Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-x5j5asac9s
Target 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
SHA256 53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43
Tags
evasion persistence trojan ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43

Threat Level: Known bad

The file 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock was found to be: Known bad.

Malicious Activity Summary

evasion persistence trojan ransomware spyware stealer

Modifies visibility of file extensions in Explorer

UAC bypass

Renames multiple (82) files with added filename extension

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Unsigned PE

Enumerates physical storage devices

Modifies registry key

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:26

Reported

2024-04-03 19:28

Platform

win7-20240221-en

Max time kernel

6s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\QiIwcQkA\aekEosgQ.exe N/A
N/A N/A C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QsgMUMgw.exe = "C:\\ProgramData\\ZEIUEQgo\\QsgMUMgw.exe" C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\aekEosgQ.exe = "C:\\Users\\Admin\\QiIwcQkA\\aekEosgQ.exe" C:\Users\Admin\QiIwcQkA\aekEosgQ.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\aekEosgQ.exe = "C:\\Users\\Admin\\QiIwcQkA\\aekEosgQ.exe" C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QsgMUMgw.exe = "C:\\ProgramData\\ZEIUEQgo\\QsgMUMgw.exe" C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2460 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\QiIwcQkA\aekEosgQ.exe
PID 2460 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\QiIwcQkA\aekEosgQ.exe
PID 2460 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\QiIwcQkA\aekEosgQ.exe
PID 2460 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\QiIwcQkA\aekEosgQ.exe
PID 2460 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe
PID 2460 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe
PID 2460 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe
PID 2460 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe
PID 2460 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2460 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2460 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2460 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2532 wrote to memory of 2396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 2532 wrote to memory of 2396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 2532 wrote to memory of 2396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 2532 wrote to memory of 2396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 2460 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2460 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2460 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2460 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2460 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2448 wrote to memory of 108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2448 wrote to memory of 108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2448 wrote to memory of 108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2448 wrote to memory of 108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2396 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2396 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2396 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2396 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1072 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 1072 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 1072 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 1072 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 2396 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2396 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\system32\conhost.exe
PID 2396 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\system32\conhost.exe
PID 2396 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\system32\conhost.exe
PID 2396 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\system32\conhost.exe
PID 2396 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2396 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2396 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2396 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1400 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe
PID 1400 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe
PID 1400 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe
PID 1400 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"

C:\Users\Admin\QiIwcQkA\aekEosgQ.exe

"C:\Users\Admin\QiIwcQkA\aekEosgQ.exe"

C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe

"C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aMYwYAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tGAIQgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vAUggwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCAYUokk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BGkYQEcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XeEYcwcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zsMMkkcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fesEUIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-5829871071551739783104642589281465247569695458-19637496721172085892749779192"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "27146986-1990471806-1631554147-1443749733416778536-3689779371132570974305143643"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMQIkkEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1074445762-19924474352129440762-2039040797-1274900501320530491-1265563391-1992338674"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYMIowwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMYkcoAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCIwcoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\keMQwAwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FQgsocIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FcwcwUIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-4087583741239557104-170989119011149950303084487444361243279252075-2034173784"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JUMQAocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2009236979-700451934724470318238711371793783219-819352684-5308228351808419300"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-332725593-2777766311812288265146321060-7927014539790636122136272957-2100325901"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NYoYwwYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xOUAYMcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-416261563179795344513607683781104499161-1784654862-1449391185546003681123045130"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NkMwQIMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eokwgcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "466885224-1272106234602749194-45590484216485309451154625857-1772450041-562870897"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "5999490961135781984-1740714195-9923712941905696885-18607116381550948237-536022290"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCoMIcow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sckAsoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-16178277281900283943-1930662394-504365660-2053860418-1751252194-16195430201472312291"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YwcwQQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAMYgIok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-13584088011697149065434014290159403813-13700509901275193209560372262-699179371"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "463688800625935610926226192-102207803918134144675219956921422914553179470821"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nkQwwsUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dcYgMMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1517518364900692748633067938-13252377822064764305-839609930-1693167781-526272546"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\piMsUccE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1611049917-1346022845111863333618110126014303598161252851805-716756035-1413492310"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-840608240799683905-64272757-310725618184528699148011299615815633061087080929"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FoYwIUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEgMYwYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IigsMMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkcYAgkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QocAoEgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yOEEosIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aeYEsEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JwEkEkMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-123441641112774524361794584263667354209-1350562288-965901285-14506358791079808499"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOIwoAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ReMUgEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QQwAkgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\weAEUAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eIYQskUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YuQYwEYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fIYIAocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1131902801-1798177206-214133547819966338105152742501136056594575617079-1908190216"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tywwsYoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WOEQMAMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uMsoAckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-70244859984700234759624327419904099851271373866-8979381141649869222803273888"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DOUccUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2011168474-484307585-13434423481489665979-2012097930-5542062231432563390-96343185"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiAswIMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OiQogoAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iuYIAEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\umIoIIEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOoIgckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUYQwEQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XOssosgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "12091912701163803384-1635260754-150697108112110396861755606697-1535199182486143945"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qIEYsIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EUYIoMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NEswwYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uosUwYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SkwIUwQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uasUoIQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BEEAEsIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCYEQcAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "154860848616699963598247709332777692461521155981-1959949907-416445727-856029562"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmQAIAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "10939549831775744015486422394-2131438365578487918-1936310823-21447267891448190607"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dKQgEIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gyIgAEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "14191271601672147867-2069354883-21297832331711024399144409490216103394331912373677"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yMAQMoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWEAkYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LeIogkMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMMMgwkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BKgIIcAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KIMQsUAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HQsgMAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "12407222881777036175211271562821239074541894995858-1796856784-1962876231980487568"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sgsYMMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PiocIAEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1149884794-11065664561407067602-7064118961852349389-1134656814-1703281749-1498176480"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKkQYIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LOAsoYQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TesEAcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tSwcEEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZMAcEIQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyswIAMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wGowgEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XeMYckUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSYkcYUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vUwYMIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HyMIgUcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycUwAUwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1917752197-378372062-42467010245584635-53826425-87041184310215674351178880975"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DEQIkkUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wOcUgQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yEIUIQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\faQMcUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NSEMUwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\daEoYAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SIIocMkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:80 google.com tcp
GB 142.250.200.46:80 google.com tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/2460-0-0x0000000000400000-0x0000000000434000-memory.dmp

\Users\Admin\QiIwcQkA\aekEosgQ.exe

MD5 e7a1d55340905b25fa63ab1e407e64b9
SHA1 ec4e26a0923fb168636893b651c20b0fb74f8714
SHA256 a1a9ed94f683a3525be9caf1ec7388e73776d2fa10c36499dd81227de3d1ed0b
SHA512 2e649f506e83dfce6fd23af14c4a553bb6b40e30ada62029aa8ca046adc20f143a1d71c0a64544476e5451b03b0f5afae487a5633583fd33b73924eed278ede0

memory/2460-11-0x0000000003DD0000-0x0000000003E04000-memory.dmp

memory/2460-27-0x0000000001C90000-0x0000000001CBF000-memory.dmp

C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe

MD5 3b4d1771df9ccf48c011695fc9023959
SHA1 91f8f206596a9d365311c70b26364b5882089291
SHA256 3b063617337cbc67425c8af28e7144d185cb6f7ad039004d0053a7ac9b43247b
SHA512 f2eeed23e58f172b24155120ae78b4600476d9046555195b293f1a8d4093985a6559da104e7fc4cb82980d57b1c5cb1acbc28ba400eaa60380d79e0959baf5cb

C:\Users\Admin\AppData\Local\Temp\YgAQwgwE.bat

MD5 90ffd9695c7fe27eb9b102d07cb8c370
SHA1 0f3dbf4b9d4914baccfbf0786748843bd870f73e
SHA256 5a0e47eac52a3afb6607588f22a4739895202e38b118afb8d358f9d02d546ff1
SHA512 9deca393038fc45abf0f1d336431e4d0eb0aadb10cca3ed4beb90b36986fc08f120125f8069f8f9a848361c1423d3f1ac5efa978e79b362c1bfabf58ae940c60

memory/2616-29-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2460-31-0x0000000003DD0000-0x0000000003E04000-memory.dmp

memory/2484-32-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2532-35-0x0000000000280000-0x00000000002B4000-memory.dmp

memory/2396-36-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\aMYwYAgQ.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/2460-44-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

MD5 7853d07ec1ec8d612c25e3a7733a2142
SHA1 88438849bc048dbd0a9875508082630c3ba0d924
SHA256 38d399a8fac9a3326370dcdfaad5c0de203883557f82d8373f0ce4ef7137a859
SHA512 df288e8a8aaa30f8d26f90901ece904c22543f1ee25d31b6d1485c8a0e3121ba3cd7c16edb91c019e85d50ac627151585fcde3b6abbca3980dbfe8c72159779d

C:\Users\Admin\AppData\Local\Temp\oaQkcsgc.bat

MD5 20365a733ade94567bf334ca503e541f
SHA1 6451ab1bc9028b6427e0a2381a1771f1045b7e69
SHA256 d80dc4ffea8f1a60c867e862d53da60c8fb21c5c5d73c09ce9843f195df63c6f
SHA512 964bdcc460251324a2fc0d06f5302cbe0f7da19f8e62f9256fc5b714c942f762b63095408ddf865926f6f2a38382a38bbd1f0b17c30349801e1735ddd4015453

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

memory/1072-57-0x0000000000120000-0x0000000000154000-memory.dmp

memory/2396-66-0x0000000000400000-0x0000000000434000-memory.dmp

memory/764-67-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RokwUkMA.bat

MD5 2a0497db6b88663e326db621e1bfbced
SHA1 a7e3a4601f89a41eccb15d7872a557f2682a1841
SHA256 6746f5cb2f5930fd11a2909bd9b28fef099ff06a69d8363177272ffe82537e75
SHA512 ec92bbff8345efd11d1893221fee1cae795ac973cb7bca789d58ee1e476dde98cf7d0aa9cc82fd0fbdbd7d88b4f50c5e4969cc14303dd69755fe6d396a8fd289

memory/764-88-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1592-89-0x0000000000390000-0x00000000003C4000-memory.dmp

memory/2272-90-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\viksYgkM.bat

MD5 c251f1b2fc4e2e36d73e6635d0d0baf4
SHA1 94f961749987b39847b931816aac58956c0ea73d
SHA256 222f3f19c60203f81d59137986010bd9679468dd3f05f77e72fc0f0e0b5409f9
SHA512 7722c5c2c929eeab543db0196d4e141c2ed2f9c021d2c2d2f8af6e98d75e4465416a7abea3ace9cb9c035f9b8f56e3f3fa3d5638d19d9e265b458e513050a007

memory/2000-112-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2272-111-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vscQEIQU.bat

MD5 ddfd93c206abe9a1f42ceead9e2be765
SHA1 e9086f05cfe696c3e3c01afc6d31e749b269ad13
SHA256 fa2891e89853cce4df8674d982c40330847bebebf8ca6915102a1cda819ef7fa
SHA512 f5565191991294611819d5f5b50cf8eadf900c807f7777fba63a7af3981b04b942f0bc1cdd387a45ba3cc76c6e0f5ee0bac96fe9a6e3f986c78a427956481b3a

memory/1944-136-0x0000000000110000-0x0000000000144000-memory.dmp

memory/1944-137-0x0000000000110000-0x0000000000144000-memory.dmp

memory/2044-138-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2000-135-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zyQQwook.bat

MD5 4b5174cf34c7b3d1fddf33caf0feb7a4
SHA1 0d4c5cd311809367e0c3786e9ffe2d0a0b10c4b0
SHA256 0ce70657c62a7ccd10c6f1e55424605b3394c95fe2b6b7bf88743688cc2b8b04
SHA512 2072092def25b615933fd3feff3238a86b9387c964943e0d207fb89e6e423da752ebdfa915c6eb0257ed6fb2758cf63fd836d31130caac07f86126eeaee83b58

memory/2744-159-0x0000000000320000-0x0000000000354000-memory.dmp

memory/2744-160-0x0000000000320000-0x0000000000354000-memory.dmp

memory/2268-161-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HsEQMAYY.bat

MD5 67ecbaf8d2393c3401a273306a58bdff
SHA1 97d94ecb0c1830c81330a628fe589090fdb6b032
SHA256 227e84b92b6782297c6e13aea6885ba610dd2f987b9e14bb4e0066881098c34c
SHA512 ce162505db3030c453b54b4522706a5559a30ec46c6f01324e7d7773aa9a6f754fe432f462cdb91a67e7b2da5febd42b5958608d57765e67162b67c34fd0f775

memory/2536-175-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2268-184-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2764-174-0x0000000000160000-0x0000000000194000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fMMsAkoc.bat

MD5 3d37af0fe12ed136d038cdf08c003b03
SHA1 7d77e22bfbdb92c606e71363ea6664976bc95da6
SHA256 8a336d2773072ade149127ed5c7ad51ba10eb4ac6b80afc92cd697858e63359f
SHA512 7e89d0f71e6947c1e2a19f09e78aa293b9719b84f6211d6ec60ed966f3917d840cdb482cc1813b020c3ce7caa9acf7ce7d008b7a95ddda4c7c7fdb40c59399b9

memory/1544-199-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2536-209-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2672-200-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cUgssMQE.bat

MD5 260d3a247af8bd959d3a2f6aa653e6af
SHA1 608882f1460742abd7c1c4e27dab153a5d31a11c
SHA256 d15f2607ee5abd1aa314f4e0f81803b223fa25d84c5682eb6f2b842254e1eb89
SHA512 01562e505be8039d9c01f920bc6f3154dab9de7a081076a3c00e9679a7ddfa637692b29fd62c0db3d4dc5017595baad422025d91383c7abdc7c60002808f1f39

memory/1712-230-0x0000000000340000-0x0000000000374000-memory.dmp

memory/2672-232-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1712-231-0x0000000000340000-0x0000000000374000-memory.dmp

memory/1612-233-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yQUwsgEg.bat

MD5 2901f8261ffc9e3adcb14195dd46ffef
SHA1 66dab82a5992673d24a3dd25427e3e999e28975c
SHA256 b82870803be5059c80ffa08ff4627a408f4f718427b2cc6600c71b2369b7c91b
SHA512 cd34cf5141ff11826a5a79c1c81a822f32dcb21a97832536c392f7b35400130dc5333d74e4ba2fd0d65af868780a58e8cf04a33379261673239ec875bc855071

memory/1932-247-0x00000000002F0000-0x0000000000324000-memory.dmp

memory/1612-255-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1932-256-0x00000000002F0000-0x0000000000324000-memory.dmp

memory/2556-257-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\kwUEYwwI.bat

MD5 6435795a50ad5a16392e2c0e9a9e4cfc
SHA1 76137887fbb4087b931b5f40cc50ab1c190f8653
SHA256 01edc54859aed0375cb53ce2130083136dc6757eaea7888e02b63d71e4d6cdea
SHA512 1c6fd42cdd28594c0fb8662f454b57fc55f372b71456e32fe3b7f9f66b2a0e365a8886018a046feccbe96497d14d575bafe1ff0fd9a8b5a8b53b30d62224b03e

memory/1904-280-0x0000000000160000-0x0000000000194000-memory.dmp

memory/2556-281-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1404-282-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KEIUoEsA.bat

MD5 7506ef7cf8c135d9f02cca84a0885120
SHA1 9a05a9c058e16d2af86b19960276805be6f38f9a
SHA256 25213050224051faa650fafc7d0ffdfc2dbb9ddb552756969c186e89e48d2f3c
SHA512 02f6f17b8def1c899bd4911734ff61d64c324fe319108f1e2c7c10f1f0937e9c65d2745941a634e2ba491b66518daa26f5a4f3217e542426e708115c15387fae

memory/1248-304-0x0000000000450000-0x0000000000484000-memory.dmp

memory/1628-305-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1404-303-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YkUcsgMc.bat

MD5 7c80f5729474c018b2c56d4b63403ba2
SHA1 ba63331ed00498c57ebbf2303deab0ad539c0425
SHA256 a6307335619b0fdc6bce5b1465270815a161e642520aa52e6cf76bbabac3f074
SHA512 e25d9fc7047693bed62409281e68129e76e8d6f0a238ab03c31e859b8cbf78206f6c5cb33357d2515014a31ad8caee83cadbe32ff6be31e2e45e96e6e8533772

memory/2436-319-0x0000000000320000-0x0000000000354000-memory.dmp

memory/2436-320-0x0000000000320000-0x0000000000354000-memory.dmp

memory/1148-321-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1628-329-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OMcMAgEw.bat

MD5 03b56b0788b95545805c79c334495f1c
SHA1 b204a07ec580fd775c703c8cd2f31d146047330e
SHA256 83af8170d1c11151c468ec9cf49336e81e9ead579e07a0bc33d7cb73e057e182
SHA512 efd5fa82c4f909f506cc9500a99c4d03648c10ab8881ae974881720dc80b3544ff3141d43bd1e63bf18a49dbf084f23b2e70738ecc895cc05bfa52b5a5f14b0a

memory/1280-344-0x0000000000160000-0x0000000000194000-memory.dmp

memory/1280-353-0x0000000000160000-0x0000000000194000-memory.dmp

memory/1148-352-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1420-354-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xqswsooA.bat

MD5 791d95b388232b4f7e1ebb821e288371
SHA1 4280ed526782ca1e405ece7827a9b9fbed98d462
SHA256 e92dd80a4b4455ebe8829df007588fd85debb3a27fd909a3d371996ec67a373f
SHA512 2b95bbaa1cce2db9f24de6300830adbe675ffd54e4f047420fbfc5d34961379ef142677a976a1adc38f88686b579f74012c287f467ca81f1e1e8c9bd07784f3a

memory/2672-378-0x0000000000120000-0x0000000000154000-memory.dmp

memory/2652-379-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1420-377-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2672-370-0x0000000000120000-0x0000000000154000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BcYoAEQI.bat

MD5 6162b09f10785ac5e5a04ce8d62535e1
SHA1 ba1a9fbd19cf26552fc1e9927c5d13c21031faa9
SHA256 13fd0f6ec4658f0869a99e3a365286779aeb1248106eb01ac5728e84eeb87e87
SHA512 9c9731d9feced9a5ab6f71915bf033b59f493eaffad4b8bcc8c75fc483a8b30913fbb4238b6b8595e41cc20adcb71c237583759f4642fac9ca9144d4bec5fc03

memory/2652-400-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2244-404-0x0000000000120000-0x0000000000154000-memory.dmp

memory/1700-405-0x0000000000400000-0x0000000000434000-memory.dmp

C:\ProgramData\ZEIUEQgo\QsgMUMgw.inf

MD5 daf42bdda0c32b3ff741271b0bf78406
SHA1 bfb355eb62092ea7228746fef51e4ee81a948987
SHA256 9af033aae1662704b36da0ab8e3d162d628dede0cb65e98ad577d5dadde7c54b
SHA512 2155382f40df52f8d9bc46eeda61b4c7b9b37dc56b5d9dca573828f7ed7391c369f36c8114fdde797306f84064603b1946895fbe28bd72b761534f9f93036df4

memory/2244-401-0x0000000000120000-0x0000000000154000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PEokcssg.bat

MD5 3b7b91669fc4a355f7bd8648120041c6
SHA1 7de01aa5d4984bbc0337ea0c58f6d8e7d42f3ab6
SHA256 315b75de91acc2348832f672cc3a6a3a50b77a16c77ad8d52cb23d28e239255a
SHA512 93e54a8408988ac9c5aba0b97ee0895f99a395c3b835c0e7feabaee7c731345369c1b7bb22f1c1ca57727f02ed2276fe70280cb26468bc57c70b7f01193c3d0e

memory/1700-428-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2032-430-0x0000000000400000-0x0000000000434000-memory.dmp

memory/636-429-0x00000000001B0000-0x00000000001E4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmowggkM.bat

MD5 63fc2954d1e4a56c7325fa07a79826b4
SHA1 1d3815fe9b03abfaceab5595301cbf2a9f33e9f9
SHA256 ca250ee10912a3c06dffdafd16992c8ce95990ff8e546670084c869a6873741d
SHA512 93ef3556670156d84e980ce9b44a0b6b0edcde474b385c571a125094de830da3b4484f40770625eadfc9688ceb2a9adef32034cd8aaf2d7ca7c3d757ab6cccd8

memory/2768-443-0x0000000000400000-0x0000000000434000-memory.dmp

C:\ProgramData\ZEIUEQgo\QsgMUMgw.inf

MD5 dd0cf141592aa7388708fb4969f5baa8
SHA1 a545235fd854c8f1cfe3e6cc536849df2f2bfe51
SHA256 90dd312b0ce08242d123ea923ec6f63f0a6804a13a79dc335309c4667c29160a
SHA512 aae80e240b318f536650fa05b91fa09ff4b04ba701c0243e921212fa91490be0477035f38497a8fa8b52ac6d4d735a11c142b18454f059c7bc6e7cfc0102a2a4

C:\Users\Admin\AppData\Local\Temp\LUksoYQw.bat

MD5 0c15e96786d4118d282059495dc23fee
SHA1 ed7f4b4a889b554c6529e0019acf56b3f3540ade
SHA256 4e6c728db4ac92e1c8c7487eed6525db163b175f3d78748a84e27177c23a0033
SHA512 ceee5a0edef23dd71f2ac998910709e612b48aaa2a40caa8bd679728bbe2f8d3140b2b88e1c0f0077d3f62a7d4540353d7b829d8d2e5a2bf4c4f739129c798d2

C:\Users\Admin\AppData\Local\Temp\mGcgwokM.bat

MD5 4021a175d339fe8647eecb5f4b7985f5
SHA1 e3475bbaf7bfddf3683aafa168be32d7fdce35c4
SHA256 ffc86d9e6f0d67cd73635e3b14c72cc68da1cebf7fa1baf1d6a17123bdf7fce6
SHA512 b9ded489b39cc4b13672bdd82df75f64d95a3fe0bcf99dd3d333ecc0b47e88fda512a46fab5c3f0bbeb663d6d3230ebe56f4f2bb63411bdfb3b757c65ff02bee

C:\Users\Admin\AppData\Local\Temp\qAwoMIkQ.bat

MD5 9d2a717cfba5f879aa19c1785f4fb017
SHA1 f77de12416f074e9154dec9596be891c040275a7
SHA256 5827701ce9887763f5bda701ec60ff4bb07138e046c4693f7e581774586430e9
SHA512 6f1ac2d5338be94ce229ba253900cfd7ed0c210e73665715f0a3b36b985c211f973117cb2f8060bfc4b9acbf47e8deeb3daa58f023e38634b561ade67ffbfcbd

C:\Users\Admin\AppData\Local\Temp\QOAkYYos.bat

MD5 1ede280d7e66502639e049b358e79bfd
SHA1 681604733dcfe25921b13d0d935c9b195df3c14b
SHA256 a046efb91fa3923b88ba84823e0eb5891c38b9e522913b0d89ea8b6bf3ea4d59
SHA512 03a7aca18348c041f3505dbcc58ff9dec43c5714ba857e87426ace686e08c7a98862b1d7e26a19f3a09b9fc6b155bdc2aca45a7c022a33c0105a2b76701d0ce2

C:\Users\Admin\AppData\Local\Temp\UysUcQsk.bat

MD5 17e23752b1b681d2700c522c2bdd6181
SHA1 4f224385f31a1f62f87f2625a99ef8166124a2f4
SHA256 5ada15cadf7c6c40c3866aebceac984f74bdeb43c48fa5c8de3f1406164599f7
SHA512 64c87590f970930a26a22a559494fce34ff3d75acdfb142cfc958f0189e4d460678fd3f3a5888547a617e843deb0a348e1da69c517635f7b073219b90391e24e

C:\Users\Admin\AppData\Local\Temp\QkMC.exe

MD5 ba291f2d3bddf509ce8b1489b5c83551
SHA1 f9a625e18207f7b0d676f792fa9d704e22d98e04
SHA256 ad0ec2e64ebe506c7a385fb79e49d9dc1df78325931a04e87545ca70e78b7145
SHA512 47f16913f78e504629289c8e0c6c520f79b5aba5260fc7f588c259b231a35bc54bf481a1a6abb615ef3e257015a3af8ec82015d396d9d44f64ee72b94128ad95

C:\Users\Admin\AppData\Local\Temp\MKAEUgUI.bat

MD5 b6ccc1784ce30f255f428442e1f75e71
SHA1 587c67961f148c363fc227d1d2d3b87c15a69655
SHA256 bf711ef964b18e6417764691632eee81c7fad8ed9221884718280e07f3daab5a
SHA512 d0481e76d02d64e5a0e82e1b8de5da9e75fc2890bb0e640b44eb2f78f001127235f761ca38390061ea6ea04b79128ee02a2dd9517b3e982f9a3d376ce456966a

C:\Users\Admin\AppData\Local\Temp\HoEQoMIU.bat

MD5 5b29380b12b0c4093bd15e912e1b5de3
SHA1 4a1b3f6efa8abee57392f4f795da78324989fcda
SHA256 1c401d08d7bc3070c920978a8c882c0657892f0740c52702f046af06ce1b68b0
SHA512 96ab99cdf31f4d675748daa8896423da1c4bd52125d91d6deb2da2e88ff9f939d6f0620ab1966a362de7bed84fbee58aa8fe3776c8c1c9e2517f65ff89266312

C:\Users\Admin\AppData\Local\Temp\VCEMUgMw.bat

MD5 a1674cbfb9ba23f5a1df6c6573c0459e
SHA1 ff3c89727fd1e05619538cbfeebc66f95641ddde
SHA256 3e83d95f2a5a8d2c91adfb21219535b8531d2d7d99543e891f01ddc263275d54
SHA512 a5acb9ddf3c3357a24bdc5a34103c27151f4af4117b9231f222ac991f2052d80efb3afddf370c959fcfe392393924aa21900ba821d812cbe9f6bc65c6a56c00d

C:\Users\Admin\AppData\Local\Temp\XIockgIY.bat

MD5 bc044ba6e9f5be84bac6aa5b63f0bdbc
SHA1 1ce219faa856fd7eb9746ac832e08b6756c3ac80
SHA256 ea88564a59610cd9fc3aaea6444bf067409d45625f3962f1bda2dfe900b88e06
SHA512 885655053432f9d93f25a471b180a1df2467bc7ad20756f20b1f63c7d82d1b8cf7a03a390e55f594d89a67867bd4982623f03d8db6b33414b580d4d3eac5e7b2

C:\Users\Admin\AppData\Local\Temp\JkIwcQEA.bat

MD5 9db662cbd77f23542d45f3ea2cf290fc
SHA1 ad7cf5cbab920dc933bfe564aab5efbb92120492
SHA256 4a57044ddf4b660f48a16e37373f5ec6c89e0d30eccf30fb4f2b77d6e9f4b6e8
SHA512 362666dd9eae636758ee16bdc2b90710eb0924bed56f588b426da10dd70856ea9ccb92cfbbc1b3e3227ffef3efa5adb18f808fea090c6bda07285f61b535ebfd

C:\Users\Admin\AppData\Local\Temp\zEUgoEoc.bat

MD5 b9facd86a47a76e0f4b47160d87e5853
SHA1 0c9193d68deecfcbb42fee040ee4749f552a47c8
SHA256 c77229de5f524e37a429905f70c4ec621318c05da6d2c9d7446a033a919be473
SHA512 8553b09e134aab2dbd7db09ee88da43dd73a21686d173a85b57cf1c3d4585fd4439cc145027ab8ca04d4a075266f17f09cf5f00e7d894df1e888e8b71f4049fe

C:\Users\Admin\AppData\Local\Temp\WwEYYEUs.bat

MD5 8ea4cd52a685de3923b3e974c579c85e
SHA1 8fbec34df7d2f8aa4c5367a8fe0fa5fb80a80d93
SHA256 311aabf020d4adc74818299b4f55a1bd0db20cf16db2460b5df19bfc8ea8c2d6
SHA512 b7b9276225c1a66fc63d28c5ebdf3c291f8fe1a000ca3a1c47ba748acefe5517b90777d46e40b4d85794f9a5407ff733f4b2f177e3bbed6d23065bf3d048854d

C:\Users\Admin\AppData\Local\Temp\ISQkEUco.bat

MD5 1ef575fb6133407f3552e6bd19d9e98a
SHA1 02443d56c3511d6d4b6e42caf08518c3cac5de09
SHA256 d195b1ca4254208cf18b7a33a703a4cb398cfd07a1c7757c32d136d15c81baf9
SHA512 cd27a8e63223f82bbc0aa2d4e258449cbb077d4774ad3e7f09c6ddea5ff54ee261b219c039033b641b845860d7b6557072078b111fe8c02bb9097c256ca8d2ad

C:\Users\Admin\AppData\Local\Temp\GoUcsowQ.bat

MD5 ff1c5fa13bcdb2b818023d6a5ff56259
SHA1 5280262a2dfe5906c02c94e267091f1ca07d16c0
SHA256 1f8587ae36c25234f58a0e5c35b6be2a58567273c4092943d2770e770954e6fc
SHA512 7e159e020444dc37510cb66bc2d241d9e8c3d2b5081c5ad9e67d4541b53b24559582cf653c107ab69f8dad848cbaf498554c0ce4c7d7a94ac44c2e63e57cf716

C:\Users\Admin\AppData\Local\Temp\KwIswUcQ.bat

MD5 74f23f00d90d3d34be16061265b23ad0
SHA1 5532a1647c3f24d08c91383f35fadce29a3a53b4
SHA256 f63cc95123017f90e5cd8e8c8e955321d4bad3b0545f6b492b7bfeb60514108c
SHA512 2d876e4d03649ea51d350a33cbf4d490a6728f5b06a13d6ca9ed5dbfd8e6c7ad4ff855a1d787f97b731d32b5eb5618016e255b6d5efe7f8a05d815f508f38dc3

C:\Users\Admin\AppData\Local\Temp\MIAAkMkc.bat

MD5 5dd920695bd570ef1592135b4961dfda
SHA1 cd85ef46d94f997aabee533b790a01c215b64cad
SHA256 a787bb562d661621c904a558ebd3bc55c97a07609c52fad37259481ac55fb74e
SHA512 90643650848c4dc8669350d4a3aa107c79d4da07bb1610e57975bb0698b4db47546e33d824d966f2137fadfcd284d2573b7048cca1c5009b92b0ab42e9788300

C:\Users\Admin\AppData\Local\Temp\fWIwoYgs.bat

MD5 457e552189646e2e3341b003c5e727d5
SHA1 239c2b2f0cec9e4e6d7dc88151afd5aedb4e29e7
SHA256 d12734006ea519b872d1c7dc66e69fd0b826ebc0cd5cf5e12abbf1ad8e7c5bda
SHA512 a5c0e3f9822f32f3c7e1f6158fdc9b87075e86fdec438ed5265030be6b285e37bfa4c1652105c0c82b9ee3dc98866425cace8c770343dc09eec038fc7c0031c8

C:\Users\Admin\AppData\Local\Temp\DcQEQMUQ.bat

MD5 260b950b2e0fa658bb8edfec198a71c1
SHA1 9bab291a6fce049486f956c118d2d943ba19d209
SHA256 b648c076d3b622b6788ea2c6fbcb24954d7e00b1ba0db7b87caf77d4acf3e3ef
SHA512 e7ce0d0d1ac9806278abd1e240a6278a2b6c6ed571ac87028f2735ec7ee40b7c069ed49e0fdea088deb5e52eae483bd40879b3021b4ab055fa82510b6e299ebc

C:\Users\Admin\AppData\Local\Temp\gYAI.exe

MD5 33f6d2384feaed94da5dfc63961fb2c7
SHA1 7cd14a1d7d00aef891c5e3239155445e427db4bf
SHA256 4ab81b64e468db08d9287e840e7698b366979d807999b154bdb3250d48f8747e
SHA512 8a3a05c35c7c92fd10b0432ba481b7b2a661d2f1de89cb1acc33898256d0d0aca657ed383e257829208aa8cec63da94b0bca03d25167df02c3c5ccbc855307b9

C:\Users\Admin\AppData\Local\Temp\TOIYwckI.bat

MD5 85f06b90c789938d4da58df9343a3cc9
SHA1 7a6a8d241fe967f8b7647390166f7e4318c85bc9
SHA256 69f1982e867d0429c169f8de77a64343e4758d91a31fe2df149df7a385381b83
SHA512 0a2f06685cb595000c6af0ddabef4a94bf2c3cd16ad0a3bf73f81fabd47bdb5c671f77d6ad8e928129284119c8a20a6cd6b6b37a2ca6535a65e5fbbef0a368f6

C:\Users\Admin\AppData\Local\Temp\IAUi.exe

MD5 476ef358478d9d8eeb7bc98ec8876afb
SHA1 f05a958cefec397e5cb8c29e92676d980666e905
SHA256 6e0cea6c14d109363e069f23ef36a2bf16b0c04dc352457520a57096c0f02991
SHA512 236a175d807b082a18ee2268a9e383b6b9d64badc45d4c9b35a9009f86567ba00ac723d8146a13b1edea1812b31f266da0032d42bdadc35e2d3aa93a337bd729

C:\Users\Admin\AppData\Local\Temp\BsUAIoog.bat

MD5 f193a1d03b09c16e777a35949d6bbe12
SHA1 f27b2aa3e370cbfe18eaf5936433809443022cbf
SHA256 10eaee96255c97a3b641e073b5124a53ce895cfe162e578c6be72f1577190837
SHA512 27e64d9db4b627279be0613d2d724e3d751a73b84d595fa46c76cc78826855dc2c4589021502e6e67903917bec1f2df895fa54c4fc8db6be9e089be7ded0640e

C:\Users\Admin\AppData\Local\Temp\WcMS.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\ogIQ.exe

MD5 ae74a27a6328a5aaf90d927498c3d372
SHA1 6bc3372d4ca643f666b243067035dc9b2a1adf37
SHA256 97f0696ba25e3cf4bff4a4785dfb421c8fd7455e91038394bdd0aedbc178c37d
SHA512 8867b59f002b16ebfe1aafca1d531b5a869de463bd6e911aafa073c31e76d1730e50bfd08e020fc0e8c4921b2b115fd61ad6a0c922eeb2f451a1244e11e74648

C:\Users\Admin\AppData\Local\Temp\mYYC.exe

MD5 21299ba1b7318c86d749b34ed7510d8f
SHA1 f56683f2bfd1765d627d62218381f706025c1cb1
SHA256 bbfe7b2994b42d072907565211cb4faef809361aa99abefc0aca2431db509dd6
SHA512 e24fa0482959f0c0c7c8cb197181f0981d646dcea187177e3258a1faa732bfe6384d70dd694ea406a1e97a3e08cfe995091ccaac4f286e7c6764b7d1aadf9514

C:\Users\Admin\AppData\Local\Temp\ocgY.exe

MD5 7ef0a61cee302468c2608f36044a7199
SHA1 977cf6e659eca6fde16f700265a34f0149bf9d5a
SHA256 0bbe8454faca788f64075e9358627a29408c42bac336ad474510392f0852de57
SHA512 40cd7305085e357f9fd5819bf6aaa0d2e486c5bed61a68326eeb1a74d244287f7d34c752ecd755f85862998a1001b87c21f13e9692c0e3ac5f619ede275df962

C:\Users\Admin\AppData\Local\Temp\qYgUMcsc.bat

MD5 dbeb279cd935ead5692d54015e67c5bb
SHA1 262a41589328998ee3791edec3446a98f1cf9a45
SHA256 e5a7446d10c51c8116e884217ac83c9aa037e65a92418cd7b347ce60356301c7
SHA512 b334db56f9a0e9b1f80a7fe66e3816467220ab14a4da55aed2200d1d0477c5995e774aeb4ba2b709f6b9cd2a3f88908ad25666f0ae6da3eda9f259fbe634e0a4

C:\Users\Admin\AppData\Local\Temp\IYMs.exe

MD5 b58ce1fd15f0fe974c7a3feb2d8df3bb
SHA1 247c39ebdba53f1991287c16f755be54b3779a82
SHA256 99aac83a2e3168d86fd3630e707ca25cb0ebb75cd8921d7cd3fc3208d82cafe9
SHA512 249f7e9cbaaee53feaa9be6ce7b968a6a5ba05e175f927156b34d8c3ad3c975dce8607c479d8b81b7e489f052396bf13e001ba0aff11567546134f682ce9dd35

C:\Users\Admin\AppData\Local\Temp\WcMUIgUY.bat

MD5 4d0d57ba43102b559f440d7a0ffc05a3
SHA1 149b919e6115ffc49ccf79a03dabfaaa00ac9d2f
SHA256 ee69801691691f354dcf1344bbcd66f72b4b782fcf8043984db9aafbcccb2fac
SHA512 acc7e418950d9455c86d3a4d5cd9c567b78a9712232b35af7b9a7735e007b73c9b49830f0d100c738c4e9975813c9bb4ca93f9ae954eb3a9707cd25d7fcd39b6

C:\Users\Admin\AppData\Local\Temp\QaUUEgww.bat

MD5 55bd27b6409298a9fe04591cca097f61
SHA1 9028524843b10aaa6c2b0ac69603c5ceea664cbc
SHA256 5364e24b1c8119d40931959780a9c0c2f1a1ee6eb5af60887bda62999eb1f854
SHA512 b07132b9e3e4d06f82dabe0a5fdf8b9003bf1f2c20c5dc9e024493c863b213a284fa8152cf466791e0bfed6bc221576fd2fddde032c9195f02fee392571dfcdb

C:\Users\Admin\AppData\Local\Temp\UwQk.exe

MD5 c246346312ec6060a39aca4a84476428
SHA1 972d756c89a7a14faa3b7933f228bfff1b3758d4
SHA256 69705739b012c952d626364841d1600db06fc3efd45d8d14a05a5220a36a0634
SHA512 2f5b99dba38edd90ffbbddc53d5208fa0dcdb5684ee68f6ef393fa870377e7dbda95005ca7411bdae565105461c18d3eb065a6c664bc5f77156871deabce36cc

C:\Users\Admin\AppData\Local\Temp\MQwI.exe

MD5 43fdfc600290ea6b06a2820475ce8177
SHA1 1866598a288620137ed8750cfc6613116f8c8c27
SHA256 c8225c514833ad7bf4f5fc1d8e3fac9a3515af7053c8de6d02c9d7861d9819dd
SHA512 0fcfeab44bb9e081d8a17f228ac57e8b7a0fc224daf8a4f5a669ab721d6d23cb1826c765a08167542390cee2b7ebce3071f52eaa4210f9d7991b2b4a48a1d3d8

C:\Users\Admin\AppData\Local\Temp\UYUg.exe

MD5 3109f74d07b430511cac94dac37b6d82
SHA1 593d511ca69de2f16618a515426a89ed5e811f9c
SHA256 a6df0b690bec21ee14bc572949bd56382f614453f641a347b565bd4b875c5430
SHA512 7ba564abdecd32f4f2ba33922616a7c2ba9c4868b3188c0691d333068edba675a3625c7169dea974c8c632134ecb76bd1193d751e2cd06aa3d09e3cb475a1d1f

C:\Users\Admin\AppData\Local\Temp\EUUI.exe

MD5 7b00246eb27a7d3c41f7a67df3c8c510
SHA1 dd78bcbb716e351c2dc4c69c24606e21238b036f
SHA256 5f02ffecfe4be1b38f4d3670175d7a26bfb2f6177b344de63c0219d7902d114c
SHA512 b57f7c19b1cd5bb680f14606d3f4e0a5ea0b1712e86f73a0cc11bdb70e742dc89b59f836a68bffa2db62c4b9302805017dede5fc87317cda0d719615716013a5

C:\Users\Admin\AppData\Local\Temp\yEYm.exe

MD5 f8c35e9d54a4892d5aa1a0d9a2abe664
SHA1 b7bdf836b27b6ff111e8193385a58efe761003d3
SHA256 23264c47e695536cd974df9fe88edac9c17d358954e9014e9231f8f73d0bd863
SHA512 dbab6b25fdc67a5aedc67b61a32c3102f2a67a859b9dea7cdc57e0ba7716f171950546b7bbbfe0950ade228a604840c85aa556cd68f7e6dbe131b5a1b4c5864b

C:\Users\Admin\AppData\Local\Temp\qEgW.exe

MD5 2b8844714fee723cf45d4d7ebc8354d3
SHA1 383760373640ea7ccfe343c01ab52086fe032c44
SHA256 941f5443fe67ccb655ab7575b0a90a855af754204b571a53dbb4bd9dcf720870
SHA512 870fdc79182d607267ef9daa45b3218bd7b5562ae73c57e295cb5d37e53cadc916758b6a01544325171f58d88b4cdf921c594bb65ee53510dfc95ce6f62b8be0

C:\Users\Admin\AppData\Local\Temp\ogEe.exe

MD5 b502e7787cc7be7bd024403156638ab2
SHA1 c44a8d366e03452648d274f8c7e3acd20f7993c0
SHA256 03ca1c0531047130442af58d334a9c8c352a36782140b05a1c1a809ab7a92311
SHA512 3fe597b3093b6bccc8d9e9e8ca563492e40278fd1cc32b7a29ce2dc16d0800d062f8dbf53d7018be626331fa618424a825ff4ecd2e324a5f2bc2db61d879b599

C:\Users\Admin\AppData\Local\Temp\oMgQ.exe

MD5 48e0fbaa8c611af4509766a6a910d492
SHA1 e71cc1bec8fb7eadff8137d548b8fd4942f1a8fb
SHA256 4044b8516bcb756f6a990678b1cc418babbb757fcda95943ced333fd1cfc334c
SHA512 67d37c0f0781e6470a9c7262ca2086b1f26dbc4cb7e92ffc7ba68e8c6cb2f5da4acab2633cc74f3948b4fa77ddf4f27049a7127c92e67a737ef1be75ce0cecd2

C:\Users\Admin\AppData\Local\Temp\kIwI.exe

MD5 9b0f97c9e1cc92632cb40994ac60b62c
SHA1 b57ba48a46f4a67201ebfafac98c5623c6a76d26
SHA256 4ec85b36698187046d31bb59905e172b32f6a9eb59aed96d024717dcfaa23f51
SHA512 0975b2a7388616bff92a13208ad28f21a94c373f5aac0e07503998dea30b9bc1c235acd0bfb6d6362bbe9514b1d4cba45340672a3587735cae53d5834126f9dd

C:\Users\Admin\AppData\Local\Temp\PkooUIAM.bat

MD5 a442305b28ac2d7776ce0579e6cd2af5
SHA1 41ce9aaa581985cbbd007643f5d830cdf1f2687a
SHA256 bd003602e16ec690cb85bd718a8ae57fcc0450d2e6e85ee72e6d39f0e72a7439
SHA512 51472c6d9d18ab4599851fe3212170dc64d597f00d0f6cbcc8c55a4b889a92335b8e4a2217dc5ea390abd50df60d3a33813c890e0f434c7f7ab31b9aeb2fc397

C:\Users\Admin\AppData\Local\Temp\IwUK.exe

MD5 8852fe0ca8e7c5828298d8578a4e1c5b
SHA1 708a46b0e241580d82474a9ef0f0d7c5470585e2
SHA256 a87cbe10d4619111dbe14d445bd87aa05e866be12dfb6c1c73aa68113c9869d2
SHA512 e83a17f3764f450878bc11d519f464a187c8dfb4fdc3422f502f8e3e2f6d3f6a71fa709c6141a1d3562b2f9ec6d821b69144a00d32d818b8f1064dc13f233acc

C:\Users\Admin\AppData\Local\Temp\IOcYIgUQ.bat

MD5 94a2a160f8b58849055d0241ac7bc086
SHA1 56f3aaf0b5ec8fb59c42a79fa3d414d0681418db
SHA256 df92ea3d174d97df56fdc41de52733798a25fffee089f5d9370287b8bb098fac
SHA512 9b46bd536d278014af78fbe9347aeefea7d9382bc3de2b2b8c52cf9966e09109aeb89f0074562ab70b37d96fcd1a8bfe583083e946deea1471b1858a9fc0535a

C:\Users\Admin\AppData\Local\Temp\WwMM.exe

MD5 276f4e988e7e692c9a13fc9e5fa387cf
SHA1 17b0fc070e46387fcd5d7a84ceeaf784a6807826
SHA256 a50199c3e0c63f0f200cfabf86daf451062cf42c1412560889ba8fb1c2728d5a
SHA512 50f2b72d948affd98dcc759f27e31a0b6ff2753e9bbecb9cf3564b9f247fc37842339e984f7b1243941b6be5532d3f93055eb6e9a68e498521a1b42ebe9af60f

C:\Users\Admin\AppData\Local\Temp\igge.exe

MD5 826fb1c29f0ff75c95459f25567c5b30
SHA1 a6b3afc32e040e506e1e0821ff28bd8b90e49a87
SHA256 23c59cec24eddad8e57f4d6122f0247d576e8b4e95917a1c15c935af73ebecb8
SHA512 13b00a5c5f27a32fb48b11a5ba3ca001af35acc3dbc73d0cf9fd82804eaf90f167f95a06c2fab44dc4fc46ca1487043b5249a4e59cc2e02b1aa2c5ea4a865800

C:\Users\Admin\AppData\Local\Temp\oYwA.exe

MD5 0e65d859fb66cd10b580f9a8eb5949d2
SHA1 36d3167181b0109b146d9d3f6e9aa823aaf4a98c
SHA256 1f3c1f2fe5c5c57c78958b8ca6f5a383fa3ac7123035a2b434383287047facce
SHA512 e697b5c6c5c373d89657736b89f3babf84920ed70ecf5040acf909943a83d93ab424044564a7fcc0db89a77a3be3faf696a4aaca06fc4c28a79ae41854729ba2

C:\Users\Admin\AppData\Local\Temp\qAgq.exe

MD5 7da3e6bf6033592561fa1b4a0d9ee69a
SHA1 919de896bf8a99553ff0cc60630dc8ea976f24c3
SHA256 65121a155ff7ee1ce8e919e175a05d23ac868061eec991ec98ea4e16e34d695d
SHA512 68301a46ecdb3c8cf5e4de6a3cdcc53013963e45af5aed71fb6f4f3acca91cde1890c7dc91fa6a6bf997a8fed94d42ccef63d293120ddac49a3ce3d47f3053ef

C:\Users\Admin\AppData\Local\Temp\Mcwe.exe

MD5 c37b1e7777c90134af039fbf96a22d21
SHA1 00db27c8701964efb461fe58e04a2313e4930d1e
SHA256 c55af98d755cc418bd5736944f67e7ad76c3c9e3328273b1deee5c98746626ad
SHA512 aabbcca582713e2d415f2310034c19487e4130f2d7c8277a5963ede8f9a36ddbaeb5ec081e759d165e28c1ce8c2615723e842c2534528c99b3b3fb10974b72b6

C:\Users\Admin\AppData\Local\Temp\Iwca.exe

MD5 2651e2988a282c5dd628cfc17b21fd10
SHA1 b048f967d3b6eb02abe166380e56b113ba6c8440
SHA256 f946883dff0e05ca4e7ff0ad65124d23a85c599df98692c12ca4d61c43fa9dcd
SHA512 e7e9223529655df0987d194f42e5cfc392030fab3dc7a882e3a56488d2a059b405400fc7cdcf953e66e6ec13ea7d565ea9d8e56fc1ab6c1affd9ada35bd930bb

C:\Users\Admin\AppData\Local\Temp\iwQu.exe

MD5 8ec5c9480e1d3a5af85e8b348c6d6ef7
SHA1 53da1dd8fe39e53e27ea3cb025ca842284c3e3c0
SHA256 0968ab713fc8ca264c5038a5ceff4d20d47a2c10bc171887907878f427c8c720
SHA512 aba45ad5f500ff4e71faeffaf5ecd580de609d7ec0cce45ed94026b02e01804275dfe4de5c0bc53255e852f8993509742682c2fc0079ef80ee44017fa4728d11

C:\Users\Admin\AppData\Local\Temp\RKscMwsw.bat

MD5 09a329640bd3fabd77c42779cb0df1c2
SHA1 d0969281725c41143a1c30cf57026f80d0496921
SHA256 48587b9e33ac10c5b6a61eacb71914c64ddcafec3986af580fde768c64aef193
SHA512 ea98a636a5d5c1247fb5b95d19de39d0f241de3734808a6e816c52361e8d507afbf77525ef50ffb07db6f90c526abad82f937ebeef85e143ca40ccd1258c7f15

C:\Users\Admin\AppData\Local\Temp\mYss.exe

MD5 639308cbcbe7f1c98a61a7873fa4043f
SHA1 6a65f591b6ec53e8a85b2ca733e7c34e3cebbb91
SHA256 ef6f4752966e842aeef0c2f4084d1a5e32c03ec876d407cedc46920069a6c562
SHA512 9afba60084d0c4025a6e8124b1b68b0f6648ceb1a5f99af67db426312a18139a3717fb6d51f1cdd272e6e505ae2249aedf270c6535ae1d3ff4cd3f42cc261d47

C:\Users\Admin\AppData\Local\Temp\xSoMYAws.bat

MD5 f0a9c3d14fd6c44bef96237ad17e9b36
SHA1 213479fe32a46d045100816badf657961a1a1156
SHA256 e2d8873e85be4202f5422d1281c5f976e7cbae1093d8aa858098cc0b4bca67f3
SHA512 3230ea0c42f8dc82e8a97b3579a49a9b1cc739772f53eae212165755bd336c52466e62e27d0173187d36f262872d1810635dcda28c896c91f990e7f2e9075440

C:\Users\Admin\AppData\Local\Temp\KoQE.exe

MD5 df1b3e76322ed72ad99b28a804684c28
SHA1 0982287e459fcbe6e174f9ad6b1e9b67d96373b6
SHA256 baa4c14dc56d45566fb1947addfade2c9ed8f504aea8b1c1a37bf7be95109ad1
SHA512 79b154c89040e9ad5053d6c37ebb85deb6bcab646da90bab75d863bc6dc0bfc5ca3ebe8649b5698c0bac0d4c20f56b634ac253e7aed20d63ec7248da5d3a66a7

C:\Users\Admin\AppData\Local\Temp\OIQg.exe

MD5 d5f4441d508db358ac26891859c8232e
SHA1 ecaa931e028647bb2f62621718e2bf5e83631d7f
SHA256 58096b9a5f7de2627c5f758f89d8018e17bb0d748853a5847a08e336b173275f
SHA512 810a06cde2af4a8163822c3976e3cc0b148d6595407a37169f5f05ace025fbd40796945fa670c13b29aa08086a71fa9c990eb5edebb88b49179429f54054ec39

C:\Users\Admin\AppData\Local\Temp\wgoq.exe

MD5 eacb31deb614ddb485d3fddcfddb8e7e
SHA1 d0d39d357139f3055dcabc8d2ecaecebec64fec0
SHA256 6e3592e7b8e896d04338528078795de1ba664b2aec9a1337a1baed6f4aa300fb
SHA512 1cc1ca188536f63c9072be86dbe7f6d1c1abadbcd13016987a48b7ad8283cd1d50f652cb75cef9ab1ca41aa4b1f5ab7e4bc0af70206d100c21b9435e34d13ec0

C:\Users\Admin\AppData\Local\Temp\isYC.exe

MD5 6f69ed697e65d8edbd60fbd0f5c703e6
SHA1 c60824ad10bd9d1f2182c768c591f798208f6134
SHA256 d91be31eade87a4c14c49460cabb07bb7be5e7f6cf668d3c43b2bbc8d6fe0278
SHA512 137c0ff1da6bb49a1bae2111e5cbc99a26d6564a55c960d4cb87d6f4a30c745c9f919ecddc294c8c26a19255f092121d7c674867610998f207d93022c8234847

C:\Users\Admin\AppData\Local\Temp\IoIU.exe

MD5 3a589e3fc999fdc685560a31d6666cbb
SHA1 f28a3241b65405a246f73b2b89c1318020e078a2
SHA256 779e3fd699f23bae351a2e71160c2fc95be4e65094b01a694f8675fe972c15bb
SHA512 c1f7dd57dbf0d0a81884c68a403db2373569db511bb0a63cf87614655ecc31515e2b9ec4c4950073e46ef4693893c5fadc32f6f5b4f3fcc57ea6f4752497606f

C:\Users\Admin\AppData\Local\Temp\WUUq.exe

MD5 7e99e7d74caa402676518ecc5c62981c
SHA1 a76645fc9a739aa5c7dbbb2d9c2c918001463987
SHA256 2bbf1be8923a80858009831e63382f43797566c0bb008125dfd96dd1ec66bc0d
SHA512 deece7d866e90c5ea1442ccaaefbfaf648e27532162139d83f84bd52feef740daa52aeb71809336be9b4b549500b87dfeacc6b3fb5fbfed5f93235ad9ff1e21f

C:\Users\Admin\AppData\Local\Temp\Cwcs.exe

MD5 7d6df82c58868f870b82e1a63e204304
SHA1 62a2ef5b77cd7deb2c68f0fae8c149a9b4a09057
SHA256 db3bbf82d594b9601ad742a1272eec1b334923886144b7a7f4991766e1849f22
SHA512 1514a376085fa7b47fdd7c6e6232bfe495b0749042c98276a7a6ec10f0df63321217ea790f6920556a2ad7e321f9ab5e6d631561113890e8b8ed4ed8585657ec

C:\Users\Admin\AppData\Local\Temp\EccM.exe

MD5 a7944cc47d258199271c430e0e3d0deb
SHA1 93750dab19cd894f26dffad848bf35f220e8cc86
SHA256 78375b4fc334dfafb0e8f19c59750f4db7563c0dacd60ccc6fcc5e823fcc972e
SHA512 3e1e60e312d45dfd39d77517d6298be2ab3ddc2bc5874500b5009d5a6c056266352c01064e009291c05942f6533f617165d67a1b80ed5f5b34baf6817031ac71

C:\Users\Admin\AppData\Local\Temp\CsYq.exe

MD5 708e6d0a43e365ea524254bd19c15012
SHA1 9a1816e29177db460b22d17c9c70ae052350f121
SHA256 5407674d203a572a2801c2b08b779fcd58920eb0821b48ff5fa62fceef78c6b7
SHA512 0a24b193e3a6d4cff751e498cefdc58ad15d8937a2ce027a50220ae5c0fb8c2aafb0c16c2fc7da464f24974eaaf41c4560218637edc6fc9e06db3c4ad3ca8282

C:\Users\Admin\AppData\Local\Temp\MkkA.exe

MD5 1de96ddd246286223e9a18355843bb4c
SHA1 72129acceac71bde882144a43ed26db9b3c9df0f
SHA256 c81ff8d610362c34ba57604add7828f36869f4b88f9fbf44312ddda625420d51
SHA512 a2224854b106a1886bf8714eb223bad2df4c26cacf4767104aa6d45f6f62b6cf804913b3ad4a032142b29ed3da76f496235f5a6a7c0c557bab239feb8687a78c

C:\Users\Admin\AppData\Local\Temp\cwEo.exe

MD5 88f024a123ad582133e43b430117dde1
SHA1 f22f187a39152f9221d0d4b06fdcf5737040cfb3
SHA256 7bb5415e6a6d48d8e6ea0b52fffb2648fde35542167ec855c3607e01354d642c
SHA512 0cb531ff184c6a532f4a3de6ff445e0fc9594c2f081e172352867a4c52868ac73a0cc01a7c7e22be2f8bf3d76b209c83fd0d7b7718fa6b8b7d702e54f01bde65

C:\Users\Admin\AppData\Local\Temp\qkkQ.exe

MD5 207bfab0b9da182dcf838166cd6bb155
SHA1 4f1a70474f654ed9e181331c72106ec21099f2c0
SHA256 8cb63abb13115c52e8a3817c82aaa65ee55cfd7c85b0855d7326eff64991458c
SHA512 4f0dfc31ad9a1de9f4e0b03651c4ebde3dc5e99866c10e91e5822590e9d4ced926df40b9c63f080dc92956688c70d150a3e78de3808fae7c8902fd3887735f4c

C:\Users\Admin\AppData\Local\Temp\OMcu.exe

MD5 0ae8054ae58c0b6f5ed5353ecc83ca4e
SHA1 213217944f602595c63308418c08ca60fa215e1e
SHA256 133318ef0e27fb1337b9c73a57727f8100fb619c6a25b099c221263a5686cba3
SHA512 7a1e7f5206b0f64cb9d46f6b3daa3ff70be753cc4ba0f67bdcf2eaf9b5293fdf62b53b47f32c2e8b647abd8e27feee98c925c0049b759a30e4a2b19d3773e46d

C:\Users\Admin\AppData\Local\Temp\QgEo.exe

MD5 1ac7e71c925a9dff1c0999860376c2d7
SHA1 2f8f8aebad0af8ee7f36f6d2915053d646900d52
SHA256 e478696f6f22b294174f77c0b3a1a02bbef257da3d7d1aa5e1b6346300d44b8b
SHA512 628b4e600bff547f1109a44fdd1f893eac3b34c035235c67e65f9ee3e3b79d014c58934c7df093731d5aa833734979175b0227927a31a9dfa59886a2243e5ced

C:\Users\Admin\AppData\Local\Temp\xQYAooQI.bat

MD5 e59f22909fd1a5fd23aca017094c704d
SHA1 512c7529c22638c09f42274905cb34d46b12e72a
SHA256 5c585f734e0e5318984f095650b5bcf78f4a625f933da6ada7d907a8dce02a9a
SHA512 482d45622bc2020ae8ad55c5fceeed5ca0ff25848d6e3b559dcea1ea2666fcfe7c10904fc05d37fbbc75be723cc22a02046b1018ca094e36f9fed2faa37f155b

C:\Users\Admin\AppData\Local\Temp\QYYa.exe

MD5 38cbf4e0eb1330b680f083f40123efa5
SHA1 6004e13c9c1efeb9c4aac859647309157335d591
SHA256 c46508d759778212b26ca3f8a0c773bd54d08af810216b15db25a3ab1c830d95
SHA512 6844b73a05cd5eb01e2fb98a727d93d78d652aa26d8c2bd8194607c5db4f851be3350c79659a15088df59ec0c528199b4f0720317103915b97038050cdc4f2d1

C:\Users\Admin\AppData\Local\Temp\AMoc.exe

MD5 f24a37dfd074ed327cda960070372bd0
SHA1 8608d289b7bc0bc4bab803c5462284f49f9cd3fc
SHA256 0a1ce879c644614d7438744798e30cf3ed023bc905dcf6cfd87f326a2439d30e
SHA512 1ac863d75226bebbf99ccfa3e5c5ac6755f68682d2367ec8a04ffd3529a14cf1d250e61e570a51eb71a903e5a896fae787eabe26de1f601a62fdb419a4dd2dd7

C:\Users\Admin\AppData\Local\Temp\swQg.exe

MD5 e2ead6a9bf9bd33a26db1ebafb1b4765
SHA1 5f72cba9c99df1162f36f1974213e593b81f786a
SHA256 e75c846bf0ffb7ecdd7779158b54a049952180e157ea5e5295a6b5bd3c8b3d8d
SHA512 c65c857db1c3cbaa4d9aef7ee852f3aa66aeacf1488b536a95e2bb5b45a1827e1f8c6e7346c2d6e823f527f9291df8f4e79b1e9f9a43dca389849d6eced0ca16

C:\Users\Admin\AppData\Local\Temp\QQIU.exe

MD5 f739009ef548672df25d18d414951c29
SHA1 f458f56d4a9bac1cbefb707c44f2fd8a3a01dc15
SHA256 80aa03ce15b716bb4541512ec626a57f22db2945796ec783a2b671afffdcebcb
SHA512 9ef438122ce945b3d045f7470a30b8de0725e23134af85e5f47d0ba9602bfba9c573f8ab2414ee1c008312d61f004856f83213e38ef661f7c8109454865673c0

C:\Users\Admin\AppData\Local\Temp\tGEgAAIE.bat

MD5 f6a99179fda092d1052c1029ef364f41
SHA1 4305bb583bae6c457a8e3d444256fe886bae8822
SHA256 2d7f9266abc56e4fffbc14fb9e7feaaf60d3f36eb8534e739a60a3de67bf0f5c
SHA512 1aa621705f4652fbc60095ffc844870dc6664dcf0282459218450726f3424fde3278606f17d3235bfbf5e0f1e6914a5dc6110d96c06410f8a41b825eda91b238

C:\Users\Admin\AppData\Local\Temp\GkUm.exe

MD5 2dc8781334770ab3d980a1ca553abefe
SHA1 02ef119fe1e94d60def5db97d2bac376fc787674
SHA256 45ab54c93fc193e210f129e7e5560dcb8219ea44b43f75463e7207457468aa36
SHA512 ea9ec7e4aa07a6a100aedc1cd0c4b6ffc26bb7eb9bbc979b236465c1fedc6cf14186ad123a1158cc9783a54c2a696fa97647220d03e82dd955e7a9ba056322c8

C:\Users\Admin\AppData\Local\Temp\EMsM.exe

MD5 e3ff46be70523444734cadf7e3025908
SHA1 ee2ad39d10b2b0d00425996d316937a20fe6c22c
SHA256 45ae256da94d07d9e7bd7ab142ed372af6394f4d540f92f7dc04c7444998f696
SHA512 943bf10e5259af1f6184644a96eb10850b444c030231cba97bcf577008099eabfb5deebb0625efc26e04a6d3d4c983c61953b9297483dd3fb5d6e499a1413fd6

C:\Users\Admin\AppData\Local\Temp\cgMEcAwY.bat

MD5 00a02f5576c80fefcee695dd79ac6296
SHA1 db428cf86a9fef8c1e1b18ad15ca7f3e95911e8b
SHA256 78f2a5d730dce0f6144c0b80f2016025cb9f3b362956a7d0d1da5cec1a39cbba
SHA512 1100b4c22745ef03231c2618cd1085b7a59913005903a490b8e122c20824fd90df67e8a35fad5c90fdefc2bfb49e145a49362bd162e0276042124357b44ac6aa

C:\Users\Admin\AppData\Local\Temp\UQYu.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\ogsY.exe

MD5 d333858d4596486812ab1ff9f20e3c32
SHA1 3952cfb9cb1420d92d7244b953ff9d60599c0fb6
SHA256 a74d3b09fe262fc32111c59f90339c5b810d21eeb3b84428389f0d0aeda740dd
SHA512 9083987cb1f639808c6f4570fb7943aa787bcb31b0371fbcb49161ca54ac14143c6e45159389e4d6fca237585999483127398da2241cafb216e1a84868872860

C:\Users\Admin\AppData\Local\Temp\CYgc.exe

MD5 34c618677a17747e186a8271bbafc302
SHA1 abc96f0d4f86ea9176895c060df3b846dc276f95
SHA256 a070f06cf3c0039e17fa045d22c526f09557eb88b05ebca26a183440e77f0911
SHA512 a445b33da64d3617e25aab97051fa4b4059c0a3571e42f66ba5588bd5923ceeb9a68e94317be925d57026d145e693158eadacb632b6db3cd13a26a687db11fb6

C:\Users\Admin\AppData\Local\Temp\pSEwEsEw.bat

MD5 b6ad11256c566e64c91f60f05ee359ca
SHA1 d6f4177eaf437fb01adcfdef2e4d96bc4f742206
SHA256 ed0389918115484858fd2234e3c76445087b2cf8bba7967ed1cefb5ad4b21cfb
SHA512 66af009a8144934739ef736f67e6b16bdd4bccd6c6a8592f44fc1241466a0130682c9870d79d8c9024d70b91568ced6455c3f1b3ef8f3a700fcfa1870412fabb

C:\Users\Admin\AppData\Local\Temp\UMYksMAY.bat

MD5 089a1158884098d5d8042efae174426a
SHA1 bac7c273849e33efd63bf4e357d61a42492be456
SHA256 2fc2ca3c7d2c2371099d28bd9a3ecfc09e2ac9e3ce0ac21804491e16cdf3385c
SHA512 7610c18c2f802dbb2dff2bd379377e50e843f745bc341b206845535b6955c94dfaee3a099feb0fa7c0b301fa592a3f31ba6bfa1e830d679b65b47c07d81b424e

C:\Users\Admin\AppData\Local\Temp\JsMMEIkU.bat

MD5 bf31f00b16ffbb5752749221bd0fb217
SHA1 b89f5c1b70e7e576d257d93d8b7885b057091bbd
SHA256 0e9339bd66a8ac22b29deb1b918827f3abfe86387380f9e18e210911c9bbac1c
SHA512 45dd1eda32216b64c589e4e6808f52b760fe081676cee9a939989c8a6cd24d9ea2a6b591c29e20bb317fb4396c39e9f5d38ed89904875b91f6991b2840ecc729

C:\Users\Admin\AppData\Local\Temp\QIcw.exe

MD5 30a94bbe2c48e30fbf1d44ba91aa8bf1
SHA1 9f4480a9e893b932aa25556acb4c757ec6e35db6
SHA256 ee40fce6b41e49c399c48e40500b9f46e92c19a4d2d84f69121697c5d297c1f0
SHA512 91a367d917ba7177b82c9a6daeee079d773bb19f7a77b54014a2eafc4f3c7e0295c8da8d104daf85d9f34c0aa54bd2d47a2bdf97ac8f0aeafda61cdbd0f6bbb6

C:\Users\Admin\AppData\Local\Temp\cEgwIgMU.bat

MD5 b23156a6e32b86dcc1a6f457a007835c
SHA1 23d4303854b9f0bbf54ed1cf61e1d066e8688b09
SHA256 29882562e3dc887a19cbe82e87f0925fe8f3017c4e2899915e7adbd8e49106bc
SHA512 822b1915e3ac254e3fa5e4c00f0458f4957372b95f0dc4abf69bfb30df279924d66ca9bd09847149304231efbe6d138ec64bb22a1dc8b64fb7cb166b87df8514

C:\Users\Admin\AppData\Local\Temp\yYIw.exe

MD5 a7f372440bd432dbd93a99b5ab78ca4c
SHA1 478efed7a173c00602300330f47deddce0719079
SHA256 dc4114cf2f25f19293f3b2a8f55ab6453cd998b77f521190b3432d1b04a899b9
SHA512 d66ea7887fcd4799ebeea1b4f98991b0cd6a6345942f3aa6698bc4d4f88a6e1dde49ac72ffd29a4d218b718d37c70afaeba8a53a0553b07e9a0955f77fc76e05

C:\Users\Admin\AppData\Local\Temp\PuogAoIo.bat

MD5 f85bc22f0e6d7d142e7424bab2879bb2
SHA1 c6c3ecdfe1a92e2dadfe034a24c2316a5eeff120
SHA256 42fd98ae6df7285cf2bd2de32680f8147aae81e95259cf590797fb41cff0f44a
SHA512 15bd758848a0df9c2c416db9d3e0ef0fe83cb11be29239ed70b8960b6092585fcea030209bc9c3fbc0c9f7f07f9639eed6e58bb8e96576d8bfcf3ade91f3149e

C:\Users\Admin\AppData\Local\Temp\GmEUoQsw.bat

MD5 10daa9905111e96fd2e4b8432f4dd89b
SHA1 89f4f56a9360ab47c10a669a1f53480dcb3b4c0c
SHA256 13bf452bd4e2b12ea40f71ed1a7dc6f4a2de3e11cbabb8d050ba70642eb51483
SHA512 779a7fdefd417e3943c208864b12937130d9840a2087bd73c656521433297e5b980db9a721a09c68bf977b703ba750b97dc02c6c3339f5b7854a0a89d13e5106

C:\Users\Admin\AppData\Local\Temp\aUAwYowQ.bat

MD5 2b0870762bdde9cc20945aedf34d7954
SHA1 2b0d6ccde6900c7eedb10fd161a0aa99fa9cc445
SHA256 f95f084ca8df42e4ee3c6af75d75d19e53b0a6a4052ecd784f0926f4d783d2a6
SHA512 f0ec4e8a807c8d4d0de793769ef043b34e4b5df146440116592a236b03513cb693fe589b688e543c35875aae7e79f643ef9c999e16924643e4a1c5b877b2fcaa

C:\Users\Admin\AppData\Local\Temp\boowUosM.bat

MD5 2dc0a77cabc23996964538c30c686d21
SHA1 6973dbdf5e2eb2713f9eaf516d01aa243ffe860a
SHA256 caf8ff9f03e8392753b966f9a2016ea175a276381566c4d27b1a54b40086a9a0
SHA512 8f5a98be3bc0b70bf40edaf4464a1859e1fbbcae32d0d16aef25828b75bff8d85ecca6b8715aa486a7880e5e32bf5cabf55a45ef2b1697d9a8f4f8ee33502261

C:\Users\Admin\AppData\Local\Temp\EQQs.exe

MD5 e3be95e1096c13c2d6e805676eb34e88
SHA1 62acc12babe6d7903a1f231966cf4cb34e455256
SHA256 a21a6af993609da4638a84356c533ec94d6e718b088cdf9153684456780262a9
SHA512 b190481eb386362ad07af89978244a99ea73caa914a2839d08632beca0e19bcc011bb4a4edb56d6deac95ee4a1aebd17cfe9227a53697e20bb0fff2898495c64

C:\Users\Admin\AppData\Local\Temp\UyIUkkkE.bat

MD5 0b3fce8bc1d373fdf604fbf5d226b90e
SHA1 2b7f6d7b1c53baac5a6a741e16f9a5e36263a9a3
SHA256 bb84acd17eec39acae6dff86d2e781315b197fc01346ddd49134f2010af440ba
SHA512 a2ddb65e5987063caab4e917e9408b018efe4a601af44007dc5e8984fb504638c44d3daf258cd8643c68f565da735b5777f330f92963f444e172c2246011292e

C:\Users\Admin\AppData\Local\Temp\aUYa.exe

MD5 f567c517e8970906e2944098aca5c1b5
SHA1 83d57bce4c0e61723497ed6ebdf368c0b934e551
SHA256 c6ae7b6303f9ea508945f8f0546edfe4c59b2a9ec7aea81d269a313c98a8075e
SHA512 d71f507de213b4e8a4298f8756b8cc82dd34df1b6c1804cca29457e62bff8ebafec6171e58470a2700e171f136a10363c1a82d93919f1222cca32a73b9723fb6

C:\Users\Admin\AppData\Local\Temp\kgQe.exe

MD5 51bbc191fd82ce66fc291bcaa6331158
SHA1 d8bfd1cb9136e6e32ab306f437eef4d3678ad176
SHA256 4892848e5a6c55dd4c7f2bda87ca708ee835d3a5d7dfb7c8abe7a4f9f40593b9
SHA512 2311925ac0efe8f287a21c6c5944e463ec93d8668580fb916270ff3295272f413155cfaa8984371f9a65703c2644d7e6c12546f82446f3565d13f2a9458cb914

C:\Users\Admin\AppData\Local\Temp\OkcYIwAA.bat

MD5 d131f4dc7be1070427466db5062c2ee0
SHA1 2013b47306c91d95e2077f531a7675078ec731fe
SHA256 1e0e40f529fb211d9719cf044c725f3df139817fb755a23943578a2c1f5aebb6
SHA512 a49ac7a3e98cf41aec0a4068c7ece11f5f6e92c579303911611145a12136f66ca8feb77496dcd1b2e904a4b57d494ed60f1ebf66f6bb03038eccf454b9e15534

C:\Users\Admin\AppData\Local\Temp\AYQS.exe

MD5 ec3c0015291b209a70ff7827eced252f
SHA1 b5fbf7ac67ecde30a5af3b431c1572eb97f7291b
SHA256 c22664365234dc769a28dcfdb851533758637c0d4cd6278d8d7aa7f1985bd4fb
SHA512 35e647c73228e7210747504c9fe50388cfe3bc2cb29cc41238404fdce28139d23e9b8fb7928353a5882d9891650157df594bcbf9bc4a85ba00100ebb67a6e5dc

C:\Users\Admin\AppData\Local\Temp\WOEQwEMc.bat

MD5 3a98283be682f61892b6587f6513f9bc
SHA1 7fecc1ba3cf1f9d68563572dd6802b146e8061fe
SHA256 2dd582336df571b7032ac4f0c4727d2d8cb63345dd43f01ff66a9e164fbd462a
SHA512 45dbf85eafbbc75194b9a0132f26922b5c1931e5c6bd2a6d044b167c13e16f91e90d679927eb246fa7151d9cd9167569bde09764444437e2d8fe44989c0b6946

C:\Users\Admin\AppData\Local\Temp\cQkc.exe

MD5 7f319035b288bd232190fd7d21a2f1c5
SHA1 9ddf6219250fbd92f6a2b11f955577cd553af3d9
SHA256 4cb640afc1d89213ca6b7635d6ad5a48334f922b2d309202d01387aa741c0b89
SHA512 d5412fecdd61fef73677df26d7bd4153dad88277a01c28282a4a6d8c659d321ed99f552e95a4c4cae578e11142cf7f2a12df600dcc0a346b9b8196fb92445730

C:\Users\Admin\AppData\Local\Temp\YoYI.exe

MD5 4fd9ea77fc9a98aee80d546e3f0b68b6
SHA1 c553fed23ed3c88d43d3d4bc28b4e7f6b0cfe650
SHA256 f8741532cf8d97e663f50bc71d37fc5ea7db7e088dcb2a544bc66b6f9954adbd
SHA512 a5e23f36596cea03d9d7c9c26638350f0aec4ccc7f1ef68a108dbeb62e250da8a9fd95238bcb8176d03ac5da69b1fb01a6af760b76ff9266bdcb9bf3f78d8e81

C:\Users\Admin\AppData\Local\Temp\rwcwcgIE.bat

MD5 404b77f4952147f3cd5ab63c199894e2
SHA1 94f4750c8d7ddaf9acc6efa0ff10237dc257fe11
SHA256 8f26c02a0f402e19eb32feea5e2ba65e695c3d1c2c2cedcfa897670e496d1bd1
SHA512 97355c030b9a1fac7440b7279833705d0b84866c2df053d598a6b35447aa5135c81d621fec53005aa58e51ee27fc52c652541cb7fe8825365182d3c77d6f5a6c

C:\Users\Admin\AppData\Local\Temp\cwgm.exe

MD5 1754c7ebe3283adef2efd1d8d17911fd
SHA1 ebe51807c149c42362de35cf9815830d0f111bde
SHA256 cb792d76f1cd8a6eef1a5a0f02c313409b586bade738c9431b741fd52d40f470
SHA512 6d008d3add513dd6574a128a6d326528a5de63b7dcae09329bc14d8e883c0a21ac5267e433f3d21dc87413a036cbe0b7672eec966a6272c72bfed909841ddb2e

C:\Users\Admin\AppData\Local\Temp\yIEY.exe

MD5 7269b97cd49d94cbe193b958e9fd1f2c
SHA1 06c5a2e60dfde8dd8c9d48d954021a888b0343f3
SHA256 a01e902cd10267890da5ec980a10393b6f3362724c32f9d66f00b8df3230ab6e
SHA512 a6a018d045d605b90624f0502dec24f0ce6288b1c55aeb29958026e2d258b66b7de66553846ec897aebc5199ffdd0096c880f3ce15ddf448def5a04a005300fa

C:\Users\Admin\AppData\Local\Temp\gEkM.ico

MD5 5647ff3b5b2783a651f5b591c0405149
SHA1 4af7969d82a8e97cf4e358fa791730892efe952b
SHA256 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db
SHA512 cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

C:\Users\Admin\AppData\Local\Temp\qsMIIAgI.bat

MD5 530e901457bc6647550445b7994107d0
SHA1 17366a588fabb46e76d314b2c928d861f67d5b09
SHA256 bed3b421c0b58f61bd3f6e79ea852f88efd4b9ad00c8a00d57bdd49c3188dd32
SHA512 1e3d863cdac7b7420c0138db830e836319a5084642e4ee6b8846d3207ab0de4330780e09a773989f761fd7d76e2d4e54b0591b2b9e9ee3f2fe332cae8514898f

C:\Users\Admin\AppData\Local\Temp\qogq.exe

MD5 b26cf2f755a6dd8cf64caeafc4a5d3cc
SHA1 e5df8ce80380ed86ad24aa6762e93a8eac1b0c3d
SHA256 57833d3ea2d5d2f74130c202b57db29d7f238abeed0cd7b219c274c84dd9307b
SHA512 173d095ecc1d427e589edc0564e1d8e4ec590185c8c5a7f479a1af876d4bba312e785ac924a2be28a67f9764387997e247434770d610b559c920d2e0c4e84569

C:\Users\Admin\AppData\Local\Temp\oQwy.exe

MD5 2f677332f194386f13c6e636221d6649
SHA1 cc3cbcdcf8e12a66d566518f33203bad2eb051b6
SHA256 0bd17f906e866a41ec0a882956733936c23dfbae39ebac577db68ad4bbe0954f
SHA512 b89fe67ceed5a27fbd3a3542111b196fc0a79ada9dc66e9ab78aebd761044324d09c596bba2cec1be7ce6f5bdf50127a35adb8775dd2f6e52d5a9d33e0eb8d07

C:\Users\Admin\AppData\Local\Temp\ooEC.exe

MD5 ee6c9512431989ee31d9197871e44297
SHA1 3c05cbb6aa78887baaceb669e8e1fb8f1dbaf203
SHA256 459e5c998f4f797a07bcfd8e4ab999df7ad6b5e3ee0a10e9ae3b654b2759569b
SHA512 45ffe1f5edf000c33ad3fb70f70158dcc59347d6a5337bddbffae17969b49a89fb8e058c022a004f6d7ff47039f7d88b98767e100f15159780fa5b78ca6cb096

C:\Users\Admin\AppData\Local\Temp\gMUIgQsY.bat

MD5 745365ef448dc64f4f69a85192767ce4
SHA1 2818d84f7a1d54972a8dcba0d31d055a778420ea
SHA256 ee9cb92e8db67cfaa336e9ff8687c0cef11220c2d659bcf000c9705773eb338c
SHA512 e72571e1eecac031a58cecbe70485d83f96571db8c8137a1dcefc4187235ee973158e52f9f625fbc4e3a389cc99b5c580eebd1d49aeb504a0b4b91b85d8fce04

C:\Users\Admin\AppData\Local\Temp\iAgK.exe

MD5 a8ff821de5449b0f96fcdd0ae63d14d1
SHA1 a7b29531e2537c80bf7794899cdcd7679e4ac26d
SHA256 afbf07a9345a10c130af51d17efcb3ae25e0e352e84cdb438b36a19e0bd8b4e0
SHA512 66cc803d7fa19c7bd8a932c74eaea5845e730927afd4777a5016b6d6bb912065886aaec06a31a52b160e983a0b649849b9b3cd5aff32e1f8473fb6c04e51fb11

C:\Users\Admin\AppData\Local\Temp\IQQE.exe

MD5 a3397f3e3fed5c774aefdc847e8d69d8
SHA1 d9f2cd79720a46f8060e189db66f36fa8cf9a05f
SHA256 4bcfe0ff09b5383b4171ef51a4982c0edd58b5d5fcbbb4424f98fda50bc48d09
SHA512 94c4380b83d64b883d24e07db650b5e7972ea069885d81f02b257b025ef4927320634b36b061eef8910d1c1d89f648e2af38655754f7698233e6880583f89fba

C:\Users\Admin\AppData\Local\Temp\pqIUYQUo.bat

MD5 6b23910dc1713231734da43af17b9c68
SHA1 c5b45d5d9ed151c866d96d7f5b64f259530c1a19
SHA256 34672abbfa3ce1adf7fe81bbac238b0c2a06e9c5459568659319d6d8ddfff6bf
SHA512 c03b1d256f8cb032adac2c08385ed35c0b1669a7af0135fe96e20feeb1c9333723cb786cd7eca351b289c857d3bc1c35680bb0f56f8b4540cd73864ca36aa8d5

C:\Users\Admin\AppData\Local\Temp\SkIi.exe

MD5 c7c0ed2e8dc213a784f69cf0b7f51f9d
SHA1 0956fabf78e30e14675a37e11170703583f63c3b
SHA256 da57a0323cd6c4c12e5cd8695aa255dc61b554e9a111e1bc774c3d4ce4cb68a5
SHA512 9dc36a2fdf72e2b42a037f33be24bb110602d4b67265a24ba804b7ac6d39eab28f375516ec092aae0b773a1a52ef4fdf7e66629c587f0904296c68d20ddef497

C:\Users\Admin\AppData\Local\Temp\EIwQ.exe

MD5 5dd72459e12af5fce9716660d2c3efe8
SHA1 3d94ab01241e1e04ab681d15f6e211178e5f6b75
SHA256 94f2a096f9813e7c03b5c80b602590ac502cedf31a15e91d36b32727d52a194d
SHA512 859dd473d815c4e5aa43748fd3c82b32888ec7fa4e7ec36f61adefbe295cf4dd2a5e7c633ab4f3fb7c24166f4477c3de07e6090acc0223bf9169f22ad5ada426

C:\Users\Admin\AppData\Local\Temp\EQMK.exe

MD5 5044d134e6387e180fea543afbbcdd48
SHA1 1fafe47ed6657baf45ea6241799edfbad3650511
SHA256 e42262aaac62519d10a3a6174f0f4f87776a0d678cdbf9d7b84ffe7c4ffa075c
SHA512 540d9a971f7f72465f9a761a220fd27c9e8abebc308561bf969ff2b0764dc1d928faaebdcec3a8ffe24954fbb9eeaf0a755903eabfc5c6f2315d759f84e2b141

C:\Users\Admin\AppData\Local\Temp\UEQAwogs.bat

MD5 a537c064a97628f2ca30a5b5e7f366a3
SHA1 5ee7ddc572b4af96a015661b45cf6038d789ac81
SHA256 1b3d920798d9adde1505013b0f1cf7c44ecb3b073ac02cf40e9142b3463f819b
SHA512 91956d602035e435cde821c7c7f57e878465ce5cc141aebfd7054026f4c69e25ad85ab31293c685b16460ee3902f98fa5b7f7bf007ef55064e014895019cc281

C:\Users\Admin\AppData\Local\Temp\YIEe.exe

MD5 bb43fc210d99372a0f1738f8655cb6d0
SHA1 a8673178efaab9ae8696dc7a37145844b372086e
SHA256 d6a5b948dc7529e14a4916828dd2836502903f7eba2c81e156b8b44b3a05be8a
SHA512 c0f5dd99c70d1b5003a68881714bf617effc9ffc0ad189ce7911f267a72fb1a1128cef819fe1ce3c134b9b041ab1339e8b37404888051ad3f2aa19e55df4d3f3

C:\Users\Admin\AppData\Local\Temp\MMIO.exe

MD5 5eb9c3f2c5cef0983aeccfbe97cf4b5d
SHA1 c2b564a6ca9830fb5197b0a1011d1527c5b51488
SHA256 f090ad71f720f6acfbc4f0164848a4cbe42d31884871040786efbe5af5f7fc44
SHA512 225332de652174f348104160d860cd01cbe61b50b134353f7cee5c706487764b554140a494109509172eaeae7daa3b667715646ee986c85863bb6adf9a5d96a1

C:\Users\Admin\AppData\Local\Temp\OQYO.exe

MD5 17591334989afe2b7fdb8f9c84d10d12
SHA1 c79e6818521792c5fa51da0e27f4bd381ffdf484
SHA256 d7ceeb731df69f9ef1a64037eae1d15c8fb80fce5c0ebc2a5347db83212de375
SHA512 be2af7bea2e356b397afdbaa9fb356de46387905b98f69ffab57240a0526f26537603a4d7d9cd8f72c0fdb3d1d23ad5b80db082ded2718bee7b7d3265481920d

C:\Users\Admin\AppData\Local\Temp\WGcUgAoU.bat

MD5 f93edf46f218e5d05d66f2eb914ee559
SHA1 684d65cc45e9c618adea5f5103c91e28ab20ec5f
SHA256 0a1923671606104a16a6f754acdb47c77ea60667d1b1a64ce0ea67c43a5269b2
SHA512 85e23b296a9d804198af400316b6c924f9ff766dfe51f449705a73fd868cfb91375c8c352a395e2ce515fc7acbae80f4b6af9034738ef90c6ec6560cc7a6f38d

C:\Users\Admin\AppData\Local\Temp\cQUI.exe

MD5 6afe208fd4391de16d6904f347806c5a
SHA1 f1026425ca44147caf52efd00245f354826304c2
SHA256 e338918795b8f54f57b05f80ff3394cfb646db54419b232ba54d651092340d6e
SHA512 7f2ec4b6d049339b38c5345f8765dad68c3c5d711e8d1461cf985cf2b6507b4caa42023b2f62deee1b71b1cf2e68f626eab6ba29312136a45a5a785cad910283

C:\Users\Admin\AppData\Local\Temp\mYIE.exe

MD5 a9b67e7c80b04c5167d58730c6f84bad
SHA1 8a520f5bb1eb7c978826cddd476f4ebfb003e4be
SHA256 2311dc091eb0d5d64ddd0f72b0846ecc7b5424c4d0fefacbd1de9946bbd132bb
SHA512 e34507831ed5143d2cdbac0d2255a595d7d94926736de29ff41faa328ac3c7e2449c0887f2a07c97124370576a91450c8c2e83964312677cfa48d8987d76399a

C:\Users\Admin\AppData\Local\Temp\nocEwIUw.bat

MD5 11b3027bdb20b889ade086c53c70126d
SHA1 3250d7a214f812cfe4ba1f4a6f5656368a455971
SHA256 a04a00cdbbe236f99ac357a3dfb22e8704756f005190fe481d2d3caac3aa3031
SHA512 e6134e8a1deccca7429a9bf854daf129536f2fd138b2da477f431623f457bb7ba27276e91b61e975b6f6c2bdb99f2585d74844d4fc40bf46a2483d08527085e4

C:\Users\Admin\AppData\Local\Temp\Wwog.exe

MD5 540d77a6085f612b08158cd7f0953688
SHA1 0960fa610c7f2f922f441e8cf2ce1aa8ec839a48
SHA256 f0b8b5bff9d4fc38d06535d92b28343b2a614fb9d51a436d1cefc7008edd77a1
SHA512 12e3f9345e6d4b43f230c0adb64438c75baa81801c2694d052df07f2de2ecbc056261ba284522bc46f1ae2510f99db1f61d3deae8a319ba9f8bdf48881e8d15e

C:\Users\Admin\AppData\Local\Temp\oAUm.exe

MD5 0c03159a7749f640524c99e304e96b90
SHA1 7053322c44de1fc86a0155f57c06335b3d890778
SHA256 3c8f47b24663543675852430728dcbd5dc874fbc6e01eb75ea89976f03a42a94
SHA512 29c6d2513733059fae9da00a27d78d24a837dd11094c24f503de9fbd2d80751e4865dcccadc9c9058ca4d24047bb8a07c88a094e3943a54da7fd7dde5df0e05d

C:\Users\Admin\AppData\Local\Temp\TUIQgwII.bat

MD5 5777138bcdabdcf750621d659348187b
SHA1 f144faf07761dc1fd66de43e8bd5fff94d8f87e1
SHA256 8592217a9503b96991486cc449a3ea03d0a1598b7294121060fe403849615c39
SHA512 df8053c453aebfe1b723a91794f8183b7798b8fcee6f49b3b6cf15587ffe507e27cfcb2be6dc72a50f09808c6b9a3d61317b90989f960d4d3405578e9044c829

C:\Users\Admin\AppData\Local\Temp\KMMI.exe

MD5 bcb10cf71273ada54d1557cd01b5831d
SHA1 440be933cd0da2f17b5bc9ece056f544518eb6b5
SHA256 ed138a06f88b90084af908b394d9a0afd79572fa34f780499716efe976a78281
SHA512 a42f14cc9fcad94f0584b5d391b16428dcdc169011cdbcb84bc34915f514e669834827e428a6e0fc799174b7c5b8c29ef0dc2fe93b7af2c6cee471e65d9355dd

C:\Users\Admin\AppData\Local\Temp\WMAA.exe

MD5 3e37dbba9e56bdfa6de3e63d5fc4720c
SHA1 5ae07282275478c0342b48039f416a6367da6888
SHA256 8104ed12569a582ae7e17a14e6914ea5849f58850cf69ad10e086c1a2be8403e
SHA512 bb097ae8180f561e7d7d8bae41fb560056e60c51cfeb3dbfec1474c73593a40985ef4b0b894ee85077bfcf9b58260694783b600993d360fa2622f70ca0807647

C:\Users\Admin\AppData\Local\Temp\wIsg.exe

MD5 8892c6a7da00d2f32e4381ef54051b6a
SHA1 84d0c4fbc9378d2f459b8490ed0c7605ec840989
SHA256 7c4ceccd083c871fa417d526d0079cf097189ab4410dd884f146258e98e9a51d
SHA512 255fb5d46694724e12c50abd9ca72d55ae45e46a21bdb8d2e5a6fe3fd0e1cfb41c6c1c626cdad65927f816e858fd0b0e0ea63f2ae8db9d7e8f61794313372abb

C:\Users\Admin\AppData\Local\Temp\GUcQUAgg.bat

MD5 d22c1b42b4602149b7a9ee83a13eca42
SHA1 b32f6e07aad1999c6d5f55d162edb21fa95211cf
SHA256 6a56b67b69d8b1f469360265c1855abcf7d956c3999d858382b43806e18e6e01
SHA512 ebf6932e4b0694a210403f017fe0c960932e8873cc4737884ccfe6f89370ccde5da33bd598433b3ef97755b7563931717ac8cb59a43ce07d60a31edeba786e52

C:\Users\Admin\AppData\Local\Temp\CccY.exe

MD5 26ef0727f83e0ff5757bc18edb3b0bd3
SHA1 bc38a97d456ed2730c7f34f769b7f99754ba4cfd
SHA256 a3116f3a574310c11b609da7578261d121cdecc0328412bca0f323247ce799e5
SHA512 e33453ebb11c18dac8e2d35573ecdbdbc819561ed0057fa9929558edafb6263594baf4c7263afee55e43641f4c374c3368c01c3b6ecdd5595bb1e37388cda5fd

C:\Users\Admin\AppData\Local\Temp\cAQs.exe

MD5 c2816c46de268ce870aefb119d5794fb
SHA1 a748f3880c9647d55abae2455ac26b97e3e021bf
SHA256 1ec1d55a6278182cbd057b68f3a79c3cd408befb0f244869c3a381335c878e63
SHA512 1d00fd70b972f97d38ac97e80c929671d2de4fb6c83e3a84f113f99f54307f4480aeb02c4b9f7b7b2020176185d38717424b95b4dd34a240ba1ec5e666fb8442

C:\Users\Admin\AppData\Local\Temp\RwAAgEAA.bat

MD5 041b56039003626cd869c193df544095
SHA1 19cfdf5aad774b33ded556361ef540e09e219b60
SHA256 77851e8d80dc13114367e87cd3c44d810c6e5efdd247d2152dbe19e9bfe92d5f
SHA512 3e144f3468c7516a09df75e392c91e4503fc934ae4e49da95e3fa9a293e3625f53cff6a25713c2c189b57088a1359ea46f95b8a80e664bacdba3de1046e53d63

C:\Users\Admin\AppData\Local\Temp\gYMu.exe

MD5 934514e937a38d56548f371e06e850c9
SHA1 aac7568067384b35619576a76345f8accbb87f12
SHA256 44389515f54ad90c39d9374d8241f11c8383df23b45866c4b6dba78262f6dc8b
SHA512 61706c2aafacba0ab273b8491192e60dda37fba90183ac4b0f86c93af38681864d8bee4cea57460b0f6d6a798e9dbfac6fc0d17e77af3a7fcea19ba47a3abac8

C:\Users\Admin\AppData\Local\Temp\GIIW.exe

MD5 e90f5823298b268fbec1def4ab7ba1d5
SHA1 bf085a2a14d2e17fea10e480997d1f9b79810d4f
SHA256 cd221ca34fd59fccc884cacae1ba140db386515d5278e3e662bba455c1601b59
SHA512 1d67b55e7d31512bebc5e28d7eec7da4a938868b7b2d30abe40ed1297f7a98923a5bc1f5f2316278a196345760749aca7bf5630da4dce5e328606252a10ce0b3

C:\Users\Admin\AppData\Local\Temp\LQgwIwos.bat

MD5 2d71fdd48d453082670e7c4800caa592
SHA1 7d1b3a5f0540090db7e9a1763e14d8063078970f
SHA256 3048789d30d37e7c3e50e0843b6f20376d643cf4a09b54f6e2f6b701ae4e99fe
SHA512 ffcee66d776c95fe9048b22052231302a08cef967e1eb32bd2fd200bf225b9d9d6028610257fd9ab6add63f8e3506d7f400bf4d915f7f1b63cb690ec4e477c0f

C:\Users\Admin\AppData\Local\Temp\mgYa.exe

MD5 c5431f7d125254b519553c85c987066c
SHA1 4a85335f52440678812ebef65def8898e88c0a9d
SHA256 6b803471f2695902dfea5d68cb34fec3f94d172a74328fe20b37379edc0f5906
SHA512 2d44bd380149f552f35f180b3a45d904241aab608e42638d9fc89b4eeaff523a22a3e4ee9538a90c9085217e6108a47a28cd50c7be5fde384edbea6d7a813c84

C:\Users\Admin\AppData\Local\Temp\ygAU.exe

MD5 9933e184f36981217c1026a5fb44ad38
SHA1 82b2dbce0135811220cbf551a39bfca1a6229265
SHA256 bfee9e948131fd43d56bd330713eb2a7b72766df3f69b5a28690f7f07a9ee0b5
SHA512 c326225519975f9ec77e0a6f800b0783af413af0c45c0fb2248d0cf7aa8ad3d359fb4d783bbdbf7547b8e8768039e5cef33438bc16b7de08699a288aa0206adf

C:\Users\Admin\AppData\Local\Temp\jUgEokEs.bat

MD5 1efb551998dfb26bf6cc78e5429da50f
SHA1 00e0ef7e0d0c6a3052829ae1c82780d817dc0925
SHA256 1751ae2bf6f7ee30fdce218a444e0e2c245f2be1d2c64e6525371a2c6119a92f
SHA512 f8763a070a6bbd28e161488fe6da062799daa5c581163543664338af24cbad4612a643cec65bdd187768042fe4a08284697c10bc8a6b9b16a29a3d996b2aa85c

C:\Users\Admin\AppData\Local\Temp\EcwO.exe

MD5 11d4808d1fd19d8ccdaf06e34f8d9a54
SHA1 041f83258e13f93a42b819222506c698f0245cb8
SHA256 9796f28815945665dc548d78d1591f9b0e5dba4de32d1d7222bfac6c02892c5c
SHA512 b1005299e2c2741f5fd6e2fc31baa32076a789ff9951a0563a791a844d2173b53651213cc8a8d55c0f1865a5849e657a7ae24296cccaa2be4040bfbdc2ff67d9

C:\Users\Admin\AppData\Local\Temp\acca.exe

MD5 314d855941ec2027937be3af3eddbce3
SHA1 7d4a7d88db9fc89c63ceb788d4b6405c31519bae
SHA256 694d10499144912653ed5c06721ae35ebcc60f777952fe2b90a88e8c8d932641
SHA512 fe6f04bce6119d46df01f01b11c1b875d45f4a54f8e1d6e0800bb86dd7c7dedeee53b5c96a23e17cbc6c3570bc3caededce8255b71375b033cae20b9d8e46bbd

C:\Users\Admin\AppData\Local\Temp\fUQoUYwI.bat

MD5 8bad9b9cf32d2796443fff76aac5ad6f
SHA1 c1ed95de24b4feab84cf5646cecbe885d7e85cf8
SHA256 bf614c24447f9beb86d288ca72921d0c362f54a93d55dca6cf0c1622d5540c52
SHA512 51729f72062b9b156e9b2a2904c71c862ec64c4252e1c5b5264e132c748de73754ebe0023adee193641987823013292ce28489df461b889950dac9f96bfa4a5b

C:\Users\Admin\AppData\Local\Temp\CcAI.exe

MD5 b898061b3dcdc8df3a8ea5c49a860406
SHA1 a5e87976970b5deb96c5e741fa18eb198dbc2afa
SHA256 e6671e04d335a0eeadb2304523c79b5d72f50067cf26a15120081c9ccd135e85
SHA512 5d47fc63770032545683eb3808fa2de0deb66d7d765222a3d82dbfdcaf0bd6a3389d39a034710887f15481d7f7b715497c63c5983234f7def9bca341ea515ed6

C:\Users\Admin\AppData\Local\Temp\mCsgkMcU.bat

MD5 8809c7f53baf284ea59573a13efa62c9
SHA1 d17fd2be7693ca507bb5b4dc865af2989e106dc0
SHA256 1e1a8d72ee58cd61630f7b6f7795036e239f4e1fa71afd49348f4f3e9a41864f
SHA512 1313f33421fe7b8666b2bae0c14edabb91731622fac0780fa7385848fcfd425f8ef41023347a9e86da6de4951b0aad15561b316e27d3d4cf145edbca8289b151

C:\Users\Admin\AppData\Local\Temp\SosK.exe

MD5 cd6569584e5339d4dc9eaf87c7fd44df
SHA1 672d8a4f4b4e86d125530253ebf9f980570ca9e7
SHA256 595bd933c2c02f3e9b1b70bc5d52be719163b26fdbc5e6928b33d197beb11105
SHA512 6283ed680117b9ca1c4417d0b945b53d94b8c773ee2dea2e0641a6c7a62a07a3d5a646917b245b0d89615e81aea3b30ba37eaba320cd72f76d9340313c8aaa3b

C:\Users\Admin\AppData\Local\Temp\uIIc.exe

MD5 2420040cb01ddaba7fe7fa5560f9482b
SHA1 851c10563121e215e4fc1b1dac4d57993fb976da
SHA256 4470dfa1d3ce16568c0707adcef163fe8d8adc68c52cb3e201a9529ff745115b
SHA512 77ee46854e5a37137a8717531df17799b1e94a003e30d1fbf7cd6283136a5a65417b655e1474c6d3330914b2d6058e601672922c70a5c2ae1a5a0ab8f4116d97

C:\Users\Admin\AppData\Local\Temp\qkUG.exe

MD5 8c8715a539da92c2da3cf9d11268ca9a
SHA1 5d85be2d4d809f1d0eb78e8581e079c6a64815f4
SHA256 9d1a1cd0aea1e63096c457818f1173419bad421a0980e3f5b4962fcd163e5865
SHA512 5010a1cd4a4831f63a1076d376aec0e3168982dca3260950dcc9681b588f69285869b7630c083efcdfedfebf40d81207c0828b057c724f3b22746244a7b3d3f9

C:\Users\Admin\AppData\Local\Temp\IiYIAYUY.bat

MD5 5feabea07deed49087e3abd140f0f5a1
SHA1 a02306e11350cecea7cad10009df3a440786a4b1
SHA256 b10ae3e6226406b9dbab16297b4cf25f19ae1a514547428bd5705d4911900106
SHA512 a4bea57fa58fe7f973dccb57e59a47bfd9c8aa13ced368d78aa02bb3301fa9da6ab6cba7e270609aa4b04bc1a18b961d4c8c3eba6fd08eca519c549c879fb1ee

C:\Users\Admin\AppData\Local\Temp\cgoc.exe

MD5 eacf723d9af6359c17e4097de7409bf7
SHA1 32c7bcb7ed8d2d0d496195160e57eef73353011b
SHA256 f24571afef80a30317498af2f5a250c2711c92025245cbed9303b3eba6057ed4
SHA512 466f73ddeb8bd70200a94123ffbcc67a209c7a4e45e17f26541a26864e9a69012ccd591608473de7adf3001a0be132e561bfe33941357bd92b5393c82e3bc104

C:\Users\Admin\AppData\Local\Temp\CkUU.exe

MD5 ccfc7c00f96bd5fa9144fbc030d80325
SHA1 481b8af31e386e1aa8216527f667e4e083553c01
SHA256 aaa2438dbd39d5f425afecd82e6bf8ce785ab7a3a3d12eb0b18135e4a6a43206
SHA512 dcab8926e610dc86df6d4aa7c32b94878d3edf4489ffe80e528e4629c9e23fb0ad75db3a678c886740d6f03eb4d1f7d9d5cd0b5f3b67027ca1c7cfe8007db928

C:\Users\Admin\AppData\Local\Temp\kwYe.exe

MD5 81b02418794eee411210cb6304229c1b
SHA1 b75a819fbfbd3b923e0ce6bff4749c284c10656a
SHA256 35e08ff1ceae0e86cf507d68f2c05775e21bde2d8d1635e33b7a357556ddf79d
SHA512 de20d837a749f9bb501bca2342e210373406a68010b7cc8d1f47dfb8e01eb7e4de182a58e3e70b70f10dfd25496fe0252f69f94d6cd561651c5894c769a4d5b2

C:\Users\Admin\AppData\Local\Temp\BsAckkUg.bat

MD5 5ac87995eb5ab918a0e29ee37c184c24
SHA1 218cfc1ed5f1a6c8c7fe9bba9c32fb358ce60faa
SHA256 854df3c8e760dc530e5b1429c3ef8e39509614b895a5f826a5238eb883099447
SHA512 3acf180754b51a851e37d4b104f6f67cf471cdfc4ee50b7377efc004b45acee56b471ca9b8f654ae3cc80e8ac37deaf0d8c12ada4d098949640509a2ae7cced5

C:\Users\Admin\AppData\Local\Temp\cYAK.exe

MD5 b4b776a19821ae98cacd856f71c4417d
SHA1 168c42e0f9996e70da4ff3fbc2474a598fa29c63
SHA256 87d8c2006dac4d75a3b39f24721feca50427abefca49b0e569550bd0c7c7f50c
SHA512 1b3d159c74db28ca2f4ed8565cdb24f6bd91821cb75175d783b65a4fbc9a97d80c7ef0fac9c76790a263a18c294e63e2490406a2fe61b7ac9663ef08598c3c43

C:\Users\Admin\AppData\Local\Temp\woQAccQc.bat

MD5 6ce0d9a846f6a68472c6da8048b7a4c6
SHA1 348e55a5173daac2e22a0fbed943a1317771e2b4
SHA256 6356a31a528c75d9af5d21093de3375fd9b608c1ecded1f424045d832712555f
SHA512 1c2aeb8056abde2eac3385f409fbb77fc3ac6c26f353fe2c5f8076d8aaed0608396e8bf27e5e3b9de578d6c7d276cc870a560403a835d58bcf9cd6666e301186

C:\Users\Admin\AppData\Local\Temp\wYcA.exe

MD5 603135944fe198f65ca101197396260c
SHA1 b382e59f22dfcbab50fe5cf6814dc1f0d5760b77
SHA256 6e649fdb31d6a160f84a11bf4a76712fc8ab093750890e0f98c1385edb126101
SHA512 509ada46ac56f7079fa936a08ec658bd9051d601d9713ba10695201b5a71fc354883a4ad67a4dfbf03802291e2e9af9ea3430ee00f8a06f5aff2322661a705a0

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe

MD5 5d2f9d36e0488d8d21a0d7d1bc36a2b9
SHA1 25feebec9da66f43d8cb27e8c1b6b8833d922beb
SHA256 d39429ca820ca7ec1bd7507cfa7ff4cd312092cce3cbd9ce60b09e97beb9dbca
SHA512 5859a531c6f715124be013aadc87537d39de38ad6cb219920b655c87bf350559864119097694c84127c4d113266725b680d2cc6702f214c8b7dee6c5a96f3938

C:\Users\Admin\AppData\Local\Temp\eCcswMQA.bat

MD5 11787110a17857acb0f8925d28c7ef65
SHA1 ba1f8b0616a679fd5301a8ab56079a760ef7bfe9
SHA256 5f99acdc3e5c286f1291071f779be6aa501f466d61fa0bf8df468cdc26567faa
SHA512 a62cb3a436cbfff2a4f6920243ac6b65bdf5085fae974083fd3f3cf5f635bd7a498adf0067c81b13587e21a374c1f8c648d72b5679740bab8a23a6300c0c2f5a

C:\Users\Admin\AppData\Local\Temp\ussW.exe

MD5 fa759d8b9cfd8b6a8cfa0d6dbd3db993
SHA1 e5e6a9249ef06d7f86b8b3cdbc09b1cef7bc44a7
SHA256 ab7ac14c1b352852dabfddc3f3d32d474aad0233b99b18f95220b6c15cb2ebbe
SHA512 2be98d711df06b8eacbe496bcc45980baba1387f09eead6f67a35b74530a55a9b73ebd5ee1515f81a2d2bcc93b4ad98f36ab8d44972b4449c9d5c44d023f3a2d

C:\Users\Admin\AppData\Local\Temp\Sgos.exe

MD5 c54ef577fca61da1e78ef85dd3dbdad6
SHA1 0223e27a74016126df80dff30f736618a6ed9381
SHA256 d2a59c2b7e6fdf0442d35e5218adf658f5148f704cf3186c5919f86ef87b7512
SHA512 7c201f70cf6e4962cc09d804318ef0429a6978c0eb624a9b00d94c4dfe0703c12b356f4c3df5337ce6bb4b89e2f8fc8e91e6de07dd211f99b3a6d73970c5c16e

C:\Users\Admin\AppData\Local\Temp\gskYIEYU.bat

MD5 1886a3cacd18221348ebe57e7fe7af80
SHA1 d4fefdaa1007c96a8034bb0a9e3e60a7721bcf04
SHA256 23a660799c2577ac6b2d91868a7f69fc22fadf7766508bcd3fb5313e33bc09ea
SHA512 8955f8c07786d736ee2dedd0f833f40c1d7f39573c05389e52441f7da4fdc620592775131d40e3da02023406447144e2546715c3877701d248cdc4fb929658d1

C:\Users\Admin\AppData\Local\Temp\Ywkg.exe

MD5 f325ad9e294f47428665d3fa5e490095
SHA1 5b52d9486209d5fa9a0df6417f857983352aa9a7
SHA256 ea2f50c7d508621345c77dd18472c42f35f0cc0e493f9c2aa088551eb24d2a98
SHA512 7c3bcfe698cb74ac409564e54805f65563b115109718519fced0822549c2824829788ce17a194a7520be64686a2df3e1cfeba0d150b39ddbeffd7064950e3985

C:\Users\Admin\AppData\Local\Temp\eccc.exe

MD5 04494a30808c08cca9d563d62f92d447
SHA1 c52693385eea6ed8794754b632020e4e94656467
SHA256 03a6122ef355475f9b457479ec42d51598aff9c2b06eb3de548adb8d61f15df4
SHA512 d15934e032c6368b3431708ee3d5bdc3e8d44838967607ada766b0397a12636f07918ddac4e4c1990b6395eef23927cb0b973fb24f1e72e141d96b81344ac2e3

C:\Users\Admin\AppData\Local\Temp\wUgG.exe

MD5 57f70bb41798ed072e88d028dd3b84db
SHA1 d2fb43df1098c4b89057d91d75543730ef40a9b8
SHA256 2cdd4cae21cb3c3bdb503ea4459627b75bf99e37746a14c2eac85b7500da5cad
SHA512 bc51d19cd370fad11802dbc920dbcd477f5cd59d76447ebeb67322558797763df3dc1e6b65051c848bf27151d0c8dabc3e7df63e82e88c9103f5078ac2971017

C:\Users\Admin\AppData\Local\Temp\mYQc.exe

MD5 1cabb9b652132da61af4d4d03e020787
SHA1 744293e9c1afb9e112a723b798242cda68943ef9
SHA256 d7b97fa0cf9786b18e975f74f9ab38d707b3db1a1351a692e0002805a20e5eba
SHA512 b3404df625f60a52b52bd1b537b8b6ca156924f03c4bb5e9405e41776ab77470025e46fc77769f38359f0a17fda60432d9633fa67af4acfce72a32a54d07d3a7

C:\Users\Admin\AppData\Local\Temp\eows.exe

MD5 38936c04980cc7a6a325dd72fc44163c
SHA1 065d894329bc137708a6c512d81794a4092eba47
SHA256 4f671377a342b8e5bda4964b0676ad127811c42565201bbd458744f0c5dab9cb
SHA512 a517a9c45469ab76a0c5c361bcfc550ebd4ba49294313b7be215eeba1324889fd82adddc53836b82ce3b7312f35ace49f834d405cbc9794d2b352466d77d2fd7

C:\Users\Admin\AppData\Local\Temp\IagQYQgg.bat

MD5 4980fed8b3bfed0d13a73c945f2f145a
SHA1 d6f7ba7af174a516aed13c24f7018b86bd20d3ae
SHA256 b0f1a69fc9a791c8ddb808fb749905b5d65e6372a1f8fbda75891c294d0a354c
SHA512 bdd9a4251f54bd535d6b2266cfab5b9f92627a966f52ec6ce6149acdcc42664f20c2d9a7239db06f8e07936976647e9e4f0cf85218cfac5e28326b8fa965c255

C:\Users\Admin\AppData\Local\Temp\YwYm.exe

MD5 2d5bdec5fa25353584659beace3c7588
SHA1 7b392a9d5fa06a8e484c637af3f756d1b58f51fc
SHA256 ed25dccda3954e5b0a5e3492d5395034a785654f4332842fad8394922cc3a6f6
SHA512 5b929fbeb65d38b79f1d4934a48162462d69a175f148efab771496446b7f361e47d166663719a4839944ff7b9ad6c005fc7f2f1d221946baac1eedb35b52b630

C:\Users\Admin\AppData\Local\Temp\Usgm.exe

MD5 c78f7236e79b77474deb2546b5c321ee
SHA1 708ccc01eb30e3f0ac6dd3ae4c87bcc44db5b06a
SHA256 20b740800e4f8e79c402fd569f87950957e87f7d00381f971606913a1c7205c5
SHA512 d7b077bff46dbadfd43f85368bae2568ef59b89eecc346e14e9d91b27199c9bd686a7425f91077c675dd3f19ccc756562dec011939521b5ddc789b6506fd44df

C:\Users\Admin\AppData\Local\Temp\VsEMYEoc.bat

MD5 e328b22f17495dc2353891fdd860492b
SHA1 79fdf28bba63c2cb15032d6810afb84a06692939
SHA256 8220ab52cf6e51a2d88e0edf35d8007aca995612d18b1a3f963a3fcc95efe5d6
SHA512 af80e532651a13956fd44fc11230463f897110213683ce0e07973d675539ffbe7bdf3f427efdeb14f46d8436ca8c4141919393b473c865334ac7fcfa72cc7248

C:\Users\Admin\AppData\Local\Temp\FecEEwQo.bat

MD5 5ad07219d2fbabec5da1d1c929f7981d
SHA1 50ee5a6dc536fcc5096c2903fa1425e2ae8fa469
SHA256 de0b1f54e2e3ad981dd0f7e030d791963fa53714d329dfefc5bff026903faf1e
SHA512 f85a088fa743e2fb28c411b972fca4690d42a43ff1082d80b96df364600fe18e0004ef10febc9708bed74c188e37802f58932aa39fe64f6435c7add87a90950e

C:\Users\Admin\AppData\Local\Temp\ckMI.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\jKIYoIQo.bat

MD5 5f6b43aea8c77efb7bc50ed7357176d6
SHA1 591817c292ba22ffcdc3a5df222c8aea5a56e71a
SHA256 5dfe83eaa802d0b2c2062128d262279a3bd62dc2d6aea647c717458620e306cb
SHA512 efc34bfbedfef4737171edcb86e42f2b7ac6e7d7b35871e4960765e808ec7ffed1f8e8769560e430844c59870b108bd57060e609d7603304640d78150365d5ba

C:\Users\Admin\AppData\Local\Temp\AYQq.exe

MD5 35eb8c48a19456a83f5a154bf26b7eee
SHA1 96455e81daf9a797669dba47e350253b211f6e25
SHA256 7d0bfb6a19610faa7de2e9d42e6575d88d0400743770d7a7aab9e33c55af89ab
SHA512 c45748d2c304952a41503f340810654ef9f09b184127007894bdd20fe3497520ece29d3df6383521d461b1b964e667e71b9487e2f9cde0f92acc120e614d11a3

C:\Users\Admin\AppData\Local\Temp\DYgYYQMk.bat

MD5 3ec9ae4b0fd85fc28b037b188b6adf8f
SHA1 94e379979ad3f3667edf4e5ab15738c3c35125ae
SHA256 02d3160c34b47625b38b99d606b51e6211675932c8ebe692f8cb6ccd4054f3be
SHA512 28b2602c875703a2def123c67944b61cb7f445816b468d988ebd8644a06102a8c712a1548e5e6f8b9609f726f6d3e916b8d4583052b0f16ba4e6de3f76f5a3db

C:\Users\Admin\AppData\Local\Temp\uIgy.exe

MD5 693fa36511185b261e42f80d761c1643
SHA1 a616c8d64e35a59d500bd82c24e9686b47ac9be3
SHA256 1191db535cf89a4f12df9fdb0914e5afd0aa6efbe8a7e33b8fe63e8d506017d1
SHA512 b95189fd806cd22ef9e063258d36ec733bc0f1aeffde5de62340628cd3c78904b25465880de3fb375547c3295c92ceeba94570dd3622507bcd1bd0192c005bf2

C:\Users\Admin\AppData\Local\Temp\RaYggwYU.bat

MD5 b74962e8384dfd3995a03d86a9a9d54d
SHA1 67f98c3e4b58bf33fefed77bf1fbe5ab7b4663dc
SHA256 c5890d293ce77f7a43891c562dbadebb122c983a7f9614d856988e7a7bdc1549
SHA512 8c145280048a65cea0f0bd63259457bb39f49cfaa7f279cf132feedab9580cde3f3b3ae37073787ceb9d9aaeeed75a96e1df30e48748a7ace7ee3241c6795be1

C:\Users\Admin\AppData\Local\Temp\akQUwMgk.bat

MD5 1b41b6facefedde85d78df8bdeadc899
SHA1 bb14b115bf3db7d0e88665a4afbe63f2779384f0
SHA256 49b2033490c04a9186f081aa6bb4f4b449d9170a8e7199b5668ac89635ea735c
SHA512 70c95753aaa3aa606bf4caefe3c0b2a06b5ad8b965dba6ad65a1e36e8fc37cd77abdb89c85bad8a8aac2807284c5f1ddaec9ff21e7f07c65b04c80c5f69baaf8

C:\Users\Admin\AppData\Local\Temp\EMQM.exe

MD5 7d8d799387c94db9deaca737920dd171
SHA1 39a3e26b2ddc0b957b2b32268168d489a88715cf
SHA256 bbc82a2012c1a63f58eeba049fb167e8226eda9d210b74dfde4168b88c0926b1
SHA512 c03a53976733dfdd2598963f877fc280fc21504c6822ad70ba572debfc3a60f61ac103dcf9242a82a53ff493856accbdef1be971efe81245890fc1cce8a15f3a

C:\Users\Admin\AppData\Local\Temp\qsYu.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\jWgYoQQU.bat

MD5 94441080768fdbee1fb2564702af5915
SHA1 290aa787fff9199d0ea069a2ec0e1cd4fde0a59a
SHA256 dbdbc9b753ae6982de6b362c46a399ca1b6ee58a283d6effcc06a48f6070b905
SHA512 d062b3b0a9b72cae5b789a8544755c8b38e2101e002c9a39bd5c50598ca807e335a4b67b6ed690fea5c248b9c9624995d04ad42989a71e3cd731692fbab915d8

C:\Users\Admin\AppData\Local\Temp\qogQ.exe

MD5 e9d1d68efd981dda0cbf4e81816e7357
SHA1 c18e7c2967f654f62fb421a28fc88a4a23775d09
SHA256 d45f14242a8f3f1abf1157fad53ff570802c85d07ad221cf6a53cce946fac88f
SHA512 855e12af8ebb9ab43304a068b7f58f8f05c8e6d0dd906c4fca0c7ef7435fb634f29f6f3bdf1ac399fd890a69351f7bc30d8c3556c138f35143e2ab418e7b5b66

C:\Users\Admin\AppData\Local\Temp\EiMYIYcw.bat

MD5 c90a54b0f2ef45f157a1f977d475be39
SHA1 af7b5a3a66ba7568c58b4ea023c49d5a22af50cf
SHA256 eb16b8ed176ea940f034fd5f1c4a090557e32b8823cd80fdb95e87bf214672ab
SHA512 a1ebeb67919b795bb4b4c7e667968f06d56e64aace8661004b0cd69eb5e436333395ddf3ef60f70bb6ea2570b0fb8710bb26e41b7e408b244050c734819bb091

C:\Users\Admin\AppData\Local\Temp\AcUK.exe

MD5 da660f65904289afad8bae0bbb5a8c2e
SHA1 2c4f66e6c71ddba9651e159cee43ef17a19ac7f2
SHA256 042a5ccb8700cdfc26b3b9cf60fef5ea07c12f8ca91de1f32b2e71f529f308da
SHA512 5c3ae76f99a486f4d33b4038280a4d78a34c59eaadf0373cf7beb8b393c6a2fcc4faaeb5f338e1413657b499b42013024fe09e1069987d8324e91595cb6a1920

C:\Users\Admin\AppData\Local\Temp\Ikww.exe

MD5 94a96927614c9b26cfb8d702e1d598e4
SHA1 5edf8e3d90a93e74383cbf3dac9aab4a7e765045
SHA256 a68819881f42d30acf96b3efd094982c435442b6eaeb98aa03ad079dccdda61d
SHA512 07267620db91e0f56f5a5742e5f79b67608ea153bf02588c3ac7724bb6a79931cd8fbb66ecccc02376f6fe2490279c711a5f7bddd9110951585b1dafec4f9b85

C:\Users\Admin\AppData\Local\Temp\WsQq.exe

MD5 52aa348199bcaa9d1a411d52c35a2bb0
SHA1 05dcdb737153ebc12d59b33bba6c634601f80c46
SHA256 4bb5aa45b7e7f546672d0e448006a80c99319fc9333c351ec6b2475ce82cdf93
SHA512 ce71ca1988c0122a3fdc68e00585bff2ed7dbfb9b8e510e605c23f7753cda3a249fa0503f87d899c10633da7b0bcbf13ba6d65d58eaef0fd2226c0daf1c1dcea

C:\Users\Admin\AppData\Local\Temp\YIEcMskQ.bat

MD5 83cf665300bcbc363890fba4a4160304
SHA1 8905eac08c14d9d866a530a3a22e8b9b3b97710e
SHA256 b737d9683778a744f145e64c054c0a734033fe027d8da63534302d463f4011f0
SHA512 61c0d03af2dd4b6b25cc69c03a8bf7af3e5f59b56ee6e18220b2384d01e0ae090295b87cda426d0eeaa1f69ee70c92fe98195b4d5155a7ea80b607a4ef797273

C:\Users\Admin\AppData\Local\Temp\YUcC.exe

MD5 52f095a192ae555942ca534a39eba781
SHA1 184598daca8c0a1244e56f0c19a26ba4316f877c
SHA256 6ca765836710479a2ea6307a28402721f0256205065dd1c7aee893efe30a0d21
SHA512 44a446d4e7ceb140a78699cb81b78be0eed152498d0ce858c5cb78e406a62096b9409a3e07facf86d7ab5ee71b3cdbb43ef9e85b4dc3d1868bd111c82898c464

C:\Users\Admin\AppData\Local\Temp\wgMm.exe

MD5 3d0d29c2f1ff67afff6f9c7f50946bca
SHA1 0274c18f504ab34ad21720a4d3832226ac4586fe
SHA256 974b1aab45e4b6cefa71a5fbcf4b186bb3d0df7eed1cc03f142f596d6c90c367
SHA512 6677e53c8a00802f44c3e073a0931f336e35e5a27d360405db118c0f03b7ab22cf9cd77218b15f43bd9638e3ccd602946b1e06d7e4c344ef642d7d5892be950b

C:\Users\Admin\AppData\Local\Temp\tqQUowkc.bat

MD5 ffdb521e1dd5a431ce2864114fbd21bc
SHA1 5e0ed5620ea411a1d4a756718a946c8783f720c3
SHA256 c0379b73da3c73b714c3d8e397cffec5a124872bdd974012107db40383c0fc7f
SHA512 dffcb3bc914dfe7606c856bc6b30ca8cd3e41891d9c3bb65b538bd02cd79c7d5e4dafd7e26567ab9d7e9594a9b77d5d8703674df7c0f0d9bde8944f5d4758249

C:\Users\Admin\AppData\Local\Temp\Swow.exe

MD5 f5440653dad4d7669b708f4a2b5bd451
SHA1 4148aaab07d79887aebc5583dc3beff31e7fc3f4
SHA256 8bc750e5d5f2a143e7141344d5520fbe4beae10fe431b4b51464b5d0bb8c11be
SHA512 a3c0072b731678f2d8fc0fafe774646af32c21e61e93688346c6c88a925a4b6b22250b33f3aa7fbb797907501c939f8d209438b37570f1bbc7f27216ad01e48e

C:\Users\Admin\AppData\Local\Temp\bqEoEgUQ.bat

MD5 a7443a8d6bf722701641bac0055f8beb
SHA1 1225eaa68d06bb48ed74cd6f43ad19383af9c21a
SHA256 6614bf9e2da29fcf720b5e3611cb0497fb056004ccd8f07fce52966a9690b522
SHA512 b99e199293d79e6fc875fac67eab77ae7b6167191f8d9e10624c1e375914c0530a4cbf751193e787534b022be4bca5f2e51f55e9ef67f7fea185ebecc232ba1f

C:\Users\Admin\AppData\Local\Temp\cSQoMcgo.bat

MD5 a1217a15b279c21f35767b6fed00722f
SHA1 97691462c0c883c19ac7fbd73122bdae2db8548a
SHA256 34c2f04779c0c193d6f69b807112bcb7427739e24343f80eb8966a44bd088d04
SHA512 ba7ca560a54f304ab3720467c23e7c06fa8d015dc379aba63c3f5630a6e661c78848e45b5dd80783e795b3e2122ff77ddaa27ea5b53b3439f9289690e92fbb0e

C:\Users\Admin\AppData\Local\Temp\WSEwcEYk.bat

MD5 48f601bcf2654e7e999c3cdb48fed9b7
SHA1 c72e45d3e1c3e37ea748f2d8d540af0f91539ae7
SHA256 bedea33982c42d7bc0968723a4c14c594277cffc3f49eeee7036578f5161fdb1
SHA512 b3702e6265b5166a4cd3daebce91a9d03b08e3d0884d61d0c9bff7ca7d9eaa99222ea2d6fdf55e65cde8a4f93544e0567dd135b19d39ee1fa6bd98d6a3c5eb36

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:26

Reported

2024-04-03 19:28

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A

Renames multiple (82) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UacUgoEQ.exe = "C:\\Users\\Admin\\pMkIsUoc\\UacUgoEQ.exe" C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fmwkAMIw.exe = "C:\\ProgramData\\jqIcwkYs\\fmwkAMIw.exe" C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fmwkAMIw.exe = "C:\\ProgramData\\jqIcwkYs\\fmwkAMIw.exe" C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UacUgoEQ.exe = "C:\\Users\\Admin\\pMkIsUoc\\UacUgoEQ.exe" C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
File opened for modification C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A
N/A N/A C:\ProgramData\jqIcwkYs\fmwkAMIw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1764 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe
PID 1764 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe
PID 1764 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe
PID 1764 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\jqIcwkYs\fmwkAMIw.exe
PID 1764 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\jqIcwkYs\fmwkAMIw.exe
PID 1764 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\ProgramData\jqIcwkYs\fmwkAMIw.exe
PID 1764 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1764 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1764 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1764 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1764 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1764 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1764 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4396 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4396 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4396 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 3064 wrote to memory of 1828 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3064 wrote to memory of 1828 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3064 wrote to memory of 1828 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2608 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4804 wrote to memory of 4476 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4804 wrote to memory of 4476 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4804 wrote to memory of 4476 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 2608 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2608 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1696 wrote to memory of 512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1696 wrote to memory of 512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4476 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4476 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4476 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4932 wrote to memory of 3868 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4932 wrote to memory of 3868 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4932 wrote to memory of 3868 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
PID 4476 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4476 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"

C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe

"C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe"

C:\ProgramData\jqIcwkYs\fmwkAMIw.exe

"C:\ProgramData\jqIcwkYs\fmwkAMIw.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqAQAAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcUosMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jQEQUAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQIgkYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAgsUQgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYogMIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scwosMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAwgQMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIgkUggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dKEcAQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bGQEYkIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JcAoUsQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RiMIcIMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoQgYsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qIwQcggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aoUMosoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZCkgscIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tAMMsQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwswYUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EEUwswYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwwsEAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IEYEkoIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UqEUYQIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMEUQwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RYMQUgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reAckQoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sSQkQoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oCkUMogI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oswgsEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GSAEgwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIcooIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIwwMAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RcYYMIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIkQskUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SucEEEYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKUYoQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIcIEQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQQMswYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkwcIIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vaYMkAwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VeYMkEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAwEAQss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YyskskUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoAIUccA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueggwYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIEAQIYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tygsYckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsskoQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HSQQskgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEYkAwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MSIsEYEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAQIUYsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWogMwws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fAIgsUQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JicoIIsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RwskYgoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\daUwAsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcUQgwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qAsQgIgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CiYkMsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOUkkYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWUkscIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JmEIoUgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jiIMEMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FucgAYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKMoksUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQMUIcMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmsoAAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAIgQgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\biAwUowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hkQQccIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmEYgEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeUUgcsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\auIsoggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yocoAMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QosgEsoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XewUQgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiIEgwIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkgEQsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HGsQEMMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAQUsowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQEkQcQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQIoEAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aMgIccMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\duQMwkQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSoEIQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgUUUEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dUMsMcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAggokQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YskMwAYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LgIYssgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcMwocgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TusYQAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAYcAAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaEMEIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UykIsAYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AsckoMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMwUgcAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HMwcwIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwUQsUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uEMoccUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iCgoQcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYMEYIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EaIgwMoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rYsAcooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQAAcUoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkkcUAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FSkwQAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SygcgQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CkMkYYIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocYIQsss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaAcIAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkksEggk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vigkUcEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYoMQsgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOQwIgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwAEAowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueMAgcAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSEQwIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NsUYQkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIAwcYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XYkkEMso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JQkkQQgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaosYskA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UesgwwAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eyEYAoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcsMUYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xsEEYIkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAkwMoEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yMUMYEIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AmQwocMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEUQkIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAsIEQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rScQYUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XewsMkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCocoYAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUUkkAkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyYUAAcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAcAIQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\doEQoYsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dswMgMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyEYUwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
GB 142.250.200.46:80 google.com tcp
GB 142.250.200.46:80 google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 213.122.19.2.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

memory/1764-0-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe

MD5 f40d5c3f5bfcfa66de902bb520bf6773
SHA1 93190778bc2099be8a7a15afae52b40c7404dbda
SHA256 daa8be74476e15d7ab6129536cc3c92a987e00176c8cab304adb80c075406c0c
SHA512 43d3048464cd754d4738ca3b0682f2af78dc5903a135e18709dc3fcebc819725616a85f2defbedf26b8c7f269d6af37e84ea06f4a7a7f53af1db25013c000956

C:\ProgramData\jqIcwkYs\fmwkAMIw.exe

MD5 33e652ee8e6e9ad4f01bb7b9942fe37c
SHA1 64b9c2a0c66bd503f4eb5c5259de2d020770662e
SHA256 39c593262e95016bc42913cc66003abc62f309b99c43f8587a8b23f41d73807a
SHA512 41e4ee5fa190b20483536d47f3a66ed1575684dfe554d496ed6c9fc96834eeb856d833d7d8c86b7cba24ff154fe8f869d34da965fcd57a7e2714573191bd8ad8

memory/4544-14-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3800-12-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1764-19-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2608-20-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KqAQAAYU.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

MD5 7853d07ec1ec8d612c25e3a7733a2142
SHA1 88438849bc048dbd0a9875508082630c3ba0d924
SHA256 38d399a8fac9a3326370dcdfaad5c0de203883557f82d8373f0ce4ef7137a859
SHA512 df288e8a8aaa30f8d26f90901ece904c22543f1ee25d31b6d1485c8a0e3121ba3cd7c16edb91c019e85d50ac627151585fcde3b6abbca3980dbfe8c72159779d

memory/4476-30-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2608-34-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4476-45-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2780-53-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3868-57-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4072-66-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2780-71-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4072-83-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1500-80-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1500-94-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4792-102-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3520-106-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4288-114-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4792-119-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3156-128-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4288-132-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4212-140-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3156-144-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4212-155-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5044-164-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3224-168-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5044-180-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2976-181-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2976-192-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3140-193-0x0000000000400000-0x0000000000434000-memory.dmp

memory/540-202-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3140-207-0x0000000000400000-0x0000000000434000-memory.dmp

memory/540-218-0x0000000000400000-0x0000000000434000-memory.dmp

memory/992-219-0x0000000000400000-0x0000000000434000-memory.dmp

memory/992-230-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3320-241-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\pMkIsUoc\UacUgoEQ.inf

MD5 2f2582c6000a7c8c9ab9655eb5ff41b7
SHA1 13c5b3eb5f3a930c7553238351bb40aa96d38523
SHA256 00df9723ea6f33892c1d9654e26705f7a020a7d7f36f38791c84d0dbae5d16ad
SHA512 66fedaafe9523b0d0473fe66238b3e4505b39d2a12e822c6e6f02d7ecbce99aeca05235d384a2edb09f7c48ab15b72a286eb4c821c77b68d9e5a79499c326aa5

memory/3240-246-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4932-258-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3240-257-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4932-267-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3060-269-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2432-273-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3060-277-0x0000000000400000-0x0000000000434000-memory.dmp

memory/972-287-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2432-288-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4144-293-0x0000000000400000-0x0000000000434000-memory.dmp

memory/972-297-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4996-302-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4144-306-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4996-314-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3400-316-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2096-323-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3400-326-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2096-334-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1508-335-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4024-343-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1508-344-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4024-352-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1140-362-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3780-368-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4992-371-0x0000000000400000-0x0000000000434000-memory.dmp

memory/4500-376-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3780-380-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1208-388-0x0000000000400000-0x0000000000434000-memory.dmp

C:\odt\office2016setup.exe

MD5 0bf2547230e2d5d4faf5d06c91181470
SHA1 cfa8d515b1b3353442bf450a7c77d17230697e59
SHA256 8cdf20adce5acd08140eb7eb9f99ec7984dbccafd393b9ff56ab34ba3c8e3815
SHA512 c8c5b29f11d3716320d03545d50a89d79b2983bab501ed3e1961e084ff71a6e28e77dca1eb0fd0fe2587e89fc1b3d2c78b4c183da213667e27c6e8bd0447ab52

C:\Users\Admin\AppData\Local\Temp\UAAg.exe

MD5 1aec4487ba78d45150d4097ef9e4f7ec
SHA1 564c6e4ca6a79d2b1f5e9b429339d71e43d1f52e
SHA256 d5f9293815aedbacda956f290e0aeb9261b194f314ae07517e2ee606b55799eb
SHA512 7d6a64fbc12e10901c7e87ed3c1a40ecf6bf980e0936a6f2149a1984f65ecbb6fb5cba5cdbe8435edfa04e0488e1ee210cc851434a422f44488d3a954eabea32

C:\Users\Admin\AppData\Local\Temp\eUoU.exe

MD5 80265a2454453801c214332f84f78920
SHA1 0c73d5115f4a87395535b6b303aa04618b42f001
SHA256 39bb9861ccc999b35ff75e4db8445ad2ff0352dadc0441e85aa3633bda048bce
SHA512 85b03ff6aa4595819605e6c1736d432b7b4f7883b10f55f76e13f442e8c379b8888077ca241d148fd7336baa5f0983925730b85da2217fa8bdab6d6abebb9d75

C:\Users\Admin\AppData\Local\Temp\acAS.exe

MD5 3d76ffffe3ec444c0d9db78b6de98a82
SHA1 19207f36eb51393538e9f8ddd8803e4e560b2ad2
SHA256 8f03650f2c2f9a33d01daa5ede69cf9a688161cdc7da929a770e5e6771ab69cb
SHA512 022382960c9ffa2cc47a311f8d132830880505e4a916f80b37fbe720a692d5f7ee73b04d3368f7533a5f4456453498711340298ddd1b245a6bfb94d81c290a54

C:\Users\Admin\AppData\Local\Temp\mgsU.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\gIoo.exe

MD5 2c9aeed903eeeb650cc54cf984835c0e
SHA1 227396641e61227255f76520e2b1629728bd17e2
SHA256 4df0af81592d08ab4cc2104eb4fdd57355d7153de4e04c6ca5caa30b01333b12
SHA512 c3b67ea32dcb3139d2eacaf35938a74c987c821a2a4b30a03c95a74c2d4b0179098acd480f358552db83f52205dc3b7f2ee6fa3ee8cfaec40ba310e586d731a2

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe

MD5 6988e520bda6878af63245d4cba32b61
SHA1 f5cc11e2f57e4d2d32f923d5379eace32bc8cfe6
SHA256 bc019d66ced9447a9e364e18366e6d6f303a900b442b3641b6168ecbbc021209
SHA512 507e9eeacc3e4d6427dc6762cc8950295589e643648c28fe5426c92faeab41804da19a2cfca47a2f38545fa75e82e160369ac3ab4e79836759976f2f9c6cf05b

C:\Users\Admin\AppData\Local\Temp\soIe.exe

MD5 81f0348a0682aeb858d04c00a00fcfd9
SHA1 7d178ca5d7f722e06d60f5f8b56ea527a3e40acc
SHA256 865205837bf1ca68def3831547b521b36534b3bd61f377f6ec850f7a14c74002
SHA512 1188ff0efa24077b34104bfe82e17cd0dbaddb6b70757acaea1ba30eb424632010827002da3c6c10a69a2f18c9d38f8852ca3281bb8e486910bfa7d3c3e713b6

C:\Users\Admin\AppData\Local\Temp\mAkC.exe

MD5 f1851f85e9ed6c9e3d3c42bc5d41c51f
SHA1 964d093d003b77867248cb004edb916447f25fe5
SHA256 520919187f285bd035774301708c6e9fb4caa511c869168542ba6e87647b6e3f
SHA512 5712199baae251e2c78c9421d81ef65e133352ffef569f817859bc2fd01fb6c4e4be894e2dd03904d00383aee7732bba92789248e7e2ba44e3f103b66dd40832

C:\Users\Admin\AppData\Local\Temp\awcU.exe

MD5 2966fb515b9ec2ea99b3ed525d17947f
SHA1 8ba5ec6943506e706f447f36d2a8097f66e3cf2f
SHA256 52e063b92485fc14d41817dbe1cfde433cd8ef30fa5c37734c82605165b246c9
SHA512 9112f9bcdae4326a2492fd764679bba81d154b8a46c359d43e658c638bb0eecbce14766f169b33e681e2b17ef13881808a7133433527efdb74a5c2eecde8fc27

C:\ProgramData\Microsoft\User Account Pictures\guest.png.exe

MD5 346cff7d715d7f658ffb084b3817e79d
SHA1 a7bf8d65c33bde5e151cb163b93aef41b9259364
SHA256 da78703525327dbe2b0ef386cf74fd4de593bf20d525b95825aa9cef383c2c23
SHA512 43f3050b4d8a3417e0cdf00a8b77327d84f6eba85db4968c6d00139255d5b03b14efb574e3289c01784366186a9ec7dd882b544b1c4b69e9825559130caf049a

C:\Users\Admin\AppData\Local\Temp\MoES.exe

MD5 569f6c6d0e3b9ca514f5d9d8a588c6dd
SHA1 a1cee577b380d3a9b3b4933eb696baa4f0360a2f
SHA256 e2c4e27d0929c1bc19cf77e54d02f4137e40a79be27a878986d9441fd9afa992
SHA512 72be24f7517942f7fc2bd5e46fdc41f2beb20a56a07a4c043384c9c3101320ff467c151634b1f946bebb8565d04b05416b67e62b1de96750ca8ce62051457f2d

C:\Users\Admin\AppData\Local\Temp\EwMs.exe

MD5 bafa7ae676af1a77a621a4799b4f6d87
SHA1 d9e93d3fd477d5480592cf8c5309646b83f9b015
SHA256 38698cecdf78784722f72f7c362841c09ada4abf738427fce3a512b55522bf7b
SHA512 76a02b7b197da3846be0e92d37251ec2b803c3e71c36589504745b00ac0ffbdc6bb15a3df0f093d13e8827726755c9a8902765d4fcbe3992cc67b23420d5511c

C:\Users\Admin\AppData\Local\Temp\UMwu.exe

MD5 3cb54a61936dbab5e6687a0ddbfc7be9
SHA1 2ee261e3f0ebd71959689eafe610750ba104b194
SHA256 bcb6d6f6896c99e4ada67e68829222038782fa54c895a389feda9f2e8d752d30
SHA512 cc74b6c4dd866dc9fbddf4f173a458968c46555571f271236117110e69ea895609d2c5bd6bb4d22a94df35b6d26342b124246c265f660ab1e4f9d631f856f75d

C:\Users\Admin\AppData\Local\Temp\CEci.exe

MD5 4cd9364ada6cc4f22d09cf3fa389f513
SHA1 76ff70fc51638383e22ae0671d312e4849074017
SHA256 0c25ea9a90729c587e9776328d106be69b288c2cc1ab5fde0ce0e7b356e5e91f
SHA512 1c888a7eda98a4709c8b2f725f10d902bee000f05754fc61c8048ff21f07785af08f115933a58331b76ba841154390ec3e24b225efe7eff03299082870afcf40

C:\Users\Admin\AppData\Local\Temp\gcAq.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\YYUM.exe

MD5 cc4e60c3a8feb6245ed5a82c1a06d783
SHA1 bfcf0984747160d56a27c9ae8c0b6d09d6fff421
SHA256 44b9e4e3734c9ef21dfcd1855871cb909866a9131ee6ab9dbc633ccd7a9ffc5a
SHA512 8ec58a79794545db26c230300b1c51594bfdbbe294cf632a771165a7dad02f68ad2c6ee17aa9979abdb61154f965d74f593f0e2d88b4d0a28c969404b11c7be5

C:\Users\Admin\AppData\Local\Temp\OAEO.exe

MD5 15ffd89f728da6dfb3bdae997e73fbef
SHA1 bb44145737ed0e60548f18f416bd286752fb5279
SHA256 20cb21e0caf0762a9c3251f467bf4048da727f8a7211ef80ace6db896996cca7
SHA512 4ccd36c52590697eae1b72d48f7dc4e86d17f22cdff65321c151211a0d2c3dda4033eeca6ce8bd06acd8204b99c21874e3f0fa1de39e445ebe179e6fa436c908

C:\Users\Admin\AppData\Local\Temp\OgQs.exe

MD5 7a4bf4601fcd9a03dcc600a633e3e3c3
SHA1 11a868b21de0109098e0db659f19526893a85bc5
SHA256 0339dc9f961f2528e3325dbff62a3969a8b9788a7681d21bee7b64347623e03a
SHA512 d489f14618e890183adce2e3fbc72144077559e9d02b558a88734c4f62d775ebe46079b621ae3e18a5fdfcac062f10bf9543a67ff92be1e8119390129cee6a66

C:\Users\Admin\AppData\Local\Temp\SkgU.exe

MD5 e7e33a5366cbf56360d774bf91370c80
SHA1 5b9c9a6a23e612847a20072216b5d67fb42813ed
SHA256 b05fcdea5eb72c7d4218ce063ee5c69afabdfc64104ddfc6ce5ff68bee1d90e8
SHA512 5b5f6084d9b7b6026cba5bd02655ea0611932bdf284bd33a3f4e1d44818c2bc502bf6d20be15264676cefffa8bcc765c27c73d4b688beb36427fa2dd5a6112cd

C:\Users\Admin\AppData\Local\Temp\QIIe.exe

MD5 4cdb07892a6ac1e7a9853463d0a72613
SHA1 6b9c2db7fa3d6c17a4a9b0b995ac74e920f20977
SHA256 881cceac009b4aaf75f928cd9266a5767eaec58c65aeb680e6b39e7adc8cbd7c
SHA512 2ed339b1b03b25d902491653dd629cdbb534117f70001e71c0dc9a9648665feed93fefcd246842c52db61565b1de428ce37d9560dec1078e134b890d56f04a42

C:\Users\Admin\AppData\Local\Temp\kUEY.exe

MD5 1158f1b792723ab9cad6c6fa0e47a079
SHA1 2f91740f75928aac5210aa54dd79db40ef03777e
SHA256 49b719a1715a9397a36011425349f573ebb8e98f86a4928eb540aa200ed1eb57
SHA512 c4de24db8ae70940a256fb8ec1f8c24b17b3b1e62a33fdf7f707de0c9db6c857038e96a96b873d6b880bed5ee8a4e55ea8f97fd151047324afe7113edb3ada2e

C:\ProgramData\Package Cache\{fb0500c1-f968-4621-a48b-985b52884c49}\windowsdesktop-runtime-6.0.25-win-x64.exe

MD5 165e2369299b7bac3fe18dbb13ed999a
SHA1 61f4e028c449e7c428684731495bd1f991c20151
SHA256 e9ec75f6b14d01d5224a8bb309efcb93336df4597f7e3bacd94823253790dc6b
SHA512 2c1bb7933e8f36ec5ecc316d72e71b246c785b409b9a20af4b8f25b9c427c8ff4644ad7922060954540b5202d5b0db75c3ef4824b2a8ef0f8e674b0ae2e65c73

C:\Users\Admin\AppData\Local\Temp\aMUQ.exe

MD5 7b06b1fd8f5835e1416935a52872c351
SHA1 944ece75b220bf3e267dd75bdeb08c0f42330ca9
SHA256 223afe8bc8a422a02803aeedd287e4a88d98200f87ff6f1350c5e60968352e36
SHA512 401ab9995c3745a52be4cd2c08340966a0df7ed77f52831b97a9d14c2c6eb0ffbc7ee8a20e7f34f74f93e1025697ea2532380e3242b2e2ea5d77ad1a4b2b4b64

C:\Users\Admin\AppData\Local\Temp\IkIu.exe

MD5 3786744e3d98a196ff5320e15e7dd8c1
SHA1 e3eb2ff80807402ff04ba5d291930d7c14cb3a62
SHA256 d9b8df88ad303080970bfbb8ad13af726910e7c26af6e51fcaa67fe4f333c5aa
SHA512 de25cf1f6ea75c61736dcf65fb897a0cb7c307af80d428f88bd7bacccff49c4758eb98903fc1c14be1a6b25bc1e1e0efd93be55b79921f0ac0d5ac710c24205d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe

MD5 bbd31503e7449be8ddf2d4cdf8179d0e
SHA1 fe9f415d2834e86416b4c703c6ca30bc6349271f
SHA256 30b6ba7e25f53b698d0a4210fc4b93668d92bc498822b4026cf6ee637f32b7b3
SHA512 af790daf7bcb38f07f04e8815cf97365f813df5e8f895e4faaa0fa6528211180db9cac87534022f4b98fc42a2c3403e5d25bf8a2a1c6d172f4402c902e0a822a

C:\Users\Admin\AppData\Local\Temp\kYUm.exe

MD5 8d34c0e2821dcef1c1f882ab5e551102
SHA1 966012e6d69110e7e34c8d00bd212f00aae19154
SHA256 4df58bad82d8c2e00db516e3227ed9b0da64bea527988190504769b6546608b5
SHA512 ce644ad8d6757e1dadd7d1cd015778291dba3c2a77a2f083400098a1ff2a5022926f61572177134391130e3c068d2859472102c228a2d18d8c6075c82049bddf

C:\Users\Admin\AppData\Local\Temp\sssQ.exe

MD5 fcfb001f478a2a4fb6a76bee7de33be8
SHA1 05be57b1b6408e6e9847adbcc6856217bf028f03
SHA256 0169add30bb5ac1c4c9be8f1a1265ce825e96564d92c1d3ae52d605b8d239784
SHA512 c98c45f11bc16c198c802f04fe41cb12b5a289c3ee79d024a61e66a7d039e1d03a7a7b8c036d93ab817197cc6067abfb4402b5274d99f033f0972c53a6a680b9

C:\Users\Admin\AppData\Local\Temp\MQcS.exe

MD5 8829ebe2f27a2104a95e410567cc0062
SHA1 1b6e990ac78d8176ba7519b8ee979735af79abb4
SHA256 41d6a72793afdafd0f3b4ab2c143eb03a0cdbd1d3f8411191e33755882a221ad
SHA512 f263e15a8c9dcd2a9ed9e1f9e56eb341b386646debf88961aee15f78c9eb295f93e16ea992b3c32bcf22f5cc190e2c4f177b8a8523e693e5eeab2045e3f8d383

C:\Users\Admin\AppData\Local\Temp\KkgU.exe

MD5 3cf89d1ec3071b778aa6bfddc03dd2fa
SHA1 bff08489b554327adeafdb270cce19415a7b2db2
SHA256 be922bc53482276c82266e0341b9c22a057708351e8071b3c66e1d0c2caf70ee
SHA512 f9419f2d017b1874c06d260d715b836f545e49cccfebb49c3037c9fad8efccecd16a76fbe6a36507a80ad40ffa049bcdf52113b4cb6c061330e58096c1fb5841

C:\Users\Admin\AppData\Local\Temp\MoEM.exe

MD5 a52401a6832f0b600909b58d51654d16
SHA1 4863b244995b608079fb995158ebb7d9c75670d0
SHA256 fa846915dcc7ddc0de993d8db40d4b4cbdf9f06615d02ef5050a95b760d608ba
SHA512 aaafa143d1e257e8d5fe3c00a145afcfaa60dc9c12f0d7baa3f8165d45b1a3b135db21a88021e83a2794562b524e1846e8a718ecc7834353e3dd391dee9a5e5b

C:\Users\Admin\AppData\Local\Temp\swAs.exe

MD5 0bbaab0b63df29fc3199afc377e7027d
SHA1 9cd30c59129f39bbe49f73387f2662e08f9b163e
SHA256 4dc2ef63a8f1bfdd3e1728dc2b88b01c5ad59ae1b38a593201367567e443d25a
SHA512 cbd2d98ba6da4db38a8b920f0d58fecb0de3911c02314256aed3e36c3c57b773c9975ed64125bf249ab0cccb8ed873743d5eedc1708c6f9bba0b747c766a7e1d

C:\Users\Admin\AppData\Local\Temp\cIkq.exe

MD5 bae1776055fbfbe30f4a104d18e8e313
SHA1 eff2842477f04852e8101f48b1099bc061c0e33c
SHA256 276b94278e8df2520ef4f176a73b3767b362c9b8a40f320cfb17c3c326e102d8
SHA512 9cbf5985ef588953033140aa1eabb2a9df7a85e8645748df5730d39e0a1f17154908229d2b2cdd4d9876d3eaf38a64bc46caa4b0411c14d1310896b4a30a348a

C:\Users\Admin\AppData\Local\Temp\kAkm.exe

MD5 38d2eff5a5f2c466cf39a79e53668554
SHA1 ccaa48397a3d036e005bbb247e7b902aa20e599a
SHA256 0de04163c2b00559d0659a5ee4c01b0d70249afd26e2fc62b3f752dd27c9fb3d
SHA512 e76ef242350c429e477c6eb1f00e7fa606df5b29bc23f858d740d1dd4ee193f20b5628e9b47df8aa70c7ea4e9aecc2a6a68b2d91b7a8dedbf20ee7d136dcc602

C:\Users\Admin\AppData\Local\Temp\OYUY.exe

MD5 a73808b55cde2088335ef14ed975e7a2
SHA1 f9d943db8dd1427fed8c2fbaf85f0fd9b830a2d4
SHA256 f7604cc9610c683273ce91925480d58cc54be0ab2151f0cfcf2d9109d13efacc
SHA512 7ae72ec4392611010c0616729db4baf91a9c3b5d0a4d65646bab7011a5036dc8f26e8e7fee79c8cbd2cbbdb2e5488eacc0bbe9f0315371f5d0be11c948bf1381

C:\Users\Admin\AppData\Local\Temp\cQsU.exe

MD5 0299a05ad44cb5ce51f7a6d70942b018
SHA1 cf198fc365057de8cf7299b37672394f47cdc1e4
SHA256 ab74294b6ac2572d4e3d8276d66d3748630c15d53ae4aa5931d3cf4c4caf8351
SHA512 b0ebc1057aa317a45473ee193b8b5ed5e2c3a6c70d2524a7024b1f65b0723d4c6ad598f0e8c4248c28b8fe43193241bf6ede15c5bfaf9be3b1cea7a8a29796f7

C:\Users\Admin\AppData\Local\Temp\ckAS.exe

MD5 527689389e73d20772f50306024298b1
SHA1 722021996a925c3f70f0c6cee1f8540d2160a8e0
SHA256 ba56db1839325dfbc09fc3940e902883556386dcdca16da31dcb31bb96a5f709
SHA512 671785ecb449f107391af500fcb3c4c5a376c28abbf4728b372be7f007e286073c5a99e26e4855a5e00b9b9522831def936412997dec7eaf475fbe6ffeb88138

C:\Users\Admin\AppData\Local\Temp\SIoY.exe

MD5 d0b71f3b9e9344582da3a35f576210d7
SHA1 b2c4cfecb64e83138c717ec3f3078344fc17a296
SHA256 dcc6710545d46b6309927502ec1d0027077d53d3f1f1dfc5e1d7806d9e9e5622
SHA512 f08c090cdf5a0483aa51adde1318358b4006f5a80e8ca0b6942371b85a4f503244b5d4f2ce6992fe735c5ac16294d498a964bab96d047841fb1b6c407f4b5d51

C:\Users\Admin\AppData\Local\Temp\ywwK.exe

MD5 6cb141352b171d85ef9814bf351fa21a
SHA1 e30bd5000ea09b73fe2257bde5d30a1e9379fe94
SHA256 5d1d130d7117a4dc48c532cfa4fcb5ced8220e679e5ab01cc2cec4b0da4b9209
SHA512 0aa845385683bf82181881ada39c21e14eeb4559c96e50c6568593d7eb9a231ee7d350335049b12734ea9741e8d021b611aa6cfadf33b73634ee67706c09fd4e

C:\Users\Admin\AppData\Local\Temp\eIge.exe

MD5 b2ceab15d1adafedb4961aea1e15f790
SHA1 f17bf9eb6522a9f639603a1a328e28fe8733bfeb
SHA256 d4cc71d8451f9d1cc5607a99a563ef24dc2b29a9d4d1106c38b8c774ffb27a5f
SHA512 90a79d272b137eea970b6e487d0ddfe05471ad65a26009b82b08de8c65b2c62de8f1c009742f183e9aa2d24796cd855daceb145f41b1c167e29e31f72022e0a8

C:\Users\Admin\AppData\Local\Temp\QQYo.exe

MD5 db394fcf3d99157393151e98efc5eb6e
SHA1 9d4a3ae68c920bcead8651af0e127c7d0db52915
SHA256 27d01f74d2c69e916ab6dc72059931f148d24835f60d0b1361143aeb1eb5a2c5
SHA512 a6532b1ea0c2945b94094f5c554e859b539cc59c4038bca7a8446b5b0e3ba5a76fc02768d4939f24cb067043763c0967a341e5b9d9e95b6406b29ef294a2904f

C:\Users\Admin\AppData\Local\Temp\AAAE.exe

MD5 d0beaf882b6e774832fc73b1b0e25dcc
SHA1 15addca5d074ea2513af8adcb34e601758355c68
SHA256 3d66c2b2e300fdc88ab1bbf06c646cd9e9380b9e35e3cdc103910aa3d4b95c0d
SHA512 9843e49f2aca5764b4abb54a686f3060fb986e58230015760dd9124496f0935de79dc85d9841d9a2752e1c35b0d2d5e33089cb3aa69df8516360554508bc4c3a

C:\Users\Admin\AppData\Local\Temp\ksgi.exe

MD5 7195138aa0bdf21e7da954a8c421b7fb
SHA1 fd0b7b6eab5bdc0c9781d128f5b1df26854e8313
SHA256 8a8658528504d930a4325ebe544bd2186cc3b7a31dda0b2b02c7e4946530a000
SHA512 857b3aa8b1d6b4937cc5649409aa31a3b45db9967bb176e4cb334b097770bfa4b6596a5daac9f09eade19063fbe4cf8c81763b834b3788ca70140f375f7740a8

C:\Users\Admin\AppData\Local\Temp\oUwq.exe

MD5 231d8adff5dcaf80997dbed8dadeb57e
SHA1 0af65cc30f38378ef6992476782ce869ef3ffa93
SHA256 ef76e8b39f06dceeb2772afa239f6d8d6341fa43cbfe2c1115dd4869e0f8376d
SHA512 e4b10884c1f79b01052044927baf1d03a1877d768411dd1ce8b404ca723eaf0d2781711a820dd485f7085aa24455be007cb6eae3eb2b6503af5b3ba3a65e25bf

C:\Users\Admin\AppData\Local\Temp\IQcc.exe

MD5 b0b2dec492d27f1611d9db2c97fef3ee
SHA1 671bd309c26e31afba8ff0bb2e08910843683f43
SHA256 5405316f86ac8a689d3111236d8621d1f915c57c8ef4013357a38ff397b28e68
SHA512 9b7939777e8071f0b2fa6dd24f7a1ab3521f33fd922c546e7a506acb659697ef257c8e8f2e6e4a4f0e673fb0975bff12d7310dbb3e036b581c888ec9be9bbd8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe

MD5 8e94b908263bec4a7529ab058e41d89f
SHA1 1b10d281d4031c6dc9406191e082cf69003786cc
SHA256 10bb4392188bf89ad62f958086d563251bb5228267ae4d21267e1f9317cb4495
SHA512 221bbc76b0bd39112d1aa9c06484daf2ef1ef6ec44ad8eeb00ddeedd8c89e5873b0759f3df06724483f44a1b58764d0c974aef9eabe49e771c4fa6accab857a3

C:\Users\Admin\AppData\Local\Temp\kgoc.exe

MD5 c6a93bf4ab42ed2e0263ae0ecab4c494
SHA1 5a440d05288c58c610cce3dd527661e4a2db1bf1
SHA256 2a9dc4c3f6f1bdc91084c9c2df6dbd9dab5c45a49a439dbc6d53d2e9d0e12130
SHA512 7ba47d40c5103d11e9fc2cbe24fd1f1e3c05df536228421ed8576c2b444795be8c1c917b968c53c8d9eed0cef646267aa1ba3dc838307aa8b27aff894c0f5a88

C:\Users\Admin\AppData\Local\Temp\mEAm.exe

MD5 4c475bc5562f2e40c885f71a70984407
SHA1 a4071c616bda7e2fced36af63d2b1d42c77da5b7
SHA256 e9cecc4b30347be9108b93edbe97a7a7fd1cd91909cba12aa4168b446446ed81
SHA512 482d8b352752b3182d85ebc804dc16d7e7e81ca3f314d352ee4111309a00deb6be5fb6e710270cd5eba690c34df7a27b63970f9c0a991e4df0112a28eb05f9ba

C:\Users\Admin\AppData\Local\Temp\YQso.exe

MD5 4e6a7208b5576741b0982d52bda72018
SHA1 6fd15631ef01ab108da8a962f900b421fc6c2490
SHA256 2ea4d1d94b0ff798d86a1ab6485c73babc7739571204c7809123199b62a9c833
SHA512 ba52985a2be792099d6141c3fcc94e8d3798b313e04b865b82fd324d1e2b6ca3c3ef1e661311b30f0f3ac0f52fc717c46393c317f3d8304e9e95ed04275fc149

C:\Users\Admin\AppData\Local\Temp\eQQS.exe

MD5 5d229bea739d3900db3e0b39f8fed147
SHA1 108b31e2cfd3ac70fc9dd3cbed24c95020da76ff
SHA256 64da723207810ed808294c16e8159e62d4c6e6af5a2dd4fbd506d89f70950e22
SHA512 7c37ea928ab94ba5e791689d5ef0c841bedaf5ca25a120b8b9436dac2006e39ec6123551e91144236fbc46e7e58ce5c0655759fe8476819757ca45e48ef68620

C:\Users\Admin\AppData\Local\Temp\SYsu.exe

MD5 1f02297fb665a2bf6274ae03c33004d7
SHA1 ac73676cbefccefcde8e501ec2114bf16f72f102
SHA256 e128700814b2b1e1da9da072e7bcb619c8bdee9ed0ce53123f8f7329510a7d30
SHA512 f3583267c2bf8f21c599f0277f2ec84cb8c8c235a9d74e33a277cc8d9f345475266a5e2c4d7c97e45f11f51c43291bf653f4a596eae4af8c05e0391869043fc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\128.png.exe

MD5 79f5e9bc233bc657266c9b148e8c5407
SHA1 220a27ddd9957d0f6df9a16653a79c67ddb22216
SHA256 78eb333ec5f9ac1050428341c98a05bf60e1f0d1748b2aa183e2063c657c5a44
SHA512 c9f36f88f12fa68e819776f50ed2b15d339b52b6622f270539d6b6c66ea16373d24c8392e7f129b9c3995cf270067afade08c37ae5b3c086e6cded7a7c49cfa7

C:\Users\Admin\AppData\Local\Temp\AsMW.exe

MD5 28ccb831052798ee444fa965f4a62992
SHA1 c428d02dc6db6f7309e7dad5f9f01cdeeb3111a4
SHA256 ba828a741093eb32a92236698ded21b86aa37cf9daea4cd75478b3f077225083
SHA512 4e66fd45c3ab15b98e37524aab987ea13e48812098210f194404ed0b62d091e80cadcd23e263307c5538dbd09941d91d4f643a12d88ce09945ac6c79e9408ecd

C:\Users\Admin\AppData\Local\Temp\cEUo.exe

MD5 8f6eddbfd1318cda22b4ba6fbac05af5
SHA1 8c73aad676bc14ba64a114fc84abaa1f280138bc
SHA256 1c3860f201c0a51c48194fc62c9dddfe15f271d6583d80d9ba73087a2716ab65
SHA512 ab4711e39ae5d18c0b8201c68e895d954e120e96da428e89b16df62fe9fb2763220059f89e9972e1673da0f2ac5a42e42102b928430b944db44a921bb714cee6

C:\Users\Admin\AppData\Local\Temp\sAAE.exe

MD5 25bf36c2fbed92406a0891f66258a1e8
SHA1 e61aba14c0464dcf926d314d8d7b62ccae85568d
SHA256 2e385e119e054b8ba98e375340e70ebc7abb35db9dbde61b332c73e1850502cb
SHA512 a2c24b2c97ef082eba88dba34f59d5b30cdfb8417d24d20fbfc31c7a959cc36450e03fc1129d750dbb7ec81e8725e884f8c2d5725c591a81a79539a4de2f3324

C:\Users\Admin\AppData\Local\Temp\wUky.exe

MD5 2dd4e291d1405826a24a094f0fa3cd5f
SHA1 69e0fad16c55e96be5a1ba272d5b5b6b0ace0158
SHA256 37996c2df15fdda4e214ac1aa37a6df768feca64d2fb41f2935d6aabd9328851
SHA512 ee37ebf600db5f75b0ddc31771493ee973d9774c67e398b534c959cf9db1b5bb85ab806fbb8941b9f38e72cfaafb75638e1c9dc8c811453851136001aa3d4469

C:\Users\Admin\AppData\Local\Temp\UEAU.exe

MD5 516f7ce24bca7d0ffb4d6be9d5b54f6a
SHA1 cd5ae1bb9856f176f9d1ef45c597bdd405eae581
SHA256 5074a3dcac723f71454ad201e323c1b0228a699aa85cd2e9e9ab7a15a5883f9e
SHA512 d60e065c7eab83067ce1e9595376f664fe04a4e31e6f0952006c866bb06fbf579b4d796d2c787996abd8b7a842b0bd0c20d2431e0d7c98adf9103dfac716b959

C:\Users\Admin\AppData\Local\Temp\EMsY.exe

MD5 ee95c2a7465429c72fac7c20f9c6b467
SHA1 91a29e70f483dfc3969877fe133861a028014b69
SHA256 568faa1244309f1eb954b77aeb72a6e2e8ebd2a3f825a1d8095d35dc97a81638
SHA512 f54086b6d460b8e7a38f8c1a068eba64bca63fe58c823e0cbf14ef3dd80e60e8e5212e8ddb2f3880c19c2fd4f4d11aa94767b2e9fa600b04bcc2f1b919345708

C:\Users\Admin\AppData\Local\Temp\OkEK.exe

MD5 dd8632b878ec598e202dc3e43572a6e2
SHA1 6499db2c1d4a4e0f0aee1dd48e837af71e58ee3e
SHA256 17be99ca7e66f4cc7c849d9280bb7b85c0d91d3d878fbca3b0f53ba3eb6ec25d
SHA512 105e17fa8af70843fa5aadc6388c2f71a9e2d884c302da4fd0a157eb8bb4f331f533b2fcc763f3f3b29e5ac25b04a2a714d89cc56b7a733d7707b48e333e1952

C:\Users\Admin\AppData\Local\Temp\yUgC.exe

MD5 6cffc8a7b2e30bbab4c03e6f59e49c1b
SHA1 08ac2b63d164761847af253f36bc60cb9f5d916d
SHA256 0dffad552fe45f3638b23c22beafbbfe7c5722af1c2bd2f9480af42821252424
SHA512 150b7c186becacc92bbe12c81ac89ec3415ac4c729c6d6c86aad55444e7340ef8db0e434df70e57714b41a79c87370cdaa1b18a6afb3abc9f3c66e48a0af80e5

C:\Users\Admin\AppData\Local\Temp\yUMq.exe

MD5 a006a0e61ab6fc289486d93d5368b6eb
SHA1 fccee77fe24fed20882b5d7d284a0f1c54d2861a
SHA256 2660dd440aef79c17560a7d1583d3765dfbd81d2688a4fc9c1cf4dc6f7fa6d52
SHA512 660d328b801f264b324da3abe5fe4eddd60ed403869e56479aef88e119571050af9bab053dc74856c18d73a8c7929a283cd3df80e5fed084a760c1e3b03488ad

C:\Users\Admin\AppData\Local\Temp\MYYg.exe

MD5 1fb9cfb15637effdcdab9273518cab7a
SHA1 cdc9b0d3459ce9fbfebad0e4a008de37ee35d307
SHA256 6c43e6b7036f720f3eebde6b839e06ad84275d93249810ceeeb1d82fe6952fac
SHA512 e2be8494e83c8d00a0902a4c46ec9f2365b56fe0d6070af65eeeb01389be3e58f9f47058af2bb73f0ffb45afcd2ea8d650718933d2a58079dba00c4dfabdfe40

C:\Users\Admin\AppData\Local\Temp\GIUs.exe

MD5 331eeed5cf7c978161cc335d38557590
SHA1 5164d6daa68d1b207f84a35ce3d44f4eed8c5a94
SHA256 4566429e594bdc0c90b4016c23e2df05abfd0293f9c8e2144766e0268f79ed1b
SHA512 7c9e8436a3b9439b25d8505a36608b62e988c30efe9039f042482b3c97c46a0477002ad77f44f9db2531cb29cdea8a7abbae6640bad8e15258e4c71d2ab061af

C:\Users\Admin\AppData\Local\Temp\mYMG.exe

MD5 b1e7fb41ec3b74a5e8693fc4eef3181e
SHA1 5e2e80f6d024f0dee26a1c8a331571882e567f1b
SHA256 b66d5f59807b33a5c6004bb84ba835dee277e14d9e602f7a835424da5d5281d8
SHA512 7998f57912f58a8e2542e9cf4f92613a9b64f2ee0f57480ea2b5b557887574050512a6563bd863c8c49e6bad3f047dfee010167fd6292c06c3f9a465e9814e41

C:\Users\Admin\AppData\Local\Temp\GIwu.exe

MD5 145191f2a80a6ae392b16f7e19849624
SHA1 a1ebd03ea85845829e05ef42224f97c875ac07df
SHA256 8d85821e6bd90dabad25bbb5a001343d7b2cffd84a26bafe10c8ebd4356835d2
SHA512 b8442bb1e3416a94e039bed59632b3047e95a9423834796e1b5cc08caf04c29250927cfde6c1464e109ae6396c43552901831dc6fd1f2c5bd60d05c5baa3f3e4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe

MD5 2039174b537051c755e6bff1ad8ee76d
SHA1 881baa972c2dc83402af88952af310dd82f68c1d
SHA256 3d399faa47258875499b7238b6b8d471c7c955068919ea0e3c930d4e41937588
SHA512 c9dcf1a4ece2716c16ddecb143dd5e14f84fc6ca039233d518f98e02f542aee63bcfe1f0ed4ca9c3a4cd2c1b80dd026cf9ee7ae4f9e11b9ddc0ef6758a4c9e4d

C:\Users\Admin\AppData\Local\Temp\mYkm.exe

MD5 f774594a3ea9bba8f609f1a5f8a23838
SHA1 5fee00f8fdec7fbbdbbc7a1bbf7c5de4a5ca6d9c
SHA256 f2f7315c9c697db6a2fc30ff7ff56f3c39ff9d8002f56a15d3b378da724570c6
SHA512 013ae5b6b9ae1e661903c0e97b603fc2bd778f7eed5c27eb55a23a2a24190e2ebc466cb887f9a8283ef3dac75f5cd8c9e30ce9d881b02b4f71c6de5be0403e86

C:\Users\Admin\AppData\Local\Temp\cwwi.exe

MD5 e9098e00c223a7bd4cf14fb87c32b08e
SHA1 1d30f52ab923594dc61aed80e7c60f72c1d52e41
SHA256 8428ee8a9c4c54a9e1e8fd4e839261f9543f90c96ec20f330e5b8c9a9a0ec6a9
SHA512 b8fcd311403d52d566e1314e41075f12ace63ac642f28450b5653d51e3384e2a4f1b0cdf26fa1e6c4f01bba60701949720569e1b5bf8f4b2fa2107fffccbbbae

C:\Users\Admin\AppData\Local\Temp\GAQi.exe

MD5 2c84f60658bf033907d77dee4061ddc7
SHA1 57cf1257857c9150e15e709499a871cf12283d2e
SHA256 5147164b8ea344374ac1d1162decf46edbee207afac1f97c47019b481601fba1
SHA512 a035d856779e5a440b903b971b5b5819019f956e74e47145517a4932d71db55bc2ce28c1dc4c6fb26cd6bae35d4b8dee6b17404b675b810abfc59676fa68c554

C:\Users\Admin\AppData\Local\Temp\wEQU.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Temp\CMkk.exe

MD5 6dee416212506eb2513e8fdd45efcc25
SHA1 9d9769d159e499b02785e34352bae01e700061c4
SHA256 f2694347f03e359c99008179202fea0bb28c39644622be292b7a17df351178d1
SHA512 ec1a97e85224969548b895658dc72deca5e4058b2915361a7edb33a1792749ab6621d7a48fdcea0390eb19ad7dfd4f98ade87e289fbd02b2a9866bba3f50ffcc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe

MD5 5746bb593b6c7b8b0b16953eaa3c8f96
SHA1 578e157c49e8485c5a82de87560fad11f3337cce
SHA256 c317a1b6aa033553b58bf7817fcb27329d120c8ce63e909684475a0e4cc79f3d
SHA512 cae4d73d8426163a386f3d5b9345ea0d74036e6ae1d000701622bc10919eb734b7476f712491aac7b1ceb2ee14071a7caa6fc04b10a498faf1dc86320c41e470

C:\Users\Admin\AppData\Local\Temp\kEQI.exe

MD5 de85a22d0b258629108e9458036dd6a2
SHA1 2bef6ea0b7ee2de09e69eb431450eff67060e04b
SHA256 1fc577a66049bc0d641f2f949edbce580b10e18b71e4b273775da1b56a6da6e1
SHA512 d3671f65978230c5e82c6454bef029ad0b9e640801ed73f113913b578b5d7bdf650e28fbcd56a05b9fc94b507d0ab4f8a9841a52028e0fdd5097044553ad7360

C:\Users\Admin\AppData\Local\Temp\gAgy.exe

MD5 d1b90bdbf3d1ccd134cc251a2bbb005d
SHA1 cfbe5c6415095b80bcb46dfaaa3f0d786703369c
SHA256 aa9a4e6a4423e81782ffc2b4dec840b329fdab0c2da012819e9739d45c45d0ce
SHA512 66f5f24019f151724b0fca2e78417a7f8957d3412fefca47922e385513fd224d6b0b3752d7654791fa1b4040b2d2d2fd54be9194ef5b383e3a848ea908cc31dd

C:\Users\Admin\AppData\Local\Temp\wMQQ.exe

MD5 7d3ea5c480733a0b2a3345378022d9e9
SHA1 62d526ba1c4e8467bc1a982043e83056ee69765b
SHA256 8823f902e5a95beebc496908ac09708fee529082d7224f2bc00faa6e3a703b18
SHA512 41aa8522026c8bd4c244d8489274f67421431ce3454d51fb037c08afcc84da606156f02cfcf8d9cb4f947b395f996f6d06a559eb644ea458d7ab9c056edf190f

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe

MD5 a610b8d17e14c7b8fd310624dd497401
SHA1 929642320b28c6f88b36cb61c36ebb277fa3b270
SHA256 8c98b367f41d8676ab9a7edebf96c3279d67402e7ebdc6466e11df872430ac00
SHA512 e044ded69b7aa80a4d40ba2b700c08930d6cb49692fe0e4125bc3644649790910662cda8af6781a1a95a9833fb776108c91117e35111662b2b81a910294c88b9

C:\Users\Admin\AppData\Local\Temp\QUwS.exe

MD5 e79db19e3cb6e244e92091aa0e090247
SHA1 851237f89f8ad1cbbf114706eed425aef5dbb63f
SHA256 9a1b6049b9d2b4cf98dbcd242a7c6621180a1e0879900f0151b4d736b3d7ed6e
SHA512 a0e7a28e9ec8354caae8b4b430b94a89d001315a4745686b3b7a9493251ff0fcc9ebf2cec3d655233ecfe6bcfb3c780e87e756975faa13991901cc9f7aaa69e3

C:\Users\Admin\AppData\Local\Temp\uYkA.exe

MD5 2a7136c1ff123b42992375dcb8a7c1fa
SHA1 d5527edd1e4873779eb90dd1e40c84f2518ee1fe
SHA256 610f33002fa4756ef2f8f81e1db6fb463bc142783663a8c4157f2cebdc5faffd
SHA512 d90f21476d7f9cc418b17c781a47aa5e99a36397c0d480c352dc4545399f04dcb2d88b430112d4c84a2a8a0c4665c877b051e5f69723cbe33980534923e4ea56

C:\Users\Admin\AppData\Local\Temp\GcIs.exe

MD5 bc61caa8a8d8d4294fe068df5ed1c613
SHA1 c6ca5d316e890ddd7009d2c1d5f59c1539fa97d6
SHA256 8e7af9364235ef55c84fb0f6860430991a19dd750c8d0408d5202c5fe86f4322
SHA512 f2af171e49e6506e7e7c87952fc8465247ab609477a44a6e2a1d003cc129a50768fd2730fcc3768c71ff85732d6eeb1f2ee53f1d41e964400acb13c6ce0e8ee5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png.exe

MD5 f54c477b71839e6c125e94c67c6b49fd
SHA1 cfa8b745626aa360305b96a58cd21911afbe3fdc
SHA256 339d8a7227b2c91133b84a798420cf2a2eb29c75e0f4e8ceefa0f119e845b10d
SHA512 67b2ec0877c9d04dbc009538f1899144b52050d77f791b12d0198579a8fb68a9058f10d00afb9b878f44df772c9cacf257500693bf194c11301f36a8dfe967d8

C:\Users\Admin\AppData\Local\Temp\sEkg.exe

MD5 01cda77da3d0ad66503510e8f09742dd
SHA1 6932cec394dbee9a784b9bc5e22c6e7bb38787d7
SHA256 8316198075680cc1b8db77e338608ab1758b653666a1330dc10b3666b1d889bf
SHA512 48ffab651088e37aaed2c09334155ac344fd3789ad203858d3980043cb2b1e043ec697db129728ef5e6544dab6a66b3fa526cb01a3592a8043054ae96702e807

C:\Users\Admin\AppData\Local\Temp\OoUk.exe

MD5 d0b9a96f996007665e2314e424047c96
SHA1 af8c5e11e42e46ff5e862fa17579a923c14007a7
SHA256 eda8f6473da2cb53c8bbf5091800c428a95602fd68edc70880573946a68a5585
SHA512 cf8e18aedb5591b2bbdd8a0a2d51a5d9362646edcb8c67081c9db3b44eecc8048f6b5b7c9b1f29300fa6f7e92b4f9bf9e0b97de31d5009e1044d1083e8c7c5fb

C:\Users\Admin\AppData\Local\Temp\wgAo.exe

MD5 180f47cc00a5464c3c10db30d91d0ec9
SHA1 6efff297b80a83e3b50404d2e3d68b71c05608a8
SHA256 aa5816198fae0463a56695f27752aef91fd598a6c95043d6cdc5bf3c71febe30
SHA512 0dff2287e015ce62cb66e96ddbb7ab3c4b11498453f26587980571c838c87d64af77fc55591d0ea1ef905966a78488b290f8bb8869b6268e99a29c3e1e610cc9

C:\Users\Admin\AppData\Local\Temp\KYcK.exe

MD5 04bf926f4adc8a156c4f2113ebb0b3a1
SHA1 3966abe326bceeb36841b34e8fe544dfa2928756
SHA256 c994a5806b7c1f97a5ce352cd9c7dafa3f41b0269aa531e1a6b40e13a5bdc6ae
SHA512 b0e49a2d341f75fcbfa9f756f078ebc0ab8712c66b5436b9def6b163792b134be9d1705bc56d3a96396c9a5bc4dc919751ca8a17ac012d5c0dad6ef27f3a3d5a

C:\Users\Admin\AppData\Local\Temp\MUIO.exe

MD5 55436358d788355a11df3caa1921d6e3
SHA1 b3fdfc8ffe094259eb8c3e4d469bfd38ff2bbe9f
SHA256 a4060402b4624b8599941fdc3477afde35504c8258935a848f46b2d6a346ac8d
SHA512 8d969c69072f5fbe4a8d61444db8f2d149e781406fc1b48976c547e641cd8e568dc49106fe5b9de5c17d491e6f305cc8cc9d3fae6dfb1cd95ea6e664013f9e10

C:\Users\Admin\AppData\Local\Temp\UEAC.exe

MD5 8e65dc8b8ff901d0a7d8b9da8f15c416
SHA1 1cf054346475017b2983b291caab9a2259ff29ab
SHA256 ea29af5cc0f5fc16052c2484639ab5ce84abb96fb733e76a4a71f253b4a612d9
SHA512 d09b0a0748699bcaa7121304e24b7e8c43023a34996c438b54b7773948af9120fb13d7db9844e827f8f35c7acc51aa9016eb70d985a2ebdb783671e7733740d0

C:\Users\Admin\AppData\Local\Temp\yAgq.exe

MD5 3ff31c54a2fca8ca4e8ee32c848ea461
SHA1 b229b99843bbbfc170f87e5a396e10f3eb41005f
SHA256 f0f2d0a89ab2a17cf015ea735eadbf5a7c6d8ed108210ad2ddf555f3e0217695
SHA512 e0ab5d58e73583fe95de463d0f3d9c48e5642f1105014cdae0e344c37b11b43e82df61d44bf140a655711150a419377dedc81647bee637d9590bfc9d2c4fc486

C:\Users\Admin\AppData\Local\Temp\gUMe.ico

MD5 d07076334c046eb9c4fdf5ec067b2f99
SHA1 5d411403fed6aec47f892c4eaa1bafcde56c4ea9
SHA256 a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86
SHA512 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd

C:\Users\Admin\AppData\Local\Temp\CUYO.exe

MD5 bb9200d87cdf1502bd7444efab29cc53
SHA1 487b25cab6210249f21eb02586ee35aa8a254bf9
SHA256 2f32a7f1d1f20bdf2f8bb1fb7210f918c73bb2e09c3bcf58be9dec23ddbc2ae2
SHA512 fe0c6dfecad69c760edcfb567aa62fe615216bc36353c8aec049afbe8ed863c4d584ea762823560d243ec4ec7d75bacf943aa7f36e2b99a34cbef179af6877f6

C:\Users\Admin\AppData\Local\Temp\ckUg.exe

MD5 08aadfd192d60a34216528ebaa1f3ee1
SHA1 43a013b393ab6762852352c99101b356ed85e768
SHA256 16f72fc533b34e101ec2112c4dbbd7b1c8877e381bdc6f48cd2acd67bbb03ca5
SHA512 5b95edc62d079f1df2d2c725e3ea7cf9a9f9d9bc7244ac13eb1834384b761c9a75f980e8d05ee2bcc0b57a848d8eea152bd0e96b3f0ea9aac149edf68547b886

C:\Users\Admin\AppData\Local\Temp\CgIm.exe

MD5 fd0d3fa347c931eb7ca874da463b44e8
SHA1 2f38570be9316426e4671b6ac169fa2f5f00a503
SHA256 95bca1733a67749bcb6774a64b53e5d246962bee0cbcb2d8aaf78b42186d69ea
SHA512 b0fde67a0eea36f2b18ce33757b46dde69da2afd931bf69b9378d145a24d33167f72ec476b9652bc58b749b3e8ded6ed0aaf78e6e71cbcce20d9f358d399e184

C:\Users\Admin\AppData\Local\Temp\QkAG.exe

MD5 66d217f0c0a7be7f118217c74f986d45
SHA1 04d139d5ec163d16430e89ee5bda3e17722c36d7
SHA256 d48ae54af3f6ff1656bf3b0198efe5bb19e1f1a30b508935293c5d1186f6a1b0
SHA512 62523f3444ea87bc8b5223653010265bb65dab977732cd9a21d0205a31e324255901da33fede637838bb1f2f7603ba764ee6f4a00fbcba0fd05ccc47c9bc7bb1

C:\Users\Admin\AppData\Local\Temp\Eswi.exe

MD5 85c6638830c6d57b00a2d319ecbecd89
SHA1 3d282a029ee8c32ed66a102b1f80fd6e1194467e
SHA256 e8b0d6f282984a7e3b9002da13143a4c908048dce2d49d0719cb89c52b38ba88
SHA512 1bc1788021b84960d00576ea2b1e31a635a31e1144f74ec9b45e5d4ebfa3df56bfa8ffd0fa0a04ae2b5d7e8cfd0e698d1d38deeac9f9a92ed169145e9f8e5878

C:\Users\Admin\AppData\Local\Temp\KIoM.exe

MD5 08bb6aeb12334be1a23619f91242c201
SHA1 9d771d8395577eb2d8585242b16b97d77cd97aa6
SHA256 97e42980621e7fbe716efb517deb1ad8c59a94e0cb5b61b4ffee785c46d0df66
SHA512 bbf52208e9faaa5c41bbaa092e6e1f2f10754b4f966f5eb0d7d8883075eb7a53d49865821ca6a93f0ed01ddb92bf392757dc9cb0c1761dd2662fab26efea1247

C:\Users\Admin\Downloads\DismountMeasure.png.exe

MD5 f82aaa43d366cf7e92909de7cc4d2471
SHA1 87ca4bce18a88cc4ab964faf44441ecd0d0687c6
SHA256 f1d59f233d53f651cf647df275aa887a0b02e979cf1ec49617247126f2d412b0
SHA512 d467b3a5db80cd1f1ad88e41e4fab33e43f546ff18206fd28d1e8dbf6d5db2fb78c390dcb1ec4d65b7ad9f73f54081f707ffeb51466c528d206fd7fcbe0d7bb1

C:\Users\Admin\Downloads\SendStep.doc.exe

MD5 7b84b9835abf71518fb76d6193166c87
SHA1 edad9b6289b556d09ed461af4e38bab3120eeb3f
SHA256 f4db1bb11150fb416e2c6566771dadaa8fbbd6adc81af34618dda5499526c638
SHA512 74afdbc7a77324f550b3168943d355fb9849e41890d8308f3b170e7014b59a42d1fb4c2ab235036504f1a34a07cb78e430df6e86cafe0d39cdd8fcf4e2f81ad0

C:\Users\Admin\AppData\Local\Temp\CEQC.exe

MD5 510def6c8a7a01c75bdfec5b7bf81745
SHA1 7eeab4992609efbf848d982d51becd8fda61d0cd
SHA256 c7b9400e11782144dd11a98f0a02bd15336979226175973dcbcdd66f4fa300f7
SHA512 34f30d06f414b28bc7cb1dcaf7b9655200b8292f47904890719dd463a820946559506d7ad4d14e6ac31003c0c8e615ffbd50f957acdda2ac2ea0b10b1d2a50ec

C:\Users\Admin\AppData\Local\Temp\GQUm.exe

MD5 7c76f10d7ef0e29bfe84383af673471f
SHA1 c53b371fde837d19bc3711b112495cd017f4c3a2
SHA256 39e65974b2004f82d4fc1ad6eca2535a61fe967e48f595f6520cdbdb4eb87e3e
SHA512 d2176b31062de9a21bc324942b4410cfefec4c0c4c3a89c94dcb62e7d49aa94810e1185b80adaf52ab80cb9f4ccd54de486288dbf1f3b5f0f182f0a2b9b64c31

C:\Users\Admin\AppData\Local\Temp\Yoci.exe

MD5 23a251bccb7f25e71db80b80ca0e1af0
SHA1 10ca70cbb8c001746f1e28e648b1c8ea7b2c7ed0
SHA256 742d382d85f3dffbf0fe367aeb5037feaa00fb335eb6a6b779d6929987cd75c7
SHA512 59f957e88f06a5874d635ec8fc1045cbb595f667f9b3f5f5dc97ecb494fac31c0edf33b60302bd05baff4b95099fa314f27707df1d48230fd76e1aeafc43a4c8

C:\Users\Admin\Music\SearchApprove.jpg.exe

MD5 f6c85812dfa43791e307c43b9723e859
SHA1 eb70b3c24093412df6c460dc985a95ae6c5509af
SHA256 2379b8b2889466fcd0aa71346583091eda401cbeec1a4347c85b7f688434d8d1
SHA512 b28da46c3e83a321dcec5285bef5b7599d40023b3afdca66dd0583b6fa2db49b3502cf1cb4f7c64caffd6dd880975262a170fbec0275e5e1b13e908dfc2f6889

C:\Users\Admin\AppData\Local\Temp\Osok.exe

MD5 97f23925f51c14689025ac38b6d4cf6a
SHA1 005e04571e66247ae423d86480844b99dccd0212
SHA256 7aad048199f003fb3cc41ce1830dd82805fe9740b615fe53316ee3c2b5b83c50
SHA512 09597088592ec3c6f0d2df6d43fd604940f369d840e158351571023fa3a7bbec236174936fc3059fc3555866708e15a3ab3527bbea294fa1fb5ef5cc6e47ee4c

C:\Users\Admin\AppData\Local\Temp\sUMc.exe

MD5 5ae04347670628a258e7e7607430de21
SHA1 a23d567aa327e10864bff20e881b9ca19405000e
SHA256 3f14f8e77a68a8e3bc9fbd4fe1ea7c85e495e1422525a4d0a4ce27188fec14dc
SHA512 403c4fbf33f5694121889e58d3e59e9e847800e42ae8860537712b9a50627a6ee6882e0f9074ee44b7c9674d148721d79193aa2c984c016ae6fd82460c6fd898

C:\Users\Admin\Pictures\BackupMove.bmp.exe

MD5 6ef893bbf159057112a26338c73d4836
SHA1 65872a26adebe72eb86afd223e93bcae6e486bdb
SHA256 63f074085eaae94ef940fe75568417e58f0425ec9d85b2b3e605b3de7012c8db
SHA512 151a03731405b0574e491e284583b66c032b06afd87dfd9fca9d54f0086f368375d14ac28191d4ac3825d0e1e0b432bf66270bc5e39b957bbc2426e5440e9375

C:\Users\Admin\AppData\Local\Temp\QgIq.exe

MD5 e75ccf833fab4ad99c0dd7085447eaad
SHA1 bab84cbc3c33b619c602c667e6405e072a1f4a16
SHA256 91346cab9a38f8cdf718cd9fa2ff94492de4676967c4fdaaebf19af0b77f8f74
SHA512 6a42ece0da0cdf21abc60f7c81c28a9bcad1b6bc4c93aa123606831cef0917c303d67d699f048ea0a3a37aba4bbb9ff06b0392265808c400558ab5ff633e7091

C:\Users\Admin\AppData\Local\Temp\CMUE.exe

MD5 cc36c79186c3cea618b182e0daa65c14
SHA1 38faf7b7139eadfd581e073da9ac6780bd6421fd
SHA256 769018a1eaef0a895cd80d14566ff21f2ac46ac94c6564bb6b60c110a1aadb7e
SHA512 030e1f77912d431233a487c80d9788c4d6453cf88d9e5ae26657dc7ac091ffc3fb5644b7001472bb99cdc64d5898b6ade0af6667ee75d9fdba82b227d8b1b965

C:\Users\Admin\AppData\Local\Temp\yssE.ico

MD5 ace522945d3d0ff3b6d96abef56e1427
SHA1 d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256 daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA512 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e

C:\Users\Admin\Pictures\OutConnect.jpg.exe

MD5 acd589eac6ea842480352f7013237097
SHA1 131c03616d2e9f0df22fc608173aa01f675e76a0
SHA256 be39f3d1aaa689a4097ef2b70516661f1136ae9f05eaaf87cb2e4cb13688335e
SHA512 fe757d010d5dbbc5ff1962de6385aa2564968c1816cfb77f5cfa887bf2a4553a0122c7b62254d85f4ad37b0d56289ef43dd1c065c6b785e11a6718e3ef34ebd5

C:\Users\Admin\AppData\Local\Temp\uQIm.exe

MD5 2ea7ea12f2c83b64685df7c0f12f59a2
SHA1 c08152dbc9cdc1487487b4d26483ef197bfebe17
SHA256 7e79c62442b9d97a5a8e0b50a15cab145c2ffd4f5d5ff111c9d7545c6c88bc41
SHA512 953f2f9433632def6a7f33706e827cb6865adfd755deaa2991fb973b63694baa707ec93ef1a50d35941e290f7545cf5ddb0dff660c79f48f95550afc0250da4a

C:\Users\Admin\AppData\Local\Temp\sYUe.exe

MD5 bd9d79e3885c99b4c7892fdd24bc1da5
SHA1 5e430db148bb2afbf5f17b9d6394f7bfd9b48cf3
SHA256 17fc0bf244d2b25ae92b1ca9009fd19494a61edcb9d382c5caca2655b62bbf0a
SHA512 47332c2035b826f37f67fe311c8ca7322116699698de7b5c8f12525861c2c677633087dd04ad6503ef13391c2ff801959624f553f293aee476cb5fa97dd6ca3b

C:\Users\Admin\AppData\Local\Temp\YAUk.exe

MD5 420a1085c3af613991b7cbea201f8c2b
SHA1 b3a0ef1fc4371d413875272197c7122beffba934
SHA256 117f6a9be08f9add793b4673d63eaaf6872d48425956440631156171c93e94ac
SHA512 7e38e3074b896c81ec89027f629807f42924618aae3b0c280afb7bf2834aa24d13864f9bc99115f49bc69a3837da5f2de6e34d886a93695845afa2783c4cd8f5

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe

MD5 5d9420bfd9f3f1eee08225368a0317ce
SHA1 f5dd99a5801499e1ddc0b662df0604c858370f22
SHA256 27a02c758e1b7c5bfa882bd4e4dc8e4495b300c046b6f296062b3e82bf816328
SHA512 95d79b494241e62bb2bd8487f38d42263b8f099d2c77cbdbf09f701f0e5f0057a163c70cb6ab12d728736bf00ce90368b7b13a3bda9fed3401bba64940d6cd3e

C:\Users\Admin\AppData\Local\Temp\sIIe.exe

MD5 0558f0d7134056ea3c324267f7f35917
SHA1 13c610f153cd6d99064e54b371fb16a4cfd55230
SHA256 bfb1be10cd4e8e7236cf10b0c8dacd207f040d8c94472f1ba8aabf5d63420da2
SHA512 95039b99c70e6f40fc65fe3e0eaf53dc1bb2941149aea92a63ab4fb37be5253065c9f6bf6c238959f42ea71220aa7585ce03702ad198e1ac5a60746209a956a2

C:\Users\Admin\AppData\Local\Temp\iccS.exe

MD5 ce449a958a52ccf8d7e3c28573e8230d
SHA1 7cf32030572dfdbe300f95157df466b29d2efc30
SHA256 24489e42d056341172a8655d854ac0dd242e949b3cd9c4bc639fed77e66721fe
SHA512 310fe2802b29eb22d85b83758d0806ed73cb86fce330fe52256b005a54ae5a0e92b0c35f04c97938c78e55bd47f862b7da6d74e1b96da855163e06ee37882ea7

C:\Users\Admin\AppData\Local\Temp\oEAk.exe

MD5 96b57eaab21db092d9b83ada55e9e2e1
SHA1 528553933695572760957c1bab385145e1c7b9f8
SHA256 7d12d7db1f73f545063d0d91a31390e3b9218e9a09e7d25b9d530169215a864a
SHA512 06fe42fcf7271ca8291c1a196297db2ab7d9a1dc788a50f13202e099bef544dab3f1510c1e1aa6965437d49a679eb8b9aac18ef79b98c56df4c7798878d2431e

C:\Users\Admin\AppData\Local\Temp\IQoy.exe

MD5 c4077f7f790e5dd3b778a2d8c34e0f13
SHA1 5c3e99f3e2dadbf12de643877ba34cb3b60659a1
SHA256 6bc93bee703f3acc11f91dcec9b7a34f28f24953b3d110a291b9899d91f0ef5f
SHA512 4aca26f27ce857de83acca0757a9bdc2dd9b4a1dcb3db0ea8f2faab70f3545bfa9d085a25de9efc65aa145fefb97d435bad06085c0610e8e43c65217e39999c3