19a64f1cbfc727fa528234b27bf455fd8f9677c5e23a866e5802dc40f2408a9 |
C:\Users\Admin\AppData\Local\Temp\MkQe.exe
| MD5 | 28d0caffac07fccdd87f8fd57cba35d8 |
| SHA1 | cf02029aad331292ccd293dc9db99e77be736fa0 |
| SHA256 | dac71fba1eca8c2501f8e76b1724b8453f179891cb3aa45e8ef7cd7c133d392b |
| SHA512 | 0cab2065a3c246f3b2dc7bebf03b9f43e25b1b91f2b012bd28f2072661926b7b9813c0f21074a21ff04ecd301ff096b0dd057fd6d7549cb7c971d2af490b1934 |
C:\Users\Admin\AppData\Local\Temp\yYwi.exe
| MD5 | 8f1b7e871439a4596fdf224586c01091 |
| SHA1 | 55b415a31775fb0edf8d18e26cef8f2e727181ea |
| SHA256 | a9f8dc0375520a4205cf633af14be14f1e36c8a4f2e068dc636bf853b0570451 |
| SHA512 | bacb4fa48379ba88c169e2ff03387956803b8e1008d33213b0d73c0cef136e8365d3b455b6c1d14e1b19d3cb33d2b63dbe5ca3310581577757a93349179ad161 |
C:\Users\Admin\AppData\Local\Temp\yYgW.exe
| MD5 | fc22b638f0dda89e13c5ab3129d76cf1 |
| SHA1 | 284824909e3efec05585f57535af362a973b60de |
| SHA256 | 53ea21e3dd2107338ac2d9b9c9aa53da92ce4acc41fdaafa81637ac2ad10510c |
| SHA512 | 3233492070b698f39b32b84ee29fe44030051a73bc0cb613f5eb10bd65d252467eaa7da7d6f41361ef717ff14625d4e6196422bf6ebdd39716c3b66fd97cf583 |
C:\Users\Admin\AppData\Local\Temp\CscW.exe
| MD5 | 2343e0e6617a19e447dec5b091557a3e |
| SHA1 | 5d2432df0427bac8b997a5ab037e36a0431b469f |
| SHA256 | 2fe8cad12f054de1b1560661f125c97ee9c2219cc9bc6e22aad35f71ddc676b8 |
| SHA512 | ed6433627334d54ea3b283338a6afb065934ba87b4f8526e92a54e1f11636fda95f2c49979f7220c9c1c433bbde3cb188ec7f09a7d109473a1eea9cd065c43ad |
C:\Users\Admin\AppData\Local\Temp\ukcU.exe
| MD5 | 943cfd390a4539565f986412d53d087b |
| SHA1 | 857fdc73d6775e6a8d765aa48f20d15c971dbb5e |
| SHA256 | 119181534b3111c0eb9bc2c080e371e9a7e919ddd92c7f22579b1542be5c108c |
| SHA512 | b8ecb66b5ba6350711a3cfcfca89aa5d98a92218ebcb7804bd92a08dd16de294b89626ffe989258ee30987709988db709b89a4fc3a2a849edec6f3c7dd6e125b |
C:\Users\Admin\AppData\Local\Temp\jqQkEcYM.bat
| MD5 | 68063d77231d7d5602ddd7176f95db99 |
| SHA1 | 5b1a1a93d6d9e6b84c396675e1ea602b90e98b11 |
| SHA256 | faa1a349b697ad8bb2cf03190e78d5e451e30bbee833e7f66bf2c9157b0809f2 |
| SHA512 | 34c3cabf0f1d97d5528d6f4af764b5ea131caf06f31605f43487df2a708dd11947b01442b9be8edbbdb002ab31803f12e7488c4fbd9e70a63d8004bc2c96e659 |
C:\Users\Admin\AppData\Local\Temp\gocs.exe
| MD5 | f87529d7df8b82e760bd3e8605052e16 |
| SHA1 | 9f4272c85a64dd0d95834f2264b6c9819ca04e00 |
| SHA256 | a4183cf4a3d5173f3c0e43b259a547b2b1ea4b96ae405a1dd1a46bd112246dea |
| SHA512 | f0cbcbd2aef433bd343afa690bac52df18ad326a0f43177c462e2fb10e2fae480afe6d1a991a16846c358f5f8472e968b6cb83b509326d0fc6fdf9fa7afcd609 |
C:\Users\Admin\AppData\Local\Temp\OQYa.exe
| MD5 | c4be63c8ca2f9e8617582993d8c5df74 |
| SHA1 | 76837afa76764a8be6b113913022d3eb6c650b34 |
| SHA256 | dee253f8fd7ab2aef0280c3e5e7b898e979b4d967f4372c9fabe9d86875f2b87 |
| SHA512 | 93bc53fddd857e58c5943030f5216d678f1712abce0c98c6cac6c8faa7f2106b7764729ee0e08c815bc0da4bc599e76518ac351406a02cdb48913df9820133a9 |
C:\Users\Admin\AppData\Local\Temp\AYww.exe
| MD5 | ab680ef6c69cc2e3eb8cf66797f42d8a |
| SHA1 | 01d0ecafd49ed50964b94e5af5429626297f312f |
| SHA256 | 49f6db5388e034ea830cfe250efbecff0d82283afc9a992659e843990d615707 |
| SHA512 | 09178bd467124bf97f5ae0cff0828b9deb9f4f7483abd87d055bbdd0546648bee00fe580bc842a814f9fa2b555bfc2e1f7d0043e330e55063a35e6c274005e55 |
C:\Users\Admin\AppData\Local\Temp\EwMg.exe
| MD5 | e8536197da0d60191e11c059c7c208a1 |
| SHA1 | b258545ee44cf10e9ae551e9f8a9a9cfc7ff013c |
| SHA256 | b1b8e017dd9cd8dd99daf98764ffc6df88deb12376f5e2b0632bc5a43552a2c5 |
| SHA512 | 2b8ed4389e174f32f613724573a5a2b0ac983592f2041debd81aeea929e34eac10dc6fdd7ca671e04402c97921520561ad0c341cb22e042b2be600e3369247ec |
C:\Users\Admin\AppData\Local\Temp\LkUkwQQA.bat
| MD5 | 0d91bf0fd2fca9e96aafc31a4ca57963 |
| SHA1 | fc548bf911eeb2e575f9d1a0b7050289fc396510 |
| SHA256 | be2dac298dbe6df01826acccf9e67bbd52b9abbc4a4e412073a5d0b7548c7aa7 |
| SHA512 | 58c1e516249c0e09c2938a9b9b4b5c3022f6a2634b386bb3255ac2960960df537b2c8e7ce8b77b8ba2c7f6a644bb0837548a902ed2474e27e7305c7219d2b8c4 |
C:\Users\Admin\AppData\Local\Temp\OkwU.exe
| MD5 | a6001aa97065a41551e7f7eec8a7423a |
| SHA1 | c0f2a878928f2bb865d1a0774490b735aae84fe2 |
| SHA256 | 26bd39f0a809c95e6a5d77704ef03e66bebc5a5eda07543378f9cfc77e2befc7 |
| SHA512 | 186676c11e21c9edb6767690cd15d197a56ce269a0f765a313240385a05dadae6a998524f2e4433a0875093e6932a73e15c0485cd1d4b0330e6d9bb8620801d7 |
C:\Users\Admin\AppData\Local\Temp\ccQY.exe
| MD5 | 3bd543847bf59260d442cd7632f212fe |
| SHA1 | 40c8ced249cc08e7a6ffae9bd0ee8aff2d738262 |
| SHA256 | d2246cb9c27157da81156fd18f88a24d8608cc0d72fcb60fb1eb0e5deee28a7a |
| SHA512 | f6205af9eb909c29dac6496b3dd4db0f500295f1cdbf99d7c32e623ca81f9872e3ff0d5bed085274ace2d803327f7209c23a2ca98efee98c38188644204330e1 |
C:\Users\Admin\AppData\Local\Temp\iwcI.exe
| MD5 | 16b48e9a45a3b1a8d2d80869993f9eb8 |
| SHA1 | a534d6b882a24b729feefccfbcad998c0f3ecaa4 |
| SHA256 | cbb2954b182b38f02fc5082ae917cd734d692d5d0dd36c65eba1a3e2f0822947 |
| SHA512 | cd0d489fe856b56f874b972db3d6836ddda9e18ffa9e27b21ad545609903172d43f0a0983739e3ff29996d07fff0411857001b370ef684bba0ae61e7424a6e9f |
C:\Users\Admin\AppData\Local\Temp\gcUc.exe
| MD5 | d705c7ff77db55fb88e8899d5ae55f16 |
| SHA1 | d9aac93da46230de52ad3213fe71028f0c3f65a3 |
| SHA256 | 050f837f84b597ef91bee46ed6ddee9e83b8520f275f721796b15dfd077c365e |
| SHA512 | 079f83f4772e9173f603fce06d99d690daaf0dc9667301c623639402a57225c979c65f8b5f9a01c87afb6fe9fac7e8bad22e4fd6f9ef8e776f1ef39691eb632d |
C:\Users\Admin\AppData\Local\Temp\QAAI.exe
| MD5 | c6851f6a12d04bb89c6968b963826456 |
| SHA1 | 22a8933918964b8e7f288f3c966204786110821e |
| SHA256 | 3e30458e2b2754e3c34a5e53159594bfe2ac2eb6cc0a043948509b305575a836 |
| SHA512 | 41f31c50fbc45e9b9ff450a8b2472bcd17079db3988586e162318c01f84c2f6546dfdf2718fd59a1f2dcc4675e51382b22986667c2d1628dd6b22b22ab20e18b |
C:\Users\Admin\AppData\Local\Temp\wAEK.exe
| MD5 | bca69933b9f0ab26eafbaa76046d1064 |
| SHA1 | 02cd7040adae911db8bdb4a386397e4b7c9308f3 |
| SHA256 | b6977128bd3fd51932569bdb1ac6947dcd4a70f596fd01c1661dc41de503cec8 |
| SHA512 | 226cc04f99f1b8dafcc88f8fbb61bc6aeacd6051ed2527fc496e8a6a33e7c2b39507a61a75bbc094f2525a903a47aad0c7ef9745d5bd3470bd935c96e30d9f86 |
C:\Users\Admin\AppData\Local\Temp\QUQUUkoI.bat
| MD5 | 6a5fcf43b8481cbbc3009d3d02c12a8f |
| SHA1 | ca46c0688f9e3ad138cb9a7d5338a4cc5f87dfd3 |
| SHA256 | 0a11fe69370ffa53d1e89ea5c933e4afae6c67cb9a97983a9bfce29362dd0e50 |
| SHA512 | 41f8123d8880055a66dd441f661fdea36012b283a9b8a26b5c1399f1fa80b26dec5c86288984d4a13629e716798a0c7be4b7a6f928b68b27eb51d7bfc6177ded |
C:\Users\Admin\AppData\Local\Temp\yEkY.exe
| MD5 | dcc610d79b54f17c9ae5ca8140adc02c |
| SHA1 | cee0d276a0d823a8afa064bd01a9e344488edc1f |
| SHA256 | dfc60dbadc04b16fbf0a6913ddd5cb3797fff5c1e7eca4932ae9e5f61dfcc6c0 |
| SHA512 | f49013f000b9751b5a3057fe8fa54e1ef12cfc4188b5aa4c3685bc3e9598549f8e6fa83d369b25b696949b29a83c451d50ff394050c6cd9270d621d5bc0b57ba |
C:\Users\Admin\AppData\Local\Temp\MEEw.exe
| MD5 | 4391ea80d720c69d1542b1d3f318f1f3 |
| SHA1 | c5e804519962c35fbae2526aad152ca85684ffa3 |
| SHA256 | f3106a982d73fe81c905b4d5b584ebe39564dba02e3bebf03fc022a110d035ac |
| SHA512 | d408f8e942c551509efa624519f63797fd5046adda75897ba6fdd37ee2c4e89848dc5b6f6ee0616d43c2c351cbe9b6ede56d76972f6618fecd7e0a5ab680aa90 |
C:\Users\Admin\AppData\Local\Temp\okMO.exe
| MD5 | a4120eab37c24429bd9fc3be14f720d6 |
| SHA1 | 4fe0d1be5cb572a1e45d9d8f8e9503444f9d6302 |
| SHA256 | 51ec9c09715c51548e14990333853fafaca410a77c0150f709f810a3bffa3ed6 |
| SHA512 | 45ca50ffe5a3de8798b86f1134078cbfe342ba1e65f5b09d17bbebf65100441d104655f135f3a177d083c4d0db2e1a5fc0e9642817dadc87bdf4d92fba6b643a |
C:\Users\Admin\AppData\Local\Temp\swww.exe
| MD5 | 5b504229c17d6fa07143f91ed53aaa5a |
| SHA1 | fbe30fc7c4d4443af5ccdcfb0c6757047fb5e9e9 |
| SHA256 | 4764fe6a29426668800a642281c7503678e3c078839ba5152227e72946123ca7 |
| SHA512 | 5aa8ab42907b22ba275c86f80ef4321acb84124708eccd8e478c36afd77089e4e7ec823100c56578fc5371753b48cd7e75ac02033c6cc7a62dcf1353bfa1b6a4 |
C:\Users\Admin\AppData\Local\Temp\IWAkwAcQ.bat
| MD5 | 8178d890c331e823743d1b9c88cd2481 |
| SHA1 | 063168bea86df42c50ec11f9264a0095b2dc01dc |
| SHA256 | f290294d4c59f4348c8bbe9bf459846ad59c0bbcc4f44aea8cfb15f27b36df8d |
| SHA512 | 9b41b67e0f184c8b13338dd5a36e06d0e6078e007558277f3b55027e42eed3bfb6a95eb20c9d8cb58d72913b131cd63d8a18c8d819a8ad3e1822577facec1217 |
C:\Users\Admin\AppData\Local\Temp\sccA.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\okwa.exe
| MD5 | 2f3f72d5ccb3ed410697e269a6ae62e2 |
| SHA1 | d1a74a60d2b1cd8e7f07f8181796f3b855d9469b |
| SHA256 | 384f04ed38205a3a780e09dd209248b5c23001cab5714df15f78bec4c1739cda |
| SHA512 | 442b8bd9c47ad35ed3d04ae5cab0eeabc0d00dfcf83f1ce9e21ae64569fda98b86779f7cd867bc24a88a1eb438485a3938d3ab9061aed19b52196115385634cc |
C:\Users\Admin\AppData\Local\Temp\wssq.exe
| MD5 | 596cf3237196088cd29e6f188938ea31 |
| SHA1 | bb8373a44d7e5f475dc9c06179c68463ebf87d87 |
| SHA256 | 37c4fe07106d57acbfd076f4a1d1831a0807b7fb26aac4f3825a223b933d7875 |
| SHA512 | 33a53010ae7e9c41f3ab348b8ff817b8067e92b6772384cf5c56faed975a6d275df996c8d94bd3961cbf0509eb827747e542633220dceb446bcb8d7d3ac96d04 |
C:\Users\Admin\AppData\Local\Temp\ooIk.exe
| MD5 | 243865a074719dcf361eacec83c441b6 |
| SHA1 | fb1c3a62af80658974ef46ad7cf64eccdbfab21f |
| SHA256 | 767bfe852f3cc31d3c7a5085edd73b3965cf0c9945ccb78d649b3f7a267b62fb |
| SHA512 | a2df28765185050c679dac3c2361ca2d93fcf6ffe232fc627018b7f40953986e36d6260142e1c871e912028ded2150ee3878b07d0eccd32c36fb6c9db7b453ba |
C:\Users\Admin\AppData\Local\Temp\uEwI.exe
| MD5 | 135a0c6bb39a416943b6c99158c9b342 |
| SHA1 | b41d4237a20040466e04ba8867e1dcadd2a71758 |
| SHA256 | b58c97d9669b3573c4bccbe6bf7987a752849e9dacaa359218da4db1b3d2cb8c |
| SHA512 | 79ba351107fbb106a7e6772b40d40525aa858081214910c3c93b5164444eae8729bd13a95488e72187b613d27063157218c23ddcbe585e8932032e96a2a7b655 |
C:\Users\Admin\AppData\Local\Temp\UKUYgIcw.bat
| MD5 | a8a041910075666d182cf6404065d40c |
| SHA1 | 77254efdb9694190642a54a81615177d2c383379 |
| SHA256 | 9ec81c548c1ff34a88c9de473f777b3d83913380c522acb84487a0d39ac604cf |
| SHA512 | 52cca4a388ceae4866ec05bdbb238386f50bd2433d0639e01263f58ce0e143bf96184f5f48d1c7fab3663fdada3f8b979793aa24fd2e8920c360c23c53af17ff |
C:\Users\Admin\AppData\Local\Temp\OAYkkgQk.bat
| MD5 | 621df08851beb45cd96280433846cfd9 |
| SHA1 | 88aacce43e162bf5060b607b42f7bbe5be0b746b |
| SHA256 | b5946df3cb842cafde5a51426fe3ac0f1334f360cc0b2350a0efb31f2a019ce5 |
| SHA512 | 3c4c9db9d019feb803a15896599a7bf6d2abe8efd77b0777eec51325fd4ffed7e059fdfd6a7f69b3fac581f85a03582456c13b3b179871d5cb2079e00d55748b |
C:\Users\Admin\AppData\Local\Temp\biUIooUE.bat
| MD5 | 0efa5e34c209720af41d8a7b6ab35047 |
| SHA1 | e904af6370918229e896ff79237ae7d124d460e4 |
| SHA256 | 92336ba4094c379c815b67669c689b22f3bca8cf004f6b270162bcd2e0a20dce |
| SHA512 | 964f4960af11356335bf5d730b1ab394372b00069921e530d14793fbb57edbce82fcddf6bb86fd26c22de1011596254e876a22da65dd1289feb96b4ae5ad809a |
C:\Users\Admin\AppData\Local\Temp\NKUgwsAs.bat
| MD5 | 6026715bb84df4f9700c25f98996432e |
| SHA1 | 4d57fa21b6357a847b44f33ca57fdf0f2abd1951 |
| SHA256 | 7ae5b87e1fc0d8d67b55ccf8a2553c380ca0e22dccd81ba1a5b0ec3d0cfa9233 |
| SHA512 | 4dcdd59fc55795dc2e51300af92212d2987f3492eb8674c619f83c68204013e4e2fccd15de8d8ddbb6d8e453c1f0804bdb7cc6a60144171906e37d1d15a2dc7b |
C:\Users\Admin\AppData\Local\Temp\rocAkYsM.bat
| MD5 | cd5641b24445e3826a65ae2288814072 |
| SHA1 | fe642c9b2bbe8adc57c175d88ec4c293b22e9bd3 |
| SHA256 | 9680326fb82fcd856f2019e099dd27e53a8fa4ac5cd9b8124723e85e46f7fb0a |
| SHA512 | 2f9c05361c2b21fa2ddef45c45490f0e599029e0c36176600d371d763db4a857e9a1b1b618a97ca3fe8b4eb3682d388e7352e5abbb808ec2be2565bb4e626cfd |
C:\Users\Admin\AppData\Local\Temp\bYQYocIY.bat
| MD5 | b1c8b3c4fd59f23fc81e848189a0219f |
| SHA1 | 15969456db7b1160568cd49f63485316ff2d1f8c |
| SHA256 | dc957bd73549f6ebe66dac5e27116081178b43ad153edde830ad04337dc49d94 |
| SHA512 | 607e0155d6ba7874cb609202dcc301b43b846e8005a37e03150df8efa08121049d06b1808ef4842e4150fa5ffe599b4f0a97ea660abbdf61f44e4e2d8ae2cf1f |
C:\Users\Admin\AppData\Local\Temp\WAYsMIUY.bat
| MD5 | 81b296df3e0dc857e272427c14ea4f51 |
| SHA1 | 0663984166538fa81b0d107a6b3185a9bd36df59 |
| SHA256 | f58e2aafa0b61fc095b3ff6dc559bd73a4e2f46c359f8138dc75e15e27f2a6bd |
| SHA512 | b0be2604517ab931e4cfd38e97595e706015b7475ef20814285cc75a3890499f269ac462ad19e41c658ee7a0173c93da91e17bedc256103ef59cd63a1d7e694c |
C:\Users\Admin\AppData\Local\Temp\QwUgIgEU.bat
| MD5 | 23e77e295711a2c35536a2842f5ed3b9 |
| SHA1 | 25922f9fd59ffe7f6b5d7ac955e628907c07d130 |
| SHA256 | 6f2bff449e36ba80c0a5f0337a195b606a6968cf83a768bf4285ff404f5f8f91 |
| SHA512 | ee4fabff429e41b65a0919544b81c1c444b364af523c7073f4a199a2842ace3d0feb65de1bfdc79363d223778551c0078f959fdba1ec13a0e52bb166dca1f1f5 |
memory/2312-2171-0x0000000076C30000-0x0000000076D2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EccwAIUc.bat
| MD5 | 0706fc8bc70ed4e01fc7020fb4530074 |
| SHA1 | 61a129f5205a55244ca92a6d813d894597dbcd81 |
| SHA256 | 99e49cf17b35693e0709a881566f4cc15210c2d590a8ffb7a93daf377e319dcb |
| SHA512 | 145ae6c8d5cff2944efb4966eba93b162a6f2db4e4680ccbc9219c9202d782984c2cb17f8d9c8863d3065ca45436899d2efac284a77c956019c34a837432df68 |
C:\Users\Admin\AppData\Local\Temp\uosYAokg.bat
| MD5 | 5c1be632c0c77530730d9765fc89170f |
| SHA1 | 43302a8db0084836451d865cf9c0bd0b40af9f5d |
| SHA256 | 2f4b98ac43cd68e23359deba4ddec41c0d03e636c28e4a3c84a46fb143a078ca |
| SHA512 | 7165aa6956ae312319e42e0cca7a00086c090327812313bdc2e4e9f1c027ff1a869a15bc33cc39ffbbfa33d9f11c66741f3cf67dccf5815a9ddf56ebdab9122b |
C:\Users\Admin\AppData\Local\Temp\AeYIMEgM.bat
| MD5 | cb88d839b9f958ccf5c8e6b7d907142a |
| SHA1 | 6a698dfee96d56ac3b24e797d9f4b6ca48d45436 |
| SHA256 | 56164e831844dfecb62141aaeec65068e19f91644a7e3256fd2626523a7ac8dc |
| SHA512 | d06f197b4af2a0fe89351a71b5180936b40f7a1c98dc73ca369e0d96edab3b59c06b3fba9a219525b5896296830675cdbef311bf6991c11c50b44100b1ea0d5c |
C:\Users\Admin\AppData\Local\Temp\tAkQAAYQ.bat
| MD5 | 0cec1a896f794fd498ca6bb5badfc112 |
| SHA1 | 6b9744487cf407786b75dd4a12c7a904e790c499 |
| SHA256 | d7a30f5302bdd2a10f9e02168b7ba90a82fbe1169662f9c4a71b46a6929f3814 |
| SHA512 | 2e5ac2307a1599d11b9e134633f16d016d9e6e64afb4a2694ccd10643baddd7a9e76324cde228e62357f56fe39560452216fca7adaf8663d4c0e279ebcd94cdd |
C:\Users\Admin\AppData\Local\Temp\OoQS.exe
| MD5 | 16b79adcc30ed2a183b9ad286cb7eca6 |
| SHA1 | cd0be3ee2f3ae01ccf179183a712d10ccc88624a |
| SHA256 | 235ee2b3832d7f9e6ab63e10644609b2ff92d762b43dccab277b2d2a1847cdad |
| SHA512 | 52cc88f18430117fae16da6c8efd21de5db71ec4001e2de1ef6244176090d4b3cc1afbf9f7de8d5d7162fee639f53220cdf66142c7eb58f4533ae8caeee09c37 |
C:\Users\Admin\AppData\Local\Temp\fcwMcEgo.bat
| MD5 | 60bfdb4e1ac3fd16ac1fcb3d750adfba |
| SHA1 | 79f154a926b725aae7d6e9d3300464f37b284d7a |
| SHA256 | 22d8f72cecd5b1455b1c8e6041dc1fd72abcbfe37a0e4fdec1757a1c719c4ffd |
| SHA512 | 2d10ea66911ebb79f0f3f96001648d349957b6c6ca9be71ffd3fb119c23a699b7ca96a22911e96b439710ca30b95aef24a83a9b0b2fc8d405c0ca0dedca29c7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\192.png.exe
| MD5 | 9e0f3ef51bdeb7b1029ab961ba1c8ca2 |
| SHA1 | 9956a61290f62e601527f2b3ade86fe77b772b45 |
| SHA256 | d54266cc217561f062db97d25ab85ca3c8f04bbb9fc42410a7ead7060817ce86 |
| SHA512 | ea96abb47e653c992a2a20248cceb38aaa12e790aa546867675a39807a53890d7d736c91ad726f03e18e8008617554e7acffb771649db6ba4c283b09af4555ef |
C:\Users\Admin\AppData\Local\Temp\aoYc.exe
| MD5 | d760bde27a8501ae3ca90dbe1ad1bbc2 |
| SHA1 | 93cc95c8dc393950329df6b0ee406a3b5de6f9fb |
| SHA256 | 2f5866b871244ce2b1a002d0aa0ab56f431469e0bd35c95be7e421390fa230b3 |
| SHA512 | ac8b85e806e69319ba7b3aa0618c05a870feba8f64309e6a6d02fc4ea28d1df1ab819517d742b25b9b997b5232951ded92496975c203989b9daeda7a076a0d9d |
C:\Users\Admin\AppData\Local\Temp\SUkU.exe
| MD5 | 10c9ecd1e845926987003150b7155d0a |
| SHA1 | ef82b1297e563f2f9b8afd7294cced04c31b4e63 |
| SHA256 | 8018d32b082796e7fadf4102ad81761fe986c97350e5823fc789e5ee62b3b6d8 |
| SHA512 | 670ba65378c114a100837618f8c0d6d2c3ed328885f3a53c5582760b8861532311d2d22d89233d38e8640ff907acda7e504f95fd7dc0bab67cdb3af313734169 |
C:\Users\Admin\AppData\Local\Temp\OQga.exe
| MD5 | fcdfa403a1b85b4635c9373197089bf2 |
| SHA1 | 6364d542a9cc8805fdd51cd42fd3c1cd1ce90bbd |
| SHA256 | 0a9ca4afd8fec57284e715734fe88700b134780f68dc7d3bc6ea97db07eac9df |
| SHA512 | 1d079cd8d44346a7012437e734a6f7691f60ec4ca6ffbbcf77a3836c0a31b80c30c545f098b8a006e30188bc3bb87b5a55dac449032809c7e62aa3bb2de3d55d |
C:\Users\Admin\AppData\Local\Temp\lAAscIUs.bat
| MD5 | 47a7455ea59ffd758308144a4a55f532 |
| SHA1 | 0ca3beb245aa2acd6446d60ca3a7bec202478936 |
| SHA256 | b84bba6496a369c0db2a8647872f316ba1e75e8bc88afa8e9de6330abd6ce767 |
| SHA512 | 280662f783541e7d9bfd2224b4d800159a3f7d612dfd7f300ccb5b2b9bb67a2977168810f5fb2194e4501784827c6e764fa8403aa8a752cd07703c8455bcf943 |
C:\Users\Admin\AppData\Local\Temp\SMsG.exe
| MD5 | 46445920d74115e0ea71da6f22de63e1 |
| SHA1 | bef35d4741d1748eb2e83c516a1e678b366d449d |
| SHA256 | ed73f30af8050128c5116b1de820e2f78b81692abed1b9d16a5f5ed5b9d55b6a |
| SHA512 | 6970e7f9503a6ccd3ca52afa2a03a8da43d963d7f4442ada26c163d9ac867c1335b95f8049c11fc91b9e9603c4c16806af9818dbd3b5e184949c2e444052b086 |
C:\Users\Admin\AppData\Local\Temp\aowE.exe
| MD5 | 5fd8f3662a4dff2f73ac8266f9bb9ed6 |
| SHA1 | 83b32b0bb39f016a5a314b26d7acb3aa180bb6bc |
| SHA256 | 482d89c992e4009752eb14f93051e93ae6e0e272db93acb8a5d980ef9b58700a |
| SHA512 | b80313d6bcd7f06e7f50d1caa5e83e72c87a3dff5ff760e87e98b8195f21f74a9d577f7a9cf9a64d3c2d43c1e70be52291bc0eab120328e0dca73cee2a6c12dc |
C:\Users\Admin\AppData\Local\Temp\esUe.exe
| MD5 | fb429f77e054279ee2e54e62c7d80c12 |
| SHA1 | 7c5b2a38304560e2148503be245aa46fa05853f7 |
| SHA256 | d529d9eb9b5216d71c5b76028ad142c24e495fc0d2f9cd9ae0ff6f87967879f8 |
| SHA512 | fcef3ae880a63d55ab1505bafa2ded772cd726c3e4284496b35a42e6fac23597d072af6e15f02f8fe9961b375cd7cadb083a5ac3d482363e7d808d14f4630aa8 |
C:\Users\Admin\AppData\Local\Temp\kYIs.exe
| MD5 | b8c9b8077f864e1850b0092a91f10abb |
| SHA1 | 322b6d7508d5f912c8267ee625151e0845c2478b |
| SHA256 | 0f43cbccbe2ee2e147a760cf9069c574ae25acd669c2b46762f4a4da1aaa9157 |
| SHA512 | e24099876d0df28ba01d2128cb4325da64e2c78409b786e91d41235de11ce095cc390a0b63502613c6516d48f09df1bff1315b22cbafae4f97a47b8fe7ebb32e |
C:\Users\Admin\AppData\Local\Temp\RikgsAYE.bat
| MD5 | bbebf74cf183ee5b6af7646b335900ed |
| SHA1 | 8904033433b029ee23367392dd4b849faace003a |
| SHA256 | 62e9747dd0ee4fd5d034df9e6528963110a9df2b6ed22ea9ddb860bff1a817e1 |
| SHA512 | cf81c5619a7043448f8fdb7b9398838c42ab2b9528908236f66519a298c127eceddce90fd9fa1c6df2467d0a540ba75fb032ea4f3ccdaa02d3228195218e46d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | 2f9e4b4ce9ef1740c9c08e464f2489eb |
| SHA1 | c2a7eb57ad36a872cfdbf9e6337d76d738dd9201 |
| SHA256 | f4772bdd3af8ba0235455754363bd0c328ecf2a35521372cc25b1edcf135b3af |
| SHA512 | 79d184a3521998bbf2157db18042d62013ea5b6ce1ca9be86277527789e00a9df78614a2b7e772e2b05b62ed1d869fbe1e95651e968ce403537883911221b104 |
C:\Users\Admin\AppData\Local\Temp\YskA.exe
| MD5 | f2f3b59012dfc491b5b810cc29ec50d3 |
| SHA1 | 15fee123756ed872c5af3c71d438a5c91af1c50e |
| SHA256 | c18c0dea6790e70641a9a427aa5e8a2556c807e5b01e53d00eaec87eb5ebff81 |
| SHA512 | 96762c11b3587cfd8584050386fbb4c71c837dcb126a11677a405f9edaaeadf8cc5ca80a3c2807f510403be90de1a58f88a3f4092e7176dd26c6a456c7f83f02 |
C:\Users\Admin\AppData\Local\Temp\gMUS.exe
| MD5 | be95ad3bbf0e8611a89915abc6c995aa |
| SHA1 | 4d55913b6d877738be1daaf74a25d1744ef86ea5 |
| SHA256 | 6d5d7848d0583c62d88740925b6fb78d06771cd3e8c6ce2269526bd23458f661 |
| SHA512 | 39abf9323f33e7a4b8ac955b3389b6151c94cfd69a91d56b69a03c4a52c1789530de7e4aace0fdd1d285080ffac48ff9e7d32684519b0fec38466dc4e909e16a |
C:\Users\Admin\AppData\Local\Temp\yMsE.exe
| MD5 | 678af9d14991d68d4c138f6483de9aaa |
| SHA1 | 7c82b9c4457d293afa58d2fe63e5e3a5e17f6510 |
| SHA256 | 8a285536bc4bebb72dd380b6201112e8934a92561c43247966d06d8f6100696d |
| SHA512 | 9c7a8c933f9e71bc77854519559b1974699e8c0a7a75a4fff1b8f465b9ed4527fa23447919c0aaada36fd6f8e296dc752c5eecb604559746dca684342d501bc5 |
C:\Users\Admin\AppData\Local\Temp\UsUi.exe
| MD5 | 38fdc0d29b647c5b091277746d4cb824 |
| SHA1 | cadcf7b62c2fcd577d8288153319e413458b40a6 |
| SHA256 | 5f2e97978231e32d95213342e0f03bfd2b5a8f8af92f0b59fcf7313ed9973fb1 |
| SHA512 | 51cf7a0ebf4a729dee328a9746a947c85538ed10bd3debd7264937efa554682fb50331a358630a2e6d09bcf033e71a2b7041652d157355b95d80aef9332f96da |
C:\Users\Admin\AppData\Local\Temp\MUoUgUQA.bat
| MD5 | 2e0f7ba016f836dcae49a034995bc279 |
| SHA1 | 903d020eb928e49600e3228f3d253d9d160f1457 |
| SHA256 | 1bfdcd70d6f9f5cfc5e6902a791829b0d148e8d85f33a2bc37a257b5474048c5 |
| SHA512 | f63d6fead58efc117bccc0eef02435662bfbd6a22bbcaa9daf35bc3b7ef4b337d73270527d22bf0fd464111cfc296aa3ae57d9b881ea6ec77bf79216f2bfb7f3 |
C:\Users\Admin\AppData\Local\Temp\SYEAssQc.bat
| MD5 | 5d29dd0dc8f889fe267d0b953d03f14d |
| SHA1 | 3d635e1347610294c65331b394bccc1fb354d588 |
| SHA256 | be92a9af7d92851e3789f7f7b2e1bab47eb099ebb9790e30e5122416c62147f3 |
| SHA512 | 839814741b4b1cc89f4b8f4c6f79bb366f9c48db10b6c11cd7c89e0f1fb25fcf00b0312d60c481b1cfee22734c30cd0f06ce7e40bb005357e34b396118799628 |
C:\Users\Admin\AppData\Local\Temp\EoYe.exe
| MD5 | 20c7f3cdfb2299135d725bf1ceae9959 |
| SHA1 | f44d84d01b6b1c14477cd031881ab3c77927fd76 |
| SHA256 | c1f604096403d6ec423af8654c808ace76d352a329f66ef15e0148eda37d5ac8 |
| SHA512 | 127cb51693222311af3126ce9636e7ec0b99d1d5b32f7643123e0c92f6ed96ff7943d3648324e53966cc46d80325dc412af72df79612bdf81dc5967e1c4ba9bb |
C:\Users\Admin\AppData\Local\Temp\IEkS.exe
| MD5 | ca27acc6b74f9ba7020bb7e2ef89ea4c |
| SHA1 | 35d31fc3de36a936f3735879a595770f776180ab |
| SHA256 | d0bdc9983c00593ff93b8d63ba78fa8086bec04863520cd5d8e3d31099d22c6c |
| SHA512 | b62702a3888554f4b2689e6ce600f1d7c7e1db834e98550e4b11a6be60d4f0dc7096f8eb51edcce2623425bdedfba2f43d5785d65feb80200575dbef7e229259 |
C:\Users\Admin\AppData\Local\Temp\Ksoc.exe
| MD5 | 4a60ae33121f87b6337c3c60e8eb7bd2 |
| SHA1 | 4acc9a6a52d3fa562921c6072c74d02f093eb528 |
| SHA256 | e1ba538fe023fc510dc13367a2900029c235272d2acf99d3d62297edab832b0e |
| SHA512 | 8ebdfafec060785525c18aebbf41e7b7386d8002ed799ac1f2568b4cb0458add39e58835ee701d23a6859a56090bba0448a711e30e70359a860b6c2e454360df |
C:\Users\Admin\AppData\Local\Temp\gkQm.exe
| MD5 | 904cff5cc82491ab1428a517d188e4c3 |
| SHA1 | 1c89b9acab770e0ae06a3ccfb94b101063628e79 |
| SHA256 | f6cfe572666722b1d063cb12366895d477ea940aa172b2ced81674cb43c308d7 |
| SHA512 | 82aa24e8ef22407f535d67607270e3359193a6806e2c3617de99892315fc6462e91d5417132f341ee7f1d2cd33ae115bb97a471208ba2c407826d3f24a8fda81 |
C:\Users\Admin\AppData\Local\Temp\CgwA.exe
| MD5 | b4a93b93eca76b2389c3f413a56652ba |
| SHA1 | 1df5b013bbceb3d51a2c41a4b5ac9e6e9578a58e |
| SHA256 | 60d2322fcabc5608c84059d32f8eb72946d2326316ffd9289b80d247a495c50d |
| SHA512 | 1aabdb202608fc64185114826870d33a653324c5599b496a2d255e893892fdb52a62b688d8783457b8b82d0801d7a48a30f9e284d8ea3d7e7ff7a0c08d88d484 |
C:\Users\Admin\AppData\Local\Temp\uMYAwgkw.bat
| MD5 | 73ee98b94db7ea38fc37f0bae0edf209 |
| SHA1 | 94da1f309256eaef4b3767790ab65536aa145932 |
| SHA256 | c32a4234906a07322884ced5beb45b3e0ebbf4ef7b629c96e10b1ade6c7a3bb0 |
| SHA512 | 10ebe0044724303863a378dda82d468d62afbd10b91a468ca78f740e20e65bcf9e85af86ff4f620361a71d73a7f5cc1634a0efa17fc9e7c3cbab5056d9675022 |
C:\Users\Admin\AppData\Local\Temp\qksa.exe
| MD5 | 6ccba3e7e8e4d580d5bc6969d93bdf0d |
| SHA1 | dbd4849562e82550cb6a54dda4ed583268760457 |
| SHA256 | 1c6c9bc3f0edc65e85dceaa93aa35a4036eb6ba2c69ac9a17b3981cebb355649 |
| SHA512 | 430a6fc69af993d0d092872a002a4ebc58f5085c59b99d9786f27cf350c0bfb0b0a867870108c8206ad4b5afa579e9d8bd3644f0e9392e80ff773497fed5e112 |
C:\Users\Admin\AppData\Local\Temp\iQgk.exe
| MD5 | a5fb308133831a244b5db436a75a3c9b |
| SHA1 | 7568ee86df29fd79665796f6038b6010d4dea5b8 |
| SHA256 | c0380ad2d8ab712be651c853736b4c48b98a0cceb10995df84a1732351086cf5 |
| SHA512 | 7a07a1bb7bf337a322d51b8c61bb7488648488452d140d057f4e4b70e0fa16ed1ad00f204de3253ccd58ed61080b189573ae6f8232ad30a76e1a8964c87cb3cc |
C:\Users\Admin\AppData\Local\Temp\SYsc.exe
| MD5 | fdf137ca7f6006b0f5c3694c38af396f |
| SHA1 | 48687a194ee9926312d77c6fd62b0d7f5e678b86 |
| SHA256 | c315943c74b56fdfc2437c133e14b524c3ae9680135026f82e4d9741e583e72a |
| SHA512 | 05b53d80ce605d7bd5b67f2d1d513ccb4ba66721c1833c865fdff11129a25daa57202c2f4a4f0d6976e0f93a4bf8ae6e45b6e67cc5bffbd6c0d9a5234404c89a |
C:\Users\Admin\AppData\Local\Temp\cMsq.exe
| MD5 | 7d07a6344209a3f995cc353dae2a809e |
| SHA1 | 7a6109a72e927c237e4c26296b28cb8a9d8c4ef0 |
| SHA256 | 198896365780725b65a815397ddc3f81011a2aebb5feaa528edbc80bf82a697f |
| SHA512 | 19969b41579bc0a8dd9f07ef3580d1bc49a1a9e7b1e628503a7b955b38c60d19dc8d21b2d6d667215ef6da96bb72e97f80933ef60de37e280cdb0a362b0f4ca5 |
C:\Users\Admin\AppData\Local\Temp\MUIAAAYU.bat
| MD5 | 374c6d189c19fee04b04b8715de1038d |
| SHA1 | fe2178ef02eb6a8db23ccdbe87a78d9dc2c3ab76 |
| SHA256 | f6bb3258e830b54d107ac0b099ffe7f6bc581519843f0c7cba2e6ff080799ecc |
| SHA512 | d081d79eda29e7fe0fc172b6900d797dc1b86bb55d12f1eeb94ea754d71b859f4ec6695b8a96767e3d938777d05e1066ff6ba3a7125b026278e9bf08312d1242 |
C:\Users\Admin\AppData\Local\Temp\okce.exe
| MD5 | 50aee8b662610ffd58b46c4ff11ced94 |
| SHA1 | 3c1ca72296174bfef18480676054195919e20c97 |
| SHA256 | 06e9b03c8ec9cdf617310e96d8fb648dd7228d96d304f18c85aaebfba65d3b35 |
| SHA512 | c655848dcba6b9cc8a68533129ed1feab9494031176b42ec80dc5e16ab815afb2b499f37049c5a9d6c1ee4327d3235eecc237e0c1cb4821f91d120912abd8636 |
C:\Users\Admin\AppData\Local\Temp\YQcE.exe
| MD5 | a729d18957b2e46d46b1bd1ec3c98321 |
| SHA1 | 3aa79c60820009286940537ecabc2b56e3bda4e6 |
| SHA256 | b9a0aab341cc15130542be5cd99db315a524c2de93c61bc833d8f940a4e4e52a |
| SHA512 | 318ad23d4d476ef1c7dadd403228bdb83f25819cd912b4f8a6c7f221e4995e309a96f7c750affba93cdd2ed8f9c704b4bb585291ec606d5768e3eeeeb32863f3 |
C:\Users\Admin\AppData\Local\Temp\XKswIkAo.bat
| MD5 | 986b6b1447e898806388290a08737c7f |
| SHA1 | cef20ba562b5c2b754c7798ad971aa0d5d90f118 |
| SHA256 | c0105ce6971a45c96e5a9037d82aa99032f8f51a642f88a5344683ba08f9a743 |
| SHA512 | 054e9d93be20aedfab2ca58f226b407df66de5565a4d1ab9569b02b99f515feb9ef8a4d7fec15ea8b904b73e157789e22644806ced7a5697ed3002d5f7304de2 |
C:\Users\Admin\AppData\Local\Temp\AQwm.exe
| MD5 | bb9b4b99862013dcd44fc5a0746981d0 |
| SHA1 | c921019f5ec3e6ccb18eafd68b6e2142e83bebb3 |
| SHA256 | 339aff76519a18c7e104c95873c64383a619026399fa50d9e10cf7b73ade0562 |
| SHA512 | 5c12b70d4b6be968dcc3d1c0fab09bc5943a082ad3d6189985f69912a2ea55d39660bd626b83b5c3f59f4e1bcb3c48117dcb3be02f9b48b45ba391539a8bccff |
C:\Users\Admin\AppData\Local\Temp\Iwoy.exe
| MD5 | 80f49f0751aa2aee4e8eaed189614c09 |
| SHA1 | ca52b613997ab51a3c9ee232d1840f0ce95a8abc |
| SHA256 | 67c8e2adec69099ca8a3e1e561f8aeac4e1958712e5471f2d9652f0300dfe467 |
| SHA512 | ab6382caafc37b1654df77f7a6cd7e446bfea04bcf1a38c2705fc91101ccf3c59d2c1cf8b86fde4dc8618059471ce0f3f0554de1cea4d75773a8e89efed76456 |
C:\Users\Admin\AppData\Local\Temp\YwoG.exe
| MD5 | 3cacbd111f0e81b821bcff4f552424be |
| SHA1 | a14c888035d15249b05319cc640f09f02635f0b7 |
| SHA256 | 06ccf47f95dde160bc1dcb2cd99a0091664e3b0dc3310c51ee81ef425809e4a9 |
| SHA512 | 250bb363e711f76babb93f7e4c1af12e0643e5f0bc988bf140c24e51adf3b52c51456bd43d4da92b200b7acee21b21c6765a2e04ff1380912275ac426353887f |
C:\Users\Admin\AppData\Local\Temp\PuUEoUcA.bat
| MD5 | b293ac9ea201b4ef4efa4a6f5a958380 |
| SHA1 | e1e61cd139b7c7143cf61f80393e4ffcfa5baf65 |
| SHA256 | a79e6429413910b249622aed3b838e605d66d83dca98e98149a1f43ab21048b0 |
| SHA512 | 41a78baa0ac879ccd03bc99efb07ad79c4e509de47b7e2fdccff6f1205fcf7f155a3b749b286c67a14f30c154f8cf3f6c46383ecdf27549e607b99359a199659 |
C:\Users\Admin\AppData\Local\Temp\iUIO.exe
| MD5 | cd34d56867f771763fb5a896bd0b37c1 |
| SHA1 | a983e28e1a732dffa43ae81598f9460baf9a5cf9 |
| SHA256 | 00be0aaf3e8f50451b03f09d0604de62c95e3eb88703f10cb5a14a699cbc46ea |
| SHA512 | e151de5e7dc3822037c7b0540aad6c6d907eb0500ef71f6aaf3299dd5c8d445f372564494836145da10ad7fcd45e9e6c6834028afaecfe09934c1e555c01bd5a |
C:\Users\Admin\AppData\Local\Temp\ksgy.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\KUQg.exe
| MD5 | 9b54ea0e34312a103133747f38665f70 |
| SHA1 | 730b4d14f57414555dd3cafcd735af3383cd50eb |
| SHA256 | 4f87507c35d32877798c814273e01cdebcadfbb6c59b02c86171726c8442d79a |
| SHA512 | 029b57e07b67472513ff86f9257e74a0ea7018a40e7b2e981fc22d15802967e53525ebf0c5210707821989aef59869c5caa5a757a78a499df6230bdbf52a942c |
C:\Users\Admin\AppData\Local\Temp\QMYw.exe
| MD5 | 33506c9b72f2700eb58b8ebd6f39b69f |
| SHA1 | a0cd39ee80234d5dbb188b4c51f4f67106ff964f |
| SHA256 | 8448a14b58a1dec1306e547271c13b18e5cd011c4d2e8e871dd1748adbbc8523 |
| SHA512 | 2e7aa0346dadd03ba2c52ffa35d2eaac3c7933c32e0c4078d942b13f448f953335d8ce7fb36ca2a210d9fb6e2d8d365ebafc5cf38d660fc416643db636dd3b96 |
C:\Users\Admin\AppData\Local\Temp\ucwM.exe
| MD5 | 9156d8e188dc495534fb154ce6d43e4c |
| SHA1 | 0637e044aa5d503d2c28f1bba031959094400d9b |
| SHA256 | 386a4e11ded0306b23c4975716564d80fc8130ccded12dd48a1b58618a96fcf3 |
| SHA512 | 82241380ce6feb6cc861bc048de8d34836dca207bd00de07ac09ee3e2219b21912a0e1dcdc77ca68c0c25e8d49bbfdc942bad4fcfceacc3b954d80b025f169bd |
C:\Users\Admin\AppData\Local\Temp\qIgy.exe
| MD5 | e5a82d76067f19a651ebdca57fd1f637 |
| SHA1 | 59d3ef2b2747391fe2c707d0920b0df68344a282 |
| SHA256 | 449145640d495f2ae8b1c0d0941f7ff8bbaa34a03280ab3076195d46cfda298c |
| SHA512 | b041a9f368ec635b64246052f3e284b5c086190264fac4bfc4b561da0d191b7bb0e4a22debfc3fe01a0b6bc846b7cb39c0e4c1203b1a6f4518c3a407d87e2720 |
C:\Users\Admin\AppData\Local\Temp\MgwW.exe
| MD5 | c2fd792ce346e624f063477fd8ab073a |
| SHA1 | a278e04543eaf3a4bc9b52caf2afe6a5bfe3db06 |
| SHA256 | 025b78457a71e3825d343f63c35a577b81073ca77c77d9ea3a1357d70962ebb4 |
| SHA512 | 87f201eb8b7702093877d2fe92ef0dc220ed731b3d5150f36f9082efe91715a4839d6fd0e595604a6a9750cdb4478843f02e1ad0b238de7847a4c212e5dbcb45 |
C:\Users\Admin\AppData\Local\Temp\dWMogsEI.bat
| MD5 | 77538292169fe6a6f3f72d3e9647af16 |
| SHA1 | fc56b7f026468c869c483b5a7d91101ec4b38027 |
| SHA256 | 5470ac325b167940b593f08cc944319afa7e028c3f619b978c013957f940d52c |
| SHA512 | e077399b0834cc72ee1f54a0137d8fc88a63cbc1fdde94f578970ed3b1ef9a0c4e7364b06a5ee23b4ca99985f5ddd3c3e656f0b56b268d0ea39de29ca46aaf5f |
C:\Users\Admin\AppData\Local\Temp\AcAY.exe
| MD5 | f804efb9b37605457d92136aa9597cec |
| SHA1 | 7717b06d953956eaaea23626804d0083d97ab3ae |
| SHA256 | 1135670472871462e83269500e99333d9092fb8edf4d18282a2ee6d8662668eb |
| SHA512 | 5d6bfcc489dd980045320c804b06cf92223f78051c6d392e89af954a47713de3408b5c325467b09f170bf6ebd5610a2667ca34535385928f4f8317832193e633 |
C:\Users\Admin\AppData\Local\Temp\YoAO.exe
| MD5 | bf3a3d36b71b84dcc6fe07192f828b4d |
| SHA1 | ce5cb1dfcefc1f0323964386096e3f99d91b3865 |
| SHA256 | 9d63f3353ba1af0de2d1d06b71ce11949258df4c90e05f57e17653a41f3679c0 |
| SHA512 | 2981272117223baf89ba925cb88679f40a3f31cd0d2a4a459c2e056f04f770487cf54c2f3f9a186cd5d384953be057f6d7ac591bbf992934718ed70e5e10e89b |
C:\Users\Admin\AppData\Local\Temp\aMMu.exe
| MD5 | 8bd1fe70b87facf508c386e0f7dca81e |
| SHA1 | fcdaf592fbaab2fcf49d155799f7ef45f4e43aca |
| SHA256 | 160c5f12d271f68431dcdd79fbe069fd192e32436b6eb3d526493394a1010908 |
| SHA512 | 24fce0eb553d7420e369d9e514e037c5f2be61116754edfa647457d31d1b4a0c928cbbc51875799a73d0c3a7522ec0e8ee4aeceabbb140cce759988e55f01249 |
C:\Users\Admin\AppData\Local\Temp\WwEe.exe
| MD5 | 497d73daf4dbd11f66b936790e1d49c6 |
| SHA1 | fc670766eb1e313db27557e78e76d00b53e2dc4f |
| SHA256 | 6641c96f6c86a112953568ee22f90ac105e0c1ec5b5c4f8390f3dedb4ef2202a |
| SHA512 | 0a5c2795360900e9c3edbd7a91488cfc6afd64f77eb7b34cee4311af1192562f7afc9b679c78ec2200307a6b613d9a313f2ada782ac54b0a26f37190ab03e519 |
C:\Users\Admin\AppData\Local\Temp\UgAY.exe
| MD5 | 12d1fe223d74b98456649ed62cc527e5 |
| SHA1 | 02b87a7d95f210f8b2e10ee6b97acaf8a2f91be5 |
| SHA256 | b0541084ac5f04fbbcec632eed76b605461d2c24829985a67ee2156f65ed33c6 |
| SHA512 | 9e8e852d206e1e98d01b4ed9f46f0074017cd9c8b0f78781735ac81ba03f32db3cb5a224a2f466f6a5ecb3504520999106885a06911185a052652a5cd64a82a0 |
C:\Users\Admin\AppData\Local\Temp\zggwUIEA.bat
| MD5 | be4d2cb0378528c2cf90f8e06c494f7f |
| SHA1 | 35a0e2850ac224cd4d2e820e778e8b01c5c94737 |
| SHA256 | e112ef496c399ee56ad74537313048b82525fcf6e18c3391efa731b4da88d244 |
| SHA512 | 2a22c302fccf71476603c02bcdebdc150b4f348925de02d71bcd852e15e70d4d7e6875230da46c9b42073a81d6bf1bffcca0f337d65214b0f5c2ea704dae9254 |
C:\Users\Admin\AppData\Local\Temp\gUII.exe
| MD5 | 3443401d6fdd4093498fcc45d53f44c2 |
| SHA1 | 5142ae1380c3c46485752cbe08fe0868ec5370db |
| SHA256 | a0ac0af36403b910da268d5c60312223181e3fe7c54920586212eb4e021ca9ca |
| SHA512 | 472fc132670bc292c5f2e5f7aef5f3fb428348c9b3245723880fba4af2341660dd6ccb5b8695322b06681fe86d60163bab9f81b27c22dd564322d36eac3912da |
C:\Users\Admin\AppData\Local\Temp\ykYI.exe
| MD5 | 5a1db66c69fae8b5eb854297cd6d3590 |
| SHA1 | f461c6d8b7e15d8937a504024a3ff76f29540fc6 |
| SHA256 | dff67e8f9558240afa13edae7cf01fc9665bfa37a4f28544be14a7df19d7ed26 |
| SHA512 | 52dd405b60849075ff4f345a643019482382ccd35735c4fb19b72c9f3f62d91ff93f849a68154488b77aabb3dc7f365b922cdbaacf78e32000003e2c26462917 |
C:\Users\Admin\AppData\Local\Temp\SIYu.exe
| MD5 | 52c883494959d425f3eb4e7844bdac43 |
| SHA1 | d60a2ea28c489bddb53881614a766086d7596810 |
| SHA256 | 715715d55afc319eabc3aa89a90bee4f1ffc57733e20f804743dc4c1b1b95f8f |
| SHA512 | dec92b489c640e0316fc9b4dc8fac11c2859a974dd9e047dc4b764cdc7ae6e01b766f4639cb3e2191c76427e5aff39683febf9885f449157e1c17d526843ca64 |
C:\Users\Admin\AppData\Local\Temp\scsA.exe
| MD5 | 9752bef5ca9726a479391d1f70f84ce5 |
| SHA1 | fbd43e684a73f0bf4ecaa275ceaa2a8079039a11 |
| SHA256 | 597be7b626bbbe5e29ffa081eaf543a207bae77331f925f882b7f1942df66c82 |
| SHA512 | 09bbc65e65832b8092e838c9b13f5546c893e217750b9a6b5fcc5c894abe777b28fa1c31decf900afab8e16edfca5d4056fb0b2b1a2b63c3e2540b0ce69cb856 |
C:\Users\Admin\AppData\Local\Temp\yMgq.exe
| MD5 | 9fd88776e878fb8b4a22ac113dc524fb |
| SHA1 | 2c9c1abc046d73da74165ee9952ba96d6ad9f88e |
| SHA256 | fc0644d2c5f08dd557a4e96e8e43f989d034d43ac10d8683dd1f8327d2901928 |
| SHA512 | 2ed3571de00091ba6b86fe88e309737be92641fb599d88f01e9ac07ddf39dbbd127d3ea6dfb8e65522ea157c6de3f9063e7a4a571242ec3109deb6b1720c876e |
C:\Users\Admin\AppData\Local\Temp\kgEK.exe
| MD5 | 7fcc8dcde8d7caed65d15a99b0bb49c5 |
| SHA1 | 8be8eb573cb8be7666ff988a41baf52d40c02fda |
| SHA256 | f95f2516851140b8e262446a89b8230eb39f89dbd42552422c9e0b6a82dfe05d |
| SHA512 | 5bcfd6828a07c69c33147518a1cdc2636a47f97033f0dc4d64947601977f75b9f5ec61bbb3a14a9a106249e42bbe2679b5297eb353014be2eaa324c92eb42b4e |
C:\Users\Admin\AppData\Local\Temp\YgQi.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\uegAswQk.bat
| MD5 | eb5dbc1b88547841fd1de90a4cf4a9cc |
| SHA1 | 881a2981fb2a3a21c1a30b71914050217a74df2d |
| SHA256 | 5dde165f550591b0b37c5b3fb3734a5dd5238de9309df02e648261ecbce52f24 |
| SHA512 | 15b7b118aa6b5cdc43ac2fb690aa367285dce6938b11a716b9113b9a94f633bcf452c2e441b8a36cb82ba30b51ca4e01e0c8538d14247dacaf21073c1035c0ed |
C:\Users\Admin\AppData\Local\Temp\mQgy.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\CwAO.exe
| MD5 | 3c75c1d038144d5091da8d1c4a542d0e |
| SHA1 | 001ec3bf443e7e8d8eaf2be4050de81366dba85c |
| SHA256 | f3bc4a60fa2129d5d4520167572c86a0c734581a07020f33fdc6b493311798e2 |
| SHA512 | 0c4bb5745554f52ffb19f5146767d124200ec9acaa25784d5d33cb18f046b7aa306e7b8f7886ea4088dc482c920ae5d077264f12079195bed5bfe3b672add5bb |
C:\Users\Admin\AppData\Local\Temp\WAoW.exe
| MD5 | b24d7635d78b037f8a4f400b2c5f10e0 |
| SHA1 | f624ed90cf716fc6e90ef4f1f6b4e1629380e3f6 |
| SHA256 | 41a1c716fc9b29a3f091d0d5256a43f76334f22725e62cddcd69143b099c9cd0 |
| SHA512 | 2f55f9a6fe73a66f8602b096544c85a4e29bcc51c2b84e418a12cc00c33eebc5138c0bf600c68eb915fed3c57f2d7800e6ebc79682a9ddf365e8a70ff25b8ce7 |
C:\Users\Admin\AppData\Local\Temp\EssE.exe
| MD5 | 1ad8cd93351ab635c8704a0b3d07ab1a |
| SHA1 | 3ee970a9ef2700afe42cb26ab9669e41bd990d3a |
| SHA256 | 5e5d375d5baa5237484377ea1600ff0ae93414fd37cf5d5ab975ccee10e63b27 |
| SHA512 | 7766730d5add836b440f29e7b33de7fad8730977f02859e82c31f23a12f2fd0779d66e6d1bfdefff3ff7fd763dbe8b2fa8a4d1ee16794b5d285ffa00b8426dd9 |
C:\Users\Admin\AppData\Local\Temp\EsAC.exe
| MD5 | 0fcbc914cc702f846399699b15899ce5 |
| SHA1 | 4be7ee2e2b1983f96a291aecf23f36e1cb501144 |
| SHA256 | bf4300668d3222210d9caae2664259da62fd355f3675c676344a723948434a37 |
| SHA512 | 6592176819c2c114a79cf31e1c9c9e1e01de74b045201e93ca821ca2eb48eb592553448b198c032eae013c25697ea281241ec087d90efb629ee880b0b087b5ad |
C:\Users\Admin\AppData\Local\Temp\WgUg.exe
| MD5 | 78c571b58dec76a50cb5bd0258d093ec |
| SHA1 | 58cb7b0937b4ac7df4d0c8a14f595f955a1b2b8c |
| SHA256 | 6e2614826280f4652cfe0d359c17542c29737fd1379570afef87c9f8ae236614 |
| SHA512 | 0af1f9bc62aa1946d254851e1fcdbeee4455d84e546dc28f123e0d6ea9e4edf85b96dd55412b556881fde08625fc641e9c9bbfdba923aaccac68ae007fa3b725 |
C:\Users\Admin\AppData\Local\Temp\QckcMgsw.bat
| MD5 | e89e3c87fd03f6fd88536095436820a5 |
| SHA1 | f97488d7a7d5e842490adf05ec3c4f6a21bc9e33 |
| SHA256 | 845e27a46b5d076b2d80486c39bab37120fc7759126ffe4e984575198823fe36 |
| SHA512 | 8fe8b82ee65ebac0a928fe9d91f1d98ba486861d8ad8c73944cb2f606dfd4595bb229b935745f2d6ba2f472e8793dadd9d164ba033d632677095cd97efda501a |
C:\Users\Admin\AppData\Local\Temp\KMgc.exe
| MD5 | 4f2499a3c4af1e725618fd3131eab61f |
| SHA1 | 68dc040574bf6f31bb4f9d03906ea271e95a70d9 |
| SHA256 | a84f3255bf90eb5c0d5d4132e3bd95ace1c589d4276c574f0de701340051a81d |
| SHA512 | e28ccee0db15ec3033fab9048221d84b0d1e27a91ce80c6a8fb9b1b9d5b25765a44a147137c4da950ea53b3359170cebbaefd0e3ed1d2a4a4cc7fb5b1ba095bc |
C:\Users\Admin\AppData\Local\Temp\kEUw.exe
| MD5 | 57bf4498be2ee3c8c1c5f3f4403be5c6 |
| SHA1 | b07fc1deb77d2a2a6b284aeced478844f7e0c387 |
| SHA256 | 6034bc745b9fcb4115fdfff28381ae7cafae282590d37b2cb5317a9ced8d282d |
| SHA512 | cef9cb5449e095bdeb6ee6abac9eca5b13ad8ad3972d54842bdfb198d761079f1bb99ed0d575ad9b77af02e267c3032b7d49f134ad46be97dc82b9555f691b88 |
C:\Users\Admin\AppData\Local\Temp\OYMa.exe
| MD5 | 1f52604fba9c743de7fa90080e15d9e6 |
| SHA1 | 100f9c02198703b4d60593422a27ff1d2c91b57a |
| SHA256 | 08b089966fa4d5b24184ec70810e77eb121eb7a7ce250fe61d510e19b47b71af |
| SHA512 | b3db1a2a81d467cdf6aca4627cf9671dc56ad40925dd8e2a5009781970a8a370338c7bb327725794d18b2f2036cb29cdd4b0fa3107dea1ae7ea876263bf533ec |
C:\Users\Admin\AppData\Local\Temp\mEUYUokw.bat
| MD5 | d71b04ab4acee6b9ca0a3efe3557879a |
| SHA1 | 037cbe94840b6c7bc3538fd7d0ea27ad63fd22bc |
| SHA256 | 3ee7c381e63addf5e5f6e1f86073de97d920e228e1621bf80bd284b28cb5581a |
| SHA512 | 943eac5f8b16c222e8cbb192e82473a216678b3fbf5e8e2741ac71147a69bd7247298bc2a9b2815c3b4d766e8ccb5e0266b9f55112bc781dad47afddf55073a2 |
C:\Users\Admin\AppData\Local\Temp\aQQK.exe
| MD5 | 33758a0acb318f8fda998de9551cd3be |
| SHA1 | eee26c18e938c15fee6991fd4115a3ca2249a64a |
| SHA256 | d4f8acf0fb29564b6073af25be70cc546cd8ed57e2cca8053f461a3b76165e65 |
| SHA512 | f6e598402a52ce7859790fad77b40f3c231891b6e9a898dea8dc9bff4c78cc9484355d34f8b082ddbfaab408c4612288430454265e9cacd4e85a5d810e84dcff |
C:\Users\Admin\AppData\Local\Temp\IsUE.exe
| MD5 | 63825d539d88358da7c2da2c0aee5b6a |
| SHA1 | 151bd0fa0d9c4ecd7ac15c221a3b1b632e1e55cf |
| SHA256 | 500b2ebbd8ceeed19334f056e6430425d7801fd679c2b5decbfd76fd64c0530d |
| SHA512 | c1de53e93ee2d3144f78492aab3f4dd9bd52f52c729e7e53272ee721ba14b700f2129c0a96f081572c11efd62d2627e6e87c87c83eee1d979d16c2bd18141530 |
C:\Users\Admin\AppData\Local\Temp\CQQQ.exe
| MD5 | 8b96b3d0317f729ea521e5dcaae141f6 |
| SHA1 | 340a7d22f8fe510408ccf44cca517a83e18193f8 |
| SHA256 | 159e05ad6a1e8c953ab1698bbe75df6912142861fb0fcea406c2c4df631c347c |
| SHA512 | baab5b016ea6a1973c0d11539417ded1a4f7d017fc823179feb85ce9882340a8997d849445e70d54e09ceb9133108c5ad4a11e39c40f4e679432c0f17c413535 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | bbdade21844a6b18cc9e9d8b82e5baea |
| SHA1 | 7940d4046e443f58a7b23067d9b3ba424ad5cfeb |
| SHA256 | 26c9b71d6c9d7f7fa99d6b3b0af7baf9a7f9ff2cfe8729746d6282c3fe7ebb58 |
| SHA512 | d5c676458c0c351c166efd92a36d4b7dac2a2ae22eabbfeacb52e0ada40a59f35ac259057f2ba8b293933a450b156abde3c31c1d9662e2b769f45a7634ec2b2b |
C:\Users\Admin\AppData\Local\Temp\KOIAgwII.bat
| MD5 | 556f2efb8d4429efe14b936a9dff7637 |
| SHA1 | f6a978fd4ed8179bc3e5dfb14ab127337c079f12 |
| SHA256 | 3be83ad68f71fa3aceeca6fc3f467daafa995d02295c219ce71271e6549eabb9 |
| SHA512 | 12f5fa8d0af12c5a143053afe58b395f998640c758bf28c459589cc59dd84925714cca64f4eafaf0756da5287373c2ae3b63bc44ceb9681337437740462e4d5c |
C:\Users\Admin\AppData\Local\Temp\McIM.exe
| MD5 | 0cfd7eb04641871577c55c1892174a33 |
| SHA1 | 7b12ac3b14b3c500914457b0f0ae1a1d3819db44 |
| SHA256 | 47c67508543e0fb0eb61d073920b5c6075dd1dc6f0128cae215d60cbb989ed80 |
| SHA512 | 716b8f77dfdcd4d6cc8564626a45b39542beb01610262a94482e72162f74c284ea89e94a3a983f6a0aba68eace21366e92d4a9a33901619c820ac7b6a1de38f9 |
C:\Users\Admin\AppData\Local\Temp\WgkM.exe
| MD5 | c7dc2f4c4c2c48aa7b2dec12ffa5993c |
| SHA1 | 975bcc70247e94498cae09f1a2ea5358153401b7 |
| SHA256 | b98c97aea6f4fa54003e1d1bf35cd51f1d56cde42f57008ed0f2974286cd362c |
| SHA512 | 27d09bfd4a6b5b6ebfab810d548c37aec046caeb339175a42bd880186101df4b3566b3b26cce53e0201d533f6b1c8e6df3a713b7d14e6ab48fc2cfc733a75717 |
C:\Users\Admin\AppData\Local\Temp\QYYS.exe
| MD5 | 9e939b38ef8604051b9104d131662e90 |
| SHA1 | cdaeb0cb6cded361d1543e80e29fe3dab2e2b221 |
| SHA256 | 43f16e22fe72b94fb42e3a4b7c78ed3fb68a8f084c4506d97bfc4edad6e5bad3 |
| SHA512 | e6284ccfd50d910fd845ba0a750a579e5311386a38b121f0387f208fc5e1d63b26e33049a9e9e17a7eab77d6417626666982906721f1cd45d2b149ee5586b62f |
C:\Users\Admin\AppData\Local\Temp\Oggy.exe
| MD5 | 21938f80c18b0801f43f71d87b9afb73 |
| SHA1 | 730ccaca8e71ea9eb71d89e51b27ebf8e8b3fedd |
| SHA256 | 355c7ada9e768ba48a79692106da3dd8933fff01728a69961bbecd53cd8fd559 |
| SHA512 | efd6835a3e0718ef5128c4baece1f5a9a3a56504498c88c928ebfccbc50f512a852e3b9cf3cdd8a37f3c3f719f0e8514096031214878f50a362557d79fc7ea00 |
C:\Users\Admin\AppData\Local\Temp\peYkMMAI.bat
| MD5 | f439fe920d8ef0e13b982a8cc712152e |
| SHA1 | 2250fc46fd3089aab4d47391a2d5012b7cbf5a6c |
| SHA256 | 111e9bbda31e1f43f2c5de50a56c94d74d42e95cf3c9a1f150cb8bd1404845b9 |
| SHA512 | 784b91cf5c666edae01d4fb8aafdc3aa086163d77ace1440c7de87ce9de939413c4bf96799a5331aca6d1a7c35ca1dd8bbc79ba42f83f27b49de76922ca91455 |
C:\Users\Admin\AppData\Local\Temp\AUEe.exe
| MD5 | 24f2e842255dfe554adc419622627019 |
| SHA1 | b7faf4ef699e69350eca6ce205c92fec3f08556d |
| SHA256 | f4db682280fd1a0b835ab3b2db338762e4871bad515f55c047eacf739e074817 |
| SHA512 | eb442e5782a4368e5c18cf6ff59db6c1ae6ef856004c3cabec2d58be088f30e494df449f41efab1b2d7e4d88d8a07731013cfef155eb779b7e6d9b68e6a3b526 |
C:\Users\Admin\AppData\Local\Temp\oscM.exe
| MD5 | 2342233d6064e5bf36922941ec572f37 |
| SHA1 | fa9de95ccf2702aef197814a2f417f3ec0d56b3e |
| SHA256 | cbda4de8067485b4f7c2c51cfea5d76121a71a642bf1194bca597374114a029e |
| SHA512 | cbf8752b55fd67bddb59b507ebd73e78aa4b989503227024847d43f6ada195c4ac7259221921cb385548413bbd92325d2e46a0d2c5b9f1765c6f692de1fdff38 |
C:\Users\Admin\AppData\Local\Temp\mAso.exe
| MD5 | 2f9ead818b10bf768a3fe05627ba8012 |
| SHA1 | f026617d7abda7d8ce79543e1bc6631cd58b99cf |
| SHA256 | e77ac48fe69beb0398c2c204c5c515f26f0ab91431604a6a6fecdd6a46967be4 |
| SHA512 | cbd11f326c24b1f0cf0114ebf686803d90c1c31522b56fc149647a28945bf4e76e261ede5411c98dd9736cd4831fa5fd31b02d8f218f3611857611b0193ca6b8 |
C:\Users\Admin\AppData\Local\Temp\EgoE.exe
| MD5 | c3173ed4c9e042577bab3e1b7bbe1134 |
| SHA1 | ac32d274343e6c26bc69ad32d0d9b0302a45655c |
| SHA256 | fa570e885cbddb74356ed8e5adee03104342b6684a5174105a54df9223275ee6 |
| SHA512 | baba0fe4bda770aa7df719971d8baf4b2c0f559a43ca1f594d82d343260363dbf6bccb4b073231a90c30bd81c95f16d4c89a7e9214561eb3872ab8afba0b2d18 |
C:\Users\Admin\AppData\Local\Temp\lSQMAAEw.bat
| MD5 | a3555ab611cb17777970cee4459606d3 |
| SHA1 | e01407ea924b1ec4589003a0015b72bb9b0d33c4 |
| SHA256 | bcea94d1a479a0bacc69e1e67a3fa922784b50d042a9217261beb1b8bb52436d |
| SHA512 | e862d425d12af13b4311e4b90f2122b3c9eef6bfc8dc21189d030bc12c0f8b5faeb0c6d9e15d7c64afcf17483b004e635c20e93b48849f22a1fefc086dfb90e5 |
C:\Users\Admin\AppData\Local\Temp\ygUw.exe
| MD5 | 63d885e20741c00686d85c2b1292b629 |
| SHA1 | d1fd22d009477b2c4184b0b71382e9887d9b02c9 |
| SHA256 | 14de19c140c981c17f47df1793fc6537647a6258a2848501b57cdd601ae832c6 |
| SHA512 | 98a7efc4d4ddadaaa7d041e6c7d9fc4cf6bf208035955121b916b187ee49716e5134d787be22ac0113765539addbcd12a569b19a5df4e2d1df66d7f010f5279d |
C:\Users\Admin\AppData\Local\Temp\Uwsm.exe
| MD5 | 6800166570b7768e6651045007972203 |
| SHA1 | b78c9e1ca5317b8bedc7b0ad2330c00eeb54e0cf |
| SHA256 | fa19ed87f4cffbf3a9c4edef4d12e2fae9750727c684ef58c9a1bd6ab1f4edb9 |
| SHA512 | 569df44c45030f8753d3d53a239957a5685e437fb734a12fd79adbaad91ae3b25a46470a045a1c64682366cd5aae8eb2e9311055bff8fef2b36252c28cc9d9a6 |
C:\Users\Admin\AppData\Local\Temp\QgII.exe
| MD5 | 1b6bf37c0b5a8c0abd7008e0f01a9d34 |
| SHA1 | d539314d116f15379c37728734ed62a795cdc8c3 |
| SHA256 | 68b01a0b4e3d7f6abb769d60c3f570a22c2d1cd6263773ba524a30f40cc11b40 |
| SHA512 | a1eea76f55e107cf891330c409e8216c107017533aa009401e8b9385a8ff3eb78f4747b1f8c05cbb7563e4f8f5a4a7b5adbe5a7aabc922742f816f1fbfa46fd0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 8508003dfd2b87d6b7c67cac56f30d17 |
| SHA1 | 80296171d3eac2c1b5a9830b2c86d3d054b2fe87 |
| SHA256 | 8fbe99005840c2f51d004e861b75e484f6934097602a4925f11f946dbb8ad692 |
| SHA512 | ed5e0ed2bc26fa37ee56643eb7f11326db2934dcfd2bd1c14e4a87b13275a6884f6a20c41987be5a9a4b79ffd2415d035c053210f27e5d774f068a080b464812 |
C:\Users\Admin\AppData\Local\Temp\HcUMsgkA.bat
| MD5 | 69156a653c26e141a3ca997fa80d8d41 |
| SHA1 | c4fd02c3f16e0f00c6fd145bbb121859b7acc9cf |
| SHA256 | f11f21c04922b4be9365083cf0e070920d859d312f1e183a1eb393b28deee9d1 |
| SHA512 | ad133c90007dd98bf3c23a0008f529de5016a5a91eaf141473665c5ab4bcef3c2c7f50ed2a44721702539bc8a3330c8d87d1f9694954cd7126f98af08c304abc |
C:\Users\Admin\AppData\Local\Temp\SEkM.exe
| MD5 | 7e6d8b81ab4a35d8242c18f0ddbcafd4 |
| SHA1 | 89b174ce200b6cb2a237918266f03e3a57808d2f |
| SHA256 | b37c5b4fab75f7f99800a6670725564fc7e64f3959b94c116fe5bdcf1bb878b1 |
| SHA512 | 624510e9197dba3dd5bf599a1f4250116ac93ec8a28a5ff7922376d77fc146e92b9eeae67e0318c62ae33bb735f3751ac2e07ce144d850f85ab06bea4eaccdce |
C:\Users\Admin\AppData\Local\Temp\ycwK.exe
| MD5 | 017592cfdf62e55f5750dc5d0077638c |
| SHA1 | 0780a99474d1d6574f2c5b829da9532209f15f58 |
| SHA256 | e8990ea7fd352f4748da0f61721e1ea31b55d546b9759ff832b9674fb534a61b |
| SHA512 | 7be1a8f9db9f36e08526c748249171dd2947bd0a51ab9560869578e187f7bb0f537a253d03c0b6868b6512c79ddf1095daa1def9a64131e45e3581e7a9522be7 |
C:\Users\Admin\AppData\Local\Temp\gQUK.exe
| MD5 | 12d49c328234e18073f2d3308d288454 |
| SHA1 | bd2dc83bb72a66deff6516d3bea05da86c3ca8f7 |
| SHA256 | 7c2d83023c53779baab4eed38dc96a6bbcef4c234dc8c70bb210a0701d3ac6e4 |
| SHA512 | ffd47223cf45e041479466e37ebc4aa58587c4f2e6d14dcb53a1a9d703ca9424e94265d15995010477823339735337a80526f3d63dd3aa655ec67c2b92aea49e |
C:\Users\Admin\AppData\Local\Temp\rOkQcskA.bat
| MD5 | e862997e6d5d4a841ab09ed7a044a0c3 |
| SHA1 | e2023c5cd01f84c3f409c4fdee2c4b41959fa1f9 |
| SHA256 | 23792ddffe98d5e4dd931c812cefad40a1a994c4b7882f8d03b55d46f907ccfc |
| SHA512 | 4b1b282bd0e9a2da697924aaa2960ce2c07776db4cdfe7279ccae9d7c8e2311c0d8edd19ecb03b2651314d8c9c4feae7fdacafb5378ca3c61476a1233960dc96 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | 05bd080eb5b87673e99ace1c64b0bee1 |
| SHA1 | 189a8d9ab247972821a47e3996cdb7b0e0387686 |
| SHA256 | 20d67633b389c2e75b76e18dbf186a0eeea8afeb3b54b5691417141d6a91297c |
| SHA512 | b7c12e2597a4f3d21bf9c4ab4cfefa8c5cf7b238f19306875a0ed4fcf8c3cf3dbb86368b57b6fba0d807eff62e051c12666aec72b65e3f0d8cd490d52f9424a7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 51d271f14e9a2e6869a492faa0ec246a |
| SHA1 | 9ff7061917c82dfc2feb4100d74f79063fbff0ac |
| SHA256 | 731f128f9112e11275827572ad005ef1269b0ad8ad510ba86618087fe37a749b |
| SHA512 | 3b85bad49d5b84fe06b147ae3baa8de5675652a9ef8f14f90c18e7259e4ff898d5a5e72f6184acb3ce04e5b17a66b7ed09a7a3eeb976d1b3ce8fdf6ab7e2aeaf |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | 8d006f6229a567815344731d76beec3e |
| SHA1 | 7d40c2e9da650cb43007ba36cc97ea9dce21504d |
| SHA256 | f29067296def7eb727a3a8a44195b7893095539a8632c8a40848172e8487c25e |
| SHA512 | 4509da18de4d2720012086ddd6a63ff39b2a5617ce13a56eb734acaec95dd44d97bd98828e56ef48160b824f3b5eb1dd21df6d978f4615a9d831b3513b4b0c1b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | 1513ba8a0856cef9c6b92ee4b168d88a |
| SHA1 | eba40d2a05d52c98b25453048fef1961b1ef14dc |
| SHA256 | 43fa50471a9968278ea73c65ff85b1c7547133188e8441e32b2ea4ed5d576c91 |
| SHA512 | 228227c86a585f7a376499e4e6041995dd14758f679b685f6ca28349d6c6c08bee1295cc58567611680f876b5685b1368651b0d829daaa32e8dae07cf2a7a090 |
C:\Users\Admin\AppData\Local\Temp\guYMkUQg.bat
| MD5 | 13472950fdad72eae948f0c952b74b9d |
| SHA1 | 8e543524d11e45f61b916a3551c87620066cef06 |
| SHA256 | 47eab00e2f23b6b63df4be48683d7ba6921b859afc9a0eb464006b2eca74e865 |
| SHA512 | 0c289be679620d28d0301c394af07e09399e32fe24ec0959cb50e9188ca95709401a5bc35a820c30c71cec43f095b93571596b2be3f428aabe433718ed2af260 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 7e3bcb40451c8ea2503cd1c85d9ed5da |
| SHA1 | 581cb7e7dd6ec9a1d9e8a1280e128a017f878fdb |
| SHA256 | a271d269cad1e9d200aab1f3164fef2503ed9560d5608ee37a7e0e88ae2332f5 |
| SHA512 | dd964eb9fba387f8eb4c1dc3bd54a6f2ba61793439d02c350110ba4308c3cafb9249d5ae13d33511d51a104eb265504cf42778a381e7f1969500f55f3d23a437 |
C:\Users\Admin\AppData\Local\Temp\SEIg.exe
| MD5 | d5a57b94ea16a7a2ce738b9b0f2b1e6e |
| SHA1 | 0a9d5b4f006add3b104e29cf177557740f0ed32b |
| SHA256 | dd0417dae29f0c81405adb14cc3ba54c7231f2ebb42d1217d935fa49b51db46f |
| SHA512 | 3dffbdf4d65cb1c40bec3845e3ac23be483e09a8f4efc6fd481fdbfb825d16c9bc54f471b6365cb534dcebd345578303daa7a5bca0f26d8cf2c013d8e9a9a73d |
C:\Users\Admin\AppData\Local\Temp\agYU.exe
| MD5 | d5b3c0d4ac314d5bdaa614e42b592bfe |
| SHA1 | fef661c5e8fdacd50720e6c66e3f606002c8a9b3 |
| SHA256 | 142bdace08b4f416714bf80a88947204c6347f7401a4a17fb66a3388df86f5fd |
| SHA512 | ee7c840092e45ebed60f51e803f21faef90945e8e9b7b5b159e439f2c41d90dfa58c0ddcd16221530cbdbc0c0383505f61a03d4e6bdbe4a9526c870971f1f7df |
C:\Users\Admin\AppData\Local\Temp\KaQoYcYg.bat
| MD5 | e0199abca21235d737b10f2fa4661103 |
| SHA1 | 41817f6e12758b4cc400918d6dc0e02772d3ecc1 |
| SHA256 | d2f6b00745cc8c88098c0cc4e716e73117b5da7b5c76a6ce94cd407e194750cc |
| SHA512 | 27e80dd54d67ae4a80f6846ca69eac454ca1e8a69f3374a6348381e1b0cc86bdea3ed7eb1d64dce7c89a814be6e1ea45f9a730cd2badc8cc5fa6263ce7528dda |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | 0e4b906652b19acf92b07f9d958a9038 |
| SHA1 | 74f1e80c902de18ba568d1b0c76d91d0d29384db |
| SHA256 | bca557666b195d2e85280c6dccecac421bebd3b7ec9f5633b2c2804d967f30af |
| SHA512 | 5ab838cfc16a609cc69b753cd54e8bcac68850433c47a448c2c7ce02946844953052ab1fd3fe893d4499cfe186bb4c050ec78b6efd4c2164f5d6bbf45d85e0e5 |
C:\Users\Admin\AppData\Local\Temp\UosQ.exe
| MD5 | 58a5b225a56f8aec7f5cfb6d391566a2 |
| SHA1 | 36cfae152ecb5ae8e8734ae3420fe0f8da6f12c3 |
| SHA256 | c2ccff18739bfda93571f15e92fa7d578d4b9cc6233bdf423f14851205b8b513 |
| SHA512 | de397d791b70224955427f1e831cea9f54228b91dafc2e4adcf2295e1afb961cef8787ca6b1996d11c6697cd0d03f8afdeb483f93d8a41f47e102da389050fad |
C:\Users\Admin\AppData\Local\Temp\qksE.exe
| MD5 | 8461b9cc2bbcc4b0f5cbfe43f80ce304 |
| SHA1 | e5cb7fc3bac50ed798f705e9df2699592ce36871 |
| SHA256 | 24a97b02b046ed3fbe590cfe7ce2f4c3e71df2ccf417f8b2d4284442f75918a1 |
| SHA512 | f69b7df9b8b521c63e9701b976e116fae6e3e5a3830ba9009e15dd3aa09d877e53599916c8060630c6a0303377e17b62f70bafd22db29c5ba2c2d936dea0c452 |
C:\Users\Admin\AppData\Local\Temp\ewgm.exe
| MD5 | 5ba2430c87ff3a788f434f0bd6157d08 |
| SHA1 | a798c22da17eafadf8a8091f2f293e72881437a9 |
| SHA256 | 69197ba9c9a5e436ea68297541eb95955344437226c226177be26a60444be4cc |
| SHA512 | 02d749d13d2e4b3ede1baf2488e76b3ba36cb1ba75d121859d7386722d5ce70d579e8c13b9234a050eceffeae44d82db40d3013bb7d47eb1f8eb87b5ad85798d |
C:\Users\Admin\AppData\Local\Temp\EiQocsAI.bat
| MD5 | 9fa8e83400f13cd0559c1808168c6de6 |
| SHA1 | 1596eea4b7ffac2367deb0101276e1fb280e63e7 |
| SHA256 | 32872c6f71a17a92ba1cb9aec153f52573365da7decf5528ba054b458726fa2b |
| SHA512 | 0c57e337649c78553ec54cbfacbec127a6e8be30145940329bab47d5d1ca0f046c18086dbfd2b29082b94059a2ed2cb1a80d6b7c35de1e51f4a79dab72b8cd5a |
C:\Users\Admin\AppData\Local\Temp\EEUM.exe
| MD5 | a1c02821bc4d53d1a33f6d5857400078 |
| SHA1 | 4d75f4a1a19df83710ce1312a844683298439749 |
| SHA256 | b642eea7d477c30f1357dcc43ce5351a342e963d732417faddb0db4c6e773099 |
| SHA512 | 458038384976f2bfc96ecbebb543dfa83a4fe94b226bb3912b04ea03793b435c6a3ec191648e15cb7726057a864d95b9678fe3facfa9c7f57623e2b46afd0de0 |
C:\Users\Admin\AppData\Local\Temp\UgwE.exe
| MD5 | d4293c2d9995abe953c098ba558417cd |
| SHA1 | b9f8e4b7e35c6c44af89ae3809766295e5c586ad |
| SHA256 | 78f231b0ce1c733933b24acc30442663aa4a55e3bbcfc24fae843f8c3d1a26f7 |
| SHA512 | cb512498ef6a84aa8f68df0a412ed6e87bdb8563243bccb552b041ed29f9157a0a50787429d7570be4eabde90d7907db534b9e6054b6423c0b1f69e4a05a0418 |
C:\Users\Admin\AppData\Local\Temp\GYYE.exe
| MD5 | 5dfc070ee98464a94451fcc17ca2f402 |
| SHA1 | dccbb74f6cb59d4eae51a57be7b55785c0bcc7af |
| SHA256 | 62eff6699ad969a05a32afb5775e79ebb03d0fcf1c1654e85ad11b6426a85a57 |
| SHA512 | 7fe8cfa6d8643c6c9617b2c048c20deef1c85d77d2038f8c09d86f9e028ec5e36d1ae83e96a4ffbee518b07a247c1eb881c8db12cdb3972e88ce7ec8ec1293d1 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | 7d7a4eda1a8489637728629f63431a13 |
| SHA1 | 5c70c6a8d5d121a172e0b68c18bc0d2ba0aad833 |
| SHA256 | c672098608542f3913bac1ce51404c2789c213bc83eb890deabb2e54f8d7a92b |
| SHA512 | 6332bce86e42cd608fe662719e6c41dff0471f2e81481d7e909fd921e173083d556f5eb4e80153ff6cc10250f3141253fa05e6cb770c785e4a0c101512229caa |
C:\Users\Admin\AppData\Local\Temp\AcgIIUAw.bat
| MD5 | 205260f82f79237a12a07fde1bd0daf7 |
| SHA1 | 8cd3b00292718a36ce2ac3fecac62e8e8571df83 |
| SHA256 | fe161c2f49da6ec798017d5257952ff632b34a6056e8db4724a41fd21e616e80 |
| SHA512 | 586431d53fb6af5d19322b5978ecc954581d650d15d1592e579e1b303314e333875cc7e067af2322727330e402a184e4ba9dd2674dd7fad8da86f2ba02d013da |
C:\Users\Admin\AppData\Local\Temp\lCkEkEAc.bat
| MD5 | 672c2db511877659f1e39bce1d72b2e8 |
| SHA1 | 140fed2fb262adfc8fc42c2c811154eda4a8473d |
| SHA256 | fcd78f448c78f48c979b15397b997d0eb2efd11900e8fd6d8a7556fb05d8a1de |
| SHA512 | 41b01093337c501b0c44d3d52568c5bece266533601c4b7ef43ae64649805233ffb64b6a869d29a65672d7b9789e74dc56c8c79fac9cb50faa436e1db1574827 |
C:\Users\Admin\AppData\Local\Temp\Sscs.exe
| MD5 | fc0860237f0b9b8796f6dd6668668cc0 |
| SHA1 | 4a37d7bc799cfb7d07719e3aa5fa5c1044c9f28e |
| SHA256 | 68ba156f4aad5d5e6b419c4144958baecdb3c0d0ea1799d1011e361a4454a278 |
| SHA512 | 7282a5a9e685d244fa71ac0b8c9193bce4d4d60827fe05344c18be8333c83daf797bcd46632b5203995d6e4ff0fdd5b8e9f122955f9db4da96e5c320a9c87966 |
C:\Users\Admin\AppData\Local\Temp\qEgQ.exe
| MD5 | 1b934a2f6027bf92e506e8dea3df9a07 |
| SHA1 | d8f824f6546c0afeaec288fb3e7462ef58548ed7 |
| SHA256 | 7dec176fb4281721c9286863ee0ee169d24b5248b76af9a49ead165069b6fa18 |
| SHA512 | b99012552463dcb0d33b31f653716a1df8529cf84b62d3368fe437b13a99d180c611858cadec85c8a95642d9ebf2abadc0ebe26453fe3291976b4a8f8663207c |
C:\Users\Admin\AppData\Local\Temp\sQwq.exe
| MD5 | c1683a8b0aa436580700a1fff775effe |
| SHA1 | 723e3ea67f45108254273ddd8164629075584e7c |
| SHA256 | 46904f624881c517d86331541e1ad2e9bb6c4fa2bb4203a363046f4a30a971ee |
| SHA512 | 5a4b5ecf400907e3bd9e8bf333d76d30ca35bb0309419e277a0088e5dc2ebf44d020ea3cf067b5ca9799c7a41a8336f5d1f45df2962f557570b272ebd47767a6 |
C:\Users\Admin\AppData\Local\Temp\WUcA.exe
| MD5 | 82008aa224000db8a8b454cfd2db282d |
| SHA1 | a3315a41c620d287d95ef7f61f7df12873ab903a |
| SHA256 | 5ebac1c9bba02bcab202f21e86fd3449535c71add5725601c94eb494695e0faa |
| SHA512 | b31ee549a74e5420cbfce9ed04a089b217eac137d4e588f432547df45b31c74e915d0c719ad98ab2819560202f31007a1f8c7e354b066ae67fc8fdfa9b4bf269 |
C:\Users\Admin\AppData\Local\Temp\AkoK.exe
| MD5 | f3495c55d3d946e56cb2601f5116f745 |
| SHA1 | 3064bfea2a164008e4ebc4158b0eb4225409057b |
| SHA256 | 2367e2a5bbb036468d728102da1565f4a233a192156fbfdec2f565569f3dd818 |
| SHA512 | 99cdd6b3741d2ab15513bf6eba9525ccad58ea013a46fd78948cb4d2fa6dd6db58ba0c5266da265c6b89db406374f56d8467fab3fbefbefcc07b6fa44c2b9b37 |
C:\Users\Admin\AppData\Local\Temp\gUke.exe
| MD5 | 0abb21d54805d676de4226ab33453805 |
| SHA1 | 9cbfa9d8bf8a447c5f87308bc14b0c501ccdd157 |
| SHA256 | 5783cef3ed1d3bd895660571e61898be3f8f6e43e4368938416f0280f67d735d |
| SHA512 | b386114c10d19290d9ca2a2135a56f736499d6137980bf26491f3991301c7a23b576c95f1e3ee6100014385bccf21bab408ada360e1cde75ca9361f585d09867 |
C:\Users\Admin\AppData\Local\Temp\aYAy.exe
| MD5 | d2d404be942efa7c2d31c9d102a72ab8 |
| SHA1 | 1d907e30f7b25b5b27677fd873c161c02e4d3d0c |
| SHA256 | 4b4802b85691d2b18ffec9f5216d1b35c60fc46f02c1877fcf653e0f97e25f3d |
| SHA512 | a853b491fc44b40100004c0b473a18150ba868c8c06809055e68e17f2e46968ad6aaa680a7dd6748ed1463e46e0d5dcce248ad57414640b85b7f8fba3a932107 |
C:\Users\Admin\AppData\Local\Temp\XAckAUgI.bat
| MD5 | 1ae99501f0953da133c7e60ff1126136 |
| SHA1 | c424f5486d2703574521041a568d58fa100abfbd |
| SHA256 | ef89a8df8889e2aeaff80fe473e570d175dab93312fc54d5e47ce85665d5002c |
| SHA512 | 0f9ba257d54d89d7fdf3b797d3106241b624602d0bb6668c9b89a14ee81e65b705fda9736e579324042e4de443c0e1e9b7c95121c1fbdc9912016b3e9f767486 |
C:\Users\Admin\AppData\Local\Temp\WcMK.exe
| MD5 | cd76332827f47a04d941c5cc2a064b63 |
| SHA1 | 2d4d4a2be4733bf6a252eceb780f49359d1ae5f0 |
| SHA256 | 7b0b55acc864632c7010ddfa54f6c689d8a8b0d18ebcb7500269e16f3046db8a |
| SHA512 | 5e4349ba13d8575a9e0e5e940045c32372cbf692fad5f80333f299220c5daf76118b9417b8cdfbf67fa812f8ea2c901313f4d14f125078e7e0f573b4959f4938 |
C:\Users\Admin\AppData\Local\Temp\kIMO.exe
| MD5 | e7a55d6235c055adc28f33a6e5401d6f |
| SHA1 | d96464825691c9f046967459c9c0eabcc4a25b32 |
| SHA256 | ffd8f02f5df79a35f57b20c13307185f147f99d537acfa88de22090b87b5fb05 |
| SHA512 | b693d3d2370ca39094e59d111d1cb89dbd3050f134e75527f4d56085cb52b731fcf67fa6d1fc79d1f71c47791d442b39cc41b3bc6d9e9000c510b8e466b0f3b6 |
C:\Users\Admin\AppData\Local\Temp\awAA.exe
| MD5 | 1ede137848cd084420084b9093fb7777 |
| SHA1 | 3da5c216a9037186748ef9ce3f41a8ce2f7ac76d |
| SHA256 | 0507fc0775cccaa6f9fc4cae61ead870ff81b24bc0a58380904395630e09b71a |
| SHA512 | 0c9866b9b449141b0920600637ab3c4a1f22e8fdda20a35d602a71f3227fbc931fac99f77b1eb973c74a6a48c1e9e51b254a97ab7153da8431bde2233583834b |
C:\Users\Admin\AppData\Local\Temp\rIUMgUcM.bat
| MD5 | f2c9b19b3472a3bcf0d2606690aebe45 |
| SHA1 | 2ce776a915132a6dcb2d1750169e5a79b6e66d80 |
| SHA256 | f18506952447f57d2f32c51424fbe1b5af517559a63d01fe0dc8bec1c60637d5 |
| SHA512 | a4d67aa962601b69f50d7271cea131c696bdbdb4f99c4d7aa6c322bbc3b4a5dde88d16b6bd13058aa033b466c72c3fbf630933205a80ef656a7fa83defbb5c5a |
C:\Users\Admin\AppData\Local\Temp\aCUQsAYo.bat
| MD5 | a6ba90c0ba03f534ff1be88cfd1f6f09 |
| SHA1 | 80ac36f915d113ec8af9397ca53528d81f0c9f30 |
| SHA256 | 93e06e5095468d1e2086c83f1a7d57f097fd646dc7aeca17a12b43d76a0abd3e |
| SHA512 | 609ec1c838b1627fd1cdfe47bf261db55903d73773f9c5b6af7370733c8c6aad9a949330528375909da3d6a388849020cdcc643edf43c3054b6b69186fdead07 |
C:\Users\Admin\AppData\Local\Temp\gqMcEIgU.bat
| MD5 | 09707025e6475d75d2ea1ab6426cc399 |
| SHA1 | 9f290b08565dcbb3539d633e5edbba4843cbbaac |
| SHA256 | f211258c52aca1400b65fc0fcd201e0fe99b628128de0ff34ff20484a1429ceb |
| SHA512 | b7d31f902881d895c7a2df3ace26d91fa7bda8351bc46fac52d8f63a4c8da7a964d23d288bb98055a21e925405d0fa4fa466508d527a42a33000bda18c05ab9a |
C:\Users\Admin\AppData\Local\Temp\kGoIQgsE.bat
| MD5 | 22e4353b61cfa53880cb9f1d166304bf |
| SHA1 | be16d521606850a253bd5c52742336375220662d |
| SHA256 | e80851016f98a1bdbfd8c1366aa3cee339030f415a5273f9f5e5c753666eae9a |
| SHA512 | 7def6e306e3951ba9bb637e768a7b9adfa63291202668b6fb56bafcd4ebd8891f4e92168f084bd6d1539158420ddcf1dcc5620f3125e9f079b1fd6475903d22c |
C:\Users\Admin\AppData\Local\Temp\UEAkkQMc.bat
| MD5 | 16dac7b15e04868896d288b6a0c76dc0 |
| SHA1 | 097160bc945604396d91a21e5eed5f56081f19f0 |
| SHA256 | a53bf179aecbef3558ab80464f32d08cf5c17f7e076bab45dc0eddcd36034a5b |
| SHA512 | b03c8a7805658515956dc62b2da8c762b47f3837862ff7a9b41c93eb376664984b2127d917034d80e952d4f14d564e5f32ae9b2421f926bd6e5f643a969c4692 |
C:\Users\Admin\AppData\Local\Temp\zecMQsUA.bat
| MD5 | 2c0d1a02468feff14626ceb945a53de4 |
| SHA1 | 1153ee6558bac7179aadae4c635c878cb053e096 |
| SHA256 | 98af19c68d0b594cafd31d353c9f6f669a819aa1749628271ba1cbecf96f2397 |
| SHA512 | 3f245eb47c82065be4d548ead650370ed99f795a87a62a43a45898c6a875019bd8b80ea588cc5ba0f38341abce12ff2fe0355fdb38027b2bcee1370360c021e0 |
C:\Users\Admin\AppData\Local\Temp\LEQwYcUg.bat
| MD5 | 3373d092bc788cc7a5dcc8470c06721f |
| SHA1 | 1fba824672928157926bbe9a6e4ce08c9e7d7848 |
| SHA256 | 1bd9c82963bf971e59b34dce6f796462db19759d0fcefcd077d35bfba34a73e0 |
| SHA512 | 5c459937eea86210e445d7195a1b140faa48af8e8c34ca2f90f8136e5f5b4700f75c856965c2926e5282d6d798f02333dd009801d5c77bcdaaeaaeff02a4195c |
C:\Users\Admin\AppData\Local\Temp\vAIsoIcs.bat
| MD5 | 985a1aa24c7c19a8102a4c936ff86f25 |
| SHA1 | d57dac71abce8dd3013771a10a316c54e0918627 |
| SHA256 | b4017409910250d06662264489180fc445cd144b441b092c4838c71e4cfae077 |
| SHA512 | 630f29e6abdfb6f10ff1eaa77dfd840163c7f3ff5b9936eacd0e3f2769580382a38ac73c69923e94c892d02fad550bebef8d47785447b7e0f7d4eeab090438ad |
C:\Users\Admin\AppData\Local\Temp\fCQwwskQ.bat
| MD5 | 5a6c72333b5e8dbc62fe427a37f4d6a1 |
| SHA1 | ae706e281655922731e25fc483502366d0fbe1d2 |
| SHA256 | f56ea910742aa38f5ef9356984e3c9e7b4738c72a5764ee7492b78521c6936c2 |
| SHA512 | a9995b4bfd85d64ffc2684b6cb2a390299cd33b596cb426ab18c52209c5df9481804192bfca4619332e096eacf62dccc9177f3cbe21f0950b8ce4e39126f74ce |
C:\Users\Admin\AppData\Local\Temp\xIIwQkwk.bat
| MD5 | c1d3b84d2296d44527e3db3bc616d9a6 |
| SHA1 | 4ea289931846f8a0371e9decae938ebfb8f5fc9a |
| SHA256 | d4c484529ec911287b10df4a83fa93978210bc9a4c23b86bc68fbc5a59ab49f3 |
| SHA512 | be5735694fba9809144a443e9720b74ca6ed414d6272520a36182435dbb6bedc97fd3b6623bb8d01ebe19023f7c22f00c9c5ddc5330e1fcb5e35028a5510cdf7 |
C:\Users\Admin\AppData\Local\Temp\eQQoYggc.bat
| MD5 | ed349cacb1f530a57ff0a6c3e16f529c |
| SHA1 | c5e65e626f6c8f0f13ccf22b39bda37f2b094097 |
| SHA256 | 5b556fefa56612d490f9826cc75889c6c679190f2fafe5e219ed854476442821 |
| SHA512 | cd1cdd32e1f6d749e3b3b939998f13fa0c250607dcd950fb1c2b5075b451c36cc7739e94f8c7c7abae1e33c2c6b30d5326ba57bd48051b39e2f4ad3f45fc14df |
C:\Users\Admin\AppData\Local\Temp\WEMMYMwM.bat
| MD5 | 443ced16748f8f1fca64cba95659e6b1 |
| SHA1 | ec575908efee7e6c45b7cd76774ca4959158e38e |
| SHA256 | ebab0ac1c83aadeb792645b241fa3a37ee5cc7cf3a8e9821577c7769fd01515f |
| SHA512 | 900ad87b574d3dcb08ba1287398f802975a359044df5c39bd41c3a5199bedcd993072267c8a944a2dbd0971df1d6a73821b6d219e1c48a711c02c2573517ab09 |
C:\Users\Admin\AppData\Local\Temp\qykgEswI.bat
| MD5 | 65f261191e0f30edba3294e9c6dec841 |
| SHA1 | cde60a505cd1a9fd1409cd295813d5823e2923e5 |
| SHA256 | c7d437e4775431111446d70d4d4892940f0900878a550744d88119ca85832cb0 |
| SHA512 | 121ed0be4d3fd87eb379fb9c37b4205c61dd20539424b6562a1bbfca6ee8e0abfab7dee186eb7f1d4deb659bb5c7083ba701b0ce13a585df32367d42c664aff3 |
C:\Users\Admin\AppData\Local\Temp\IEwkAokI.bat
| MD5 | 10ef9ec02a6a9347435affe402531a9c |
| SHA1 | f044d836b76884cd920ecc9fae7af0446649b99c |
| SHA256 | 8cc1742f949cb76b117534804a1610295ea2b17341e6e39f7cbc607ed4e028e2 |
| SHA512 | fb14a1dd296b0b2ea5287c17eec8fabf3b7b3c09b2c391c0accc561c0f1bb9610bbad672453959d8c82c66a9be8c857cd2a0400340739b323784c4db44ef4539 |
C:\Users\Admin\AppData\Local\Temp\NIgEEAUY.bat
| MD5 | 406a659434c9f74f81c5b65a6c74dd69 |
| SHA1 | bfaf44c3bfeffec86dc5d12c05cd6fc0148b4341 |
| SHA256 | d0e10d3f006c17f52563757f80d9e5f34aacdbb04876e09f8d1b125d5d3e799a |
| SHA512 | e2e84c676e61c53c0854d41ea5d4dbab6796032cb82437ac629e0acd7f4e348ee3ebfa7988404fb74f522056421987dbbb0fc2b1201fa3af54672ce88f39d940 |
C:\Users\Admin\AppData\Local\Temp\ZgYsQEIg.bat
| MD5 | 265945989114b0c8604e52ca70724591 |
| SHA1 | 6599eeaa75ae1dd7a49f4475909031602886b312 |
| SHA256 | ca6a197a001fd276365a63a7bda1a474d29ba730e82df0a7810c28efb9ac0611 |
| SHA512 | 6eb7178decca35afd435d7321b3e14b9e5d5fb63305dddfa8a2146fe4c9d1f2de24082090c158be85b264a70f34899f844a27bad39b6f0bf993b6f2cdfebdd95 |
C:\Users\Admin\AppData\Local\Temp\VIQscUIE.bat
| MD5 | 9ae33497512fa033d1a1eacffd0a6432 |
| SHA1 | b0193d0a686549cfcdf5c8c4c09b52bbb327cc3a |
| SHA256 | af293fe49632bae194225c6216af9279e89a84c3f44e93002a9b41795b09384e |
| SHA512 | 5e0a0b9b9b8c7a5b07d895a2a0ea395789c89d3d9d9af22d47a6a70cad9e11725a7e777330d3be0d0cbdb48b787780a7be3f8f07eca3d18b4c464c18c7baf17c |
C:\Users\Admin\AppData\Local\Temp\fWYcEcIc.bat
| MD5 | d9ace627fc00312df554d7ce177c8d7a |
| SHA1 | 07606be62bbe5a2a6f982ff2de0b3971da8f2613 |
| SHA256 | b6f0a56838991374b68f056d8e06aa91831e9190ea3099b1ed7276872d5827eb |
| SHA512 | 6a8e4944948cf3b14ca11a186d621dc0c51644522f9513baf74abc4d120ea191254fdc91ca98c8d849b22d607576ade461af425c6899e445690e8fa1aae51008 |
C:\Users\Admin\AppData\Local\Temp\AIscgkck.bat
| MD5 | d6ed1429b68d4f0657ea157d9d8d101b |
| SHA1 | 5c07871815fbec920824549cfeedcdff071e196c |
| SHA256 | 29a2758814267a42345cc5df91459d5ab825311d155ce5d46cc55568001bdc26 |
| SHA512 | 8655b17bf084d1d128f44df821eb85ac0fa3026a27f1735ed3d04698d4cfb7c3bd89b0ed051d9fbd1820baa46aa4aef7deee619f809d59e7a31f0a908ac0f99a |
C:\Users\Admin\AppData\Local\Temp\MwEMEQoc.bat
| MD5 | a509efe6be99bef86cf8cebbf8d3ce1c |
| SHA1 | 440bdde9d9c70d442c5f10504b146b402d513450 |
| SHA256 | 18b2388e0abbd60487485f6d44732ad547c4373b2fbafa096e859ea4d0a417f2 |
| SHA512 | aa1061f97c68db8481f4168a6d9eb4778a7ba857e738e565f1144b97b84151da6918cd9af37a3356a08c4adf18e3534cfc219fe608555e51616d0c3ae313077b |
C:\Users\Admin\AppData\Local\Temp\oiwIQcco.bat
| MD5 | e5962df4422471bdd890348bbcecb4cc |
| SHA1 | 133bf7105c7a290036e36c520458dd3c1674f03a |
| SHA256 | 29c768e680c6b328b9ea176217fa6c2402efefbbf76ee2faf40e3a1d561458d9 |
| SHA512 | 09afe1fe3cd7a1f93ee98b1fcbe58671370af39141e89525dadbe2a29c060f25bc90e20f5e491256cc1219dcdec99333c963542eb44809748a4fd27ccd20d4ac |
memory/2312-4679-0x0000000076C30000-0x0000000076D2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iioUUMUA.bat
| MD5 | 392fedb863b3ef7542c61c8c38a802f6 |
| SHA1 | 563ebad0f0a0e29296732effd5dd03a09df3de56 |
| SHA256 | 008c2fa480ffd86488a41e1076ad6ca5363b66c2270c2e05c9825bdc7d47bec5 |
| SHA512 | c3b1a89a7095667f2105b9b069a16703ea62699aec056abe3b2a3c84d4465c37f5a979626302255224d54473fd37c5b31a87e449588a45680329d4949256e38c |
C:\Users\Admin\AppData\Local\Temp\SSMkMkog.bat
| MD5 | 3619d17bd35da0a319c60a9e1b6171a6 |
| SHA1 | ee1d5fddb5ce945cde987d47e021f62ef1fb056f |
| SHA256 | 81aba06d5a5b36955a1567a37237d3f4580f66a3c24d3fbca1c8839c7d5d2071 |
| SHA512 | 81f0bc395cde61794c2292e31c63985a80783e7da2d4978d7be57ca22221a854a7e315340f011bf96d55c1dacb668ae0c9d34c27d20ef968ff3a39a17100d942 |
C:\Users\Admin\AppData\Local\Temp\ViAIsAgc.bat
| MD5 | f20cad86307d566b88e783467cc48abc |
| SHA1 | df487f2728d2fef6630280295f084a2448e57348 |
| SHA256 | d791e185ffbd2ec655d52bfc52240ef0cddd753c70e50e46ea2157958a56c9b9 |
| SHA512 | 67e252d28434c68516353770d29eacca4369faed22f97cf0b8f5a07e578408ee4a1057aa352dd2d0bfbb94b68fbc07d93a767d1aee96342899cea380e371cd6e |
C:\Users\Admin\AppData\Local\Temp\DckcoooQ.bat
| MD5 | 2676005e4e19b2c9d8438f53bd9487f6 |
| SHA1 | 565cb1643ffc2c1465046694fdf4be473271e989 |
| SHA256 | 9845e9b598c398991f1aa71a031b2c2535165472e4db7b9482dd46b5cbb80d77 |
| SHA512 | 4310ceca044674f5b3225940e6c6060665f67da03d99211fdd1e4c39835041b338de07fa2785789869f7c05cf0e2b04258867defd4625d651a426aa98aa652da |
C:\Users\Admin\AppData\Local\Temp\fuoQcIsg.bat
| MD5 | 4171dbdb63e84286ab6e3ad0d0148566 |
| SHA1 | 8aeaf217d8df049433d8bce4112c73ed169b2715 |
| SHA256 | 2daa46dd6963bea5d0354cd0493192e82e727c70fbdce7bfacd5ea6dfa16f123 |
| SHA512 | 4cb397755058c94d6d9eece84e7f68f87142029a8919a0557c86a8eab8dd398ae57572a8e3ad17c52fa26741124989f90de6d731384f9928c2b746ac1843fbed |
C:\Users\Admin\AppData\Local\Temp\REoAQMAU.bat
| MD5 | f797829f9501dfe04c3e02b43e6be3a8 |
| SHA1 | 0bc42facc95b46c8ffdfc2e2e786e3c91891ba34 |
| SHA256 | 2b7601d60157ca1192f84d2df0ad2a8b746a6b8c115a4b707ff80fb4386046ad |
| SHA512 | 1ea16b744a2a092f3259f4106fcb4f1cadcb7c9991ae2b261e2bcef9a10ac60601f9713fe3247313218cd62121df15c4091d45eaecc18992ec7c6d59f09b3513 |
C:\Users\Admin\AppData\Local\Temp\QSMYAMIc.bat
| MD5 | 9aee283da450c174afc682f0eae35808 |
| SHA1 | 3bec836f964bc5824c8b5c287c32a7acfdded008 |
| SHA256 | c74bd50e9e7e49a841e552a6b11d1fc858a71e959a2331b1119082108464715b |
| SHA512 | 46ec18ceb62fc9f250574e7ae3cc8f8af79b10ce475f471be8df005815175ff295ca3475c0004323c0c832117014bcf6028a20819c95a60ab720c1fc5f3c5d15 |
C:\Users\Admin\AppData\Local\Temp\QiQAgwwE.bat
| MD5 | 2035307e6a03757ce9e748db4d549fec |
| SHA1 | 47afafa935e63f66f9c98fcfde63f6412e80dcb0 |
| SHA256 | 8b9f1bb97778ddeaa368781303ce93cdc066c3f4dd8cdf62fdd8242d2d930ac8 |
| SHA512 | e27524a31d98468ef282fe91294f174c579bbfc3770c73a98ea0f0a12d40214f8cd6ce39111da6acfe13b7a127e97bbd745a21fc9de21da03d5f8ca290e153cf |
C:\Users\Admin\AppData\Local\Temp\GiEMQIsg.bat
| MD5 | ca0b9e411ad46048306136f2f7dfb98b |
| SHA1 | 77740900f970e8fe07c0e914d7f1fd212e4aeeec |
| SHA256 | 84142e1efc60a659814c5fee379ffef10241ec7972c37fa89ad37db69e07f4d4 |
| SHA512 | de2edb72c0196cc8f28d420c0a241ef00037c3b20a9f441d8d978e56e5b1a3882686fc12dd5f701a0fafe95cb7f243475b6d7497460092c3a3140e2b2bdffde5 |
C:\Users\Admin\AppData\Local\Temp\uqcIAkEU.bat
| MD5 | 4d8bd54a7092a9119c2d1a37da3dd677 |
| SHA1 | a910534785092a641e153f3d2300def45ab97996 |
| SHA256 | c41d0667bfdf66e610899ebf62ea2427a986b99bea4f683b785aa8a9a2bd3402 |
| SHA512 | ae6f554b5a5119c344750cabca405c963beceb917003e2b0ee50cfce8346e9933ec931bde79f7c349717a1401cfbd242776a44942e339724623bb7ce485a8c0e |
C:\Users\Admin\AppData\Local\Temp\sWEcYcgc.bat
| MD5 | be79100c0c057381d462ead5e3c5b7dc |
| SHA1 | d75e642880577b031f1d3d1a5a77b4656d0ed4b5 |
| SHA256 | 2aeb43080b784fb42204e0a94ef9186c45be044ac8b5d2d0e6a6f9dcbf719eb6 |
| SHA512 | 10d0cfb0b006f42c3f09711ad94bbe9f58fefd10eb8446745e46dc61a5af3472b2ab902e19ab5218537b80323cb9a24d97d3bc40c36e0eb89832d9b30c9eda2a |
C:\Users\Admin\AppData\Local\Temp\LqQkwUQk.bat
| MD5 | ff562752d8cde9f86834629f717692b4 |
| SHA1 | e15a8a5434622896d47964580c9d1a86ccd18f71 |
| SHA256 | b105a38c9b9be8ceff9a05ba915d55c9d8056256813eb0572fc1d11d0c29ad21 |
| SHA512 | 5ebc3c1ead1c940855cd8d94eacee2379e121481e10265b5a9435e64e7364366a2e5f2ae986149ce3fa062571ffb78c5f057bc0e1367c74b5b04dbf5c7809791 |
C:\Users\Admin\AppData\Local\Temp\RaQckMMk.bat
| MD5 | 9dd811925bdae6914b606f3163a2fc3b |
| SHA1 | e161bef5c95c0c51b963deac63e7fde11f08aab1 |
| SHA256 | 018f186c7864f1c28c34eccd95814225fca4bbe78b939cb75610dd68d2bf074e |
| SHA512 | 4dafbc0a66426e065ef9f8c39a259d089159bc8796f61d1a15d28e3d199e6a9da81b145e421d9ad65c54de3d8eed46577a2ed0c39b1d2d3185bf936e52ea30cc |
C:\Users\Admin\AppData\Local\Temp\XYkYogwg.bat
| MD5 | 29fe27c379f88aa139e572e9e4f57687 |
| SHA1 | 1fd7b7dd124e844fc3902f279622cfcb5e9d3caa |
| SHA256 | 7fd93feaa442f9cd3103d9e7bcfe7ff213a609fface8d86ac40aa369984d7919 |
| SHA512 | 93d325d3571309d182e6f35200638f4f5441b98e1d492ac65177253344dce2fe3a78dcacf658215f45400e803b52620e511a21cd5e8d9b8cbcc15cb17417b31d |
C:\Users\Admin\AppData\Local\Temp\zQsEwwoA.bat
| MD5 | 37d09f7127e9f098304b57f23f9fcf1b |
| SHA1 | c9845d2fca980139362c15cf113b9877338a0432 |
| SHA256 | c01ddd097fc67890d67cf122ea83af822fcaf50b65f5ae4c7918a94eb31f4845 |
| SHA512 | 2bc29eac7aeb60edcaff0222a8c85588a6b74cc2ec7496c4f5cc3ac01858e485e6f4f1fe76c5285b983b55dde709ce5bdbcf71c4b59181c3780a5717976149b3 |
C:\Users\Admin\AppData\Local\Temp\gQQsEMQM.bat
| MD5 | 40c095d9026deb76baa902ed5293ce0a |
| SHA1 | 2583db7117a0e27b05d5a3f2cb037b73a0a6730e |
| SHA256 | 1897f4949a9b5f89828177d25f2bfc723cb44118fa72c16214e8f1f113f2813c |
| SHA512 | accd281aa0fea602f0915effd9d5eae73e9fe031d2fa4540c7f82399f9a17ef9277823909b3f7b41ac3699a5551c37b51f806173abbaf8fcebceec2849c2b545 |
C:\Users\Admin\AppData\Local\Temp\UQAssQUE.bat
| MD5 | d1fb93ebc20f6ff2e5d0f1a146ba556a |
| SHA1 | 7f8ffac0e3e54fc1b556aeac66a35ccf19eac563 |
| SHA256 | aebf5e4ffd5252828502c873e7742371c59784d7c0499c47cf175eda4d13db84 |
| SHA512 | b7daeaff5fda30011a3a2e5f7be2cee2ddd724ab0d2c18a9ba4a13d3bd5fe760bb2c1942ba10680df4fd646464e8e530c94c347119bf5d5efc868158e3a22416 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 17:48
Reported
2024-06-14 17:51
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
59s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (88) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\ViQgIMQI\kkscoUsI.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ViQgIMQI\kkscoUsI.exe | N/A |
| N/A | N/A | C:\ProgramData\cEgQscYc\GqUsgYgQ.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GqUsgYgQ.exe = "C:\\ProgramData\\cEgQscYc\\GqUsgYgQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kkscoUsI.exe = "C:\\Users\\Admin\\ViQgIMQI\\kkscoUsI.exe" | C:\Users\Admin\ViQgIMQI\kkscoUsI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GqUsgYgQ.exe = "C:\\ProgramData\\cEgQscYc\\GqUsgYgQ.exe" | C:\ProgramData\cEgQscYc\GqUsgYgQ.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kkscoUsI.exe = "C:\\Users\\Admin\\ViQgIMQI\\kkscoUsI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\ViQgIMQI\kkscoUsI.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ViQgIMQI\kkscoUsI.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"
C:\Users\Admin\ViQgIMQI\kkscoUsI.exe
"C:\Users\Admin\ViQgIMQI\kkscoUsI.exe"
C:\ProgramData\cEgQscYc\GqUsgYgQ.exe
"C:\ProgramData\cEgQscYc\GqUsgYgQ.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vukUEIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaYAoEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LmsMMcck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyAoYUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUksYogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aIQQYwow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CKQAYoUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DEsIsAYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xaoEkEgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XMUkQQMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyUQYUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UAEEMsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYkkgUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SessQgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kkwYYMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGQgwoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYgEYoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TaUUUYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKIAIAcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eewQUYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kYYgksIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AucssoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BQoEQMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vKYAcMsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqcQgMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmEMcoMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yAkUcQkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UGAcUcUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OagMsIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VwsMcYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOsscAEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYUoIccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CqkkYwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOcgMwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CQsQAEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqwwoswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TQwUQwIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSMooMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOcwUEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUMUsoIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kWEYYMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KEoQgEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkYkEAEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\viIAokoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGUYYMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMcEQgoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEcYokMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\myEAEUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgQkUMsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIcEswQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUQYswwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jqYkIIAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oCUIIUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UGoAswwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYwcgQoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkYMQMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEwwsIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JKgIUAII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zccMQAQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkMgYAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wkkkwMcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMEMoEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\loEkEwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSUIUowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RiIgQIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsAIkYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eWokcgIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYAIUcoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeIgAcwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vIMIkMgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWcEYEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAAUEMMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VMkAEsUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uQkYsgEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmsocggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQUYEsMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IMQYYEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIwocgYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkUUwUMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pssUEwgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWIAMAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MasowAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wgkIAsEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqkYwcoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOYAMYgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LYsIUUUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSksYoQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMkogYkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CEEAUQco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQMcUcEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUsUUQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgwokcQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKIEYYQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BOIUEIAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQcggYUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQckAAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGEckMYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckggEAEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uGskMYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FekcMkMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZwoowAwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\paEkkQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQAUwMsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkgYgwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QCkcMEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GiMIwAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwUYoUAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deQkgwAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DeYAIwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GqoswYAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqkYQkAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKgccQQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LKgEgMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWcEYwEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rsUMswUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\skEMIUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QicksckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYgsMwcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGwwwQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NckEUwcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PugMcUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAoMoUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSUogUgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\esQMUEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaYwckQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMQAAMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAwwkEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSkAIIkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YiYogoQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1852-0-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\ViQgIMQI\kkscoUsI.exe
| MD5 | afee880579f7c0f146c330eb430e88f2 |
| SHA1 | 9f54d65f03358f03cf997ce01495657839bf7e96 |
| SHA256 | ba6461f19fe1e4af106330ad541ba5de63059c85d2b5d5d2daa83a3b9005a74e |
| SHA512 | f410e84d53178507cc2733b8493162ae5118c54cf7734503c4e1f918f362c26eab7fa17a5fcd1a82ad10e7dcff92bd4385985c6e0071f1327a4c1230e9bdc883 |
memory/4920-8-0x0000000000400000-0x000000000042F000-memory.dmp
C:\ProgramData\cEgQscYc\GqUsgYgQ.exe
| MD5 | 403cee95305e2090dea35dfc772487d9 |
| SHA1 | ba4dae150f1c41d5095143465acff8668ec72868 |
| SHA256 | dc55ada595e2cabd8a509a46ec25f3e30e986b3eb6be3e11f57b9676b88a578c |
| SHA512 | 82517f9c857162aeef20ce79e566a642b80b645101a65b865ede515e7488759028f6487d9eee37f60867dc8577a38b54cee04bb7c0197c293331bfa2dee4ab54 |
memory/1992-14-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2640-19-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1852-20-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vukUEIUY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
| MD5 | 4b8a9dc8daa40ee3fe9ca2406b0a6201 |
| SHA1 | 2209e19a1af6e0b4ef96632136e449635e3585fa |
| SHA256 | 07d3aeca5d09371344e66abd6cdf2151d2f05d84a568d31307bec54ef850600c |
| SHA512 | 63d8df0a7902bfc6d83697aa34d14f70ded087591a0c534ce68e2ada936a63609344b6e717b9e09c736c8e2edf371e83837873317d21ac1b20c1fe40f2617cc3 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/1580-31-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2640-34-0x0000000000400000-0x0000000000435000-memory.dmp
memory/624-42-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1580-46-0x0000000000400000-0x0000000000435000-memory.dmp
memory/908-54-0x0000000000400000-0x0000000000435000-memory.dmp
memory/624-58-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4624-66-0x0000000000400000-0x0000000000435000-memory.dmp
memory/908-70-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2388-80-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4624-84-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2388-95-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2204-103-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4408-107-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2204-118-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4640-127-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3300-131-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4228-140-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4640-144-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2316-152-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4228-156-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4816-164-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2316-168-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4816-181-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4060-192-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3688-201-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2776-204-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3688-217-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2792-218-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2792-229-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2380-237-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4284-241-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2380-252-0x0000000000400000-0x0000000000435000-memory.dmp
C:\ProgramData\cEgQscYc\GqUsgYgQ.inf
| MD5 | ea3ee869c8cb326aeb25b506f27c6126 |
| SHA1 | 8c6c80c606ccc7bb694348194e875122d3531f28 |
| SHA256 | 8feb47793cd4b86fcc9bd9c4afb8ddb25bac24212ffdddd0b528c841b0de7b5e |
| SHA512 | c47d6bc59d1ea752adb0a5eee4a82f2388259dbaeffec4f3c1c97894c9b3b5a77ca201dddb7c3d858822637c96e01d03b524da892a96bc10b8bbcfa708a3ae34 |
memory/4980-265-0x0000000000400000-0x0000000000435000-memory.dmp
memory/464-266-0x0000000000400000-0x0000000000435000-memory.dmp
memory/464-274-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3696-280-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3024-283-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3696-292-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2064-293-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2064-302-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4144-303-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4144-311-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4804-312-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4804-321-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-320-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-331-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4576-332-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4576-340-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3224-348-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4032-349-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4032-358-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2036-367-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4216-375-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1036-376-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1444-384-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4216-385-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1444-395-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1184-400-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4788-404-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1184-412-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4544-413-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4544-423-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3808-424-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3808-433-0x0000000000400000-0x0000000000435000-memory.dmp
memory/448-430-0x0000000000400000-0x0000000000435000-memory.dmp
memory/448-441-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1140-442-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1140-451-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4412-453-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4412-461-0x0000000000400000-0x0000000000435000-memory.dmp
memory/644-462-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3544-468-0x0000000000400000-0x0000000000435000-memory.dmp
memory/644-471-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3544-480-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4564-489-0x0000000000400000-0x0000000000435000-memory.dmp
memory/372-490-0x0000000000400000-0x0000000000435000-memory.dmp
memory/372-498-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1444-499-0x0000000000400000-0x0000000000435000-memory.dmp
memory/876-505-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1444-508-0x0000000000400000-0x0000000000435000-memory.dmp
memory/876-518-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2404-519-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2404-527-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2836-528-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2836-536-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2052-545-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1188-547-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1188-555-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2388-563-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4412-572-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3208-573-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mgoQ.exe
| MD5 | 664d7b49783803165cdfaa73472b5491 |
| SHA1 | af345e4c32e0514a38f2fc30edc19da90ccf6cd5 |
| SHA256 | a88fb7f534d6c42b3b1ef07e46d4ff2802f66239913ac4ebb4a0732a6dca64d3 |
| SHA512 | 99c05e52f57ff4855512bfd25b12420e0237e4dfc21e7b3bdbdff403f15b729a81e833978c2b6cb4d2c045ec8b75bed5b37f2ccbca9845106ab5be45a5c561cb |
C:\Users\Admin\AppData\Local\Temp\YYks.exe
| MD5 | 3ab4a60b2132161e5ff01c512986902f |
| SHA1 | 490575c94e8f992ddf312ca041fd6022fa565b0d |
| SHA256 | b8473caba1625e348da262430f9d030604057d5e8f30c7e82dd5ab1763175a2d |
| SHA512 | 566e8363758c2a66c3be4f1492eb76c42693b71a5ae65bf6298714b152454870c74afc3f43adc75043a3aacddcea746920b6a8fd13bbeb417003d72ca07a059e |
C:\Users\Admin\AppData\Local\Temp\Qkom.exe
| MD5 | 17d474944853b4011595ab06c61e0d15 |
| SHA1 | edae80e92d8c8d610b61cdfc6b4ec4d438ffc7f4 |
| SHA256 | 3755e839dd2d671ea166f68efe519b004723a084ca054e67dd82c0bd6fed63ce |
| SHA512 | 711c3cf5cb427930b711c841c1523b27ab8e4fe630150e9018ab8019e788bf0584772c1e5c09df2b3532cbbe912d446920bbc4d57116d7c837f8dbfbaed86019 |
C:\Users\Admin\AppData\Local\Temp\wkIk.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\KcYM.exe
| MD5 | 9ec5da0cebcea47e573d1109605ad54d |
| SHA1 | 272c93816d26d4b6eafec056f307621ae96f58c7 |
| SHA256 | d43045c56f0c99944030585092cab2d3b43898e12933688a205bbc23661b39d1 |
| SHA512 | 44da831c5d510ac4fceeac63133874686f4189cd5b001aa508071855ec63963b1bdec7a2b1e9ab4cb97e1d2220515919420d02667c279ac3c76b3906057905ad |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | efc2268e394b65f447f231f0b6e628fb |
| SHA1 | a2628a06930d98d53373e4ade5b77e3d222d8257 |
| SHA256 | dd162c4afa0f54eb65eaf622cbc37b5f96e5c9ba58448d3a7e7ad43e883bd20a |
| SHA512 | 1294932d4bf48ecee80f6084ceca0f0b388f3d995651654e5cc4f4bf7d28ae2e21da396cc720fe52fcdf55bdf64d3456d41d6da622368742ce5457638b9c39eb |
C:\Users\Admin\AppData\Local\Temp\iYgG.exe
| MD5 | 2e4c4891386f2ce0232f0954bf88bb21 |
| SHA1 | e308ead0ee74f074657dcc2ddc6cd4fcd77d7518 |
| SHA256 | 6321d8522ec672fc1ca68deaaf843a784fde81480f52b0a5d0ded2a54b704aad |
| SHA512 | 268c29a388cc5fd800596714c8f0d5920a5155add4778ccb05f4dccab1c1e796b799f238c51e5dcf91b103de87a0440cacd7e9ac81f25666eebd70545e40ed79 |
C:\Users\Admin\AppData\Local\Temp\qcwq.exe
| MD5 | 1fcc930522d5619cfb4f303686538e3a |
| SHA1 | b869749d941e1685c5fd224ad8197b732780558a |
| SHA256 | c2208fcb5875dadf63e2d611525da9edb3dc2f0c2611173025fd9bebda37cdc7 |
| SHA512 | cfdcbeeb80458c6f39e04b0a4f754e3a2f1871673fafb03ec37418ed1bf817e73ea66466e4356efb7716c1fca411588a953756631b2fbd556f6bf438220251d4 |
C:\Users\Admin\AppData\Local\Temp\mocU.exe
| MD5 | 6141fa40ee1014a30ed6e3633c94dfbb |
| SHA1 | a0bfee48798ba0f455374f9abdf8b73a3453316f |
| SHA256 | cf4840acade683db5b9a70bab21451c125b5a467ce1950db2aa175e55d35a5cd |
| SHA512 | 2bd2e4f7c07161763d539d09268ec06f579d612e0da08a994fd3dd3f0a9d7779f380db7a2ac4b9a1453169f76ccc64e81e5930990d832a68c4a6903e3a7ac2e0 |
C:\Users\Admin\AppData\Local\Temp\gIAY.exe
| MD5 | 59c8938a5c86d7b006813ef6eb11d080 |
| SHA1 | 85991ecdc5fb95d5497bab1049051222febc5684 |
| SHA256 | e4aff0dafdbc06b57f03b87630b58bc7725e6819df88a429817305657cc1213c |
| SHA512 | f07e44f8f4ac4f6bfcfb3073a8a2b4af5a29362136389a22372af5e2c6ff2465948924299f4b0c469a8302c8b881f2bcd7d21c770681b3acf39dce2b122af14c |
C:\Users\Admin\AppData\Local\Temp\WIsS.exe
| MD5 | 03d298f6bab3f3be0fbbda157befef22 |
| SHA1 | cc4b4445bcb5b0a20f2b3f7ec309cad600c74014 |
| SHA256 | 5d134b8c9e3fbb9b3c77436a2025146d8493545067d8d361f58d5b30bc82037a |
| SHA512 | 39e741f972d2b94d7216daf7b1aa5066e6b7e998f085d4ccea196bcc4cab89f4f39cfefc52252c03b730b55f3f74d0d2d9ae269bf879390842077848aacee8a9 |
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
| MD5 | ce75595d69ad04eaef66d7b9ebf163e9 |
| SHA1 | 2733ea2ffaf595b7f6de5c6d17965137d7113b50 |
| SHA256 | 40c67ef5f8d0aa1f4a05ce4fa02a86da46a88b34f3c067992599f5c6a77d2083 |
| SHA512 | 778d442cf03c6c9b54d836adb0345a972aea55df2f745bf9dd6f457f7165ca15f5fe5ace5ce67d3e8a3db46a23be17b8d9c32e0d5e47d4f4507d01a8563c7482 |
C:\Users\Admin\AppData\Local\Temp\eYEO.exe
| MD5 | d521f06e9fcb5d978432723938081ef1 |
| SHA1 | 9de6cd6170c144bb29fe06dd3d6179cea365b736 |
| SHA256 | 0e0e9c7539cb8cd1383a2ee0e26d0f30059308afd7ac78cbb164708a7d5ce587 |
| SHA512 | 3a0177234e2fe5f5e53dc72820d9b3bc412ed4d8a9a7bfadb7add1d671bbc46a2d66e4ff7bc6614666765c2ca8d067efbf999b180ae952040a54e46bbaf805eb |
C:\Users\Admin\AppData\Local\Temp\MgsU.exe
| MD5 | dfcf741c7e3d3a436c5ee0054cde9256 |
| SHA1 | c2ca35984485fa19d456c000eda29c2772dd9c8d |
| SHA256 | 7dc57ab625be7b748f21e5091ad839b8986fcca8b80b957626fd9353d7da5df1 |
| SHA512 | 01e95591852eaeca563e0320dc609c972b67d4f4a52e4e4d44fc54bc2d1e1f8d8e10748d9d6a94628507e75532eea697f701c560d537b93b103167a5085fbc84 |
C:\Users\Admin\AppData\Local\Temp\UAEW.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\IQYQ.exe
| MD5 | 9f4e9226e93c2cc036636b1c28327f9f |
| SHA1 | fbc20f153d3af83b08dc819c99423bcdad70301d |
| SHA256 | 0049504b72fa1de22846822f351365038ccdcf387e175bdcc8b0fbdd44219ef1 |
| SHA512 | 8b237104f5a669888cac31923bdfaf3212cbbab392ecd14dd726b1d859281599b953eaf70ab4d5cb8de8a336243ef5fc545a69678790a13d6a2b3a5d7312fd84 |
C:\Users\Admin\AppData\Local\Temp\agkC.exe
| MD5 | dedbf1fbc9c8edae98874b88ef70daee |
| SHA1 | e8f6d89d510e432043e2907164333447ba741c86 |
| SHA256 | c455a8f7c3d43803287422479cbb2f9da1d84f41f3485650137c127ce5079771 |
| SHA512 | ecd75113e13d1ffbf0d1f23a92c5785dc14b8a731619316c4134300c2e47603ce23f0cc338118d5dffeda35428e1861575aafe81e7f03ce327cef16a3ffd941c |
C:\Users\Admin\AppData\Local\Temp\MQAk.exe
| MD5 | 1c375ce1ca0859d895d354abf7e76df8 |
| SHA1 | 60973befb3af5a6a32bc86bf0b8097ab8656c07d |
| SHA256 | 87c5719d957b3d3a7dcefa202a8654f1d9818f95e21916a9651ebbe9c51167d7 |
| SHA512 | c36ba0e1c99dce61ce14fc6a931e576f3886d39017ae9bd2af59628bea12fa336ae29bf8535ba33406ea3582ee7a04ea297831cef7e1c1189755983c707e2a99 |
C:\Users\Admin\AppData\Local\Temp\KgwC.exe
| MD5 | 4a86ab39a8a3647baac23cdd9723c3db |
| SHA1 | 29699014e3a5378e1f2af31c0bf05af2f08009c9 |
| SHA256 | 31a97cc57b879198e9b7a9f2799c69a36811e17857c215e88a032100e7528bc6 |
| SHA512 | 43b91ff248962dbc51965f4b55a01b025afdc1eebab1cd83dab4b5fefff7356b28f6b43d1792ac4c8b5ab6bfb3c3a24d5a737677444b71221fe3ed11e4cfea88 |
C:\Users\Admin\AppData\Local\Temp\CIco.exe
| MD5 | 73d5560403a189907f767d27b2f016a1 |
| SHA1 | 938c2bf2324088c21103deab441b1c5f4e2c228b |
| SHA256 | 2398014fc369eaff0fd4a17035b93fc1b2999214af98aa0abe7d4ccd9a7689dd |
| SHA512 | 2088cc96e89ae7fb7375e2c9a4618d791d079c773e1ab8dac868a74d583b3472dd3aa27cb8e433a1c978f1d48e6efc9d5a1eeb16dc921f6b1fbf43af9a32494e |
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe
| MD5 | e4775c86289f3b925b16ab054a022628 |
| SHA1 | 66e2bb0bfd855646c3a87a6d80f30821f06acaba |
| SHA256 | 8e1403f0adb585caef2a8f30ce1eff91255da105569d5d87565f6b90bea9466c |
| SHA512 | 73d945e53dcb015f8ea534984fe2f2a11d2532abb0986ec7c5bfbea5f0ea5d2da0757fcfc667a3526b60c7910bf6bb7c7e0b0c60f935c07c582102729d5fff06 |
C:\Users\Admin\AppData\Local\Temp\UAsU.exe
| MD5 | a6a978a45f564822cf99b29f2624b9b6 |
| SHA1 | 3b658b0e530fbc2ec93708ae23762ff7fc46bef4 |
| SHA256 | 65c70e924fb311675e631a12fa70e8c2e2f26f34f40a5cf7573363e1049e2d4c |
| SHA512 | 61a1767c2568e1779a106598c7b65ba2235e7d42d7aba83bee9f3687025ccbf04df2bf8b78c1505aaaed8f083921e3d4bb699ad92cca06fc921f314b02a84fff |
C:\Users\Admin\AppData\Local\Temp\eIMc.exe
| MD5 | 3ec8aaaa09a32b162d56813a8349077b |
| SHA1 | b831e3888da393b4c12b9048a1b83ecbc13e337b |
| SHA256 | f213ed849ee2ff5d90c1f3288732a65b178b88a0ec29958ee234ff0ecf8dc452 |
| SHA512 | 1f0d75286eb4fec5b1f8d8c877a13a53a643cf7c4bff083843b1db0477d2e3b3f098dcdc63442d536e835351341e4de0a011e30bec9eaeac5ad55c83363e1489 |
C:\Users\Admin\AppData\Local\Temp\eUEU.exe
| MD5 | eb5cd29894f2f11937fab703861cb896 |
| SHA1 | eb21f6af1c9f055979782d500dcc77f084490219 |
| SHA256 | e56ae8e1ff8c96ec5bdefd329015fcd0deba0f7878e7ef65f99a307b182a8314 |
| SHA512 | 8eb894cd8b450362fde1fb04b50b58531ef729c5672d31add53fd726c81d72819d13f4cf5c928554b1072e6b73c6a773eaeef7ccc0b49a7e04f8438e0a96eba0 |
C:\Users\Admin\AppData\Local\Temp\Qkko.exe
| MD5 | e1b509458d27b079926a3dffed189f39 |
| SHA1 | 159acc588a64ec2ceacc438bcf8dad6a1cb7895e |
| SHA256 | 5958d7feea836387cc767f0213f9b65b72c4b79d597431d383183b2066667de3 |
| SHA512 | 820fc0d28a0b0f939b9628c6244f4d6ad0f0d43637b88a126c0a3f1fc3473f4568d53e6fa2ee28eb7c10f2abb5c0d88d02be0cd519f38a1bf5001dde079dcdd1 |
C:\Users\Admin\AppData\Local\Temp\Kwku.exe
| MD5 | c861f3d5df4655c96390cd11342b1d32 |
| SHA1 | 31db21218f13e312cce3cbfe6f54b248ea280f52 |
| SHA256 | 08d08f3bf65228b7fcfe29105a4286871e43a72924e17f0fd470ccbb67aa2d66 |
| SHA512 | e8b00210e33da09162d244bfae025daced0f4babace0a1d93ce974ec946572f1987b145bb18e4a67a27538a89d0fbddf30e7579c2fd758de9184ca6a9fdb8d76 |
C:\Users\Admin\AppData\Local\Temp\EMUg.exe
| MD5 | bff16708be062630fa2789c4455402b8 |
| SHA1 | 2a97a0379e0e3a9430eb420e9d080b0006496925 |
| SHA256 | bc76896078a5736a72c68b95049ef84341df6cc95e42260728f79650acf58a99 |
| SHA512 | 98d5f7746dc50566390df9134bc7139d0506548a94086b5cb1557b9533ac2e59f8d15b7ae2a6fe14a209849bf6eb0e6b73cdcc7fc6203abbb4d23409b4f3be25 |
C:\Users\Admin\AppData\Local\Temp\wsQa.exe
| MD5 | 2f15e7af748114c5ee0b81262dae339f |
| SHA1 | 63bdcac6d6d239ad8dcd36d9430e95a0a63389b5 |
| SHA256 | abd2d5518cd765e6effc918d6934ee6908273aa6cf9dbc4c1db492627874512b |
| SHA512 | 0b2160e7253109b686a9fedc632840ab9a41aeecb4ff1bd053ec78441a281489d77a2b92935af62b88116a164edf4a87ed0573f1d5fecf4647ead966edd97255 |
C:\Users\Admin\AppData\Local\Temp\GoUU.exe
| MD5 | 6c250513ad32641342e3448851dcca5a |
| SHA1 | 0137d8df9bd879f5ccbac0a94489c4c12fbe883c |
| SHA256 | 5d07c5c82f36cf4a4c078bcfdcd3e442146b7a8d633c237454589369b9143d14 |
| SHA512 | 83d63d59162296fcdf822cade7df923896c576bac19c03830b70048a2f8767c2ac0139531f623a11059f2072e469177e056661df8bc917908f50a6fc85f4b205 |
C:\Users\Admin\AppData\Local\Temp\csca.exe
| MD5 | c7abafc93209343faea9dccda033984c |
| SHA1 | de64833eaaad47d92af480dfd92e60c1afc6ba0b |
| SHA256 | fa53fdd2222d3c010ff2c36c972d9c308497c1aa400c81e726de65e444bffe01 |
| SHA512 | 060526d8c30a5168c93b0063f843ccd88712bfe2076c119276b1b8d385e4c8259b378e362a7cfcca5ca40bce397c77b71a0d72b787b11cf6a7b67c6d00859e82 |
C:\Users\Admin\AppData\Local\Temp\oYsg.exe
| MD5 | 7d567875849a23b6847ae8dea1184e30 |
| SHA1 | 19b849d994db5205e4724d74b064d4a322fea21b |
| SHA256 | 72e0a70bacc5194c9988290f5e132e92243450520c8f825a81f2be6205375e52 |
| SHA512 | cc98402a24f40d562f2911da1676a71f418e8c11ca34e1f62eaecba9a5cdbd161077afd4e0e278fcd97563b96cd49de91ab415d67a512e0f02532ed9c0905d9b |
C:\Users\Admin\AppData\Local\Temp\qUcO.exe
| MD5 | 96ed85c6d72d29c3b299b64b42efc818 |
| SHA1 | 8ba664a8c6e9f06019a17ea3dbad29469b207498 |
| SHA256 | 4f2bbf0052c4d934a2100a922894c79730988f455e704e0a60cac2242d43c4ca |
| SHA512 | 9335b3e3e875be139cf91779a3054e66b7c2c5ccc6a06e8a43cd162ed4513bf6fd67e9cc7133407127034578e681859b1cc05bca8e5282090a8200e4d98fa5eb |
C:\Users\Admin\AppData\Local\Temp\EEcM.exe
| MD5 | 8328ee4bbbfb817c974bf13474fc5454 |
| SHA1 | 30ad5e32f23cceda4e64baadb773d592b59cdc3d |
| SHA256 | d42cb8b02428677251b18a6039944b2929698096feeb9f1815339082e822c1c5 |
| SHA512 | bf465e6330476648d2a0486c9e415311f1d332e621d1f47c61f9b5add99b66349d24aa367dd8ae1da666d7ae84a06e82195d1a901236b651a550667f373dbbaf |
C:\Users\Admin\AppData\Local\Temp\MMkq.exe
| MD5 | 500fb55cf331d5773b577ae8f566d8c9 |
| SHA1 | cdb6514c89ad434d02221b7f0ba26956b958da61 |
| SHA256 | f55fbf8a11195df5ce917745da3a3a9e58dc1fbae0ef5580fd4d21c87aac183c |
| SHA512 | f2f9fac60fa7e99d7d527206761248c041977d7b52ab97b296235338c508b6433a8b38cf9953bb1313cbba532f4ad5652e3b82952895774c1074a5b2ac7f06ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
| MD5 | 73733da813970e5347fbd497b34dc88c |
| SHA1 | 47618bef5239d75791530280498b9a600dd8a045 |
| SHA256 | 4b277a9e3ebdfbe9ad28dd05a8757369e0fb7f236003160f1b0bf73ecdeee829 |
| SHA512 | 5e775a30611fc6a637990034596845155678511b9ec0b63f866e4293c04d4d7d940b2762da6c8d29dea9d6b4b6ad9d5f79456771ac975ce4765c5da555a9151c |
C:\Users\Admin\AppData\Local\Temp\UUYa.exe
| MD5 | a843ce048ae35e685b1e092e426e690c |
| SHA1 | e78bb62e229a467c2e786c14f6e39f4121a1d502 |
| SHA256 | 20e8626508b27eac8124670030c04d1df1397f59eed13ffb33cecc57d920bf46 |
| SHA512 | 27163da9b723e399294200ab5d0a50fad90708d6c2a3178a328e39fab59ffed0e59711c5340bb73d680ed25be714227dd99801d25f832ddda13ca39a67c20f19 |
C:\Users\Admin\AppData\Local\Temp\KcMs.exe
| MD5 | c07fe1271f8f6e3bb46f23cc8237aee2 |
| SHA1 | 6305e49163cf68fc0f0894e3ee33213a5561939a |
| SHA256 | 4e01b92416160d8eb6983261d7be52e0a3480fb663197eaca6763a9cef771346 |
| SHA512 | c02c0ecdc7eb8a2b6504588c5da4bbd4f7464c5261a1d8e2e9e54bddecd334d35cd6b7e64e179db32f712dd68597aac29900b89e855f1bced0c7573c1d76b7a6 |
C:\Users\Admin\AppData\Local\Temp\Ygsu.exe
| MD5 | 96e979c5eafc01c9e1be982f1698586b |
| SHA1 | bb1ceece01cec4f2fc470adf9effac208910e909 |
| SHA256 | 7d6e4640158357e55c918fdf3bff569bf8881da0dbedeb4f426a15294cc533e8 |
| SHA512 | d31d0f2f94999a4235b49e96aa3a7412956608a4247c9627921a85ee5b44e732d1f9935caeb2c954996fd75bd25b7c36b193d0cae4ab8aedff985182a7dbd4e1 |
C:\Users\Admin\AppData\Local\Temp\MoIQ.exe
| MD5 | a6b36e38b4233dab169af195cb9dfe66 |
| SHA1 | 4bf58972b09cf0ae23fd9ee0a89f4fe39e037528 |
| SHA256 | d310aa4e6f72c5a7943a2a708b7531a967f95219c1ae3a00370599f4d5448e94 |
| SHA512 | 3f87707f79254d46cdbb9b49d767680c0ce4354ee23c0de0e3a5a189758c3eee490a9772d5b3dd016da4a20b18b9d479cfaff7fd9937cfdb891ae2e85c8365b2 |
C:\Users\Admin\AppData\Local\Temp\kQYS.exe
| MD5 | c91ab8662e2513b064774577421cdfb2 |
| SHA1 | c7d84c057dfcd21f86d6c7d16170dd80b667f5e0 |
| SHA256 | 5fdd02223425a8c2ea413daa52777e3b59ee4f8a86e0b31c7babcc42ea83a4d9 |
| SHA512 | 96f10a75c564d6bc738af155ee96b844298167dc3b99c6f1abda662d77061331ffa07414ac77cae52ff9bb81cfe315f23b5ea3422e4de43d630b1d68dadb5240 |
C:\Users\Admin\AppData\Local\Temp\YosW.exe
| MD5 | d44071f52a389fb77edbd0c4dd644843 |
| SHA1 | dd54aa365170e4770877bb2edfdc22bab21df2c7 |
| SHA256 | 990e3798605dd7d14a12c49c9d1be13f7f573fec676cfdbd6954c14904904b7f |
| SHA512 | 0a5fbb177d877cc4d6fc0c1b671a0f264228b7e1bc32b99f7408a4fe9bd41382683a8ae68b5f179daaa070c2192fe5c0030dc418f88458583694cfc4785162c0 |
C:\Users\Admin\AppData\Local\Temp\iwgu.exe
| MD5 | 0caeac65abeafca874b79c9117861c60 |
| SHA1 | 6a1c121c7ee25a7e8f4acf94770cf9a4fc84bbf9 |
| SHA256 | ee0be55ecd31b470536d30067aea18f91ce1009f76cb613bb4a914834ad2b976 |
| SHA512 | f78e9303a7d121e0e8af5b3c0ef1ece91300b06e5185f17fb41b72ff4c266d4e8871c66ad9a4c6243d36dc661e9910b6875a30e18a1b21e97176e20ec467c3fa |
C:\Users\Admin\AppData\Local\Temp\McMy.exe
| MD5 | 0c0a7838ab4a083a25dadb78b37e9af2 |
| SHA1 | c2c369645b269b5b8f5bccb50f9353e4ba00f176 |
| SHA256 | ede1a0fc8c1ef70796a3d6627b6743d9c601fa7c721757323e1f4eb9b671b7fa |
| SHA512 | 2363389f34e17d41e112d806bdf4ba46962f0d0ebe1c0e0cb4982dfc561246c73442cd84cf864466cf665914c0b0e7cd24138ddf5237bc67914d3c914858d071 |
C:\Users\Admin\AppData\Local\Temp\Acce.exe
| MD5 | 9a49136831fb7d6374d509f7603ae904 |
| SHA1 | 56484cc5eabaacb2ce8622da683b79bd9f222ee8 |
| SHA256 | 61f4b01823f601171c112bd45617078b5379183e0a0b782fbeb82ff3d15fa37a |
| SHA512 | c56f2c1a9173e9a0e6df3dc98b80e0604acf721f6025e2ddeb411df31bf9d4fd6347ba3e105ea0b25f60f0d8e3ba29986e27c1335e9b085fdf135f3fd304fe5c |
C:\Users\Admin\AppData\Local\Temp\sAUS.exe
| MD5 | 08c09264f8485cc19a3653465c5d99ea |
| SHA1 | c28bd84104306be292ae3dc88650f2e02f2e71c4 |
| SHA256 | 797a7805e24e8ada4a2523d5229362cef37b686848040cf17778e1492b036e84 |
| SHA512 | 3f2609d222e20659a67b389e8bbdb1e3aa17c82d83c8b8308c166c9a9124c93dc2e4fc3390dde9d2a29364e09723aa393c2cde2d069016c0e8f435aeee0fdb3e |
C:\Users\Admin\AppData\Local\Temp\uUYU.exe
| MD5 | d8d5693bff9941f9be192796bf7d9f2e |
| SHA1 | 9d04b49af1bb9c510716ae5ba19c910133643b7a |
| SHA256 | e0f092e5a71c00af7818cfde413546a74259eb9e29ecddf034f225edc31ebfb4 |
| SHA512 | 26a26d6ceb4d43673d54bac3eee23f16f05394cb7587e857e6d1b33b3dbe361b84e044e8cf77d6331bc9aed6931d4a357357266cfc3ba2f9573ffc6e65588f16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe
| MD5 | 8ce976ead72a90b10ba49b73b2863e57 |
| SHA1 | 6fe76bdeb218b8491d5077e47dd4be84dc93c91a |
| SHA256 | 2985e4f4cbe2a2d6c79b21c966a381ebee5a41d576337173acebcb0cf04a9152 |
| SHA512 | b8d685944296262961da21bdd0ba7908bd99106903e319f4fbc7e2c07bb69f0939c7970acc75eca948b773b2e49510aa2ccc3d0bf441a66fe5f96761525ae1d1 |
C:\Users\Admin\AppData\Local\Temp\kQES.exe
| MD5 | 07ddb872aef761d3f23628f59ba25cda |
| SHA1 | abb09dea597b4dc18c75f66cd4730d5fc1de7405 |
| SHA256 | 119869f9a1f5ffc459861a3c16c9b4ea1c9e3e11cb0ba35e074c1f332cba1fb4 |
| SHA512 | ea1eb27e01295517855a5f9b339983282b4b912f1d76aa59a2ae37e781a3fa466e7c204b46276f67357a53c9eec94951abd9ba31a178c2c56eb2eaf4c025a92c |
C:\Users\Admin\AppData\Local\Temp\KcQi.exe
| MD5 | c678c73d6f7dd63221658467166110d6 |
| SHA1 | 2b2982d15a383cfbfcaa289a62120f315d29dd69 |
| SHA256 | 51b894fd5a3dbd0a69572fcce15be9f92886fbd332379ee56e9559bf2e7c6cba |
| SHA512 | b2ef84d03015f1e8bf7ec4ae1af5609ba1160e772ba3a7e4691d7cb230aaec4859ae4e96c68b99780c1db678d12342bef28caafce2de21209fe669dc7c9c7b76 |
C:\Users\Admin\AppData\Local\Temp\aAgW.exe
| MD5 | b5f7108c906d4efb8390fb9d9d540523 |
| SHA1 | 4a3ea44574df5deef84d17df2e959e65f57af322 |
| SHA256 | 98518257f96f338d4510a4508382ae25f6cb6de629b20067cb025b18d7dda479 |
| SHA512 | c2bc52cdb624a99567713b21cf52360dfbd400dfceea76663a9b77acfb88056363acf5d06761a63efa80c3623d2194fc8b8baf62d867d8730da444b5ae1dc8bd |
C:\Users\Admin\AppData\Local\Temp\mYkM.exe
| MD5 | 0e7710c5ede30f140f9dbd56b44b3187 |
| SHA1 | c659aba941de9be896f98c96fb14a1137c10cd68 |
| SHA256 | 0659c40f6b5ce180ad80c04b7b9c48c0621544266f72c46267005cb0a8e87871 |
| SHA512 | d32b00a01c2276ad17522e5ccf01f243a125b8f8dd97c0d8f42913aaef77f33ddeb290ed658104835b1cf7a6f4be0a6df2c0da2488c23576e2af099c74c0ea21 |
C:\Users\Admin\AppData\Local\Temp\QcEe.exe
| MD5 | 8a4ca924633f30148b1a9905b0814204 |
| SHA1 | 84eb837d6fc9c5e9011f5ffdc82e4295c13dbffe |
| SHA256 | 0c83aa667deecc54f72b6a1f331b9016ea2f6dbe75e0dd554facd3700f1760fd |
| SHA512 | 82f0511c813e5189645c7c9a0dd4d324ce9770c53b34eea6f61832855724b808341fe6eed1bf8c2a11f695167dede81e9b342339f1caf7cae54c05999bf434b3 |
C:\Users\Admin\AppData\Local\Temp\oQok.exe
| MD5 | a0096b1feb81eaee636fc9dc58335c73 |
| SHA1 | 39986310bde8178bf64d0438d9c64642f46c3cc5 |
| SHA256 | 0ff83b636d6ceb663d4912207cb3be5dae73bdb23aa43b30c6a120470f99e5e3 |
| SHA512 | 61ce9a19a025d517803764252392d26ca3df0c310ce4aa9208318c9bd3f7bf992dde43e2ad844c79f3316fe516cbd338c3858cc703be215e7e7cf2714968134a |
C:\Users\Admin\AppData\Local\Temp\qkcW.exe
| MD5 | 6d5a12f018aa7b822958c1f79ba7a1ee |
| SHA1 | fb1fede0d3bfcf69e3b6c59de6acdf4717e3b724 |
| SHA256 | 006ed04410a682be65bb379b1c4d89383b9c361f83ef824bd8b7ae60535c8c5c |
| SHA512 | 11c3298ac50ec08b7cf7082e9747d939d17e673f60784cb7d8a7bb38176a6290d7e15a5b7dc1f441b2d1359f31c06c7a0371b255a5350cd714220d8ceaf1ba65 |
C:\Users\Admin\AppData\Local\Temp\eIwM.exe
| MD5 | 7a449637f84db158657a1d8a57c86aae |
| SHA1 | 794d6cb967c8c15b236823d46b5f8b1d64a0a769 |
| SHA256 | 39d9c2b084dc00a5ad6b8a43121e03b231754d9f5a5c19c8318eeba365f61056 |
| SHA512 | 2e5cf482379c09464b18636469ae4180e1050baccb50bdbbe277334bd014355a67c8c7d0c4d9d6a4d498ae8da4e1b58fe01e7d829685819350fdfd61ecb69647 |
C:\Users\Admin\AppData\Local\Temp\scgC.exe
| MD5 | 4db118fe33620a293010c89e1152e449 |
| SHA1 | b865efa5656079da1c77b6b10c10172b865c1875 |
| SHA256 | 1c4e9ef2997712e9a007ac04932b0712226d7065b56f6997c3e83c55cb2dfeef |
| SHA512 | b5d27c2af0f9aaabae9bb849b2d58beff29b6bce46116dd66bfd8f78ebd19d8343a9801151cf1a32f29102d600d9d8168c62c977a2e160691a88bbfc1c6127d2 |
C:\Users\Admin\AppData\Local\Temp\KYkQ.exe
| MD5 | 554f92d4c2cd3a7388596d92e377e053 |
| SHA1 | ec69cdd364a4ad991852b9dfe78a6aad587d3fbf |
| SHA256 | 3206584446c481e6137f058a50787931b02e13e794adee4751b96a353f89cff8 |
| SHA512 | e24f0a2b5a4b7c2060c6f805ce9d5be549ed13fdea8bdd7aad894cb4a7e2ef590f0a11e92217b388de5bf6778776ccf26c5723e3a3a201f653170db8b5f6f56b |
C:\Users\Admin\AppData\Local\Temp\YQom.exe
| MD5 | 9d7581398420e5d031d48d88d6fbdc40 |
| SHA1 | a25d80edc589f66c4df46a029d893cb42a9a0c21 |
| SHA256 | 7f303b4584eb704a5918f34c4f32c97102d4760cd311b5998c60bacec49f5084 |
| SHA512 | 2dfac7abbac1da07322dcb85d69612e9e4ef67373aa419c301cf6fc156680f1867006250bbea77b8dc8de17c57b5164e278be17f64734367afa18f57a602d2ba |
C:\Users\Admin\AppData\Local\Temp\kIky.exe
| MD5 | 1a310c74ea0ef6a20265fcc37bb284d1 |
| SHA1 | 64cdf613640d8e29f6093e1433003a23b9bcb360 |
| SHA256 | 951c14ff5d8a6d7359ec3ae2804a76f3617cfb051b3c9eb0bdbed05696bbb31c |
| SHA512 | 6cdcfc86d591cd805b5c42906ae74f92f1b0cfe629ac37d0b0d67884ef737d4933095173c3730c041271415e110f55745baadbee22395c343ac60eec6b824d24 |
C:\Users\Admin\AppData\Local\Temp\cwYm.exe
| MD5 | 4c430ef88e4edb5287961d4b2de1e4d5 |
| SHA1 | c52d258b2a85935254130f412231390e2eb7ff29 |
| SHA256 | 07b71fcb06e521a5c940f80ac60048ef722240933c5d6e0e151d0e6e86f7de6e |
| SHA512 | 6fc7a96596a8e8e836cba55295b4c987c1f7de09f32ff671be1fdbccaa68747c627c9e563df14aa622797d47f4024283f94aaff365c20387ce8660d9007f91f1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exe
| MD5 | 019fc20c2b8d8d4c0b700d72eec768e4 |
| SHA1 | b670a662c2b48664e1db77a7805b17ec1d239ad0 |
| SHA256 | 8b9dcdd5ae7c72a1144e136c4be2b895c5bbb458f79d0766911e748d2f33707f |
| SHA512 | 0723b4e32e57f407d611cb182b55b1d419650748d7740e880641a96172e18aadf67344a555275c2859e3287cbe75d2f336f84e4cc3cc10799f43c3e60cc5e1e3 |
C:\Users\Admin\AppData\Local\Temp\oAsy.exe
| MD5 | f11abd9904cce3fb53602c25ef17cc87 |
| SHA1 | dbe0c1c2f61262e3abf3f424af64588a4ac36607 |
| SHA256 | cac6fade0041b27b870e7b9cf04ae42b8de737ceeffaeb6d49319f0a7de9e33a |
| SHA512 | abe26792815214dc3f340d8d78598b65e045c25e813831846f1e033efc102f57dca85fa6a936336cff08b27bfa37c1295771526cb92f8e9efb2e81fecc5af25c |
C:\Users\Admin\AppData\Local\Temp\Aocg.exe
| MD5 | 35c4041659acb1dfad124bffdc8d147d |
| SHA1 | acec42dd4314071a173f4add9231ea0a0daec6f2 |
| SHA256 | 5508ad8c6c1a7785fbd1de348246564beb8d64444aa1d01e63c9adada01c80dd |
| SHA512 | a5d51efb5767efe820a1765ca7f4bd94dfed74e8a90b58cdde5380fe16f64b81f3266ca2a99a27710055c602a73fe214cfedd751120e5ccbc579a9c241c3c947 |
C:\Users\Admin\AppData\Local\Temp\YwEu.exe
| MD5 | d13d5cdeddd0499596677d268babe9ee |
| SHA1 | 3c9006dbce120fceb8c3c7c5553104e954e63ada |
| SHA256 | be565e863f6f57afbee4a086926dad20b441cc4330951eafb04d25d12012a379 |
| SHA512 | 85c88746982d2f12dec570737f2b2c2ea12c6db901b56e2abb8d06e08db3495cfb0b60f67376f837c44174d5ab7d92627ddd136cbf156664c62c4873a7aafc27 |
C:\Users\Admin\AppData\Local\Temp\SAgG.exe
| MD5 | a1cd458735766bd7d9d14eda4d450801 |
| SHA1 | 66666c99fdad745d460856ac953193c795792092 |
| SHA256 | f0b2341949afc95db4f17ccfe8ce8e8a73a49f53f27723f7caef22ef0a09bc64 |
| SHA512 | a72d45d798e88d51015b40d8e7c62f068019b2621377808e6067de8c568ec50f55fe166bd6b3626d871e9f51e05cb6e325c871adb625eb88e27ee2fda328efd8 |
C:\Users\Admin\AppData\Local\Temp\WoMo.exe
| MD5 | bea8c9de60a8f3112dcfeefa96b9eb3f |
| SHA1 | e22a24ce44dcad117aea15d413aa03c816f18744 |
| SHA256 | 5b42db57bc5bb5475a598ddb6fd6179fb86720eba93f85d4dec93415c508ea0b |
| SHA512 | cb514775488fa57df2d689fc08c330998e3574ee69b63f9968312f138fc30bd2d0b45f1900880ea3452519e9e5ef603d8b172f106babaa249d59b1b5fec65fc8 |
C:\Users\Admin\AppData\Local\Temp\UAwc.exe
| MD5 | b4b767825a2b6fc6f13f0616a37690a2 |
| SHA1 | 01c027f5c4bfa6ac222fe2f69e1661393ca16f8d |
| SHA256 | d405697021ab1d33c520be360fcda61c9d873ab1140832a8b47ab536b705b28c |
| SHA512 | 7bbc77c47f845b4cd9c923f2ad9b604ae147910145a8e8127ae3ff06fae8daf5c4608ea6cd8043b689ea7da0566b4f8edf6fc0ecc606c575ea24dec073f26708 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe
| MD5 | c16ce3cfea8cdf4dc36cd7d2bbdc5bd6 |
| SHA1 | 4ac3f8c52c3d623ab3253c0036104b7e176cf959 |
| SHA256 | 60a59d46552108c3de88db3f5638fae8a3f9e6d53379215ef998974944c09e40 |
| SHA512 | ca4e10c68c07b7f7b9c68b382c359bd493f249c628991361ae0e72c4a7f23f06e090c9b16700bc73f2ea54cff31765aa512c98ca17407a8301f9f5fa530729a9 |
C:\Users\Admin\AppData\Local\Temp\WQgC.exe
| MD5 | a6bb2e1c61d00efd8b0cfcd01dc72a1a |
| SHA1 | 9a404820c449c09086d85bbce1bc5e75de479f97 |
| SHA256 | e95d6159c18b4e25dc691d6a61a7c367405f451b04fb1abb51e3238c9ee8d11c |
| SHA512 | acc831ae53b85e65818df0a7dbc129fff38a1de42de3540f57d3e5ebcf6ddc60125e121d8d392d93f98553dae70ab11be21687b4c6e763446b0942c9045da030 |
C:\Users\Admin\AppData\Local\Temp\aMIY.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\ikQU.exe
| MD5 | 9a649dd73c41a25c6bb669601e517712 |
| SHA1 | b8a3d2f83258b12e1a8d1b2b940469746922360c |
| SHA256 | cc9cd0c1d4b21246df298ced092d356a8d683175ec27b06da616016bb26130a6 |
| SHA512 | 90057eb7d26f9b0e51f6c394fdb7dc323a2ddc1b34034dcbefd0f45cc964a4959ac22d8f49dfbfc86d7fc74753af7dbe74d1c2122cf5daed46876f34d78503a3 |
C:\Users\Admin\AppData\Local\Temp\UMkM.exe
| MD5 | 7b27213ff6b8376a094798aa2ea523b5 |
| SHA1 | f0d7bb90e5c97ed72d9ce13eeb3cf77342d3701a |
| SHA256 | e6a03b69438eae5d8a0b5ef74717b7d1af937c2837280ecfb327409a3b0ae913 |
| SHA512 | 18fff0337150740970fe558d11022c1313bfa19f0f7151631a0f54b3d486e10f84587dd73eea7187ae7b11e1d6649f9f278e11cb371a32087ca3c4ea5f4f3984 |
C:\Users\Admin\AppData\Local\Temp\wUkC.exe
| MD5 | 42629fd8c21d3e70074d672049c15318 |
| SHA1 | b22f7cf8b159a8dcc7cc71a942bb557fa6d159bc |
| SHA256 | ed015b8ff7afd6908eeba1d922014bd68332963ea376d3e62d6e834c31f6da30 |
| SHA512 | 3f5f222d571ea7706e6760f8a650e0ff97374038112d56ffdf33f965d7ef2f0d8beece6b1be2cd7bb5d40e73263f2c643bac20e6aecdd6b60414773795fca815 |
C:\Users\Admin\AppData\Local\Temp\eUou.exe
| MD5 | cb9cc2298246d62b22c5fe23211905f2 |
| SHA1 | 4409d83e19eb927d84e993987071d4480b99cebb |
| SHA256 | cc827148112940b5efeb28e59ea281f9484d8b7c39afaf63a91fc691c3cf92de |
| SHA512 | 61f8630b2a9b1f4acf382889cdfae20607e3895de6fc7eabbc02f8f28a9856aec6a64be445eca483471c56406603be48cdf78b5d34497cfdd5c7925b8dc9a61c |
C:\Users\Admin\AppData\Local\Temp\sUAc.exe
| MD5 | b090dfe950c9b13bd9dcc84496f36217 |
| SHA1 | ab3766514ac12d27e341673c4f1373daea93563e |
| SHA256 | 39237a54c96aab485ed26f5288a1d57feb10b57f899846b80ff819c68a9d8642 |
| SHA512 | ee4be063ee0f5361923b3331a163fea4e238146e6de57f5f2bd2081911f49e39c3d7e562c09ffaf4c6e8ce02141f94c86d0f30c332ae12689b692972fec0e0f6 |
C:\Users\Admin\AppData\Local\Temp\kwoe.exe
| MD5 | 2333fccfb5c9c19e11582ed564e596b2 |
| SHA1 | 74b50a48ba139168ff7da429105ecb76184fa775 |
| SHA256 | da5cfca744e6d97bf16272de48429a3a2dcdd7d4b9a089c0ed0b05376e563f8b |
| SHA512 | 9e424f5733da2c8e911c4f599110885598638072ffdac1996d5486364098d285468ae04304e2558ec39f045ebee7c7c40e792c13ff40e62107011d914c74aa3a |
C:\Users\Admin\AppData\Local\Temp\ecAW.exe
| MD5 | 76725aabc19d11c9f2e768c786ebe4e8 |
| SHA1 | d42b4fcc182e29c7ac0a2488f6f5584c23e95644 |
| SHA256 | 63844eff6ee44681be6daccd2d04978488427ef3f2fe4281210dbca3461a85ba |
| SHA512 | 420c739d8307fed3aba14a75176691591ba74b198cbfd8b0fe9d3c07c7a747041fef19d681386d31e5955a1e8b7bc9244188ec2c9d6e17b1c0d7d0ae2c6b47d5 |
C:\Users\Admin\AppData\Local\Temp\cMsu.exe
| MD5 | 4f6e4c1387a0d04db3002c5bfd3d2d4c |
| SHA1 | d3a14afabb3e31d6f37d685c72fc5ee8867350bb |
| SHA256 | 1948c62a589aaa6b4b57cb1a187630c209d5f8a7c798ab46069dca5acffb219c |
| SHA512 | a5a3c03cc7ebc2a664e5ec5a7ce9685b48acece833b0896ecec7e3e6ccf08941bc9c8ccf3bc9004b350373e0e713053c8eabd1d4e066344dd772ec5f95e94818 |
C:\Users\Admin\AppData\Local\Temp\kQcO.exe
| MD5 | f15a34791862f3f8a049c80913c8b376 |
| SHA1 | 3bb814402b75dfca3963b8bd04946cfa213b4a61 |
| SHA256 | 8481262cfb44fd6c09b6d7962e5f58e98dc9ca620a8a419df8a2a7add120fdb4 |
| SHA512 | 0ce912a22e86ff3fa6cacec43403ca1cb7704b3f951070a41dc5d23659cf4dfb02ae1a9fedb062a70e83436412e3648618696c2c156311260e5e1bdcfbc82372 |
C:\Users\Admin\AppData\Local\Temp\csAU.exe
| MD5 | 248988ba615386d74ccfdf3f2c9ce20e |
| SHA1 | 7ad1179c432bf340ff89d44d0831140c8b4f2f2d |
| SHA256 | 9487b7a5c8ab26164a32a703782c663e80911a9f02d9d88a59902dbab8bc05c1 |
| SHA512 | 04c23ae1e8a3e3af2ec623eb98bbe3991b6eaef309c1ca07e5baeb710bc5e13306a0a6127af32fbdd47fc1727143f1741e1c0592fdd30f9771fc3d4205b74163 |
C:\Users\Admin\AppData\Local\Temp\yosi.exe
| MD5 | ad2550afde4819d877d2e5dbe5673e3c |
| SHA1 | d823bea52ddb50a7f30c32ff6561d110d506e041 |
| SHA256 | d5a2cced0cdfebd4098cf5de64c1f1261e6366e4dc0451d18ad7f60aae8d732e |
| SHA512 | 806e4db3b3e989358db9a973023f1d2e63541646a7be950241d9d498229bff88bd7e39a6555e0a67aacc6217a432f95ef9bb25b022a4b46c4f57af11d8e42a3e |
C:\Users\Admin\AppData\Local\Temp\CwIW.exe
| MD5 | 76e576726b65d458feca500454b38502 |
| SHA1 | 9926e9e6d82ebebe795b10335ac6964f6cd335e6 |
| SHA256 | 6103d5148cab673a92985d4b18f5f97b9906b0cea0927c4ab84ad771f4c03c16 |
| SHA512 | 666dad2b9d9c86bd5d58a1660a2827bf6ba63d3dc276beab3443b3568b2767f62c5b142dcc1c5b767b700d6ac82d19ef806ea0ae0dd487cbd64b12bc32c65b34 |
C:\Users\Admin\AppData\Local\Temp\ooES.exe
| MD5 | 3454f33373a48b95614e858d59c96ca4 |
| SHA1 | e0dfa97efc1ae252becc3d442999db8e2bf065dc |
| SHA256 | 3388ffbc90e3ecda193b9eff402df0a1040c90f2f2614af83a619c585c6b373d |
| SHA512 | 9d86cae0bf558e93df3dc468806d033f26fc279e6a053982b4014106e88bbe0ae52787a7998ccf9de34bb0273c2c3e64d4338d0dfc5dbe1e4be3d521469be2c8 |
C:\Users\Admin\AppData\Local\Temp\GsQo.exe
| MD5 | 240a75d080089f4f48efb266d547614d |
| SHA1 | a3c54b64a006606a9ac9d88dc3cd02d45940ea97 |
| SHA256 | 25e216741bd1dd0f16af35731c1d413a3047c279f00e167c553aa83a513ce727 |
| SHA512 | 0d9ef3f18aadf06ebdb4444deab3b5f1b5b901f319b3782f8215a69059205d2254628942234d01e81d614fe91ea5a589b96baab10eb7913900211712b6bf19c7 |
C:\Users\Admin\AppData\Roaming\ConvertRead.xls.exe
| MD5 | e51e0979cd440c77e780d04cda80c0aa |
| SHA1 | ed7c4c70e595b28a62856d5749d78f755e184939 |
| SHA256 | edc9045ac4b06d9ad68f7c176a0707ed9c51e5d03ce5ad50c50d3cd4c67823e8 |
| SHA512 | dd205a4ab4d6280675698f02bc9a37762d8e26053d02faf334c1ffcab3bd0d223057ffa561165acf37592c2f04508815bc5b5430f1ce28a1380fe235a77c5b9d |
C:\Users\Admin\AppData\Local\Temp\ycUC.exe
| MD5 | 4ed92dfddec56518c7b29423026b2ee2 |
| SHA1 | c266765f24bdadfceb7b982722bda7212c9e255a |
| SHA256 | 45a6de3d2c6ba10bbb001427beb8227cc8f89d00efafc0a77b9d0248b5c0f7d7 |
| SHA512 | e18f60948599a6422d0b43e1f2844adc8eb98bdc5b71b0b468623e0a79800f81dd0aa89f2c57355c1d08697b17c5446c9d952f2425bef01e6d770c7b41f31c0c |
C:\Users\Admin\AppData\Local\Temp\YQgs.exe
| MD5 | 8cb9fdaff020423feb26cc0a09fa4443 |
| SHA1 | 2924825eef281941a9e28393d463e055a9118392 |
| SHA256 | 2a7aec08dfa40fc139c8d7661b8ad46a1073e0d33bc6149663c613fb77f9f88a |
| SHA512 | f91c87f29052acdfea6594a1e02ef03d62f6b4d756738e3a3fbbb15b56415c9c4972757bf5ed87d0ed096e505f6490fb4e924ca4d2151ee63da14255f29af3b2 |
C:\Users\Admin\AppData\Local\Temp\kcAM.exe
| MD5 | d8bac079c38e42384645456bec136baa |
| SHA1 | 4e0c4838376da223383de3786a32556bb90bcbcc |
| SHA256 | 0e4cbda2c0cd85a5ae47fe5cf36a579cf30318f2ca702ce6dcb80562abdb59a9 |
| SHA512 | 6cab6c8cb302a8989dd61b9aedc294c0e1fb2eb5e2044488295eb1b6695cc560cff820a2dbed785040147099586e7eb344321c347363e68acee8a50dde67caf4 |
C:\Users\Admin\AppData\Local\Temp\qsQQ.exe
| MD5 | 39925cb388bbcf316cd9c872fcbc359f |
| SHA1 | 2b7b62d05671ef39a81b12f6edae8d59bc388c0d |
| SHA256 | e9247c3bc88d60fb069426acff8e596bf5d029c0506c7cf1691fcd5a6ace1373 |
| SHA512 | 31ff44fdd571bfd690421fe5904280993ec2bab35ce4ef1d3627b5916239c694b449963de359afe9921b14e439f1d272dae79d3095d52b95dd80dae3ca0ae296 |
C:\Users\Admin\AppData\Local\Temp\QIAO.exe
| MD5 | 22565c21a506db93109e43c764c1befc |
| SHA1 | 7a7b5b0eabed3503c49b9ed31c1ce162202737be |
| SHA256 | 4a189aa5af45a510f7cc39967f73a56640a40813a418046a5388c028a0ce3ee0 |
| SHA512 | bd87bebfb4bc763c9921c832b6ebebde4b75ba22f566ec0b024de3bc0e9b4f63d7aff9e4a6ce143296a9519042a1b8f518f35ab4312157db1e33bf12bd130f86 |
C:\Users\Admin\AppData\Local\Temp\CEIc.exe
| MD5 | 3650b4a5fe125b5ccdd4b44723335d49 |
| SHA1 | 8a16b75eb23b13d76a9e57471b9fec1ed5923e60 |
| SHA256 | 2e0c6e9064387d30f5d957399c6f8ba6e5e966b79ce82227c4cd7abc28145343 |
| SHA512 | 02582f36e08464d11864532f12b9abfd748478a74decefdc05bac214efcca44934222b0573e6b1c754b1345ea53cec70c753c4785cdb7d4d9e21a8df1fc36a14 |
C:\Users\Admin\AppData\Local\Temp\WwgC.exe
| MD5 | def5c76ce34c3a2b6c2b42ca506e5883 |
| SHA1 | 45c524cb0e4e5ede7ea24bd436e0693aa4839fca |
| SHA256 | db4dfc75e18ea7207c22ec741fdc3b55284f48aee290cfc4d58651062bd377dd |
| SHA512 | bc7c8e68f353f75e505198362dfcf47f53c136c18172cfb3989ca9fb1aa394459a57e3ec65c49fa64c26b2ae1ee8bdc348c863040bba0270762ef5596f6c37b2 |
C:\Users\Admin\AppData\Local\Temp\eksc.exe
| MD5 | eeb54462c5beada2041e4525a122c314 |
| SHA1 | 39115168fc764f2dc5bfa90d2471c05cea848bfe |
| SHA256 | a4bda1970d57582ea919449aa8ee1ed6a1daaae8aea1b10f68c21c604d2bb697 |
| SHA512 | 55c6955d86c49718037300971ea4b19381203f11edb78c2e22347008055c43b05ae92be271b9e5a221b093174201cb5fea93619736e8d1750ee584a8912a5739 |
C:\Users\Admin\AppData\Local\Temp\OQEO.exe
| MD5 | 8c0db7e38bcc5f456e809578e25795d1 |
| SHA1 | 9b08d9428f8c9a4e816feb0925bad39e077f49d0 |
| SHA256 | 576b6dbeff4b945fe6fc0aca27f13f5150f129401b7602925cda65dcd7fbd719 |
| SHA512 | 781c5515d517dbb7896a44fb074f18aaa194b011bbb4a6fa1f4da4e72311e7f9814fe66ec7a51ecb39cc7d37fc13bbacf310490e4763dc2b66ab70d62c0515d8 |
C:\Users\Admin\AppData\Local\Temp\mgIs.ico
| MD5 | c7fffc3e71c7197b5f9daaea510aac10 |
| SHA1 | 23262fb8038c093ac32d6a34effbede5de5e880d |
| SHA256 | 71254090503179540435a1283d04301f3d5ba48855ae8c361d4ac86e3abd2865 |
| SHA512 | c3cefdb76a9fc74299a7042096a549e019db3f2cf79e81deeabab2f3ebf2bbc9f2924a84cbbbc4848a4bf84cc3a0886c6c738c6bb37c9140dfc57f1f797e9c1c |
C:\Users\Admin\AppData\Local\Temp\AoMq.exe
| MD5 | 46d996d6b0b09c447e8efc39716b642d |
| SHA1 | c8bc8942a82dfb85eb4fe4d9d3477f075f077a35 |
| SHA256 | 6e0d4434905ed80b6dcc89ab05e7032d73ab2e280aa1d7be0abae3d89513cffc |
| SHA512 | 816314f0bd0d17be1f7e32f7c431c0fbdddd86ff792b8c4c3b0379f6b2cb7ccc3e694bc043f5956499c2bb182ac7db5cc2381ee2a44ce89121f8dcbe1e1055fd |
C:\Users\Admin\AppData\Local\Temp\KgMs.exe
| MD5 | 4499727f83e71811712bd6cde30aa782 |
| SHA1 | 44fc38e599b043b62ea1fd774a55d6d3cbbebd84 |
| SHA256 | 8a1a0ff417436d341e38b5cb786698ac28feb5beaa5c011949a4e3890167e537 |
| SHA512 | b582c4f9e579742739b222380503eb9e51f10dfc7c9b0c3da86a7fb2f0d7931907f006dbed18c63ac3191a6aa45dfb5e2c66719da3a63e62a7e7a539dadfb1ba |
C:\Users\Admin\AppData\Local\Temp\ugEi.exe
| MD5 | 5cb58d4abf7c001c7273a234331ab15d |
| SHA1 | b347e8819039777ca901fe7aec6e3f676f36c966 |
| SHA256 | a3f5d0b01961cfe8dc6fb61f4021094264859bb164d95d8364022e444d620a47 |
| SHA512 | 6927194a84bb8361c7cf5605168bca4bb16ffb5989a57d5aaa1ba2d6398aab5ace52edd3bd8b73157ae6a947c56073ca646df18f8cc589f0a4e7fde91d460793 |
C:\Users\Admin\AppData\Local\Temp\SUwe.exe
| MD5 | 069dcb70ac4fdba6a32d7c93061df6cc |
| SHA1 | 581a69c4a0abbe3d7e42589421a9c46f36a81d73 |
| SHA256 | 1b8623e3761e118c706c43b8e78eef8378532da564787a1b57c909a9a07cd6e7 |
| SHA512 | 19df519b494a3abce90acc02a5c824cae6add2f0370a62bb6b9dda2de303e7623aa737b162e260b520b62ec8e777632f8699b3cf3b2b3c137925335b225c243a |
C:\Users\Admin\AppData\Local\Temp\ggMs.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\WAkk.exe
| MD5 | 401e4917cc9335d5cee3cc67c12e7e35 |
| SHA1 | d6773895b2ba1461fa6509d5544676f0e2c4caf9 |
| SHA256 | 53c24fca3b63e1c47eeffa3bd8824230873c12d9e3c0a089c9384bb21ab4fcb1 |
| SHA512 | 48b60b72e5b2a16cde904fc1cae6d9165adfbc6e43bfae877a448dde8a97ec06582f7fdb03906506783bbb9b93564c79ebeaeb1a70bd8f6d1c5452bace334606 |
C:\Users\Admin\AppData\Local\Temp\YIAi.exe
| MD5 | a302c540ae68c0bf71e9f4ec3c619110 |
| SHA1 | 900c16448304383a6b1c5416eb1647a25120d002 |
| SHA256 | ab014620b65e5b5d26387ecc76a13d340dce890d527e32c4e24b0317f2fc9c7a |
| SHA512 | 50a6eaa843b86bd245de51c523cd887084028d5e05fd2aca9a0da728f1a2666467b3d9367f00cdfdabcef53657f068430128c4757815ce0f58c294011957f7a5 |
C:\Users\Admin\AppData\Local\Temp\KEwW.exe
| MD5 | 60b4de5b2679cb0928d10edc1c8e3dcd |
| SHA1 | 0808b22b2a6e20660a86cb8af0f9b4c94a2567ab |
| SHA256 | 572666f5dfa1ce610b18b82a578923c4a5953aae252da2e3ad1248ba69ce02d3 |
| SHA512 | be530c3f91fcd4955f1a08fa46926a10b18f67679b14ba8b3adb1e3de70861067bcd6bb2b0515b73b2a6b8ece61ad1e857ee64b8ca6715381acb9dffde343763 |
C:\Users\Admin\AppData\Local\Temp\IYcs.exe
| MD5 | ac639375e887d2d70c2a29bd831e27f6 |
| SHA1 | 0235da73aedc73fafb7450a40cb82e9875190cc9 |
| SHA256 | 5bb7667cd724347d1d069947e05ccecb381bbf4e41490a9b072db7f7dacf6a56 |
| SHA512 | bb769cf66504427bd1bb582866db28af8c3ad6753016bb4ba65d9b80ea4044672a4a4cb848c239efde2cc4925a57952f484191084ec9dbc64d78f2c9b49bee23 |
C:\Users\Admin\AppData\Local\Temp\yEYM.exe
| MD5 | dcf251cb70992b393e713fefcc5644c2 |
| SHA1 | 44f978cf0247001769ef610daaf4c114396968bb |
| SHA256 | 5a823399ffca5fab7888a5b8a68042ba87a1d7302b0e446e6cfca08d05d1ae61 |
| SHA512 | 986e2fdf1fc7762f05f64e437d0fbd1d891c84973d6ac39275e53ba500ffb178a9208dee8b7ba1f8ed134494ced8735c25f30c9c5f982b0289fc9d4c6a0d7e91 |
C:\Users\Admin\AppData\Local\Temp\iAUi.exe
| MD5 | 5a33e3c160fee3770be7d68fecd4dbb2 |
| SHA1 | 3267e1b555b96a54f6d690325c69e42751862e5f |
| SHA256 | ead1cd435eacd8471340861286a78ed31d4ecea28c5c499f0c741cdd6e632105 |
| SHA512 | ab9a390a8be7cb2146e9777b41080b1b46aa94df69fbb814c4dff8d5c8a37a02ef1caffe2fdc9fdc70b7b2c9547586bb9cc41ae788a79db41dba4655087202ca |
C:\Users\Admin\AppData\Local\Temp\ocYY.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\Mcgi.exe
| MD5 | de4d4916e56152f06d51dc40cb3c8658 |
| SHA1 | 2adcee7114050f127c66913575966d360672ce74 |
| SHA256 | 3cb003c4402b184815e3b2bc90a7c07649c1301830703ae52108209f78034a4f |
| SHA512 | f7cf22cd9db77854b584cd705d948c682b7a66be8cbebfb89929c9800efce6d903fdeb6fabed486ca6ca345b08f221b97285ab7d952d0153cfe672010003f306 |
C:\Users\Admin\AppData\Local\Temp\wAUU.exe
| MD5 | 85f1fb9dc24b5d9f134624fcdeca3ac1 |
| SHA1 | 977d6f65e2e41c25b5e85a2ae7eedcb71b8573ca |
| SHA256 | 101ca36f134db340c9d830089b56f586b10560f42f5c3b95c03e665a7f01010f |
| SHA512 | 45caaa577cbd97239d8170b73478ff0b84c2008f50b2745c3c8c1330aac4ad739e7a12f10948064dde578ebcd878072c6451a6e7147633e449a88af44194bb4a |
C:\Users\Admin\AppData\Local\Temp\Csow.exe
| MD5 | 1386466b50d59776c23f99df8879114e |
| SHA1 | 17dc7beabb390e4a7dc247dbf1bfc0786c6b11d2 |
| SHA256 | 7ee3e879e6ceea33eb48bb1226077a955fd94113c16ec887d280d6987fdaad49 |
| SHA512 | 3b94df45a64da2c168a60918d4014c22b27798c4a1b03ab2aa192bdc14223a6fd845c72f0409b68595dc01d616755572ad9b117e529666291d71665cadd28173 |
C:\Users\Admin\AppData\Local\Temp\YgwE.exe
| MD5 | 0e446f6cf9956cbc8502be5c0bfbac7a |
| SHA1 | 9ca4ded0fd35ff2c120737c470f18522384bf49a |
| SHA256 | 7ef5bb97370736d7b9fbfa52e32176ba146aa92f3e7b5745ed2aea2b12f585f1 |
| SHA512 | 936cf3334dd37e2fbc53d75a79d633c1b31dbcc344d6db66874e96788d9c22063cdb4fd9df4765a8a7fd2f4a0721729d023c94054baf4f047b4616d5b724e85b |
C:\Users\Admin\AppData\Local\Temp\kckA.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\KoUM.exe
| MD5 | 652f9e44de353b9d77918f51b229d78b |
| SHA1 | bb2eb15ad9207a5fed44e60cc7832e2af374fdff |
| SHA256 | 90c6b8d5abb4efecf778661357a8f4bca1744327bcf4dd3d74cc0e9406aeae24 |
| SHA512 | 715d4c9b86aa860804ab4338584d188fa942ecd30b47efba85e38d06dd98b571d4754cc11f2d2c56aefab8f1ac5f45160d9ba7ecbcd3ae610b43d8390a4762d1 |
C:\Users\Admin\AppData\Local\Temp\IUcu.exe
| MD5 | 367489e8c520d7ec042438ebe822f325 |
| SHA1 | 93808246c306feb32d6415999b17a009527650f0 |
| SHA256 | f407a43d620d43e7a389412b8d4eb3a892307a1f4201fb900f905dd321d339c8 |
| SHA512 | 53d58054f08bfdfc8660479929e52ee86dc1f3e3622aeec292cf828f9a1c570434a82da6c6fe2894b0de8b2dd5f5eb12096e0a3e0c6e9df271e822a900cbd5af |
C:\Users\Admin\AppData\Local\Temp\CQgs.exe
| MD5 | baa252cfa468de78cb4a36f01327d4e5 |
| SHA1 | 7a0069efba15e098defb79d1547ecbe21498d83a |
| SHA256 | e96d79e62bad09e56957db41139212fc86912e6c3a3f5c65a7c9939da2a55dc7 |
| SHA512 | 10eb6d62666008ea6534bd2cd48e179514b3a54b5977668d5ae0e3d9df8c2e609b698c210713d5e94762ad3da91703120c0e9071577265f80ba0c0324b951ec0 |
C:\Users\Admin\AppData\Local\Temp\cwMI.exe
| MD5 | 05769aa4fec09651bbbb40b9005f6698 |
| SHA1 | 69e5b53e8d65aef181c849068ee15ae030b4343d |
| SHA256 | cdbe0a5c910e3c33c4ccabcfcff2249b68f0af2dcd78e1a03eb49837d8df9043 |
| SHA512 | 86ac43098b12203af29a9509ca8ae5225a50cfc91fcc89dbf881e52c7e91564f25331f73c63ca98265d0c25da6816ab36f223b1f7e8b104bcd498d2ccce02c29 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 4d62d6a262c71b8a9b65673cda3d4869 |
| SHA1 | f5d6904e9af137731d124850db760745473baf2f |
| SHA256 | 93bf07a0c14a682c034e50cbf6733b60084f1c78f6288c7fd5c9afb087114b47 |
| SHA512 | dd0a097ac8ac2e6f6739a3ec1a828053fda429c3325c357aaa453e1fac0fb879bec806c5b6b7b5a785925c5e9d9036a0ebfcb439368f57223f81f8bf65533cb5 |
C:\Users\Admin\AppData\Local\Temp\SssE.exe
| MD5 | 0f74cfaa67c0930270cbc0b45b539c53 |
| SHA1 | 9a76deb672eaa9756244cdf15eaab710b3022089 |
| SHA256 | 9991973ac5dae622d54811de9f919fac5ea37361191f270e6f8362ba1738fce9 |
| SHA512 | e34c16d00fb84e3e0d421ec9c8d4057ad559049882063c8bf8f4f549b4a39905aa4a8e75faeb85540d68e70862b6e8732f5f76eda4884523a902be95bde31809 |
C:\Users\Admin\AppData\Local\Temp\kEMu.exe
| MD5 | d736ac9115de28d97a012d32ce8cc740 |
| SHA1 | 078a93cbe583bc44030508201ca8c69af8a69427 |
| SHA256 | 9c4fa7e8b5def70baef0a115d4ba2007199593b8166cfac840feedbee513aeb4 |
| SHA512 | a10475ef1f4ccc6ed54cfce7b96667b19fe9a59e79da5152342e528516b94722f3047f2240467a5233c69c70ece61a28449adbc0431f0a4dc90498c007c20fe9 |
C:\Users\Admin\AppData\Local\Temp\Qoki.exe
| MD5 | ada0a1a9c14cfa69a60191b081344ab5 |
| SHA1 | fc38313a6c88f4bc6339f27af53f77623bc939a3 |
| SHA256 | 0014fce85a9a3d2864ad48098c3a2e847fe47406faa9127af51ce6cc62d925a3 |
| SHA512 | cbab3c2e80242a357723cd2a711df530e702128edad02df74cd15be2b03529a47147511501461fbb33d2b7fa6f8cf4679d9bdc528dde82b28e248625d9373e76 |