Malware Analysis Report

2025-06-15 20:05

Sample ID 240515-mqdc4adf88
Target 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock
SHA256 ce13e35dcdab216ea5a67f021ad9dd14e12b066ee2ac97d72f0b4d6c34e64379
Tags
evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ce13e35dcdab216ea5a67f021ad9dd14e12b066ee2ac97d72f0b4d6c34e64379

Threat Level: Known bad

The file 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock was found to be: Known bad.

Malicious Activity Summary

evasion persistence ransomware spyware stealer trojan

UAC bypass

Modifies visibility of file extensions in Explorer

Renames multiple (55) files with added filename extension

Renames multiple (80) files with added filename extension

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Unsigned PE

Program crash

Enumerates physical storage devices

Modifies registry key

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-15 10:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-15 10:39

Reported

2024-05-15 10:42

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (55) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\fewskEUY.exe = "C:\\Users\\Admin\\aigYAUAs\\fewskEUY.exe" C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tkEsQAUI.exe = "C:\\ProgramData\\WyYEwAoQ\\tkEsQAUI.exe" C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\fewskEUY.exe = "C:\\Users\\Admin\\aigYAUAs\\fewskEUY.exe" C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tkEsQAUI.exe = "C:\\ProgramData\\WyYEwAoQ\\tkEsQAUI.exe" C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A
N/A N/A C:\Users\Admin\aigYAUAs\fewskEUY.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2012 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\aigYAUAs\fewskEUY.exe
PID 2012 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\aigYAUAs\fewskEUY.exe
PID 2012 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\aigYAUAs\fewskEUY.exe
PID 2012 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\aigYAUAs\fewskEUY.exe
PID 2012 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe
PID 2012 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe
PID 2012 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe
PID 2012 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe
PID 2012 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2012 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2012 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2012 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2568 wrote to memory of 2744 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 2568 wrote to memory of 2744 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 2568 wrote to memory of 2744 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 2568 wrote to memory of 2744 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 2012 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2012 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2012 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2012 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2012 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2812 wrote to memory of 2540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2812 wrote to memory of 2540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2812 wrote to memory of 2540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2812 wrote to memory of 2540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2744 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2744 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2744 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2744 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1888 wrote to memory of 2840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 1888 wrote to memory of 2840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 1888 wrote to memory of 2840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 1888 wrote to memory of 2840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 2744 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2744 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2744 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2744 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2744 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2916 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2916 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2916 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2916 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"

C:\Users\Admin\aigYAUAs\fewskEUY.exe

"C:\Users\Admin\aigYAUAs\fewskEUY.exe"

C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe

"C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wuogAQgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCckckok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YiUQMIcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYUcgwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nysMQsww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LksQUMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JGsYcgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuwUkkAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OScIUYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QKwcYcUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rsUwAssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcAwcoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XqAQAwcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fCMIYUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\msUgMMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kiEwAkAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iwQcQYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kckIQoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQMcQkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwwkoIcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ziQcUcsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VQEkMgEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UYIYookU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIIwUoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kaAskEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GGsgUwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RgAcAEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqEoYgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZMckIMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lyIcoksc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKYQwYYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eaoMYQkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\acMcYsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CuQcoQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIAQYkUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsgUIIAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hYgcQUoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\liYsQAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DScsgkMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pSwUoEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wIMYsUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gkwAUgsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ouoUYcEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BmcIUUsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ryggooAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZSAYAsUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\byAgcYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eOIMkwEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCkwwQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikIowYcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsQogUoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lkYIIIgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LMcMwUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWQgQwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOwgYEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YcsEMsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qEssIIsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCUMkwAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGkIskYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqEggckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bkAAcMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\toMIoAYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyYQgIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIYsAkYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oIMogEkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jawMUksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jAAAMEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BQwksgsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lIMoAIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IaUcQAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SKwkMAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GuoEYMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSsMYUAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jckEkgQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\piQIQkAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkUEgYMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EikAEgEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GosUgYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\meoYQEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAAMwooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RCsYIEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HoYAsEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeUwIMEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYQocUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SuoYEgQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCwcYIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIAAgEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bAQwAAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FaosMwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RYckcIEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWcYQMUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CokIwwgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AmYYAMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IgYgkwYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uUIsscYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UEAYIkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYcwswEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSYkYUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pmIwkEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWgwEUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qaAoQcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\COscEccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MsEsUUEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywMgMQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EOQgkYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XowssYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQAkkkYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSIYcwIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HUcIQMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jYcgogkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EmMoMMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUMQEAoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yQYkMoww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UYgEgQQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HskoUAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TkYsUYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NmYYssgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
FR 172.217.18.206:80 google.com tcp
FR 172.217.18.206:80 google.com tcp
BO 200.87.164.69:9999 tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/2012-0-0x0000000000400000-0x0000000000431000-memory.dmp

\Users\Admin\aigYAUAs\fewskEUY.exe

MD5 c27e077e578e0e0810550bebad534a90
SHA1 617e9e683c8593d9e8a5e9bcf3ec5c86e7e6c023
SHA256 ea0256551bdf8c3697256cbb08a0153053533c3c743e8523c6d3d0615354d609
SHA512 4753e84836b0663542579207d182bda691770a24acbb7cf01cd4af2d83aabf90e3aa55460b900a14fe4f92b072ce11069649ce9d9f25949d408a19173bd6953d

C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe

MD5 2691b1050fd0fc28de1f7699dfec1369
SHA1 d441ab0cea6c6db26f391cb2aa45cb3cbfc2eb64
SHA256 10f2f4fdd9da5b39ba3710b7d2552e6c1c119dc35932a10ec30ce9e78156c1de
SHA512 33561b136b17307dbf3d2bc6375165fc62a9354f2ac2df1af9df84cca9eb621cf9849abfb08f28c75d9c6d2312286811eeb7b92bd0ded75fbc65dc5f1c67eeec

memory/2012-12-0x00000000004A0000-0x00000000004CF000-memory.dmp

memory/2548-31-0x0000000000400000-0x0000000000430000-memory.dmp

memory/2012-29-0x00000000004A0000-0x00000000004D0000-memory.dmp

memory/2188-28-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2012-27-0x00000000004A0000-0x00000000004CF000-memory.dmp

memory/2744-35-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2568-34-0x0000000002250000-0x0000000002281000-memory.dmp

memory/2568-33-0x0000000002250000-0x0000000002281000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\aUUUswIE.bat

MD5 8ae0062e3eceb1cbcfb6cac08885b550
SHA1 b26c98c7f71133ba3ed7a6a6a0b9dc51c2315999
SHA256 f16076887055843d33cccb81c3a39f033e6871b6852339ad345617af5d5a0f4e
SHA512 e159dbd92cb69d6d6807dbf18512712bed1fa11bbb42c6f9456cb96bf2769366f048deddf6ac72193592cfecf9ada42c490345df4b430b70b67de22b2d00626e

C:\Users\Admin\AppData\Local\Temp\wuogAQgE.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/2012-44-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\kqoEcYEk.bat

MD5 9a9400603fff129a0354412a0760e6cc
SHA1 7b186d38f780018577868764950f6682a0c6392e
SHA256 195808988cf7c69f5162b3e5146992550f1bfbe64121f4f36e109bb59059af4d
SHA512 7bdf865a4be429aea1932d17ac85df5412c50e65c7e146e28f87f833d50d85d581ad2e9c2326b61029b657db3c75dcda603bbc49308970f871091a59f5c77621

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

MD5 59513752b20c9e3510db31c99dfc5c60
SHA1 cbfd0cd3f52fee958f730d8d31b2372370bf26f3
SHA256 4cb21f95bccd80bca6baa955d8f9dcc1837e5a561d1585c9aaecdd7d377db8ab
SHA512 08479b2361a3b3d6a80d47260442718a7ce0f72547471b2b674aefa3dbeed7fa012df9c37efae73d729cf973f579672ca996a48552359ecc1fb2b4b32eeeb560

memory/1888-58-0x0000000000420000-0x0000000000451000-memory.dmp

memory/2840-60-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2744-68-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uawwwgUs.bat

MD5 b0a4f9bc2064c4d97622d86581023588
SHA1 89f536d25c24936c125b8612f2c6411e4fd04668
SHA256 1ed6a0089a23eeabc46c4df6a7aff13ee169cfefb315c530d6f16104a8500b94
SHA512 d8b8e7dc9b80ca239fe2510ec672e40620b6fcf2d753339c58bb3ca5833a8c489c05b5a8f4ad95ca1cad3e2a34a4af8ed4d6151de7d508e5563e73c57cc088a7

memory/3052-83-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2740-82-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2740-81-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2840-92-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\VAgMIEYs.bat

MD5 7cd3ee8c8836c3a05db243f791d0ccd5
SHA1 f183ca764857c64f013e41e22a29626f5fc3ca72
SHA256 95ab08271b091d1d8279ef3f083e2397025f26003ad512fead15050ad6621287
SHA512 63a822c178a784b237cc1dbfa397b4b0fc4410de3b0d453ad12426877c3fce3ebb2953c692a9047a47c83f5cb0aefd25358ac789e5426b10bc7af2fdc1bebd25

memory/1604-106-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3056-105-0x00000000001D0000-0x0000000000201000-memory.dmp

memory/3052-115-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsQIEQYw.bat

MD5 43bcc8069c310eb47befdbeb390cf13c
SHA1 2b7ca939eebbcec833998c274f8cedd8ebc03351
SHA256 3f76b6fabc6507d3640e2e5eae0d112e4c084fbbc575021268f41402dcdaabe9
SHA512 67ff4842f4991f6f6705c9d8dc5477cb23884c2f70eff0df3117e6e8367c793c38166db26aab3d74e1cf296577574da7eea3e09bdd21e15827e2313ccf2e02cf

memory/1368-130-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1516-129-0x0000000000450000-0x0000000000481000-memory.dmp

memory/1516-128-0x0000000000450000-0x0000000000481000-memory.dmp

memory/1604-139-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JIIAwkcI.bat

MD5 7ee506e025a2e16d7233db0078f07c22
SHA1 1a0e9129acc6c9b96da46731c3f6d6a64c5eeca4
SHA256 428c7c810ca11cf22529f053c31be5cc6b99c651da0907c2d477661a80f487d7
SHA512 3e78ae584517b7f7970d64c79b59c32bfab31f9f6d49d8388c5289c204033519f92d73d416928cf3a1fbb353b2ea8f2d6e963e2dc86cf277fee3739632ec0ddf

memory/880-155-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2280-154-0x00000000001B0000-0x00000000001E1000-memory.dmp

memory/1368-164-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JGAQkoQo.bat

MD5 797e292c1feb955f63b4ebbc4e8466e4
SHA1 f27fe02cab8fd69541d83bf7a7912eefefefb12a
SHA256 d8657c3c0640fedd24b408793f5597de96aed4681ecfc67136bcbe222721f7a9
SHA512 a60623a970fe81c3744e37089428516ae49eced3976924da18f3126414e0a3d192adb551fa67d60865b91993c3305795544acb37eb7d2fd99717629d32b9926c

memory/2672-178-0x0000000000120000-0x0000000000151000-memory.dmp

memory/2492-187-0x0000000000400000-0x0000000000431000-memory.dmp

memory/880-186-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oakggQEo.bat

MD5 3b1c2df48d0cb60c74924ae1e1c39e41
SHA1 17af6c7ae48f2805ad87f8025fc33911fa04321c
SHA256 cbfdc912561bdca95f924853a81fa2cbf26bae4cce136d1f5731a7128a994934
SHA512 88a71bb9395ee732bbe716ffc31949bc40eef1b4813bad372ef0cd83ce3813161029556f060b66db78b00cd1cb9563707b2fda6465b44c71c44e5162239dacb7

memory/2612-201-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2712-200-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2492-210-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\UAQMAYoQ.bat

MD5 d20cd52a9dd06abee31c1e6ded80e9e7
SHA1 bc3e5d87890d6a4063312a8f47f267a625648a7e
SHA256 3d4a2d2893d657ef7ddd4b96479b5056a5a8d59fbd998302ec75b9440cc7145c
SHA512 bd98a4813bad39980bd123fdd653a35b99983d541c7d772b19331211c72f7c283d9d8966da2c1acbb695928cb7443c25507f78e5fbfeaa7508dfaafc5dd903e9

memory/664-224-0x0000000000570000-0x00000000005A1000-memory.dmp

memory/2804-225-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2612-234-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MogUAgUg.bat

MD5 55ad05530f52330ecbd93d3c55eac30b
SHA1 8b09c4f6843ef6fa970582185ce0ef786e6e5577
SHA256 b05a177c32ad315340c89eac13fdf6f300cd94f52b0b66d679fb51653a72fcaa
SHA512 896b9a663411b27e6b9e6857a6f3a24d3e4cd074643ff49364d2e5678abd2752caed1a3d00eb0ea45de6084beebfb74c6c193c73ea6e7fb7697b6519c4405e6d

memory/2804-259-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1576-250-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2444-249-0x0000000000420000-0x0000000000451000-memory.dmp

memory/2444-248-0x0000000000420000-0x0000000000451000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QiMcQAAw.bat

MD5 ba60791bbcc4e3185dc806dec2c6b394
SHA1 d988661c6f8dc278ddf6eb76ca1c83f4cc2a6d9a
SHA256 63cef904821d705459499863b627acc069e1800466fc17b5a66554dce11b47ed
SHA512 3d19555d2e422b6068cecebae03d0edb1ff0e7f3454bdb7017cfa59963e6d083a4da1e0ef30d3e9a9396d68384950435f6cb07be8bdfc05a1283f8704fe34cfa

memory/1576-282-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2080-274-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1724-273-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BcEYAQII.bat

MD5 5f693f366076ea8d4ab66ff111a77686
SHA1 d9c3f3b4b6d16e728187773e08c5f6f6bfb5842c
SHA256 c88edd34e4d6c40b505c37b45ae39a859025964ae8c64dacb9348e184b255cb4
SHA512 ddf2343671d29ffe598757e9b36bdaf5ded30e715532ae2e0a0ab8fd9abec22e2e1033d21df97f693bfcf96cf173bd40d3f17aaf162d7c63713cf3027e342f06

memory/1856-296-0x00000000004E0000-0x0000000000511000-memory.dmp

memory/1684-297-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1856-295-0x00000000004E0000-0x0000000000511000-memory.dmp

memory/2080-306-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\VOowMUIY.bat

MD5 049b931424f9b507b5383e1c7164f125
SHA1 2d14765ee29940edc3cf4a93f020a2135e1feb19
SHA256 95ce848a976150e57ed6db639ea8eaf890d3dbd47aaf317bba349ada5f1efa23
SHA512 8237bdcadc366fa04a25610bee18981cd9ddb91c3debfed42ee38da1e5a0376a340baf2e3c2a592d3828e609119141e2301c551dc804c5eeb9c319fdc6d1e72e

memory/2700-321-0x0000000000120000-0x0000000000151000-memory.dmp

memory/2700-322-0x0000000000120000-0x0000000000151000-memory.dmp

memory/2756-323-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1684-332-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZgkUkAsg.bat

MD5 666d6d55131c5a7dea390c1fd3ce8259
SHA1 c0fa4bef6d601447716a3af0c35f0bdeb2179bbe
SHA256 3983966e2b293976bbcfeb8842edff125e82d07839d494b14c8c2a26b4ed1c97
SHA512 baab951d3dfd7a6ca7bcf7d6f77d79bae92342cb5a2587f0d3498dd4b91c7ce456e9236f7c211f4d9341595f84db69e053e2d812d47af4e2ac10c765f223bf5d

memory/1232-345-0x00000000001F0000-0x0000000000221000-memory.dmp

memory/2756-354-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AEEwsMgk.bat

MD5 4b65272d2e1a576015ecc06c8e9e2871
SHA1 76d0f7c94b7f4c3da1a0b8f183615546b23edc07
SHA256 2f1ba1f5b6ea6d6b7d50e36aaed590737001e50f4cca710662a355715b23c3b9
SHA512 44093f50ae9465e0186adc74ab51d6d15c5fc47617acd126a0688fdf9b3c135a6e1e11691b8e991e60da9c83be81541fa4aaddc523a960349a034c33cd85b1d0

memory/1592-368-0x0000000000180000-0x00000000001B1000-memory.dmp

memory/1592-367-0x0000000000180000-0x00000000001B1000-memory.dmp

memory/1664-377-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\emMgIQwg.bat

MD5 67542aba02229cfebfb239faaddf7a76
SHA1 e758ea177a1089c765eb5f66dd2f9453e5ad896f
SHA256 4fb5c441d392145a1a4d42aaa0edf487d0ac2a70d89ec98b93b731a1fcc4e1d4
SHA512 98d8a038ab188b48a5f7f3321fba1b4aa3766bd2b957c18e58032e80f6f08f4949f9385b1618da38b9ac477b079c625716c4b9ee0b1f2fa37bfab507e1641588

memory/540-391-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1596-390-0x0000000000170000-0x00000000001A1000-memory.dmp

memory/768-400-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GMIEcEIQ.bat

MD5 daed9c2ac03a5988276c13aabe7395a0
SHA1 64cdb988653effadc2ef3d4a92386dcb3393f1ac
SHA256 07d6455441991f9e357abe49bd6304ecc17b2bad9e6a9582c9c4761d7c761f75
SHA512 8dde8b86934b9dcac08c04d5443bf01984f29f3c08ec13db2c412d86f3781ff647cba3125df90d888f61b88922abb328ff4e20a332a8c7113202703f565a65e1

memory/2136-415-0x0000000000400000-0x0000000000431000-memory.dmp

memory/540-424-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\kCgwMkwY.bat

MD5 faeaaaf126abcf893104eac88bdf0fc0
SHA1 48f2663cf31d3e5f619160ee7472f8fd85a24f26
SHA256 677447cec90000c4f1db04cd750409efa892518f65197699ff5b7f950c303cfd
SHA512 765a42f7ff52d10a98bb07945481345d18c0db087e50820e3e94c8707b82a00d5c5df26aca1c575bca64f5b0f96d55834946691755630bf76c8ba67ca677ade4

memory/1368-437-0x0000000000160000-0x0000000000191000-memory.dmp

memory/2136-446-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\hCAEAYcQ.bat

MD5 dbb64fbbf58ec50172a05cb876771ca8
SHA1 49b644217029888c4cdd5490bbad29cf77322b96
SHA256 5a1466f71ccf5caa3e547daecc2ef28e46f99414d161ab5fc80f8827b094299c
SHA512 baa5f01b2d7187e6a72309405f557db4238290f33382eb9bb9edec8fbafe8d25d731b2738908da7c6ef6e33813322b2cadc4ec8b63a3912a708784b41bcc7213

memory/2664-460-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2580-461-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2664-459-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1816-470-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bYAIksMk.bat

MD5 69c71ca8e61366a6fa4656f2bc55b131
SHA1 370ace150c98a57a972277d06ba4afe663751694
SHA256 243ba36f4aaa8f0c5531204802f701ad3c95028de2ec4eb81d011682521832d5
SHA512 4d223666ab598ea1282e6de8ec5f28551d70707e4494b2c3509ce50a840222fb7c5235733e034f501facc9136e2975104fead62b371005de6faba1c3eaf9a8ff

memory/2732-484-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2588-483-0x0000000000120000-0x0000000000151000-memory.dmp

memory/2580-493-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HcIQkQUI.bat

MD5 3bb6a37d8e831f45cbfcc10dc4f22f40
SHA1 0843eb2efc5d7206f383eb8aac5543a70e476dd9
SHA256 85490ee61b52c3e02827f69c18f44c33ef13f1ff06f00312dfe86a3d77423ab2
SHA512 b929ea4fd203fcd8c114319db72505571a15b436c9f583c1acebd30f5fd51d516fe3e079cae5f9aa180db5079087650d13b960309b5ddbeec04bae6db8949d2e

memory/2908-506-0x0000000000400000-0x0000000000431000-memory.dmp

memory/692-505-0x0000000000120000-0x0000000000151000-memory.dmp

memory/2732-516-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HsEwEgMU.bat

MD5 49bd04c93916206c882445cc125a48cd
SHA1 cd24c050c44eb9a5482acb10b41cfaa4c697e1d3
SHA256 2e2c8af0b3592c2da5dce7b55ff167f07b35cd9de7b96af96c461b383da31396
SHA512 5a753e0551c663b39b46bb0833b8d9ca821baaad59ebf01a4a31bb4a40599678a0becded89780a8efd9862d9e783dd959c5c9555dc0b128f9ec5a0a5562ca01d

memory/2772-527-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2804-526-0x0000000000230000-0x0000000000261000-memory.dmp

memory/2908-536-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nggcAoME.bat

MD5 73d16c4a988beb0072aab980ab61c3b0
SHA1 d1a4341142bb42921b2d76014ae54ecf1e3a00f6
SHA256 3a57bbc537f6f3816f5ea393c368da0236efc664223506fd723785b497366038
SHA512 de0bc329fffaf3533373987e78f4d2d214044d3facafa41a0baff8e96caac851aa76950afe60ca9314a67dd7b770b9dab832bca7b0eea629bbf9ecf35f9bdd9d

memory/300-547-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1564-546-0x0000000000390000-0x00000000003C1000-memory.dmp

memory/2772-556-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IwYMQEEA.bat

MD5 a9140e86cbfbaccae2414a476655aefc
SHA1 afbfdc8bc79fa7f6f3d7b57a4dffee56cde03958
SHA256 ee0127c94840e72732e93ddcc02c3029bf0d7a6dd73c3b27323c052f542cdc38
SHA512 a608c1d4ebde1a3a474bd39b0df4cb72c88ffdfe486c0c33cca891c149e325aaadfc6843e4289905c9d58927bd0e83f300de1e41c3bda7d291b68074d943b6d7

memory/2764-567-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1572-566-0x0000000000120000-0x0000000000151000-memory.dmp

memory/300-576-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eIwcoMMw.bat

MD5 6eb70d109f8237cadfcc9066089125dc
SHA1 72ae1c9644b5d0e61b27545d26fabb7cdab686e8
SHA256 59c703d02bdfcdeb8624d20b13d14ef364c44efe7a401c885e72c788fd5d479b
SHA512 24fd1f7e9d6498cf87b01afbb79aeeeb60c389ff997c66c185e3fa447b744159313e02787527a388479c8973616fe26430ec365b1d042a786c2094221a7c02f6

memory/1536-589-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2572-588-0x0000000000190000-0x00000000001C1000-memory.dmp

memory/2572-587-0x0000000000190000-0x00000000001C1000-memory.dmp

memory/2764-598-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\iCMsIsAc.bat

MD5 3ff0b15c9074a304cbfcc64a44532aa7
SHA1 c17a14a876d48924e1491b685951f50a73ec529a
SHA256 6a1b2f8a336bdd9d3e9abd6f3823103875319efbc8790ffa1a8e0d142c286cf0
SHA512 9bb90c40ec192a6fe8a69f8b54f3bde9620ab02204790fbcf1984679373027fabbe47ecc5ccfd90dc09135c446102701f88cfdacf42da65bfaac22275d804fec

memory/2832-610-0x00000000002E0000-0x0000000000311000-memory.dmp

memory/2892-611-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2832-609-0x00000000002E0000-0x0000000000311000-memory.dmp

memory/1536-620-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\csIgwgUs.bat

MD5 2949ab419c7c7d230f1f125b34981527
SHA1 222446446ed273a478286af3bc34727966842e1a
SHA256 853342239dd18b73c897fd473f0fcbba121f29ad09e4455f2330f98749de6dbb
SHA512 01e289149514f39a0c052ca3b353571b4f6556208c958ebc5ccaebf77b2e2005d0fcd7df09e4a303c6b41c79d030ad3bcb849e4b07f39e515afa46c0051f3fb9

memory/1784-631-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2904-630-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2892-640-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HcYooEoY.bat

MD5 eb7734671e726731d74843f991f34098
SHA1 87004b064f584c530fab24317abbdfca8daea4e3
SHA256 f6c20474dace0e2316f982648174080d42b5c752f1c5be8e9def970336afc217
SHA512 662679323b06cbd9e075f9772a77aaa7d790f5c39b2bc650bd3063a8b78e7856c7796bc01f4872dc12004a7a51a23f199e45745acc153aab4e21b0fe9cba7bd9

memory/340-651-0x0000000000400000-0x0000000000431000-memory.dmp

memory/380-650-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1784-660-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zgQIEUQI.bat

MD5 c501602fc637cba846586501faba2f0c
SHA1 c4751aa25a56e19414fd4a0261961f57b266b6e2
SHA256 e9c69fd92ebd2e193756edbaa920c1aaf286d8f66fc1eca16eb817e5b6e39e1a
SHA512 f0a0b8891ba17b06d2e387958c67427b15ba2f5dd6a4aaabc68d5fdf2d158998a19d1bf45f7ef90290f4692eb37353f1c0a7675390fcc8a3692145ab3d4d357a

C:\Users\Admin\AppData\Local\Temp\gwsm.exe

MD5 43189804bc402fefe9ae57497128c051
SHA1 8d4824da08f924dae2ec2ae7a1d89b2914fdffc2
SHA256 90348b4f68862839d4e1609f3e49baeb41527aa1f2406e86da72ef3bd75a8e28
SHA512 5e7469808f79c35b29b54fa1184cbed9c184cd293c4f0ba4af571915d634fe20172db46aa251a164a6618759787b1400bcd41da48735f292cdce95a5a5b1ab98

C:\Users\Admin\AppData\Local\Temp\vegwUsMs.bat

MD5 7c358273c945e727da926c3963ef00be
SHA1 117080e84cd175a3f3f84044898f24cad50e2f2f
SHA256 62806336f4f190191b313c7f60ac7bf599932bc6d0bf7165bd2b1dc7ed93d339
SHA512 72228c860b47b1fef38bab0b72f96ae4ee0fa967b5292f178333b21972bf8c6b03c4bbe9bc4a1ba68412ff628f7f6f419aad7878c3d431fabeb98f9405629a19

memory/2120-719-0x0000000076EE0000-0x0000000076FDA000-memory.dmp

memory/2120-718-0x0000000076DC0000-0x0000000076EDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LGYsYoYI.bat

MD5 81fcc83f443a068e6e60528bbc6bbb84
SHA1 4ebd9e4458e66d63601769b928a9c573a98722fc
SHA256 a9dcc89165b15d107895d2bba57db50139102249355013b5f93b0ed28913a6ee
SHA512 10102cc37cf8959a1fb10af9f343e762ae058067cdf9e851deb259ba3fae6a91129eda7e447ed17b9b88e3d607856611acfebf81adbb0fe6cc58b2a412062d94

C:\Users\Admin\AppData\Local\Temp\UuUEwYww.bat

MD5 c45ade9942c28dcd23c19bf900da40e8
SHA1 6ab7e27d295d5cfbf338ffa78aaf4acfea9226b0
SHA256 6c30fc991e1361dca3a7e170ef7f8e81c87e1c1b860420d569df461952a9d9a3
SHA512 e8b745ba230db58b4678ba0a9408d78f7a1606c6487661dd74cb34f64a1cc444b941da30f67d59fd7408bf9baa58d4892cc59323547f0c16a6dfa52204e60586

C:\Users\Admin\AppData\Local\Temp\cmsgkgMc.bat

MD5 b9a68be4831676d774f8a62237eb42b2
SHA1 70adc392a7fa49825f85e12b42eceff8c52d7fdf
SHA256 e54ff84ee4d640da4b1599f02a24d710dadb97e8ab4b0cbfe342f05fd21fa2a8
SHA512 c0503d0e832ce598c010cb6a6a860a0e178714a4665f514fc127970b4a720c72bb2b1baff9b03706c2d64ee4a50e63434d66ee7d274200822a36341f35d8ba3b

C:\Users\Admin\AppData\Local\Temp\IEoQAsEI.bat

MD5 361120dad89d90f3df2668b7d0c98b49
SHA1 c167e90184c6e966df077c5062d25f988559ce84
SHA256 46445bf2c2a47aea47fa20da0e133f972a4294b29d2de4a255556954b629eaf1
SHA512 0569ee72c41ce7be3fd8fea0d0726e631b33e84ca30a6e46d58db17e95d8561fdc4b7fabbaea2ee6a06c6cecbb4e00e07bcdb9c6bb5bcc4b265473ac8f31db80

C:\Users\Admin\AppData\Local\Temp\IUEkMAoE.bat

MD5 87df0854e283dacfeca7efb1cba0632a
SHA1 41a7dc7f894fc5f3a8dd26615135cca3af04f64f
SHA256 fc02577723d7cda69d9978047715ab038518b689982a6f41042e336e49dfb677
SHA512 0847c304b302d9b040092f6465383d7324abee8ff58ba547907523811ca7a7fc86cebd9d7eb95b07f32569bc1090abca3be2b99cd736412c309d4c4cccfe4c27

C:\Users\Admin\AppData\Local\Temp\oeYwYMEM.bat

MD5 a972af047979dea28a3705b839ed5c2e
SHA1 c7f81f4665dc138f2c3d5ff8cfa3bf4633e3966a
SHA256 3d0127441cf2b8739144260dbe70bf950bbe0db8bec5f496365e67857882a8fa
SHA512 3f4db4e718b55f4ba6ab67425b4953733383616085676bbfd2d5bf5f0625d299c2dcd04891824e86dd37ab7c1375e8081c37b0a77065ed44389057085bd3c929

C:\Users\Admin\AppData\Local\Temp\xoUkUEUc.bat

MD5 9067c907eedf7ec054b6e7c26f07674d
SHA1 a547c997a624bec3d74bd7f5f2d79c9e1fc23c1c
SHA256 922a9da2cc41b7e09a15ff9279687b82a468a297bd7a89cb0c2331618b2446f3
SHA512 1009e0795637015ff6a3c90f42dad515bddebd8225192eeabfe7c7bfd74adc701442c4be304d7f83a5a15a7551380b4cd185cee110ce8285452eef0b256aacdc

C:\Users\Admin\AppData\Local\Temp\rqsQsQEE.bat

MD5 591f40bdefa4f94549b5b7470a14e259
SHA1 403993c5ad8dd32b109079d921cb816769c2dcb5
SHA256 99010e801988df18ad2ffb3b4b52c30dd17ba566c2903373386cc3bfe6f8588c
SHA512 aa70e7e45a9a90fd5f70b5c7e071a3c8ecb425178a3d421c85d8e4006f2e55b2365ad5aebfdb2edc578db4ee6279f2614e415d00da26ce96dfd99349aabedd98

C:\Users\Admin\AppData\Local\Temp\NEwYIsYQ.bat

MD5 d13d1fc32b19da459306dab753442eb9
SHA1 4621dd726e510d4a5e8c41803e810bd45bf23d3b
SHA256 4f0b540304d865d748572c403f12aa428b0e5bf9a536221dffa187f3e856908f
SHA512 e59b66f0d41128363fe79bb1907e92ff45e0f1b01439c374811b2ddc86c46b440b78b4c4ebb8058f0557568e75b19ffec938bc74d75f105f17cf08230a94032f

C:\Users\Admin\AppData\Local\Temp\rOIMAgcA.bat

MD5 d4de369176412bd4186849247e2b5178
SHA1 c0925eb420e1bb49119545ec18dcce2442d4250b
SHA256 835ab64fb01e20adebf0a518eac9110254cd472d4058f7088022e0001d3ec3d3
SHA512 1020fbd8821429e33bdea07773ce9b7a6301bb37cf3217366f821fffb4eb56bf081e304e155188005be1e36283998120ed3cb4abb725a824b6ac739efa81717c

C:\Users\Admin\AppData\Local\Temp\msIUQAEA.bat

MD5 65619703bbac1c282815702e0a3f4aba
SHA1 58a4c6339048526682a6b37a5322e426db30ab97
SHA256 54d722c1e7bd632efdc0aa3fdfb08d70cff6c9a69b6c195d280b28c8efd9936d
SHA512 6bf11f5fca7f44d8328be26f601a0fa58ba742ec41d5f5c4614ea3739075d152e085766aaf6924dd190a5244ce5f5eb3985e7a68a0d57395535188a248119820

C:\Users\Admin\AppData\Local\Temp\iEYcIYIQ.bat

MD5 603c426c609f4526197e18ef5809f844
SHA1 22104d5f64a62ff3e2c653f74a84153793e3d528
SHA256 e27aba9f480bd33cdf831595b7546cc0b24160c0d138ee2b72d05e424d08d79c
SHA512 c000e1cb32df4dbb7c30783b7e021f2ef48cf6826a0a8d2877824bd713c1c931dd7e5857a4d7bd99b88d5308dc465c71555206e08b357889185e454ab1c97a70

C:\Users\Admin\AppData\Local\Temp\oYoEQIss.bat

MD5 5e766fb7085480ad9e5c76a9089718a5
SHA1 7503e083c4c4fc24ec738d2e65b83b67b6ad15df
SHA256 62cbafe5973c658829ee7a36640291c881cf1e05974e78c7d43a98f14540c682
SHA512 065b75dd6f5c94e57bd56cb6c34f431d77c5f151c06a5a9fd76332b6ffb342032066e126f2ddc5b32809843fe83bfa92d53bb2ee07b73fa6722d22bd792323f2

C:\Users\Admin\AppData\Local\Temp\UeksAoIk.bat

MD5 d13c74c7eaf5f14ec984ec0cfeca785e
SHA1 7b8c755b35585cd1245248009ab04cbe3dc8309e
SHA256 4279b362f61f4a76d4642be94bc252410a1c27c53a1bf1b7ec854f8257097fac
SHA512 a11ad776fecc9f9d2003849bb81eb9fd4ce613a16fb6a8eb1e004466d44076209d85d9fdbce5ac1c624cff6a8e44371a6a4d6be21d86694421bdd35ba89911c3

C:\Users\Admin\AppData\Local\Temp\RaEwwEcU.bat

MD5 afc5b7e8578253e821acdf37c440afb6
SHA1 4e41611c98dd7c49d285536583bd8888703c7a5d
SHA256 0cc0e494d180c92565d10cb36c9c2d74ca3de672b307fd1df06ef6d770f6e0be
SHA512 46b5a3d51245be1e2bc8fe4e19e097e20e6135d420f218e81d9886377f6539db8eb6cf13bed917aa6a18ca06a51061c566d7b3c0ecf8d1da3a5622617ce02d0b

C:\Users\Admin\AppData\Local\Temp\NiIwkAQg.bat

MD5 729d9c60f34a58b8e2e5b38901790b86
SHA1 77a2bcdf21e719a280337a49c226167fa22e0af4
SHA256 dd22e67b38182392e02f5c264f8e4274d15e22750c737e6ab278cca8c43d78cf
SHA512 b25095ce01d86eba8cf9854d879e2756f6a7ffb832cbd7eaa927c9ba1a8c46fd19f99bbc4fa1e592244169bbe21070f84b34e96622b1b3073e0822385b8e9027

C:\Users\Admin\AppData\Local\Temp\kYkq.exe

MD5 837202e4dd06cb2b266c34dd48657402
SHA1 be766d41d3a882ddaf1c87f7a19897f70f29e136
SHA256 018a60213fed4ea81cec7ff0f579cf039b79bd88c927c80394e55bc2a232e54e
SHA512 49de7357b1b05f453912ac8802f030885be1e196cc1a2d47f1c38cb9ad2b8a903c042f3167df63e32f50a218696823d7cfad77e7da1d8edd2468f2b90aa95cfb

C:\Users\Admin\AppData\Local\Temp\wcky.exe

MD5 27f972caec0baf334ecb9ca96566be8c
SHA1 c200911eb8b2f1ffb4ae1bc4883302d23efeae35
SHA256 1eab1faef4e71d326a6c7517984ed6a6766f5bb808b642a8f965b91a4a7ef0a8
SHA512 663eb80dfa2cc7fc1c527c053ae8e7c4ee17d5556a9eb6d0997c4ea58d9788c09c5327ffe11d7fdb1e441d87ad99723d07d1c3fc754e6eccc9edc01d0a7e541c

C:\Users\Admin\AppData\Local\Temp\eEwE.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\uYQK.exe

MD5 ab3b54a9522fb726400eac99729323ab
SHA1 c5d539bfbead90fee9122e6c2da61266fa697f25
SHA256 1220167fd7dd10ae6c749d50ab54e3d24e7918737a0cd84f27e51848d0c19b1e
SHA512 cded6f44a09663aee86835e579aa8545876988ff3bae47598af1fdc4570c2abe8d71525840c552bf930a1a64a261d4dc30b793df9f9fdf69ffd3c5602935a589

C:\Users\Admin\AppData\Local\Temp\IwcU.exe

MD5 f392010d21cdaa388955e9b2188742cb
SHA1 a3b7207a3a5e44be4a443e8baf7c43b93d85fc42
SHA256 a047e8dc17f53681ddb926d18c1efd1d537a3bb039ca376e23f53e221934eee0
SHA512 2ff88947b603d25054d97c8b16782a39c76d64c3200db288e1ef286c0cb678376a40145711cd0af716a9d636bf4361d7f7c4c04f4d1fe3707aea83be01e7ebc7

C:\Users\Admin\AppData\Local\Temp\NygMIIIA.bat

MD5 c254bc3ade4e339b5b0ade4e12890a62
SHA1 d590853e742206cbaf0409e2b75c0ed17061138d
SHA256 e476c992dae75c6232cd9686bf96669cd1200effe800d849f975ac4e1d41b427
SHA512 c2742715542f4d576669d5f679f26c27538d015b8daca584439ea35d5cac1105c9c9feb6535c389b601f0e2de27192f2a6b3c9db119409446992866ce06d5aa2

C:\Users\Admin\AppData\Local\Temp\GsgO.exe

MD5 3cc14cc4593bf660656ee1baae512cc7
SHA1 ac574fd0b26a55c7d0908e77ab6ab4caef629f06
SHA256 74b69888f43b71d69a66af46fb7b5ca59c8700ba8e57ba9cc65cdf4a464ba822
SHA512 90b0847f8decf7844c5c2df18368f6294e17e8e9b5d45cf099297b660b7f2eaec892242452c63b7cfc5e92de84c57222e0d9c1a4dde27e216244eea058b5fe19

C:\Users\Admin\AppData\Local\Temp\UcYs.exe

MD5 6360e7aa816717d824e9b08592419a0c
SHA1 530b919d072b493dea4cd97d0a6361d47b8a89ff
SHA256 746db7caa6f264eafaabad8d708b54a74e0ef26b4f09e77aa687246655394bc9
SHA512 8f2371e8294a77a2d02d19c255a373ff836e2c17c2b46b723c04d079580ef8ea60d7c87ee7477a4119d51ffccf199da8c41608e15abf007bb53c331b08e366d3

C:\Users\Admin\AppData\Local\Temp\Qgoc.exe

MD5 54a48bf1461262befb9876f6fd3fcc22
SHA1 bedd8b04d529feec810778715d7d70e9a5f81524
SHA256 0d9dd11c7c0e9aa7f6ae2163ed71b6337dede2588fd805725c181636d0565af4
SHA512 116ed8bc2c5d86a4cf81845b0e429487b31bd6d535a85b84dfe6e294520dbde8e336b0bf4950226bb8f421dd7558bc2da7e70625d3f92ab12a2646100186dcd1

C:\Users\Admin\AppData\Local\Temp\KwkA.exe

MD5 fac071602ccbe2420a19860d2b42eaef
SHA1 0ad918282d5eefcc39410f06e8da40999b0a6094
SHA256 7609c5ef447190b69784cc9275bfce954c44e47d8f8bad3cb7a9d39079992d08
SHA512 b7abce5d80faea30d48907be75f380f05e6999a264b95358cc0d6f8a13323f416b71731ed465df65eafe61ce817078a5451d94f988851faf8e5d7cf98cdc6beb

C:\Users\Admin\AppData\Local\Temp\eowa.exe

MD5 bf7e17a46477e83d81e8ad1b43d7195e
SHA1 b6989d664b7cd63b58871fc73bf2553be5b4b6e3
SHA256 5be6d0248c4ae1e477b3ed58bf5c3bb901e1976a9df53417a17556e6ec8551d9
SHA512 f630577bfda6818d2dcd7bacbcdcb8d04b6ce2c9d5cb7658cb29230f7fb4e30cfb70f3b426dc7c42f3a783825a2a2085ce45fbeedd86cbda08c61f2331f6cd45

C:\Users\Admin\AppData\Local\Temp\WUkS.exe

MD5 2dff2353a3efa6c800c72372fa333f40
SHA1 244248d9d22b01bacaebdc3f57031ed7bb105f66
SHA256 922b62b19c7b8cecfec66a5d6bc9ff0cd039c4f66deb6cda537f590542607f92
SHA512 07eef1b079c05e3852f16cebfcc315c680c2fbd5e565640559f8e5e64ad717fa09ad5a9fe801245e2f6db12750f3ae5c72f4de6858b1d1efd25f3010c22c0668

C:\Users\Admin\AppData\Local\Temp\oIIG.exe

MD5 500d997bd19f5cd631c3a9ed249522fc
SHA1 8385802fda02d0d1d2d5a2fb2366cbcf21567bb9
SHA256 16b886cbd17e9959fb342fde2fdbb4467c029108b6a7eb29cb53745af3ef0327
SHA512 4e7460b6b5b2543d925eb7e94f80158e16ee3788d4e46d4207d110a15c1951b6743d7e44063c005b762b36da48dd4eb05dc141516e87092a9e4962e9b8021c27

C:\Users\Admin\AppData\Local\Temp\WoQq.exe

MD5 dc155bdce882b3f92451a332a79a6596
SHA1 1aba8bbe7b3aa9af3df654c6a23777ce553edfac
SHA256 02705e5acbfffb05fae1a2e496ee7abaffc157e40c8d30bf9514f09b835e8c07
SHA512 6280ce61b7f3edcecc09397ac526634e115b0dcc9b505088c714588179d3e4dbcf144ea151d9a2a2eb19e0615bb61eec84330084caad1411f9ad31b8009c2b86

C:\Users\Admin\AppData\Local\Temp\ewIc.exe

MD5 3f6ebed3eed702922dc255c6bc6b3b68
SHA1 14b6806bd9e1fb0366f0b8b3855cceaa6fa47e16
SHA256 6f68973515c91ff90f0c7119e3ac69accb9b1829de69a47b6569b8506dfeb1e6
SHA512 b286efa51e306e522c6bddc7caa2539f894d753dff887667f3ebbccc928300fd03ac51fa316ecb4a2c91961da1b29a8dc9009d074e39025e1843ce30a8644c14

C:\Users\Admin\AppData\Local\Temp\ggEwcsUU.bat

MD5 b2613e28886d872b4eb1180982aa434c
SHA1 28fffa88a8f65b8bfe02b4ad0585de573dd3f32f
SHA256 40831ee7fce791da6125d14e4557d59e1cf7ef340b2b0f38f81e91397b095442
SHA512 fc6c5255306b99157ae9e55835a70b2543e68c2377f6184d83f3cece4ed77349c54d4c56b87b3de557dc8d9fe52e49e2b6e62096cbaa6d76390ce4842a9064ea

C:\Users\Admin\AppData\Local\Temp\igoY.exe

MD5 05057117c1fe70612de4de24af25433c
SHA1 cfcd3579a56eecaab039f57240bbc3a2f3865cbf
SHA256 ef0ff7e4d55dfb23918e998c89a4a4d9e01126ed9443d73a3342a018e4f06dd4
SHA512 71c5b164ad338991bb559809541a0e2043f5ae78e5181e4cf7692af6cfca015d88091213adb7dc3bebe5f7c851d7f8122683258ece3b355ebedea3422dbfc94b

C:\Users\Admin\AppData\Local\Temp\cgsk.exe

MD5 4d2737dfbf9b3ce5fb469ec744c8f8b9
SHA1 d2bc063bfa87290ee8e3f7a1faded7838a4d8e1d
SHA256 6188fb201f5e00be1324a7208e220c93a4a63358d54e62f51ee6684dade8dc63
SHA512 30de3ea3988f4b7bf18964be2f171b95420e7cfc0ca5c7855c6610d8b4e3650f99138efd109d1652f9043c99cf0feaff6803d32cbd6c01ec8472e086923dd3b9

C:\Users\Admin\AppData\Local\Temp\ScsK.exe

MD5 8ac4f006271744e153561d7f27d162fc
SHA1 fda24a84631ebe26f5b8deb30865796847dd5bf1
SHA256 0e640d7eef7753b2831b81fde162ce72294574795ccd1f1dd1e99394deca503c
SHA512 bae524d80eea592cebd85fdb85ec556f8ffe8dce0480d129f498b6fcf2297da52a6a0da67452e89607f13f0c3ac4807db395436c975394f35aa9f36739a2e051

C:\Users\Admin\AppData\Local\Temp\ooca.exe

MD5 5c22e0d4390d1680d82d1dbb7aff2fbe
SHA1 3116b14c7a389a7d95dd3172a67210cfa31a5d6b
SHA256 ca00cd94bcdd0b779b69a31bd66c8a01dd544277c0b156e98c604c39f3535961
SHA512 c817a0dba7a12bcadc82ec77a5f89deddd924bb08ec117337b64c6960724d756ad3f9214ea8ecbb8943436ea2bbf3a9dbd14a20db9ff2b62261fd991b5308bb5

C:\Users\Admin\AppData\Local\Temp\gkAW.exe

MD5 833c21cdbf6d230cf4ac84c0a58bb156
SHA1 5512a4f8ac45a0dacbc3e9d05140ba6cc11c707b
SHA256 1b011f7af43c4a42d721a381d0f74f5fe3c8322df33212d6441fe14e401a40ba
SHA512 e41cf619907d9adadb7ac6d8edd78223983f9822b6cabca1e87e5614b7f4434dd4a9b402aee90b339d07458fca0fb62d371832b065c04cc609030bfecac9892a

C:\Users\Admin\AppData\Local\Temp\SMgw.exe

MD5 74ef2b5e264cd1948c78473c4338c5d3
SHA1 f4a775073fea933791f099d08498f11f4f91e532
SHA256 24a98e9faefabc5fbd29b50a84d3f90ae405743c115ffcde38c620c61f0b4f46
SHA512 2b07da63bfd52d29ca5eea7d93f19ca78da66bf35e1196b408b8192de5162a1e3f0388c2f17f4952490707eff63e6a2be8c399666a714aaa3e897d7c5b94a088

C:\Users\Admin\AppData\Local\Temp\AQYC.exe

MD5 9c09d2e5e5908faa58a137462faaf3a5
SHA1 e81a64f2fa331bda4aead61c582db6004bff57d3
SHA256 ed48dbd1b94299d366740fc1c2630ec60d5f68ae69c736fbe638b36084156cad
SHA512 2fd6110afd7ea14a4a1a11fc5195405a0c8960faadf80dcac466caef0b956160079f1e085a2d656204ef07d80dc0fe92fe658617d20652364e1b14d67ef3e560

C:\Users\Admin\AppData\Local\Temp\GQwW.exe

MD5 65d6d6e481321ff717ecb723b46ec6aa
SHA1 a4cb5117c9e663f7fba48b2f4f5da4bb5eb5ab75
SHA256 d658f4ddc182378530ab965c34ed9a7083e26f85eb52592ef02510e82fd81557
SHA512 b7a17fac4a2bdd7fd8374e0abc64491dae5740e2a12d6399a7c58eb1d4a0f93c6c9b2016d52b5c6b7895567cde378a26bbba62ba97b49c709f075edd04dd646b

C:\Users\Admin\AppData\Local\Temp\acIk.exe

MD5 a8f6f80872407c96ce23386263d19928
SHA1 4ff3b1b58fa504b7a0ce297e3a724f467ab34b77
SHA256 4523211c5d1b7f308d37f81fe5c04744af79099af926aa0cfd04f33865c48c50
SHA512 40463022d08000c0781fc18731aa0172908aa4d02dd7f6746187f5a60dc62e09108f47e7eaae38c73aec42d58de84e7151934b87a80e974815c95fe7e396a5f9

C:\Users\Admin\AppData\Local\Temp\UqwoEMcQ.bat

MD5 ef87edbc1a5f17a939e0feb428bf61b3
SHA1 58f807f759b40249ee2dea658edec0384cb53ae2
SHA256 8cbd75febb92a31366c2b6669f1387fcbd3d74f88c08e432ee1d08c22fbfb482
SHA512 23c359b3965a5b5f77a1a0c11bd7b4b0bea643ed86f2a08aa7cf93c2836e09398a565d78fa8a213b0b75257ad6503c04bb26f6881ed78dc9eaf98740605f90b2

C:\Users\Admin\AppData\Local\Temp\EwMW.exe

MD5 9f8899eb29ba27d09a6fee2bce58685b
SHA1 13c464ab3ed1b5e108e3a8a8dbf1babec6b4dfc8
SHA256 243a874752757e021b3c3617b4d76ddc1bb2507a5977319caa8c34c84c95d40a
SHA512 ce684afcb64d4a064b37030fcd56d517057fdbc6bafadf60c15e37e4b3d31237027ea068a365aadaca510d995c0e2f906602ee96263d6b54ea84fa5cba9f7eca

C:\Users\Admin\AppData\Local\Temp\OIsO.exe

MD5 ccc6a6c73366895ed2d4d1619facca94
SHA1 1745996c99f768d3b3409d44be1b9c3827b0ac5e
SHA256 64861850cf6b36354417a35b2692cd3d5241014d475b530af9afc6e3b4735c18
SHA512 bf05baa3ef1946f10b5c1c13f750292d9ac87ae684d0ffb86fc5f3ea81b6b1a0caa77540c33c99505870e352fdd6477a20d604820499533173b82d5c2beb6762

C:\Users\Admin\AppData\Local\Temp\IMcs.exe

MD5 15435e6caa6d4f9a2795ed3a2899d2fa
SHA1 676c6dc653072a6ad0c915310ac61d401e0566f1
SHA256 58f38faab949861a3c28587a62563b7350c0bdbbeef71d6bb0a46f54249aef7e
SHA512 d236dfb317291668a0eec804d60eb234fa69cbf83f105fe657f4cac89265bc04c6e8a95d82765334f5f3823c3a19c5cf35d98538a457103a799f2eb2f9aed6e3

C:\Users\Admin\AppData\Local\Temp\Mkww.exe

MD5 51c70bbb8e51744a1c2de332d1ee457b
SHA1 236614e1690823bfd7f9762c59cbc46bda925aad
SHA256 53dedf10a1f3247c009b6d289e4b8287330e8d7c89d13e9840e138b1f8bd2ee2
SHA512 152ab686ca9b6c45b87041e4e763982fa83d5a0eb82b0a9ab4fd3776c279629ae04b644343f1e83e40f294b03ffbcf558b84e711f76d3c64452de1d077364b2f

C:\Users\Admin\AppData\Local\Temp\GUYu.exe

MD5 430744f74ebe535f5cfd770c1d8645ee
SHA1 02c2e9ca5ca26c137b22464a6ebdd75b2ff33aa8
SHA256 e4e3a729051d44cee8e9cfdbb602e1fec9a1a7edfcb4f93f76a027dc69b48356
SHA512 42d8fc48e0043a626ebff0eac3134ec677fc5b21f299dabafe25d432fec76fcd76aaf909b24e42a3b12e5d15623affd715321592dc54a4098a624e126cf39739

C:\Users\Admin\AppData\Local\Temp\CSwUkQsI.bat

MD5 da0d294682390e0962043532c4006b71
SHA1 fbe7698db1b906e629b948c88fe40725269188f1
SHA256 df101ec48dd2d24c9a420ecd10fd8304e0a286ef03e0aeecfb18662f9a90f41b
SHA512 91fd57a9c7a2c37357313f26a560ba8a65ace03e114a837ead58eb1b72ad375eec07d154f990e69bd45f6dca867d5dcc165976fe48a9415601b68397755843b9

C:\Users\Admin\AppData\Local\Temp\SkQC.exe

MD5 7679338a5dc6052439408ef8376eb8d3
SHA1 01491a14762ab5cfe0b12d054d83ebd7270185e9
SHA256 192192e9cee0a4fec79c73a6fe0910146a60f6e49bb869926b8a0c57beb3711c
SHA512 5250f7c2a5eabace47f9a932659f1a8c81d7066859f390375d9a6b1dc38edcede96c2ce8467a446b2199f3cd4dfde531f73e8ce408128ac738f4bcf4ac42d65a

C:\Users\Admin\AppData\Local\Temp\aEck.exe

MD5 dd8292c239c242624018ee6c4397e7ad
SHA1 dbcfd7d9e677aa2bd23847df29c4933cf31d2317
SHA256 b645a73bf1f357dd17229ec93d44cadcb8e0542e29ce4c446cfb1eb59ea67b00
SHA512 78b0b9aedc766f717e4bedd798ad1d02e8d6af8c58153bf0fe0a2224e29f946ec45e8c69f164931881bf126e3d065680a3b9a54ddccbdc004b2c2fcf5567d1ba

C:\Users\Admin\AppData\Local\Temp\kgcK.exe

MD5 a9be2c2766d493d6294e4d576f0ec832
SHA1 08baff88188a5137f32d21ee685784d4f9358175
SHA256 5df42167faca6ae282fb3e9bbe2892b1dc740c4d7a39e4e133b760c69e08612b
SHA512 17364ba499f304461b1cad2da2cdb0df73411d50ab3bcb610a7619a0e04c77814408f66b265698be46b84028bbd3f3dda22d7555352df13248852708dae93fcf

C:\Users\Admin\AppData\Local\Temp\cAwm.exe

MD5 99e47efb110f2d7205fb3473a20fd19d
SHA1 b03b0faf3e9494cba46163a366ce1f30b4a69f7b
SHA256 bb46624d5f536f6e5d12abf6313d9ab84cb1822fd83013500e1d63d727732998
SHA512 159864e5d2fe88ae8c89427df04a1073ebab0826d22e17dee39e3e8871cd3c94ffde4bb3e6bcb2af214766b9598a953e21f02f2f3ce105355a5e98abc121ca8f

C:\Users\Admin\AppData\Local\Temp\SkcQ.exe

MD5 033f7a5f96c87fb904ee1b7de1a12b3a
SHA1 0de539da91e1eff11404ddefb695eab56df06b1e
SHA256 49116de73bb3c8fb0d65e103c329780bbe770c26729abe864bc94aa2fec8edec
SHA512 2e871ac3f9930ea08707add2f5f3785d9a03a34d91c8bd0bf4015b3f311fc03b245b48dbb8e342f793ac07b9ac0dea7bacbb5f27b25bc2626fef0b16c9ea55ce

C:\Users\Admin\AppData\Local\Temp\ckAu.exe

MD5 dd1df6dbb0f9eb4a09cbd3bfeee5ae1e
SHA1 f97dac2a49e1d7b848ed2b96d03e58ecb224aae1
SHA256 0e6c34f46af0ec8b4123c512dd697100e6e01b798d9f6549a07b6ef8c5f87503
SHA512 71af6115993bc467084da8e6d61c3568942787e0925a0fe794f9430a56693fba9875a7310c57559115960e0dc0fe31c5e266a3b853994cc40fbb9a9cf383ed08

C:\Users\Admin\AppData\Local\Temp\ECooQwQM.bat

MD5 170be0ce156244fb1ccbecdff6b2cf8c
SHA1 79cb5c411bbbede9a94de641570a163b63e6c81c
SHA256 564e1310b1496d7715eddff747e20cb20140199318cfef7595f091763d27b7ad
SHA512 ee5ba21a512b70140f7b317b106d748419b4f191d7128f795add9d82adbe20289ee8a631f856bc57e06cfb6b816123f0d6a92ee87fa86f1910535d18e32e5fd4

C:\Users\Admin\AppData\Local\Temp\KMAc.exe

MD5 537c23af13454d7e6278c25b31ae37fb
SHA1 973a8fc57a0a9a98a6f11e0b3baf0f1bb7473606
SHA256 553e6f5d10b4168ea2235c1d6099d85ed8383d7327ba1453bbfa7f05e1b69a02
SHA512 ac19fd5c03d5cba153340c7590d5f9459cd2ea6583647eca65df51a1508864d41b95ee5a4979e26b8a1091dfc5ad65ef63edc5084e84661992a8e96acb9749d3

C:\Users\Admin\AppData\Local\Temp\wcMo.exe

MD5 c45feb2b83db3efafd094ddda3a5eca1
SHA1 233b7a94786ece4517e7aecad6a0ef9a4b099963
SHA256 6144ac53112768efa3b4613c90f1eb86fa23393526e8cd7ddcdd51b880f53572
SHA512 bb85b84088ca6a715ca4519fc96f5c0298256210df0c7143ee5666b5345c16c8bcb387ee5ca913f1952d439435c677b465771ab4ea712d2921cfd5563a3b2932

C:\Users\Admin\AppData\Local\Temp\WEMo.exe

MD5 3c11741cfb4925c38dcfaa65b12c6263
SHA1 caa0916e675838256d5759df88803cee24e99e2b
SHA256 948296e5e7c926462f9f3902c6fb5066e5b1e0eef11475a6d3b0128b98656296
SHA512 ac6da83776672707bfde7f8bf94577b2fd0cc92848a7fd417beddf5547498c334803b1a5fb60c5c2b44a973612be69220cf62f2ba08dcbc555db99cabb4c94c0

C:\Users\Admin\AppData\Local\Temp\ickW.exe

MD5 bc68d8a162ff9997b7bb8f2aa1867857
SHA1 fc6ce8a1542a2da5dce132958427bc3d50edb2ec
SHA256 af38ec0191ce41144518c7cb01f4beced782bd5b7d3005366875fbd529329aba
SHA512 48e5a47f51605abfccfaaebfdaddb64527487dde2dc510b6bd71091c1f34ab2a2b320bd0b3a7053d330868c83669e11fa40df4c2f7e37cbad3ac318c891d85ec

C:\Users\Admin\AppData\Local\Temp\tEEsocQM.bat

MD5 68942f6435064d077819711f7dcefe5a
SHA1 10730879ea945eac11cb6955ab83aa00de0e4061
SHA256 64e8425c064cb496f083d84f02a20ac5a1d9b27d75142b4bfd2d5828bc069411
SHA512 4d9316bca1c578945900951431919ebafa31824145b8d901074574b95e47d1194ffba8f860870d9e2d2aa4f566a6da40d70d2b4947a7db7d3a52a7d4a2763437

C:\Users\Admin\AppData\Local\Temp\QUQK.exe

MD5 20a5e5a184fdd51d8a02cb5bacf72a5c
SHA1 9b84b795bbb6588c37c583fbdbb00639b4409751
SHA256 ec8d085709ce6487ebee42f75b1323d12712e1e52882a75b5d2cac309dd39752
SHA512 4eb678f17e5abcf9caa8cb23df29d98cd5abbbac906046745a89e807ba6cc6963b6cd0dcc2431737726af75521cb0add01d48d019511130180f10f836726b5f5

C:\Users\Admin\AppData\Local\Temp\ksAq.exe

MD5 d30ed0137488fd998cda8db7ae910343
SHA1 cbdf85653ed7862d9afd5d687ed445ed0e956baa
SHA256 7ec5c9d436587bfb2e571bacc6c51bfc74f7005123f1e2930b13220e69b25996
SHA512 c4f1f83c8761398122b7e6f1d62c98ed0e7731a240f073825a498bc5a1d6b5bc08395e4d7c97722eba435ea8e24314b4867d278d13459a655fa520237b88f78e

C:\Users\Admin\AppData\Local\Temp\acQQ.exe

MD5 c44af7f6260f198babde2ae640f0f599
SHA1 192b00b8c5e973875db9475cda7e813033fdc60e
SHA256 501b8faad5054f1fd6c70e6f829288751ff45318543ce71725e2ef0611a395b7
SHA512 11b4b4a022c641b2bcbb30ed81a008ec5ff3c366bc6243e6bfcc87f910db4769f75d30e40c64200c0a7d4ba8e774cacb388427428189693c4333ef625eea56d5

C:\Users\Admin\AppData\Local\Temp\aUAe.exe

MD5 333f84edd7fd54a027fb2d04ddf9ec20
SHA1 017170390edcb4508bf0650756f0c34b18a74612
SHA256 1dc957b173a2493f7459ab3a337052cf6b72019aa53fdf86ad8209123efd3c0b
SHA512 866014808e0787e6766f7a9365d1aac6b134f3152e4a4b0cc70baff67d83514c6fd8ba67f472292cebe2022f7b1aeda657513a8839c34371d8251fb4f253adf0

C:\Users\Admin\AppData\Local\Temp\UkcS.exe

MD5 273d48f2de372b400f0ffb4814672c65
SHA1 636d99f5398f944c8b0b68ccfc5023d78315c907
SHA256 d44f99f5463244663f186063651ffc6120991dd3bc1a22b01355baa91b64666f
SHA512 76cefc5d65f03ced7c2a66a15c5c387d1d271f8703d67072cdc1cafb52e5f8359019cc0eb4f4cc6e147c5c83e49796c86e25f1ec81c322899bf285dda411e99a

C:\Users\Admin\AppData\Local\Temp\hoIkkckc.bat

MD5 5fe85732234dfd18014b413e83c85137
SHA1 2768d0e3bb5e76faad645a146f515e5bc41bd3ab
SHA256 788ca8a4dac050606843d0d6429323d5fbe334ffd8da542a14ad96d6e36c36f5
SHA512 e68007dfbfbb9d2fd4bd63ad1e7edaf4629cb2c1258c3817e455770959ad08edad7cde574e681ca5e990fc5f3875f1b2c24fb8d59ae3d1fa2d2779c571c15d14

C:\Users\Admin\AppData\Local\Temp\ksUu.exe

MD5 390f6756a9cd11a7f80a1278b656a374
SHA1 9c34ee30bb486ffdb183aa9d1db6c6688e61fbd9
SHA256 4b5f397d05b97ff9a15196a1112ffa41c247b459c46cfd09e40b6dbd88f9191c
SHA512 bf0beda7be606e845eef12c23cb38369b29678f5da77a2a714af4ec9efbe79b8312f9dadd36493534cfaceb8309a52337db5353f5c6043bbc1d7a4cba7ec467c

C:\Users\Admin\AppData\Local\Temp\mkIs.exe

MD5 e5a65c8c50f1bc77d67d4d6c292bab54
SHA1 8c2cfac4caf8927bdb854fdd0fc8e408b3197d8b
SHA256 4d3c5c28b7b0d9344816f0595f82a9be990bfd4531d74378c510ffecf4252ddb
SHA512 d361d5abf917edc6266bc67262c231e3208decd33afa24f67c34ab3992392e050b4bcd71a3e16e9f68bee8d1bd9b42c60b965b37ade97e62f59d3927fd31b990

C:\Users\Admin\AppData\Local\Temp\QMgI.exe

MD5 9ccc457c3c253410035d087a5db1530a
SHA1 64b5c4e9f84faa1844123e92bec299b861c94172
SHA256 e5eb927ae14ff2758b515adb6050428fa41b41dc1fea765cae51ae2edea1f4db
SHA512 f69544c18f22d12505b075e78aa59c11909de5dcc5414cc55bf4fc405b7b9c0bdb711de5c09cfc81376f0d5c8161585a8c7686882207eed7c203cdc6a7a66192

C:\Users\Admin\AppData\Local\Temp\aswa.exe

MD5 3b2599102eede5d3f41e07a0ad04b89a
SHA1 002478a76a549377cce2ef0f01f231a4e6042d30
SHA256 09d9c4a99cd2da016521e06cfdfc225f8dfe4098b5b78b2ef8b91cc734069392
SHA512 c9aa0ac09c34aa161cad120f9a33a3af42021f0a1382dc555c06e63a07cc75792a354122eef131bb0d69be7c5256ac6d0a03715242d60975c57d4840a8a959a4

C:\Users\Admin\AppData\Local\Temp\sYYa.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\YgwG.exe

MD5 b502d100acf8b58e075128775522fb5f
SHA1 e177dd1e9c57130943cbcd218f44132c6f0c1055
SHA256 8ae0264a1b2cefbd4fdebf1f71b60bfa15d6e82af996149822374d776ffe0892
SHA512 1a88c66189500f66af165f12201f55a4e7dd390dc0a4e469c0b31f88ef504398e8c8841211c2467d0ec7a6359e04df38f14fe143d1097a197315d02b90641d4a

C:\Users\Admin\AppData\Local\Temp\BwQwQcUM.bat

MD5 676683ed85718ceb541fc8a5398f97db
SHA1 52798d7eaf6ed7d80ad0cecb859cfe44f3f5bc79
SHA256 98d8a6ec44c54a2b71a87b0a092483253c224929c3855c95c67e6219b2b4f335
SHA512 53d72d0e160e9d627c7a5c366ecb1a114d7dba13204ab8e40c9168e5ee14db096e19ebe79112de1d03b16a7feb87d9db7c596121e6383f8eac12d3bf4a126d56

C:\Users\Admin\AppData\Local\Temp\ecYg.exe

MD5 a9bc138bc434e0f04bda573da07e6ddc
SHA1 0b9180ca9507ee6cd1f704226fbab5fbb05c893e
SHA256 8ad07abdc17b3b9017f8a7eab8567af1aea93550a6b01af786054f77f7f25a5a
SHA512 adba7b86e5930fa1d3bbfdd79b8b8e08cfe6046ab6e598cf84bbd1a51e5bf2a20ffb7479cb69170c1a7d429c841f7e1dc15be2000f5e4e9616f702c651c13ec1

C:\Users\Admin\AppData\Local\Temp\MIUc.exe

MD5 addc12752bf6ffe2ce882236129d9fb0
SHA1 dbe61a877bc260225289eb5abd05e68bc0279f1e
SHA256 45aca0f1d0a5fbfb2a1e41b31b3425986db5776c17984f78e71f10bf1481c9da
SHA512 02476d5666c17cde5ccf9c361bd20dcc44e1d957714d7c1e66aff3c0f8b0db5029bb847ed63249dc34a71da8a2927318287697ed8912c1982acb4f154e4da87d

C:\Users\Admin\AppData\Local\Temp\OIUoUYkk.bat

MD5 08d8a5ac41049554ba48bda51b2ebb4e
SHA1 eb90cfb1a5a8f2c9ef8c1d852a34768b6b81e840
SHA256 aa48611bd4720f710c3166959e6637fc4b76a9d324464d8926eedc39a2af2700
SHA512 7448810d8fab5c5bdb7aca4941893cddcd1b36768b9c25197faa210a082e36d087fbaf0754549b0c041716dc8e67ed963f4d5a463ae44c64776dd314419ad626

C:\Users\Admin\AppData\Local\Temp\oUocskUM.bat

MD5 8daa995dad5ea9870730930fb105c0c4
SHA1 84afbd96942b887b055f7e0f294ed5470423501b
SHA256 196c879ea6b8c27f5796e242ab6de40f349271aac3c46630074bd6ef9583648b
SHA512 64856fc39c18237a672707303aae5b21b47c0d61a224b76dfb0835abc77242cf8726c40e764398c581b312a0d74cb02e4fb296a004da2b86bdd67759cf2a22ed

C:\Users\Admin\AppData\Local\Temp\wEMsMsMk.bat

MD5 2835d78e45774a3fda49c30d4b339dc3
SHA1 adb50fe3a37b63000e9c5f1aeee3046151288527
SHA256 d044dcff8c97ae0b5d7998d0a461252af287539bf5ab663e5fda14966c5d38e4
SHA512 7fb1411df5d0980769d6199dbb84746ddd90f345b0a41f595fa6937c40b673e35938bc304bd67a553770d9f9565236d111537db6dbfff17cf38127edfed1f08c

C:\Users\Admin\AppData\Local\Temp\oMsEIYwo.bat

MD5 51fe34921181eb1d5dc39ee27f49e170
SHA1 a108349b6097594388ff935459dabbd55446c645
SHA256 2ecd487d540a9d0ee45f9a97f2d05f784ef2dda1e404a4fba945933979f7d621
SHA512 37dc03507a6b4d7a754355d1c6c4864179830aa1b082bf2cd8129200b34f3f3709c08006167e6173a8c209fc3c3ad74b6acf45264d81700ff91faa0c539e2885

C:\Users\Admin\AppData\Local\Temp\xIUkssUU.bat

MD5 694b57e14114a0fec8681f334b7ad0db
SHA1 d17112760130f3d18b035ba6feff9634a551f6f3
SHA256 f97854ded84cc76648dacd0d83e839945e39f02b9f67db2215239ef6982cb9b3
SHA512 32c1c05bb9702591455ebf7ae43506737e113895ece0117a310377eaecba5abd54a2a5e7a23024a2614abe10e50d1c202a9e1494e90e6f9082c678dd8aae1a76

C:\Users\Admin\AppData\Local\Temp\VGccYIgQ.bat

MD5 5d9b15ee48416258ab4aae09fd12994d
SHA1 5868f0fb8230721169beeba6ab409023ff66fa39
SHA256 49eabda608d26b8de95489c84d71b4196456064cd944fffd4439fa486d351f0d
SHA512 65e4f766d6897e2d54bed80bfae30448c97c9066b0d466faad6b7523036fb5d2634dae2092628b8fd36d5ef749a2b8fc78c18dc6a6a340d36b4682930386253c

C:\Users\Admin\AppData\Local\Temp\fWQwIEco.bat

MD5 3173300ad67beb680bc9e280997ee58f
SHA1 17c506472f736a2eda4ccefa574fbc67b942cd9c
SHA256 90aaa9e19867b0b49b61a2638c22792043fa64d5ab3d84b9be4f8299646b1eba
SHA512 1f836a6cb692e5c71bc7f2513d3bbeab472a9cfc0e3db913a19e384bab64ff7d4ea151ea7a8b0b0562f62804381f293fc3f280acc64e4a8b8fb3c88ba79336a9

C:\Users\Admin\AppData\Local\Temp\RQwMUAIk.bat

MD5 2a5311bd4eed3751071b272b6a13c2c1
SHA1 f9ac6de0f74e635e94c3dd6a6cee0c844f2765fe
SHA256 cf30354cc8c0318dced38f09040a64f28c43ee783974461f64bc244d212abe24
SHA512 35c53bb79d269c4dcec4a6e21107e2945af17c97ba4678062be34a7c3b6e4a21a2667d41c72a82e84e008894e9ee84980e0db294809997170814e5cf9a569edb

C:\Users\Admin\AppData\Local\Temp\IwcIQUQU.bat

MD5 714de913d65c8af11fe60fbc9c33980d
SHA1 c167cc67ca00281dbcfd8e39a8339d18b190f668
SHA256 f23b6dea868c9f2caeb489b4a4dc5b856764b35c4f01ced8a78961debd7a8bb6
SHA512 e485ecdb211dc8190913197eed84b9ca1ac695abc26d7b77ca80aa80b63ba893739db862ca7a4185302bed13a5aaeb8e911bff66235a8f821d1f47358bad36c4

C:\Users\Admin\AppData\Local\Temp\yWUYwIUM.bat

MD5 db273bf8cf220704b87fff136d3a7552
SHA1 90b3019335c6cc2a8a7ac825498f1b7f1b0ad697
SHA256 23424f1ce49ac2a86a45125d5135335c51fc660e8cbd6d459555da5524453d8c
SHA512 fa94fb360ef1a012bac0c20b841e598b1ddf63abc06906f9255778db492a90ba86cc5a422ddbd521a6cb0e1f2619df497b6ebed33d130d76ee593dc289512d2d

C:\Users\Admin\AppData\Local\Temp\gwAe.exe

MD5 e2b477c71d7024bead9e7070204fcd3d
SHA1 c6559e66aec53167391e591ca0551dff43eed40c
SHA256 efef281cb33d6622a50e9d2d35226f4005fb43aa828635b8f48f8fa772d5b811
SHA512 5b47e5bc9adfcb04d04451fcd73883f15135ed7a7480ba55a4775bea0d4ba5607c5fe0605a17c1bac5af6c9f6e17faddf29ffa53a1274ab29185ad469017438f

C:\Users\Admin\AppData\Local\Temp\QmQAQsgw.bat

MD5 0462a57b38e97e733e9610f152ff6dac
SHA1 a3de2f49e04e5cc1bbf7e76e4049f5e09cf984df
SHA256 f7b1891973ab29695594264a2974892c5454b82a9522669f53f24f6750eaed97
SHA512 2801e9a84a346d628c145750549d973faebab9f7eda8e30f0dab8b909610c7371f8d9280878a73061e9089e8fbb7e88ee77be6119217698ec1f72814881efc16

C:\Users\Admin\AppData\Local\Temp\agcM.exe

MD5 edd8e23041cd3e5d692c3d03476be210
SHA1 af0f9d2663f58c491c09d6787f301b0618b9a550
SHA256 f60d29f9b1efb44d83ee4ab1fdb5f72b7ee1fc85679857294232515c99ecd92b
SHA512 f13197adf4bd156f6ebf4998c2d0ce93ed2459cb6ceebd39f9020d94eb87b97ecac838875235d4fe24bbd322768f05de33ddb2c3a4e8a3a3c9a441b41c44d1f5

C:\Users\Admin\AppData\Local\Temp\wkgY.exe

MD5 335c183c8564472efa4148d70a97ac6e
SHA1 ddfd11ed302a94b7bc73309f4db78aa9df2da916
SHA256 2010781f2bab687a0e72834395f69363626ffc86dde319fdef1ebf0e3f68e85a
SHA512 4f4b999666646031b0515b5314defaa0368e65a49426fff0ebebd897c53287529b5ebf887dfdced9906b8e2eccbbd606d3de0cac6baba9a772e11362c194059f

C:\Users\Admin\AppData\Local\Temp\UIoO.exe

MD5 7a76e26587ae0cd608158612655346a1
SHA1 fddd583a48fdc787426277e4e4d7aa74b0f04023
SHA256 fd3cef51249da5af1358187b079e080b4da083659098acbc81430dd51406936a
SHA512 b2957a11f259330ddcbc798b3ea184c872dc708aa90cab748d03664b120490f5d28dd8d4fb3612ff49a35edbf2c316151a1631f72d9d2ac9fb65c704b5f51237

C:\Users\Admin\AppData\Local\Temp\UQcu.exe

MD5 728f35992dad2f611967dfa0412f9183
SHA1 f5d3ccd4438d6db566c74e487fb9a5f572ce6331
SHA256 d4b6e62f1ce0441793acc1a1b8cbe7c6d2ba45506acee6f12ae408784e00f359
SHA512 34bab68da6df27dba51ac5ebf3ad2f334a28c20f75991f653f2bad74d22db4d7f03f31888ea4b329f33d727e560078941f32c6c4791b0d83a408a4b6267a2643

C:\Users\Admin\AppData\Local\Temp\KMoG.exe

MD5 420873f3b156fc77b786c34229dc3b2b
SHA1 f9e37cf947fcda1aade6901a8b52b85c3b4f6713
SHA256 e9242b03ae370421139e8f64bf96d036da600c04317f1cf8cba2c2b01ccead01
SHA512 21c897c4c30d1f3624cb3d1ecc397c39cdb9819dd106a09e8f97aedc4b765afb4b05fe1677b23496a9971c20b28337231ca5c796a7c2c0f6817a7fdd2d4c794a

C:\Users\Admin\AppData\Local\Temp\OioIEsAs.bat

MD5 86c0e6dfea107f34ddadf705324c603e
SHA1 cb56c753e3fd98f903b45d55a7079ecea1c349ac
SHA256 3ae51e6ec79455f53935e750cadb6343a87c0d4021d56dcd3fb877b10e5a47e9
SHA512 496633a0b5ac7cbaa2b399c17dde2eb365fd350f17f317cd7749d52f921c676035f992a9fb9dda049ebc4eb40ea1b7ff139d5bf5a0aa85a7fa5b59a400e50b6b

C:\Users\Admin\AppData\Local\Temp\kYEG.exe

MD5 885525e9bd1323626d3a96c931debcf5
SHA1 cde0b0e72bec9f3d821fba5e5d2ce90f8083706c
SHA256 e354bc56412b3fa5528c0b43eb1817b5f60ee606f8b091b40212c59a2bca842c
SHA512 a26695ab8e6d795a737601812bb27bed573faa074bac1e7cc4758df914c71b50291706c6029120a4a6ab6f31e5d3dee9ee24a3e6575ca2d3dea79ac5a883c48e

C:\Users\Admin\AppData\Local\Temp\cEUc.exe

MD5 50f618a661a9dff6b1a26f5026ef0b64
SHA1 8f94015d9ce94d016f7a5f72a2aef8a6f48dd400
SHA256 d6c3fd8525c52df6a91c7e431bda230cdfb12e7e197c849103e8d1596474e23d
SHA512 1772c6678d3bb4ca49b8ecdd938361a474e326ca120b4e27cc503efe484a43f9258f0e0560593df6a1e825c46757595c27777d9844a58012e8cc926c6924bcb3

C:\Users\Admin\AppData\Local\Temp\wokI.exe

MD5 50535b448845aa337bc006ad564c699d
SHA1 0af61ae62e62b3e177c293aed4c3a07ed7a52c5a
SHA256 29c57bad5535d99d1efdef309386cc1798e6adcba79bbbb21342ca98d470817f
SHA512 01ec60263bda9105a438dc28dacc644c41f6599ed45575c0e3e0340b801b1f9366d7ff09466f237ba199901a18bc365c949ccd7ed1ba0afc6e00269ce394e298

C:\Users\Admin\AppData\Local\Temp\AAAi.exe

MD5 85ce830088383c20acb649657a759706
SHA1 a9d707ab9055643c91cd0497e5c8a379a28ac502
SHA256 78d4c77154913eed01957f2c041229e2c8dafc7b297b143a81a0ce66b2acbf18
SHA512 d5213c3894164461bfdc1500a266c233ff45080db710a14ec9e9f6aa936b8c481d4406b6ab2781e9029d9eaadae08af6033b8ddc9c1326bcae0e9d001d84de1b

C:\Users\Admin\AppData\Local\Temp\XWswckQM.bat

MD5 47fa82a6793320658e88b69f081c9974
SHA1 da7d11c697e80eed32ad7be6d1c7dfdda0001da3
SHA256 106f7a3098b2c9fbd09b30e5768532791cdb912e2bf9e07741384bc50ba4f722
SHA512 06e82e077f785aa62ad8517ace70279dba51052dadf12d9dd73f898b0a9e192208bba22d165459d8d867cb28f834b3c1db775684040439dd310011a020a96ee2

C:\Users\Admin\AppData\Local\Temp\kkUI.exe

MD5 4800c3d3cdf599b031e284a40f446580
SHA1 3e24bba67902a31417438adb1e32fef64dbc7fb9
SHA256 2c5598209e06afe1d681e84f54c7ee891e390a5df27505e4027ed13648cdf706
SHA512 5cf98be9a42d419c3896f84d37932c8b7160b0f967aed8182dedff5f6558eb4f173b59e97c3b49f73ec8e15e121c9e0be2143644b3292140d52ebaae2fb3993c

C:\Users\Admin\AppData\Local\Temp\soYI.exe

MD5 648f88d4a345486ee6c80cece446315f
SHA1 ab6720d937cf70a948954e076ec149038955f216
SHA256 fc6a6ec28136fa4023004a27769b5d699932fdc41767b2c7fd01d3bff54f5fb3
SHA512 46fbc0d044beaeac62ad00a8c36c8455859ed83854295988752fc4977a18a74364235b035339ff884e94e3d1f57e5f192074c62df0252f7aac8fb2270f104c75

C:\Users\Admin\AppData\Local\Temp\gsUQ.exe

MD5 31ab7a136a6ff43061136400fd9ee85a
SHA1 2236ab0870202cad8a974af2dbee2b769ec665aa
SHA256 59e8a506b4fbd9e3dcfa6e968f0e44230f99fbbbbc97d64786691e93f1a2e0c0
SHA512 34f6a710dc95ca57622b5138361c55356d97cfe9b75ce8a3954bec8d4ca884e65039016156c0e507e329759efada13230a7544ce00fc864596ce7cd99459dfea

C:\Users\Admin\AppData\Local\Temp\acMm.exe

MD5 f0f3a52520e7c2957822b5eaf2b7e6ec
SHA1 adfa40a9511a43dc69e09c7847a20b648d2fc44f
SHA256 eaf70d563dd4e12f6f51106e186e820bff97c2a953aa689da1403436b85d6a93
SHA512 31af2c0dc6af6318f27903ec052681b96c29cac945e391b47705753c69a6f942d51c417695e812397feb11233bc0b6b1ec29918ae9874f7c34983a7e64d90c82

C:\Users\Admin\AppData\Local\Temp\PgIsYIEY.bat

MD5 8070bffe8772ad29bb347206a4584d0a
SHA1 ae4347950a928f024cc07938aac2b123f04f1b17
SHA256 921315ba40a669a545cec2143974ac52152f97d985e18094b27a1eb6c97f639e
SHA512 6361e7754749b33da484d3d37f28acb1cde2f4ac0ebe405444d1d8716e3316357396a4820eb600c9a817226af153f4ef217a6cff01af76df2d6e3f6305994876

C:\Users\Admin\AppData\Local\Temp\GkIW.exe

MD5 f8049e68be2d873fdc0edb786882e727
SHA1 8b1f69f28b41666432e889bc77543f63a7181063
SHA256 862b1e79504910692d760ae975a34a8ebae8e7b8efce835aea29d10aa7ec91f1
SHA512 cf78983b984391ecaa39248cda799e04d815d9a5def8f4d56ec95f117d9bbbd71fd176b9d3da02d92168417a3020fdb604d195ad3458e13ac874841125ab5457

C:\Users\Admin\AppData\Local\Temp\KkIq.exe

MD5 8bcfdefd4fe4c9780ea7e0e70c75410a
SHA1 53e440fb157a6f9066e2ef8ccfc6583981f78d35
SHA256 26c1e0be5a6281a9a905d17670144affe2d314a522c744973e85f771bdd40604
SHA512 4105f308fb92e0eca8fa22b92fd71ac3d3c1f2ed6502c302554237bac770bd67118abd113c7d13f0b54690ea58a68a42c1f34ee873472cf7f1dfa0ee3be433cc

C:\Users\Admin\AppData\Local\Temp\EQAw.exe

MD5 44bf503b577cafc2ccb3719fb8e0c3e9
SHA1 5701dabc4d2ee990a6938152425243b2d7c25eb8
SHA256 cff5f79ac0b61fc0814c88050d939b8bd9c8dc8e334079f39401f15fb509c086
SHA512 587d410e7070a83ff63146ec504e979fd973f91bbaae5f79624849bf23d482078b2ee05fcc05df6f1491b219228b38c8d23b6a2bb7621c8cfc84e056f5f73fb2

C:\Users\Admin\AppData\Local\Temp\MsgI.exe

MD5 83fe5afd5cc1dc0d6463ab6e5734bbd4
SHA1 e0f63b9f38bebe1577e5a1f369c66060fb960348
SHA256 b30a78260558e594ae9e8723df0126ff49d3cbb7351cca1db8f2bff25a9606fd
SHA512 ea44e10d56cf766bafca612141fac463c3844bbe19e2ce8eadf41aec9e5481497fd3621a253f65d9173b410d7d5d6f9b472384fbfd20c424897f399b1f1d967d

C:\Users\Admin\AppData\Local\Temp\lWoEswoI.bat

MD5 d885eb960db9118c230f31ea7cea0afb
SHA1 338a45478b9d34f0e60d6f862b7984163ac457c1
SHA256 142520cedb103760852fc687e8ca71d51201b011f2418ade40f95b6d9d72ef99
SHA512 437f55ca1a05fdc99e59bb5d7e948e7ac6e03976d46782ffc8294b4658ff13b7d92e052df1755d127cc7a3aad896860093390ccbac64e47b7e5676695fdf091c

C:\Users\Admin\AppData\Local\Temp\aYAQ.exe

MD5 f24dca8e149f3b91287a2054479d1572
SHA1 037ce2bf5589a11a08ab3db94e2efaeff9e14b93
SHA256 6bc89a5a8a4039d4e87b2f8f53c8355ab20aa70a71227d3ff196f1e1f8fe0124
SHA512 0cddc3869138e96d52246eb6afa2fdb21564933ad178c8a8bd5d28abd6dbed43bec2299eaba6366a97c1f3660a909bd4e3c32a28d34e8545dc60f544f945a224

C:\Users\Admin\AppData\Local\Temp\qcoI.exe

MD5 1d143fbbf646bb9ca58662cf57d22725
SHA1 4e1e3bdcfe513d1014f05e20636543cc8ae411e4
SHA256 ed5693e09d4d16e258115a2887db577f55baf0ea8d076e86da1c3a72772d6b55
SHA512 aca183766d829142b982723605b6572ad400e77e9e177de8e12024d79507f23c5780694ae12af5d465f94ddede8ebcdb0de16f40a03a4d98291bc46bdf27719b

C:\Users\Admin\AppData\Local\Temp\yUgo.exe

MD5 3f0f97364cc7fddeb61c8dc4dc3226ed
SHA1 a17a259260d17ee8121398701e4fe859bf88e440
SHA256 8f02b232f3b22310b4b6a3dfe57bb48dc7c942bd7df7af2c7d927c07943df572
SHA512 0866dd71326f480162a682629c89538f420f61b78b979a5ef5d9bbe02e48c5290696afa280a261f2e8716b07d73b8dd522d784d2dec19589bb913d7b0b998afa

C:\Users\Admin\AppData\Local\Temp\oEcY.exe

MD5 f32b4911a26f34fb65df88562df6df80
SHA1 045ae57c8a5404d615fcc468874fbe45a8c3b379
SHA256 5589617c976272eda2bdd7db846b23da7f9b1049aa7ec837040736c72b6d285c
SHA512 2734070a1581c10b3eaa23605e547634c0f457620ee58bb4ec527222dd131837fb338247b4659db5d9781a4d45b551acb3683fcd72dd07b7be9ab0dbde5b7ba6

C:\Users\Admin\AppData\Local\Temp\sYAI.exe

MD5 36e004b850aa5d544215c42eb4d34066
SHA1 403acc0333f8c5b90bd509d7498ea0351c83f86a
SHA256 90e1ff7b6a594b73ee70d61d4fc7241e722feb37390da670dde9bcaee4df8023
SHA512 6e59d666ff755d20eb7f1e3b3935c6437e2765ef334cf480cb6875af719243c1352aa59440037babe58fde54288970f4e7d3aa50bbf0070a474572882722fed3

C:\Users\Admin\AppData\Local\Temp\CAcY.exe

MD5 ede62fe9b3c87a8e0e9b9936eb11c61e
SHA1 90015e94a77b787544a903d06ccab8ece5eacb15
SHA256 6c670097b9f7bcf7c0c8fa9d17ee58fcc3439b2141c6cf7f8289954d6b3d25c1
SHA512 be75085d81202e5686e7fe599ff0a14853d7795231156319dd0e17acba4d49e46ae24889deb5f3d67d2aef3955729ab5e3f8d1729e60698665603c8555e574bc

C:\Users\Admin\AppData\Local\Temp\YcoK.exe

MD5 51efe349330d008bca12f905f8553457
SHA1 d800e1768d29cf30a009e9ed989cf1686d7edd96
SHA256 6136dda859569f06907c74d2cd2bfcb68e6a9966db0597f4c0b0f2d90c5302f4
SHA512 973624637f3ff75bbf4528258167e04cb69ed0cc37f8cd66fe23ae5a1764a65aa550db5639d4b9fcf4333234689f12b9f09ba3ad54c0cef5b7d8c9620f695e9c

C:\Users\Admin\AppData\Local\Temp\GSEcMwQU.bat

MD5 2ceb63f485f0f8744c5f7e909eb9ff59
SHA1 38280e8ce99cb6524a72dbc7f4704dd65bf12163
SHA256 a7e300a9c1388756389b00cdf70594101cefbf512e1b8dd2defce436ffb1d217
SHA512 8788c997777538813c7849726c5c85a573af4e301f8827054f6c4947c973d9bdfa9cd5b354d324d5ee02b669fb1a307c6266e310f812ce5ccd5255b38580ee59

C:\Users\Admin\AppData\Local\Temp\GEAA.exe

MD5 6e73976893fce8b10c07671121920779
SHA1 7cebfdc66bb895ae40aa0f2e19dd0f1a7ffd3e69
SHA256 1f9aae07690b4588aebadd199a3132974b7ca6407f3ba73a33dcc927e7017a66
SHA512 1b5c477e70601f5eb3067b16d50d65e63c6d98738bdb3d37d18a72badf3c6262945c189d9d05756c56d25a0109c8e63f242072e8ef76554f8424f5551fcf863e

C:\Users\Admin\AppData\Local\Temp\AQgk.exe

MD5 29ae927263bb4fbf1dff027ba135ffc0
SHA1 f1ec1db5bbd63fa76a83359998eb0d1fdab59faa
SHA256 07903e67808611fa93643d68c86332daa49cbd46f6940e89b30394b05a951b44
SHA512 81d967bd78c3ef6495449eaa3718df2c1dd5fc0dc4fa155646baa135a8f1606d596e1ed9b58198de6b7b8989df0f75aed32de75fae9a680ebb52fee7a1b0d32c

C:\Users\Admin\AppData\Local\Temp\cUUgskwU.bat

MD5 890159d7be0dd4f8fbae896463f3ad18
SHA1 7ab0370e2eae869a0c11f3ace428880a09c8fa89
SHA256 e130545f4ae7f2d354620b706024344b1f8d22439661e61c806c473f6baa0fbd
SHA512 526ca1b0d947b45a8952a39f6d90ad025341aeb60517fd7cc79043c4bc20031454772899b53f15479e2406b20396d806917e460380951c22e92268979aa10f78

C:\Users\Admin\AppData\Local\Temp\cAYe.exe

MD5 cf1d15403392011934e7fb00440add1c
SHA1 afd2ddcfd45b94c2ae3f284acbb0712391291714
SHA256 0f8c49b2079a0f40696ea73bdf70c42af1015b7cfaaaa1a18b3e37e9865b4c6c
SHA512 23d9ae13b1d47ac021406bc6bd2978fda094bdc485f88403309a207b488b2c5b195ee1af39837883c60f0963ae690d4ef480c577ccc439d93dae82a0f89ebed3

C:\Users\Admin\AppData\Local\Temp\EMMm.exe

MD5 a782385f9769810cc36274238fcdc14e
SHA1 6275ad390ed61a3fa79257049887ec6f5d6577b9
SHA256 348529e0bc91d4f5db5585a74aec2bcb011c8aea49d177a39664af6136198a63
SHA512 410776edc5f82df72d1bd94a8500adf83d78a2da3c54c1c0d2e86be9fef47607ec15dd78322c62df47141a90b08b7b259b806800d881d4336b338878f627d151

C:\Users\Admin\AppData\Local\Temp\KkwokcAM.bat

MD5 ec63a3262a135e5829630095dc8ec025
SHA1 c93e45ffede37a51a791976cbdf2baec982d9dbe
SHA256 2fe8a1bcc3d8383e42d42516b73613f1603655e1ed39ea4be93cec53ec9eb465
SHA512 fe3d3faf34725a76782cf34a4633f9fa5aee44e9e452e9cc6dc79bda700c901fc681104c8bdd2b87a0ffc4180e08e7d9424329b255b4eafc064d04b4cb640b12

C:\Users\Admin\AppData\Local\Temp\GsEM.exe

MD5 697098debb66fa3a5df9ab38b7744e42
SHA1 8693e0dd36135a6a8ab2cce779df97826f393dce
SHA256 0ae247b137eab1dbb3dc1eb95cf1594d27098de1c2f2ffe47e403e675abfc013
SHA512 8ed4928196a2df8e950e068950a37f120b03fc1a85f9465e357acd50b62562eb8c9a1e4a4ebf5b4e44fa8781ce76cf29c8ebaa69d2b2775d3272b2b7d23b674a

C:\Users\Admin\AppData\Local\Temp\KEES.exe

MD5 1e9eb7027be5b16617c679a56f4ce174
SHA1 5692c4feaaaf5611f34101cd0c953dd396c389a3
SHA256 89f60410bf39c4ae9bb9a6b448694e4d792ce7e7a441170693eb37ac4be6c859
SHA512 ebbfc28ff1b9824c1f02006a6a61590d042fa7f0d5c1e2f9ebc6971eb9a3e516cea4216706f331919630546072231a111088a5b98a09f1ec83ede082f08d56dc

C:\Users\Admin\AppData\Local\Temp\EMcS.exe

MD5 5d677ce4734fa2678afe6744f1c74662
SHA1 440ebcd736fbc573106aa3f845b8f6de4da22831
SHA256 42fab79be06f1871fb1fc82bd1000dbfaea7f1c6c6f5d9f6bff6f19a5b36c949
SHA512 49ba4e1eae90f0de7a8ad71cf7fd5f7e7b62593ff94a5be2040bbe8022a77d466cc6873ffb59d844b942ade39529ecc4e170beee933dcfc2e43fe919c636287e

C:\Users\Admin\AppData\Local\Temp\GAEq.exe

MD5 5c84292d146f8d89a9278ef38f4ef9b4
SHA1 4f7519c9b6d51645c963fa3dde95cbcaffe889d2
SHA256 60638829c1f198cb7dc560e70c60bf3568918a84f771cdf5e3edae9ee615d985
SHA512 011bc2de4aa7769206d033245e6213c71d3f7f5f3da4abb87b2fb24035458584bfe3eafe51a766f4c63bdff1b311453599d3a5c743a9ab36f8cc824b5ac036ae

C:\Users\Admin\AppData\Local\Temp\scMW.exe

MD5 caabe9e5797ac2801b78222ffce61b10
SHA1 7d9e8310d29a2518df2d80cc1815ea680f99b902
SHA256 d7b83db1c7ce25fcf26d01d739cd043c69a12d4b0508d0d00f0ac1bddd8e3f81
SHA512 bc3b04563b1f60644e8d98f9998f9c152a219d4560bf95101a0305e4daabc8eab4f644e7eeffc8a254244e9a6e07546c137c2b81dbfb58bc7a1d52b29c4cc54f

C:\Users\Admin\AppData\Local\Temp\ysMa.exe

MD5 4f81008a7bd949af5b778959415f5538
SHA1 15d3a7d2e08f247d8e0c14e19cfe8b60d077d887
SHA256 367f0d6888622ba191b4f8bccd3cb77e902aff142bb31aad5581f839061b8060
SHA512 74403042bed93591fe9e7bcc3dd5a4a500cc18a98fbc98760294ba12119f666768214300af3f5f619249d26207a81bab6434e46250b213d0919e874d94c561e1

C:\Users\Admin\AppData\Local\Temp\oskI.exe

MD5 03470741d800d775dc9f57258dbea808
SHA1 3206fe7e1c4e0365e25986a31b4e9042dd95fa3a
SHA256 04619ac93a2251c1a58d8576c72818ae1e58b3fa1a2b918ae0ed729742c43917
SHA512 b4734f51726361afe5f75b54fb8424992c62e5624c4d5b429c088302ca0f9687be03517e29e87e1406f65caf8d013e72d662acbc080592fd4c1f5074f4959c1b

C:\Users\Admin\AppData\Local\Temp\gUAi.exe

MD5 87d693cf85e20b40b6bae12b2f4650dd
SHA1 9fbea31db93f37484c790b91a71de09ab1a7c99b
SHA256 22b5fab019eab61fa6494988c958810d6cd05cc112ea97c6c4acfabe1eb86e52
SHA512 19a394a3350af294b9b1de5d4434ab311df15c5b8aa4ae340d9a5a4a38d001f77cc545534f099e08b68c6804d3a3f86320e5e9472011b249e70d931e1c5e5dcf

C:\Users\Admin\AppData\Local\Temp\qgoC.exe

MD5 1a658c8b5a64666b07d6cc4c21243f48
SHA1 e371076a8aedc96b55360de8aa05549f55bea507
SHA256 da22abd41299186677693dcb0592b778e9dc13cce747aafc1a72f1a5682e658e
SHA512 10f80407aae620a1be8a57bb8c52c6487818ca84ed0de77ebf028f510e6cbdf276c278bea02f2a978df5899fad0db36e9a0318c99bbb6122215447ad83090169

C:\Users\Admin\AppData\Local\Temp\wUoW.exe

MD5 acfdf4d3e154ee044ebaa8858ab2cca2
SHA1 a62901923bfaa07b0d44b2457b300918c95ba3e8
SHA256 7c1291b10e040bbc1b8a3de53259402d74104469d805896bd23dc10da28c284b
SHA512 6232bb97415f37ccc8155f9adf2396314b2343c30687ad041b10e155e6afb7a3ca8766ddb198107cb68ec6b016c99792c680628802f35403310b60b3d351c7d1

C:\Users\Admin\AppData\Local\Temp\YMwE.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\MAwG.exe

MD5 696967c633fceff3f6806ab43a4bfdd2
SHA1 6d09e1c7b23fcc4585209b357202d700efdd8003
SHA256 ef63a959c6e9ffd06fe4f5597e1d9c97789e6ca04aa627860925df28e9eddb3b
SHA512 bb41fd8e677fab03cf4fa7969d61478bd74e364231b703b730ce75bead6e9e289e2b73935c297afec182c11e90ecc2c3fe5e872f927b806d5a21f8ac05902111

C:\Users\Admin\AppData\Local\Temp\uEky.ico

MD5 e1ef4ce9101a2d621605c1804fa500f0
SHA1 0cef22e54d5a2a576dd684c456ede63193dcb1dc
SHA256 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0
SHA512 f7d40862fd6bf9ee96564cf71e952e03ef1a22f47576d62791a56bdbfbff21a21914bfa2d2cae3ca02e96cd67bf05cade3a9c67139d8ceed5788253b40a10b32

C:\Users\Admin\AppData\Local\Temp\EYIE.exe

MD5 d93d9349bbcf20292f650d3b56564b38
SHA1 c41211b83dc2c9426e16e91689c9df25159360fd
SHA256 d3b04743ea66f8e282e8135fdea85b1393bf689f2fec851b8eba52bc56c5a023
SHA512 17f6351fb69bf8aeaff82fbfbc07d68746bf26a7f98f82c6719bbc1de38ecbed419fac4cc0449afc1baa1b65dc6836e3effe3ce2230dd6a064a55c8772d98c6d

C:\Users\Admin\AppData\Local\Temp\coYq.exe

MD5 2975d86439f3ad6e1897a993c72a7b5f
SHA1 2881cecbc29fecddb34ae724fb6da24b5a945791
SHA256 c770b3e66f87c37ec01a81f43af7ba4e35e08148e676aaa6b809c88b3c7c660f
SHA512 fcc56f4202ba4c21f2697dd51de528e2c53537bc2f17cfe3dcec86ece8abbbedd1565267438e95dc9055e1c588f5fa074ddcd11dafe040ea452f4fb96d789c27

C:\Users\Admin\AppData\Local\Temp\YOMgggUI.bat

MD5 20ec7116335de34d54368dcc48eb96d6
SHA1 ed075709ef0e884cd0576b9a525ff1d874b39621
SHA256 69692500345bfe4f7ea565736b7d9d9b317787cf90fde362f272e6cadea66a2a
SHA512 8448e0c40f71e1ad6bf75c5058071fbea55efe14ffdfb7fed6f5110fa77bf1e76e40ddab6374360ed78d4bf0068e624d53a7eb117dd2b45a045e6aeb228bc65a

C:\Users\Admin\AppData\Local\Temp\yQMq.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\YkYg.exe

MD5 bcc2ba25b726e2040ff1920bb2a8f87c
SHA1 aaa569845edf28e4f9f7b1b092c3651473d7838b
SHA256 a4af238d27908d0d69a3c221911096b21a7b603d9386edddeae148a7a5872665
SHA512 f0cba0a613f6b98ddfbb32f3559574623282ad73fc1066bd9f9eebede8805bb82f9c40535b5c20a949c2cd12a23dfa1da0068ddae813e1db6c38f0e9960d8050

C:\Users\Admin\AppData\Local\Temp\QEwW.exe

MD5 0d68f82d576399b042ca768755ad91ec
SHA1 364c898b62f923490ec801c174a94b1fad7e499c
SHA256 9edaedb401b01183fb0225437e29662c0c9aecf429c761a2e2e9741d7728505a
SHA512 dbac1facc2badfa9cea3687e5f80f1b50626a2a39f1029c41feb3091a2ac1b67063ea3d48a292e986869e14d4a32cfcf85261e17f4b9a9d9d65c57e216508d4d

C:\Users\Admin\AppData\Local\Temp\sQYQ.exe

MD5 dfd3a83982b9ff85c6b4afaf379f434d
SHA1 1182d6b2b7dc0ced718640cce76ccd7fdc01fc33
SHA256 524584532d7c4be6e8423af6e28c947c0f4f19cbc85d1ff98dd05cb2730407d7
SHA512 f7c8a6d4551a607b11481f52206fcc65470a20ecc015dc1f7409bd0be732ee285cc873cb53c3b9175bc0eebb93153da3d38de9063df9211ff7f43c2ff7fe63b1

C:\Users\Admin\AppData\Local\Temp\ecEM.exe

MD5 4956f4ff16808febd3849e38b126920f
SHA1 88b540850928efd3ddb9ec44a78872dbd93bff1b
SHA256 19c093aa0af677f58ab80b1868473e59edd185177c0b7a107a419ba59a1fa95a
SHA512 39c8c02190216668cd0e9baeb214d7efe687d152d50cb72160ac5c3ac2d53ea160b65018d1cf2dc6d91efcdccc7d917989e725b26a4b8deff0b7e71741022ac9

C:\Users\Admin\AppData\Local\Temp\YcEC.exe

MD5 9b83d780743b6bcd4df135fa55fda595
SHA1 8c5704fb71b5199c27db55125229660040a4d104
SHA256 45e33930af99ae09ff0a7674d8690deba3aebd7b78d5369d82b187568ed25c62
SHA512 7254246b68b8953a4135e854de81d1ed8024d9f8917d2f37ed0d4060497ca6917accf2f7edc12517bce6a663d1178e8ac8af3ef516504531f408ca62d795607c

C:\Users\Admin\AppData\Local\Temp\ryEQgEIU.bat

MD5 df32e57bfef86703056395b764643db4
SHA1 932d6da9bccd8224424997f1bf29155144a9b5e4
SHA256 49f82b72296492df074ebd4f6a2e6ca61cceb39b894423009e53a6675927b6c7
SHA512 91d4f16fc8c5b5a0a498130c75e718f313ded22d4241ee85f4dba4168d4cb6be26490f7094ca8aa61e52bfb829e95d7ee608752db92151ed0c8477140f121f41

C:\Users\Admin\AppData\Local\Temp\KAoY.exe

MD5 1f8ea2f0eeec2b64edc9f5f883818cac
SHA1 986e251ab525522bb815d718df4c355dab18c5d7
SHA256 efdb2156053248d5f60dcd17e71597712e29f023f561c0bd524faadc78ff020e
SHA512 22e75f9b6fe4e6de5dad9572e3dd500ebc9ded1fcfaa6da959f612d77bacca566a0a8dec844ddd2eda7b6991797b50c05f408bdf2315162994780a9558d3820a

C:\Users\Admin\AppData\Local\Temp\wsku.exe

MD5 dd8c34f567f28dad3a6e4672d570917c
SHA1 2d4fca11d521cf9f04b99c9cd6ab1307a99a50a1
SHA256 73387d2e34b008b0fa1cf33b60dbec6fab10891bf4eb2cbbfefce9f48ac9ada8
SHA512 71ed9cd4d614a884a78f76924f0bc1f08202fd2a51dfbe7980595b9c5e213856054ed7885b74829479841292664fe5b88cebcf0604b77415eb69e9153450e4ce

C:\Users\Admin\AppData\Local\Temp\CgMW.exe

MD5 137a3a51c4d04d95f8a0b082c078aef1
SHA1 f44e8591e5b580318b9c52be0260031ff7b8dbae
SHA256 b24ad693fc5fb7adbb5b9e2f6a4e4f942532d2a53600a961d035068c17cef261
SHA512 4f061fc03ff286fd48e5839daccd4946c232deeb146407d0ebfafa9dc79cb7b7bce095acea0ef1e11ef30b904895af943a5c1a64a9814b12dc3f508379e3a4a4

C:\Users\Admin\AppData\Local\Temp\UswI.exe

MD5 d453248e74e229e7ed61feeba5984d7f
SHA1 73ab80f2927dbb424a3cddeab8677aabcd6ed7ff
SHA256 c5f679eee4dda55cb5c291089835b8849fba64033cfcc55ddbba8b864584e255
SHA512 85b466d6e96c17011f6dacb596b5068f1d02f51bb659abfacd5bd1e3a7a6bc2091e3beb2171c4fd76b8b3727fdd2f26ed46e2ec5bffaaece598705bbd0ffb3f6

C:\Users\Admin\AppData\Local\Temp\dIsQoEYA.bat

MD5 e759f00e7ee862ae01fd178eedba489b
SHA1 983442f2eedfa30012a16f90ad117759e28dc3e0
SHA256 97621d46c31b79558b39829559eebf2eecf7bb9032f750ffc824c42ad3e80054
SHA512 715e536b9c45d3645c5ee3ebb7b02cefc82632c792c18db6bce2abfd34d04ad212e0e0a8cf25ae3e1fe5d99525cbf71ae8c951971ea6c9307d05f40f4b6c99d5

C:\Users\Admin\AppData\Local\Temp\ksoO.exe

MD5 689a61bccb534d4f763fbdc5e8f6d8f8
SHA1 7e93974e56ff798b2b9459b11813bcb08ebce1df
SHA256 b3fb4cd3b75bd4d62408d3ef3975eec6263264f479a7611d0f13190e957919b8
SHA512 d3af5e863088ef6c506e6ccbf90048baaee3fb6edcca09daa0294b2e10743b09312be6a2cc1bad9deb65b5c3f46d80b85d198f7380dc7b26d453c57f3bfcc15c

C:\Users\Admin\AppData\Local\Temp\sIMi.exe

MD5 aed3f7c9aa2fe126d6753ffee3d18d42
SHA1 ac09ac7f32e3087c641a5045d133cd1687187a6a
SHA256 a845372ee72e9175cc8c5b99222d8a43a3c2e7b484ed9d32fc526c63d9260f69
SHA512 f6a30305e2f9700e3f42baf532ce5148c81096227d725dd2d5ba328981ab21f918008092cccf7693f11b26f9670246d175f1b682b54d678fa0a2826edb72b70c

C:\Users\Admin\AppData\Local\Temp\ugMs.exe

MD5 ff5d3e819f1393cbf454540a35d55aa6
SHA1 cca55a97c1aa7ffcc51b7bcef47bcb374095191f
SHA256 e933b4d20d259940ca1a29acc209da1784182854dd5ba1344743ebcf5af51c3d
SHA512 21ea2ce7083bc5d2e8bb990459010b553b3fd96a6e98788088a8e9c07aa76547b7459494737e1281250bee163d3339ec793f5ddbaa07100dd747a1486f2dd5c0

C:\Users\Admin\AppData\Local\Temp\OUks.exe

MD5 857d7e09a2089b734b3ccd32d2596c40
SHA1 beacd4c5e5a2eb15cdf860066a0b7f6b20252dbe
SHA256 09a57e7fa250a5c5aca0070db66eb8202102885fc80f88fe3039b5be0df0c67f
SHA512 8c164f871a1dd61f41f9792e3d07e30265867d6298d9d2f0e64f2c70ab0fc6863181831c12e4f126ec8c17cae48667badac2d167c32aabc41ab8d170bec7fe2e

C:\Users\Admin\AppData\Local\Temp\ewwK.exe

MD5 d0d1ea395bb1212fb37b2ceca66a6d3d
SHA1 e0a9ee408c34ed02f6440e40ab41143959c1d2cf
SHA256 67f478163c8ab78e76e39a4f0cb24eb6c00002edb13a6f183e7d4c418f4cdc25
SHA512 30d4a24aa662995c47c7e32d176d32d30fbe12e98da00d30d6bb15a9a59403be8bb810107458b9aa6e79900183dcfee60e719c33f7465483f01cd950ea69d8a5

C:\Users\Admin\AppData\Local\Temp\wUQa.exe

MD5 6907bd9057eaa13cc517813116c5760e
SHA1 b357992ec7da4da98a69ca35037ca5b61a0790e5
SHA256 4c745f79451bfdb08bf8acab808807a8bf108652d24b00941321cb4e14488f60
SHA512 dda5c53a851cba321c9d677a0502676e75024b4a0c34955677f15bf7aa670f6b86bafeaf68f2e7973611b9a5ab5ed77736e20d17443b767b62108de1484d73af

C:\Users\Admin\AppData\Local\Temp\BcMIwwAQ.bat

MD5 c2e0b4e2f940b8ecdb0e433b29dfe5d3
SHA1 c0002b0c8155f647ccbd1586be1ec1534356d3cf
SHA256 62a22a57bb8252da43793e76cf04d2c1d32f3847c5f6d1c456aa4abe7e71c886
SHA512 807080bdd316ebabbada6007a146c4db5f84cda1bf7a8e8901e69fabd45d915d9711a187478874bef81816c9168e85d9652fd0d021ba022a4761b0771eacb029

C:\Users\Admin\AppData\Local\Temp\MEsE.exe

MD5 cd24bee913df87eee106062185d18b1a
SHA1 0867491e17a2f676fb1072be38267fa441919947
SHA256 862dcc6afbd863252410218e913448720ffc277fa2fb9065bdf62d88f00ac236
SHA512 ebf9c682adef40ee6b9a58b4d83b22efb7504db27ca15656c36899dada071a9a67c206249844368245a24a2a4491f7b9f3eb10631e5b59acfd0a978af225fdd3

memory/2120-3120-0x0000000076DC0000-0x0000000076EDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Egck.exe

MD5 45cb199f8a0d37bbe2ef635f1f01ec20
SHA1 230b71914c30404fc4fa44fabbd378502ee66ef6
SHA256 34feb416f2d12ff1da5fe848a0793d357ea258c6a044164082ed033b579cebf4
SHA512 acd4758b97ae9ce39bd443593c31d6e2f4a1b3bf00b92b203811533a71ee09eb5b5a039d720fa36776345a662664df2f8d6e5f69c8960f21768c03423035f460

C:\Users\Admin\AppData\Local\Temp\wqQMIwsM.bat

MD5 9a5b8c3a2a6bda8e6a190fe9e32f92f2
SHA1 95c1479bf6a3ab68812468a825a9e2855ca66152
SHA256 fdba3ce4f0b09160039b3a68988fccc195d84a9f60c56de418989eb1e5e574d9
SHA512 347099bf425841b9a19f75ed421b10a883b855eb53dbc44493213dcf00c1e03df46c0dc5aafc73d0995c20deb4a3712c062e4af6f8e48fd8991280d799d97251

C:\Users\Admin\AppData\Local\Temp\iAkK.exe

MD5 f7e126d80349a46fd3d2e11659942af4
SHA1 3434895a91f4cce37f425a83b48d9f8f63c4487a
SHA256 a2fa5d9dd2a48aa252ccb7b9d73b398a2294645365b065a99d401a8329332ee2
SHA512 b98dd6b66074a8e311a13f521fd4887dc788ec377fc479bf678ebaa1f1c52da2e13758e329cd3c2c375beee3f609f8f791e949c2a7a9fcc9f45aabe7321906c9

C:\Users\Admin\AppData\Local\Temp\Uosu.exe

MD5 a9329f45ddd075a66d14622f1eeab8e1
SHA1 6c597ddfcc6d7989bf6d50994008ba48ed2f89fe
SHA256 c94b8f99e6675373096f7c5418e4a71fa3e264b3d09aea5fdaddffe9776125c5
SHA512 f98bb8ea5b230b5a3e6feb6f00aa5f8b04488e92b8d1d2d77d8f4b5884fb514e5a77d057657da3c9d34582c58b44566228339c9f2679c7e14299fd891695fde0

C:\Users\Admin\AppData\Local\Temp\uwYy.exe

MD5 bebc4a2f6a57b1dcbbc96de779bac797
SHA1 95acb060f16696cc70b66aee438bc6c737941c81
SHA256 a658bf62ccafa07216cc3863d8d027acebc6f30cdf82f8b5cb5e5d57f38657e9
SHA512 78422adefb6a2de0a9d478d88a6f8ba02b0beb4d664ac235d8872e70502255c9549e22f1eba7f98194f9798677b386908cb6de885b0ce435a71bd7487c2c5d7f

C:\Users\Admin\AppData\Local\Temp\SYoIYwsY.bat

MD5 987882d4ac78f57d62f722ef2990bb7a
SHA1 060ef0bcd78aa32bd5fa6832349823fa4e8a8126
SHA256 79e4f4ebe756202f1526475ac4cc25c776ef708f15eee8411b5b548d073a83cd
SHA512 d782a127f355fa2eb29a6c0cba81a7d1eabc1057454bb17ad74f02876beeb683a6193f556cf0f6955713f6ebaf73e9a82c56727b29575ada721d48d3c4039296

C:\Users\Admin\AppData\Local\Temp\SEIS.exe

MD5 45155a9e403b3af5a507459e2970c94c
SHA1 6872fae9a24a6b8ae27ffb630f825c0faf84396f
SHA256 c45beaafa5ef0dfc01838db7939ddbf0f1613b375c27578b1b8cc0b7dafc74cf
SHA512 60269073b5c4feed2a2ecb85bbfac841a96e872158cf5cc68529feef6c35ec8b5fa4c748ce73219ce01858643b09964421ca8f9af9f1504d301019abffc4f651

C:\Users\Admin\AppData\Local\Temp\yAMs.exe

MD5 28df28961d55ce313b12a4df40f66940
SHA1 6c7bd453226b2c296ad6b543affc589c0b2a61f1
SHA256 20ff1f28b6b2c6a8fc74f0eeb29254a1537230984dd0bc69b468ceffb9a72576
SHA512 fa911a10ea19478364765b482fd97c97bdfda702bf91f019cfd632dfe00639339eb6073e330de0647315e2ad0794dfbabf2ad3545806431993a56350a53e8745

C:\Users\Admin\AppData\Local\Temp\Okcs.exe

MD5 8f3ac8d4e5922dd7343fd9827fe860e1
SHA1 63efd21745651b6c17621185e2ce18d86bdfee67
SHA256 30d07c151ae990126d846f434d9f93def399e8825466416312a8dbf3af471807
SHA512 d840f3e3d5329c485b8c8c4eeb5387b5f387a941d5a0f19bd2425fd3e36c480233ea5007a1d6f04f30fc22be2acbbd31dd5290f5a131976046974ad06f94160f

C:\Users\Admin\AppData\Local\Temp\Eswy.exe

MD5 958f12bce8780048af73e6b26f887e8c
SHA1 31a389be47c3aa33b5a55828dce3f6b383a1f9b8
SHA256 0e957870a98b960cdd64191d5cf75c5f15f70bba0fb0a3338f330d0196d922a5
SHA512 879579fc5ec0c1bb71a00952dbee5c993f0e8eeb607acdf38d800624ba2616d4bbb55a46fa9d77fe37ad65ee474c14dbcabd628f8b8b842248ed7d42fb36cb54

C:\Users\Admin\AppData\Local\Temp\mmMokAAQ.bat

MD5 472e3c29d4054a2e3eabf8295e9ee6ca
SHA1 1addfdd7ea6d1b6c85045b4d97f3290bb994a1e3
SHA256 732b43d9901f9532746f13f2b40e373a0ef9efad2424fb95563c4434dbdf56e7
SHA512 f2044a5d1f43b2cc548ec0d1a5ac8a961ad73126f61985099e51786353bf2a2d943e6e0ec87ad6c17e812b9f6e93b891091cfc12be60eacdaccdce3199bb04ef

C:\Users\Admin\AppData\Local\Temp\wMQU.exe

MD5 c79ddf16770c05f9500228736df80bff
SHA1 28e595082f44bf221176334322b614370f338d44
SHA256 4e17943c9da41038e0618fe1606f1168078b3746577a363d1837088e7688b6ec
SHA512 3bb634ab6de16dcc1029eddd180cf4a44f1dea88232129476605bd54e8c088464d3e7f8dce7b0a705fe625fdf313f1c60fc7640c58496ca5dd7976346ee46082

C:\Users\Admin\AppData\Local\Temp\gMgG.exe

MD5 eb37b0f2949067a2a980d4ceb208effa
SHA1 af40f9751580e95a0b6b22ed94aebc2a70e3a130
SHA256 8eb503b7a80f920526a065d51f1049cb37cf04e23a095f6dcb170dcf88e7d205
SHA512 36ce78c8e59db66fab97572dbf952637be56e6fc1ac18b0a5a31804de395be8f26ab03346442d28b075445a434edab6ddbde7bf768a0e6c55d0b94a3b2e3de0c

C:\Users\Admin\AppData\Local\Temp\GMAq.exe

MD5 6eaa1c7dda8cc31f8a483c7ed5249e7a
SHA1 284b39eef8690f576e798318667ef9119433737b
SHA256 18629ed2da436b569ca4281978bf287905df9903f0fea6666cc2b87dfcce455b
SHA512 40391fe6fab9202261e6c6b9bebcb8870c268d9c115498d31e6b293f63d26e9c6e9650c67b754f016f8fdd17471b0d16f21926161cefbc893ed62ea1efcef1a0

C:\Users\Admin\AppData\Local\Temp\iwIm.exe

MD5 7f1daaac5b46bfca3ebccdcb17ad8a8d
SHA1 47ee6e1ed02ae4192bf2b5b48a22671fbf25b3c5
SHA256 0399545798663a6d0e3e0e741c963d5cd9c7747869eda9faf4a9864a6591f4ee
SHA512 ca37b27f23aebfe50e37468af3ee9dd6165a38a01b2ac11a1c302d4b88b7f9e24f1835ad2a5e58c06cf7e2e52193b01d991ae356acfed54d482fcf15bb778095

C:\Users\Admin\AppData\Local\Temp\aEEIIscw.bat

MD5 936edb2ea2c42bd02fa31a7a01cc4551
SHA1 199f4269cdc41f59731073b8ba82922726d6eee9
SHA256 64870a1b3fbacc56af73fe74002612bbd796b50d5b43b7d219d49d830865f9b3
SHA512 9f14a2d99f50ef8ebc2041246fed9f75a22018d431c023e67372c1b6ebe2369398ab37f193962fc780fe773432ad5409116bf922bd28b7517e8fa9fe61d58d89

C:\Users\Admin\AppData\Local\Temp\Uccu.exe

MD5 6fe8b7f159097c3740765960f33790f6
SHA1 8ed65ed5a634ae0c20c579cbbce394c8e578ac6c
SHA256 9b48c9dde6622c85f20318a54e7147d840e229943406b85abac54f77b277ec83
SHA512 2b1a657cb468050b33cc1353f9ca9f1e5295f1fb1f4d734e3651e343af556230abbeef138cdcefe5652e0eab65dfe067412f882ded5a6fc21d02f98edbb43a83

C:\Users\Admin\AppData\Local\Temp\YoIU.exe

MD5 f250c7628b7d7bba660820f76441ec07
SHA1 dec0b7d2bd4875542d5ee78c8e01c95ad2993d11
SHA256 e4385a8e33d3d374878a9c4fd20f728ea79d8ad144fbad149faefa83fd9586b9
SHA512 23a64275b5987f010e91a3263e21e20b5848861d426b8266efb35666fd2ff3c26b1887b0aa7629fd185b78f688e995ebece867cc8b2277751ed26b953b974a11

C:\Users\Admin\AppData\Local\Temp\iQEw.exe

MD5 d1dbfd424162deda92164d454419437f
SHA1 77a747c1ddca522dc356fc4574ae5e2196125252
SHA256 bbb0267e7f42776fa33a140dfc2d4fd427c0b25f00002eb375f439fcbfb69a57
SHA512 0ca168bc4b29a326ede9a2e1f0e941201a5e9afd3e19387064c9bdc5d3662b7c2f4fbfdf55fe7d2bb4bcecde7e8a54ca9cbf0a751c02bc363edc470d3bca0138

C:\Users\Admin\AppData\Local\Temp\ZukQEgAo.bat

MD5 cd0dfbe4506c584bb5cd77d2e35f4190
SHA1 36807615a54ed515a148d95cdd20f12dac4291b1
SHA256 733bf501bc2b152b13aaf441117d5df0e0bcdc82bf8bed468a9f8be2ba8e966f
SHA512 c35d74037d38307a8c92a426fe3c1f23228ef474eaffe21cadf8aec718fd5d152d6c55d062aff6096fb8cae6e1a774e50af3229faae5d9746fd49c520c5ddfb2

C:\Users\Admin\AppData\Local\Temp\uoco.exe

MD5 e61013f515ceab8a9eda72941aa23dc2
SHA1 40c7b4ff6776b198c0084675157009d0ba105b60
SHA256 5b125ac5d1248d2c1f139ab1dc7050daa51eb8375afdbe01ae54deadecb96c06
SHA512 f413ba69833911602defe53884beec37b8b5c4abb5ad301b97876a723791d74944314adba460d4ffcf7ca0cbf5eef45be1a6af9a7962186e9ee5e88583a53c26

C:\Users\Admin\AppData\Local\Temp\kkcI.exe

MD5 1a677a8c8c23b58e60e40d864acbc425
SHA1 7c3683bfb4aff70ce050e3203b6aca4ec9d3258d
SHA256 c72c94d31764023b475dde3012fa5f1a6ba0f7ad696559af2f7512ae44356e26
SHA512 7bd0f0ea9ca77ab64d0a84e0144b385e6adb0d33846cd955a13f224d1afe8060140cf68db73265c3a4df66efb43b30b38c29dfb877eaa77f9613f5acb364d58a

C:\Users\Admin\AppData\Local\Temp\kYcK.exe

MD5 46dd51b87e84eba41090a12280431158
SHA1 6dd71037b142f023ebd31489dd91197a0b398730
SHA256 dcbe5a954f05500e8e0228811b61a88fa8d4de69df7197bb1326672c392720d5
SHA512 0d0a74b923b61540830e772ef5f558c1f9963983bcb93bc54852bf34bdc6394c99840c42a6005df66c55385c835cbf03722b1201deeecb5c68484cdbaa4b9bed

C:\Users\Admin\AppData\Local\Temp\UQAu.exe

MD5 08b3eaee91291998e707a0b31947b184
SHA1 24eefa4e6c45ea3390180e5636f8a5a3bdaac53d
SHA256 2ebef2a13ace3e7e1fc03c412107acbac7a8405b35cacb91b050d9a068b0c379
SHA512 9bebe8895a3d38fee8810239a326f143ba294da61960fb51ece115e2a5dabb393a054b0a600a298cbd006307581ae907cb7c0a070d401a36352eae5c4f0292ae

C:\Users\Admin\AppData\Local\Temp\HQkYQUMs.bat

MD5 f306bb7f3d2d865e026495d1de96ce61
SHA1 c9fbf6d630d340f3659e4668965952d5e38cee91
SHA256 2e9a3d811d059f31b4d2de6290ed30cdf0ab00e5a8af2361c8ec86f3014701fb
SHA512 14148f6baf4e11c95aa009246a96023a5969ccf483bfb1b6489c9f65fe4453c74acac3224db0bacac31d8a9d783f0fdfa21101af4a262bfb0af8b73c9a962dcc

C:\Users\Admin\AppData\Local\Temp\aIIE.exe

MD5 62b79d9b22e534c5d6ae3d62ce519738
SHA1 7f68baa2d049b4ad6a06cc41b5b2648fd8f48186
SHA256 7d48a4606537ff011a31b3ce562808baf7eaeba23bc5d78fb31c387f532138f9
SHA512 942ea602b50e58fe8dd2f891132728843fddec05e125cc50f5aa05a6a308af8d300d15bc02988b2e56414a36b94c39304ab911ab0c72b58664f30e6eee6e8834

C:\Users\Admin\AppData\Local\Temp\OMcg.exe

MD5 04fb9fab3b7bf22c58829816681310f9
SHA1 ac9cb24c8647b87cad7b97e1c48ac814f54790f2
SHA256 f1bd3e1f19abc0fc69451979cb7b8133977c6a69e794a26bb0f8c669a281c156
SHA512 85ef3477e2aa50f129b8a87289c5fdb4b92cdbf76b7974b94088501b6daeefc52d25abb6ec8c463574d91648da7bb27dacfe563c1cf4c773e456a451e9425eef

C:\Users\Admin\AppData\Local\Temp\gkII.exe

MD5 79f16d602cfc5a3aa1efba3b6e129f16
SHA1 cccb26bd2da3121369fded77d1e10554d1e021b0
SHA256 a0f87b11c4e508d1b2b4e160aa42650805c571a1a94f63dcfc25d6a7bdf36e44
SHA512 c08f41e1d0835fca29992d84e6b912d1f58235058e8d39cdece174aa766ee493bec3cd60efbc16b8105e0a3ff869dea1ca761c84b5b5e60ad4e2c79322b64103

C:\Users\Admin\AppData\Local\Temp\BiQEEMIc.bat

MD5 336f4903a7d9bbd3586d92bf7c5191da
SHA1 ffa7bd07b4ced1d6b640528de1b1b98e85bb811f
SHA256 17e4b76695fc9853f3d0609e123ad5839ed8b2f382c04b92005da96c07a5ef8d
SHA512 aaa712ec100e5ce27cba5359282bcff43b13f33a847f88fdd40f9c99ac4cd034fd68e57de030c86d2d6ca7f3d313da3705e322ea63682b29b18dd1e0ce7b3ab5

C:\Users\Admin\AppData\Local\Temp\iwYG.exe

MD5 68af0d0eac91cd9a89d124c658112657
SHA1 1f880c36a32732a6c173ba5195eb62f348afe160
SHA256 e275c4c99f0b2de7cc169e33bbaa37780b5e1f385757fcebddf19217a2a26a6a
SHA512 6c624370cf0b29c775715b0bac8cbdb4b96c0c6ca5f12100b479c3c84c9e07cc4d9f7e7b86993456dd5119f0b46446a3e4525723a2f58aef7b6bf2d42b10877d

C:\Users\Admin\AppData\Local\Temp\OggM.exe

MD5 99ef958d44b35a888e2363e60590685c
SHA1 fa5cca62e60a2faa1a33bca4673a81a86982418f
SHA256 896abddbfa02da690a0ef19df67485677620e6a7b2fcb6596c0eeff90c9e7dc5
SHA512 e761bba1af986609342fc5f94102a9eeb83a83b78b4eeeaa6110b96175f3916ea742e104f790868471715174f409575bfb8f7e76dacfa11a89f7bd6513a725f7

C:\Users\Admin\AppData\Local\Temp\Ocwa.exe

MD5 146a81e1eac50e9de8f5beaec7dea037
SHA1 f165239326c3a30816361d55b5892bab0e319309
SHA256 d8b8f51ced731ecfa499263a936137f6990061ee51065da1f1817ddb616cac59
SHA512 6922f38ac8825480d1267d865f2d3d5d003b4165b137e9d424a150a15e4d4deaa0e764e5fba87a390608d79c0311076d5c385e2f7702356cf4529cb9264a4b57

C:\Users\Admin\AppData\Local\Temp\BwkgggkY.bat

MD5 3fbeec9cd2df486699f23d675b7862e6
SHA1 2c43502561c545c2639421d5c19b95ea3e7cec94
SHA256 1e9411406084ca1acd4e9057743137f4528380ccff36b72d02b8e4830ea47df5
SHA512 8025c847124252c5eb103a9b55fde7c8a3cbd886cddc3fa0a301b9284a8b9b0fb7b143cfff2f9d1d1e7f2d1a67fb52c642c6ae93132417d0d28ce29adccf1f31

C:\Users\Admin\AppData\Local\Temp\CMYgcQYM.bat

MD5 5a88817bc2c243245c1d59319e9b8b9b
SHA1 746d3827ae5063db7e5d357d96dd0f64fd520fb3
SHA256 adbe7e84d80dc491224adae65e2e70c31ba4a5844823885d52c81d8ba234263f
SHA512 8c05091a7ff96143f20502330f1ebaea2e21ae4f0ee43c283668a4bc924a537c13194cd03943b9ed2689603d24044d0468c9a94356d110407e5277ef3f466ff6

C:\Users\Admin\AppData\Local\Temp\gkQq.exe

MD5 cbf55535a28bd4a15712262ce6dca5e1
SHA1 12a8a3399850a096bfbc4fb6dfc15c206650abe7
SHA256 bdfbb4c27d561a341734016df0a224128b00871c1d0a0207a052463e5bc7e1a2
SHA512 45dad4b949129cf6265310119d61accd79774cd179482fb8d1647380a607a13926b9771a03064de7f0e9b6978cb2d2dfd1f95fb04c53ef586613b5fbb9e6fa53

C:\Users\Admin\AppData\Local\Temp\CwQS.exe

MD5 fb97bd8e2b5a1c0de64dad6584ba1286
SHA1 26435fc0118f4290ce3b328d033428d36a26008c
SHA256 69043e14a29d34a89fd17e74577b14fc20b3bcad279d0d6cd91601cb479f1766
SHA512 7d1d5796ec5123b0de18d0a1c6a378d99fb20778ae972503472af24d0f7088a2804df657b8a6e7d929d4c7c5d590212af56e7d5f4474787bbff415acbb7c2b36

C:\Users\Admin\AppData\Local\Temp\SGEgQQEk.bat

MD5 842c2c700dd49b6fcddd90cb7d800ca1
SHA1 8f70e477ef13badec418b4afd7ab5863a1809f09
SHA256 0bec69ff5594ad527a7b8242d86b43104db2abce40129f6b52fee3bcfae0eba0
SHA512 5d183c2129a65323910202835e34da62afea3cab5ba5c02907ab2ac8dfe8a717fe10b3bd71266604415f23a69513cceb9ce61173de9179094d3902c304de5976

C:\Users\Admin\AppData\Local\Temp\MYcU.exe

MD5 8634abe4a20e15453f08878c938f3e4a
SHA1 713a608ebced1d2e9318953bc0e5868eaee02171
SHA256 9855c6895196779089ab962edbf1f0b5c5063457d85b08bf0781e754f35f91d2
SHA512 fc0f4a6ceff0ce15df67f174749121293395d011c98aadf03a2781678ba3853e153994f6aa58572eca312769944d71b2339a6b255a789da982bbf24a3d3cac3c

C:\Users\Admin\AppData\Local\Temp\kkgK.exe

MD5 2e8b2448578ce3b7e59d8c12c8b61be1
SHA1 44a310d06841575ac4e93c1cb2e07be5d757fc9a
SHA256 410fb8f19b897d7f5848002e8cb263107812db9972bb396f0f74c42c9cd64828
SHA512 c0518955afd1ac400e052f156376701249b83e3d25d6c01f8b65bd49274cec49ca7a55df5da3061b9634136af02cf2dfbca33b4ff10dd0f0d7c04f5cff221b5e

C:\Users\Admin\AppData\Local\Temp\kEkC.exe

MD5 cae1de5eb53d58160ccad80932feeca1
SHA1 374f7c6b644fec7d791032e60f7f19a884962bb8
SHA256 e2a7dcdc877c17f4c0cfe56558f6c5a19c397141a4a1f78db47ca57719bba4ae
SHA512 b3b419146e37504dc42a7f61a66529a40299afec046b2f66499038a5599b178aa6a10163589f26c73942049f3f2aa1173c16a5737065d15f578b6e7ce298faab

C:\Users\Admin\AppData\Local\Temp\mEMw.exe

MD5 92b8db2022827e4c896b38de8d37894d
SHA1 6d5d55916d0b1cd8eca572a9db3f745b16e89951
SHA256 5c78c849c9f89ab6a7883b326dbce8a75a38a812ed4699d284761eba8a6c3eba
SHA512 5902ff1c2b8153f8fcfdb6d0bbb89625cc2f10cc59457b3a58311654f252ebd18b7ef821b9a089828f68f8394a36c60dee708a3246ad053083e1393fa14d9420

C:\Users\Admin\AppData\Local\Temp\aAUa.exe

MD5 93f5bd7e22a94bde8e1ed6f60b6d65a2
SHA1 6929d2ecb137602074d5f9496a1522931d242f2b
SHA256 00ce4a210b279aa8f9dac1dccbda46fb428c4538702e13fbf4513d2240a4454c
SHA512 d6dfc97f39c360dccb8913c44e8ff67c4e27aeb5c8c74e96bfad0f26785e4e70b775a9e7117cbb47ea630b84939aca17362543fe08bbf6edaf9db6037fb8a247

C:\Users\Admin\AppData\Local\Temp\iwIU.exe

MD5 1d6470b80583f6e2e21277ecfd353100
SHA1 2fe3e97a36f9136af0e05eee7b1066b58a51b877
SHA256 9874f50758287463e0ad9dfee5d17d7d58d5b5ed10c25ccfa44318b171887712
SHA512 1fc28b73418dbe47f4df09dd458d980cc0f266c2efdd9b3cf45f430b5aa1edde750bc18407cc55062133738e0a482644a6d3a9fae1bf330ab0788bd7ffeba61d

C:\Users\Admin\AppData\Local\Temp\YEgMEQUE.bat

MD5 d56c2280dcc84f8c7d02c362c9b55ddc
SHA1 6ed7bfb3ab6a02809517b22a2b136630e5f82aba
SHA256 24376287356b201955770dbcf278bb57e13be0d239ac6e33e7c530fd03ac407f
SHA512 eaf046208d662c359db4242a77c68b2bc6cd233322a1196b58f08e778b488a60f3fe461b62971a88776258a804214fc51ae5af1019d77f599ae675e5d2cc54c2

C:\Users\Admin\AppData\Local\Temp\eYoO.exe

MD5 c6a9ee1a74c5eb926f37196994862e01
SHA1 79e6e2d3912290f78d19f096dfacd942eab84e25
SHA256 2f00f1bef661e4964e915c769dc4963356a96767e5a6303cac7aaec30e474bb1
SHA512 cece6813f0eeb91497e8e04d649b3a2fb03e5932a6d72506a2f04b89c21c4e140d85698e05aaa7d38ea1c3603b1109fd8d163c691f9d0193a6ceb5cbe72e350f

C:\Users\Admin\AppData\Local\Temp\Ywka.exe

MD5 6a3533d3593e8f3b772620f6ae1b4c54
SHA1 f4c4a1c8b996132d3f0aa782184553a7db7ca7c4
SHA256 31470a6c116fa804753f1c6bf1ea9259ce13a752ce9f5cc220fee94c792bc754
SHA512 163179c456ebf239ca06b963110171163dc0d7076cc2a4435e59c0f1e2621e81df6407ae06f52eb5de87c69ef6ced55510c466ce10622f1347c43d2506e7f13c

C:\Users\Admin\AppData\Local\Temp\yeQYYkgM.bat

MD5 a438568df95612e71a30616733d2b905
SHA1 5fd29ee5692bceff8ae60724ded9685adf556b90
SHA256 6b48a6db0b2e1eab2e50ada013310548bfa7997a4203cd295369a5312bf3f909
SHA512 f5dfaf227e62d0a276f13159d6a99d224ea68a64197ef9dc42d095314beb664aa632036f40a99cf8b551f8f790a8f5cf58b04791d4a12bfa451e241e219cb284

C:\Users\Admin\AppData\Local\Temp\MEUo.exe

MD5 88d915bd56d75a70b6e538721f9faeb1
SHA1 f98d4edf7f1eb3a7135b5e5548f0855b6c72f659
SHA256 87a2659f9e80f670efee74441f9b1724ab1ac16462eafa701f66bd3d179ef22f
SHA512 457c214b82eb3b5e6faa56ccfd5ca72b6a9955cd431bf355f870dc70b896f211d64cf3889291ff5e94a67eb7846012f9ca1e18114c63ad553ce76e8006d49ee0

C:\Users\Admin\AppData\Local\Temp\rSEQwEIE.bat

MD5 0df64cb90c9ad7f157285c989ce29bef
SHA1 82b4b779a982a581e990f5ad7376a22fcb4dbd85
SHA256 8a9b9d3fee87aa5398ca63f135ac78eae14521e389cc77cfa8a3a1a009a50ece
SHA512 bec7ebb6f251e893e9bfda13fca549c9a9d7a8329e0a357be6a1df13b9c5cb7252e9614c8b92eadd3f1a2ab1ac331da55ed5a60fbe89ada89743462c44a7bde4

C:\Users\Admin\AppData\Local\Temp\VsYIooQc.bat

MD5 b5265b4d87ddf59477b99a3dad9d944b
SHA1 791083a0672ceb9e4b4c64fc7460aef892383a8c
SHA256 7ca44c5911ed800201667bb4ea154aa4dc5d5fc47ef3b78e7b48a8a206b7a50d
SHA512 5887158ef94fb988d6525a0b45d9e973e47594e76efdd9355172c27f0a763ce567d0617009a8ddb43536adf1ce5f3de52bc07679bf3388dc92216a2f4d4cf5ac

C:\Users\Admin\AppData\Local\Temp\dEswgQYc.bat

MD5 e7bbc147b6e0c2c28cbdfe7bd6d21b4d
SHA1 566a21b12f537eb15a9811410120695bcbb1cf55
SHA256 7437edef513cf85fd17881ddead4cb0b964c6c053800b783614ddb549661875c
SHA512 51e5264fbdfc521baf3cc83825a2722e9588d6007054436120b514a31eb94ea279caeb05eda53fbdeb628942f82f1f3c5c7100517c665a23c01bd625c3104296

C:\Users\Admin\AppData\Local\Temp\NAwIkokE.bat

MD5 7bcb99f7ca9320d5f90ea02b6aca9e2c
SHA1 31b8f9f2d0e04ab08c691c61d45ce37d739a9561
SHA256 9c1ad24e3194e214928cf4bc12ecc6fcf3d22f13236a142f4c34c85088b2e7d6
SHA512 839463492afe738607fd69cae80053e3177122f928c5ae4642a1155d023bf520a9a7a8adf84e58b94d134e466a836e385988863086f184109e1b19dbaedb1499

C:\Users\Admin\AppData\Local\Temp\meMQsUos.bat

MD5 ccc5dfaecb9350b83221aebe24541c48
SHA1 d28e86e5d22e3249f93a49b598042c9f86c96dc8
SHA256 b2624c1febf0a79960a4b4cbd69871810c3ab42c1fa4f643e03a1a35f2360ffa
SHA512 90a482b3df7cf44300ebfd7d46e7e750a5101d2a1b9e79373e0a7a12fb67cca2d734424bf1c931784a2973ffdd8cc9643f7255deef18249a9908a778055228d1

memory/2120-4050-0x0000000076DC0000-0x0000000076EDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cYAwocMo.bat

MD5 0691179727f4a71c9a2844f58af6b4d3
SHA1 331dd5280d1552ec02da33e4452ff97718161dac
SHA256 56df170bc50124dbb37d9ce305ea644ba385c5ff3ab71b1249c7442934e13ab4
SHA512 645b00d3a3f228e31cee77585194c394abb586f5405033da4f9144f7980abb27f4a961f7b381d69cacfc8aab7d49f6ab34259ef3aa8f1ba4ad6412cb5fed277c

C:\Users\Admin\AppData\Local\Temp\KaEwksoA.bat

MD5 f895c6e18811bc6bc77b576da0595c34
SHA1 5eaa9d60278a04a1290e0a95a06a9e2eeeaeba88
SHA256 74a423373173aef544548808e6a88e29a68ef3b416ab750c9363663b914a29ca
SHA512 3bc8e6884afd61516c29d9efdd0de29cda7c6934a2542d9743247a9345792f9043483e9bd1ccc99bda7e31470a1c6cce1bc38bb085cdd7ae29c71487bc44a994

C:\Users\Admin\AppData\Local\Temp\seIQMsws.bat

MD5 a9a47233c68596e4d4e87ef5817ad909
SHA1 8504d9ff09cad212fcf8e28c160291b24b7debc7
SHA256 8016a6ad42ab5b514dc7115acf412546e13290d0a07f03f2cd624d91cb181b1d
SHA512 62e2e697b1e7fba8715a36b32af5b0c90201ba97159d378d635efe07427859a0a8891b47478cf978a8c827a71b41a09e7dabb2a0ba843d8aa4283b869e0b442e

C:\Users\Admin\AppData\Local\Temp\FCAYcEMw.bat

MD5 a728df061174fcb233786824b8af3f40
SHA1 dacfc65aa06e99cfcf3e8b07dcb335fe135965ba
SHA256 0b46a17441a7e22f91bb477c99f45fef1ecf7296216b96629b6b9a1c47778f8f
SHA512 7647769e7b1dcd1663b7ee0722e13286424333f08a08e0764eae02bbf6cda7f4122ccde70a359e9399aad4f5e4d8b712b8bb871f7539c8d741c71c27e377cc0c

C:\Users\Admin\AppData\Local\Temp\LycAgIck.bat

MD5 d81abf87a5debcf6d47dfe8332aab922
SHA1 2a318038d969b1b36401612c5f399dfd8cdd487a
SHA256 f93cce4c624db783c6325322afdf83ba9d6dc01f776a791e1709a36d507547de
SHA512 f2a10dd94059a7d7210139b0eab9c648c24256a3dbed01b0f648cfb15330cb4a824ac09d1b195707be4145209c251b70bc221e8cb56bc31e32b1ec849f9b0705

C:\Users\Admin\AppData\Local\Temp\feAMgIAo.bat

MD5 798d7c5b92f62ff2f934ba2c7afe6345
SHA1 ab4448a1e3a72ea8280e8b416419b25f803e19d4
SHA256 4c2dc4d10f83fbb7857a24f6298d85a972861e546fb3c859e0f22cae8ae754c5
SHA512 e4cecb0601fd9b1d028ef6e82e842830750b264c5308cfe88c959bb4c82b867d6d99a801b7562f320c3afb646858ecb621766c2b040a1e5eb5818eaf18dd3425

C:\Users\Admin\AppData\Local\Temp\dIokwAco.bat

MD5 f946ce22e3687eb2c27f5814bf5c5e09
SHA1 d025c09d45180c5714bde5e79c09ffff4e8e07bc
SHA256 f9242ea2a27d2cb0874188081504d4e3673a1fa96095de8b9966bf8846f5774d
SHA512 7aa5bae75a810a561babbf68e2650f8474fae04aa1d28b278f2240106a27f739b90c3023c76068168d43e2d5f5348dd3f7e33f2aac4eb99e36abe9646a07e0e1

C:\Users\Admin\AppData\Local\Temp\CAEsEAcU.bat

MD5 12735a405611b1e4beda465e07ba4c9e
SHA1 212fb822347388e0e2b03b3d1403db7d3a32ab20
SHA256 c84ac2f4a25f39219984037165a7dd6adfbdf8bd6aec2dcfb9f239b584502b01
SHA512 3747b5d4f1f0a9e9b3bf77e0562d322cd67e6bb8d9a3d57fec1ed7a635fd2df7572c93abf7924f3963fc2ca9cab707b42ca83511d37d6419f5c572ca7b5cebdf

C:\Users\Admin\AppData\Local\Temp\UEEkQgYM.bat

MD5 0bd4c0cb6c21442545b82b787ffac55f
SHA1 fce1660e31679bf388b5f30078b4ac41e9fccbad
SHA256 431f04efcf002566f46a29647abc0f169b6d6fe47de5bbbedfab07aa0a97e42e
SHA512 be3713603462e4d96d5a7fae65ee74c6907759a45f7244e10e31e5a9d034f1966584772f578f8eb84858853a7ae27f34c80fc6ed98dbacb534a35ee6228431fb

C:\Users\Admin\AppData\Local\Temp\oWscwAcQ.bat

MD5 9ac77adbb6a68d47caf5f5fd51beb875
SHA1 3e33e6f830e6ec4c8f6cde8ff949f30b4ecc2cfe
SHA256 f09b3adabb8cd676a52c16d88e3e7bf179eb0a427683524c70c241bb66903035
SHA512 d4447916ff4f9d1bf0d95ed5b03cfb659d5f372ca9ab81dd7775adf76028935357c17bbf660a6b27440b81dabaa677a1545d18f011b132c2954ff7ea166bc849

C:\Users\Admin\AppData\Local\Temp\sWIMUMss.bat

MD5 62a5a9189cac6660b3cfdef5312c9005
SHA1 41fbdaa9255c43f04fad1c8277ead50593e28511
SHA256 d06b9c413942c7f20e2b0fdec7cec483274d3727eba3dc6f6b397d2017e3b4cf
SHA512 724bcf3dc00ebcef1b3bfd153f490469fc7a9874abd034d39611f0e9161dd94b0da4ab579a951d180f670401604037460bce2939b2c5624e50f2bce5e32ba11e

C:\Users\Admin\AppData\Local\Temp\oqMcYYIs.bat

MD5 4bec0f7e2b0d5631a8125109decc5ff2
SHA1 fbbffed7ff1a3f98ddc8b3dbeaffc9b80829e7d3
SHA256 2da2e749f07f3e48d66c6ea00e0c1cfb5042f9c7adbe292f28d5d1bfa6d82aa2
SHA512 25ab374d0e00d59f0934c6fe6bef454252fafb8434ac5a9e0e76ff33ae596154e371e7932de4c9d03a230af5ba45722fd41f4797e9157c42b78ec7a20111d9fe

C:\Users\Admin\AppData\Local\Temp\muEkwQUU.bat

MD5 7832da75d16a726be003919485349d30
SHA1 6a1aef5cca52cb60f0a839506acfae57d80db3ae
SHA256 08cae59681a2196749083ac9d8449b5f801d2ea791f3762c1c18242424d9f520
SHA512 fcade03cb84f29321277cbe3fef72a86a171c54059f19765b14f383c74fdb20e44f8f1b848a8eb63330a9d0860163c1f97719b89cc8fdfee80cd76304c191748

C:\Users\Admin\AppData\Local\Temp\VSwosUgk.bat

MD5 9df98ffd911c4fccc05b55afc8df208c
SHA1 24a9adb8668677d9ae5d9788ecb4b11828860e42
SHA256 fbd169338d3a5f504311865b476881fd3fb73cc54b5a168902b7d86b3a2751a0
SHA512 ef8c10396e615156493e145d1a4f711a6b4b2a9cdf55a0af698401b847f2304377be4c3e8c90a2a5942d7c6a9c634ef667f36306a7121e7d60278f83a27e5ed6

C:\Users\Admin\AppData\Local\Temp\xiwksQMc.bat

MD5 189c461f231b88b21527cabcf8c8a9f6
SHA1 9a26827d2eae8d08078bd13dfb3e3182e95154cc
SHA256 da7232643c40646eb9120bb31bebaa2335e5eda8bc086a7876380b1f2172cd1d
SHA512 3e61a2dcbed381e30d7348d13b3c20c58ac256efa285108fa1785b4bb17c1a4b0012577e782ca396868bf959f4f4ad929b184aa592c2988e0ffd096f98eda4e1

C:\Users\Admin\AppData\Local\Temp\BCEAckwc.bat

MD5 db9fac743cc9890617683a02ec107083
SHA1 5932d58af55b379377342a5b66d175c82e5c4486
SHA256 0ff2f39db5f3dfbd9a41b3b38db71ce94ed5ac0e8bf0e471765d6444a24fba83
SHA512 fdcba62c495e1becc14430e304df7a708c88600a31082d5cc6ae56564b9d6ce9057565224c0173c13a895ea100f1ddc1666ff87f73eeb81333f373dcbb060c53

C:\Users\Admin\AppData\Local\Temp\pKAEEcIc.bat

MD5 3d6b32db219e2950eb6171f3d015b7c0
SHA1 1be278648746404eb85ba5d8c4801318325f566a
SHA256 2e05cfda60f8509fff68cbe74885e90cc901694746f71e126318554fa4989726
SHA512 f4d04b38a73b85e527717e7ffedc7c140bfc64a414208057faeb70bf1188fbf10b206b1e78491302cc711bf5b054eec3c44665ed567c86b1820d718e0e826488

C:\Users\Admin\AppData\Local\Temp\ocEkwwQM.bat

MD5 08d3bd4bdbd0a7cc0b34e76c8aa7115e
SHA1 1ba7376125b06b7f2d45d923ea512d6fb8f01efc
SHA256 b2d68bc35036ec830700c4c858442d8d574e1d88b059f4a152d68e346e3da958
SHA512 b34550d607696fd780531b7cb6f18d513208e28527d827811fcc494585cb428a41449eef84c785639412a1f7033db07c06448e56d9c95509f66868f5b540c073

C:\Users\Admin\AppData\Local\Temp\KkMQYIsI.bat

MD5 97c6b2dc6da3e2273c0b2a906a9393a1
SHA1 4a9dee44a56b6efb373b5399c58d4d12e0e9007b
SHA256 e9f322aaf5b5f78edd5bb39451b32269c622af48a6528060f5d0862302a5a8c3
SHA512 0383a07febc5a8c9033600a5b811cfd803a826340c63b06e182599b4b90830d44b9c8d902ba9dc06c3afae9810dc45f606790860dda68ed43efb5c4a56a9b9dd

C:\Users\Admin\AppData\Local\Temp\oGEsQcUQ.bat

MD5 acf10794c5d3b526ac16975aef8bb554
SHA1 cbc9ae1d75575fe67833f33a9f19f7a9d06d97af
SHA256 abfe0d86e468389dc2b6b5efe8dd248a72dfe30b18bb667b2360e37d2ef70dbe
SHA512 852e99db999cdc148c8d41e4cb882c3561213424c01c85bb874108531fe4ad9cea0ee03a3de2d469d250d0c75b0357aa73435cadba182f263b2d50cacd6546d5

C:\Users\Admin\AppData\Local\Temp\wQoAUwEk.bat

MD5 551f3c316cf069ba91312a0d30eb9c9f
SHA1 49720f550c611ad38dfdc69348fac9b164d6aac2
SHA256 b9f2fd64daaebcfe8c46ce6269981733a4b6d8696d4f34b7b8fb05f9d300e23d
SHA512 1a48b7dd45d0c2f200926b4a98a20a95b09f6f7eb17e1c44d9c44c75171a870cdaed9718fc8906d5c59124c1c63757f8d6fa84a2fd282142def2509dfb67ae85

C:\Users\Admin\AppData\Local\Temp\BmcwswYs.bat

MD5 18403ed400583416119c7d022df2de6e
SHA1 360f2824c7c0b05e68bfa535b44154303da63a4c
SHA256 f6ffb8d7d7c895a7d5a4e972428ee90f542e7610f4642f1a83160dcdea9b69fb
SHA512 779dd1e0d023719713a95bb1c565cc3642c5edddf17d6750ac7e8a40e3a9908b9ea73e1e6518be0a02aca53f66d8eea7f36a2dc9c6599badf18ffca695b8eb6f

C:\Users\Admin\AppData\Local\Temp\XkMUEMUM.bat

MD5 5135d3ee7e63c8e80a2a22dd410d1bb5
SHA1 b96fb17de4decec44b8987f7f5e443bc31fc6f40
SHA256 4c6525ce6190bd1419c7d9a39422f65b15a2f755fcd5c16acf6ab42bd4bb58e9
SHA512 75c70549178f1a0d0be95a127df2f4b3947df9075b411fec852e9c8e65131ae02d19e4b20665b25d616310a87e13ca9631c51004e7358c7944911df3c7bdd3ed

C:\Users\Admin\AppData\Local\Temp\dwIAkAws.bat

MD5 42c92e77ef6e8e4e68a4d2f1950caeab
SHA1 6560960ae4722866be58dc5c0e288b78dffd96c5
SHA256 d947351a05f04e20b25f251d3a82ac2cdbb34b7336b209c41b2744f4b554a2e4
SHA512 fa03f33a51a3ba259ab5f1b6c772bd15908140e794b793bc31810788be32453b1c97512fa2c23ed264a6a4736b108986d6848e043ab3edb623b9b31ffe56f65e

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-15 10:39

Reported

2024-05-15 10:42

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (80) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\yeEQwYUA\HCwQYMko.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\gmYAscAw.exe = "C:\\ProgramData\\NmcUAcgo\\gmYAscAw.exe" C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCwQYMko.exe = "C:\\Users\\Admin\\yeEQwYUA\\HCwQYMko.exe" C:\Users\Admin\yeEQwYUA\HCwQYMko.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IiEgkQIM.exe = "C:\\Users\\Admin\\JkAAAEwU\\IiEgkQIM.exe" C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SUEAAIsM.exe = "C:\\ProgramData\\lAoMQcsw\\SUEAAIsM.exe" C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCwQYMko.exe = "C:\\Users\\Admin\\yeEQwYUA\\HCwQYMko.exe" C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\gmYAscAw.exe = "C:\\ProgramData\\NmcUAcgo\\gmYAscAw.exe" C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
File opened for modification C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A
N/A N/A C:\ProgramData\NmcUAcgo\gmYAscAw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1752 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\yeEQwYUA\HCwQYMko.exe
PID 1752 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\yeEQwYUA\HCwQYMko.exe
PID 1752 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Users\Admin\yeEQwYUA\HCwQYMko.exe
PID 1752 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\NmcUAcgo\gmYAscAw.exe
PID 1752 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\NmcUAcgo\gmYAscAw.exe
PID 1752 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\ProgramData\NmcUAcgo\gmYAscAw.exe
PID 1752 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1752 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1752 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1752 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1752 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1752 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1752 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 940 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 940 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 940 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 3400 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3400 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3400 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2208 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4692 wrote to memory of 4560 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 4692 wrote to memory of 4560 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 4692 wrote to memory of 4560 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 2208 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3848 wrote to memory of 3708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3848 wrote to memory of 3708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3848 wrote to memory of 3708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4560 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4560 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4560 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1464 wrote to memory of 3800 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 1464 wrote to memory of 3800 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 1464 wrote to memory of 3800 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
PID 4560 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4560 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"

C:\Users\Admin\yeEQwYUA\HCwQYMko.exe

"C:\Users\Admin\yeEQwYUA\HCwQYMko.exe"

C:\ProgramData\NmcUAcgo\gmYAscAw.exe

"C:\ProgramData\NmcUAcgo\gmYAscAw.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zacsYMUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\myEgscIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YaIAggIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SOgIAUAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mkkoAEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VcQooEYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jYYAgAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMYwgMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sAkoYIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkoMQEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yWoYIQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qmUgQIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nqowUkgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmUoUcQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAMwEUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKwUIgUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUAMUUcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGcggkEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAIMowMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYEoowsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGUcIQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCggkwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYkIwwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIgwIEgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SqokUYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CGcUIYcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uywEMoUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JAogcAgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe

"C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe"

C:\ProgramData\lAoMQcsw\SUEAAIsM.exe

"C:\ProgramData\lAoMQcsw\SUEAAIsM.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3708 -ip 3708

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RagIokIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 4748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 224

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 224

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEcYIcMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YqEEcgAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekUMQMQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eocggkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAwYoAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lQckYgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIssUsEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqcoAkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEYsEEwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCkEsQoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIsAIgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEsskMco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMMkYQcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgYsoAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwkQQEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMkokwwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WaQwcEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAggAQYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NYgUkkYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUoQIAQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsUMckok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYAAMEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ooYQgsww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QkUIQcko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUcQkQAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vasoYMgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DoIMAIww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOUIwkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyYgwAIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\skwYkcwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AWcIcIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqwIkgcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZyYUIwsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuMgEsQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JoswoUEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vggkooIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYYUwIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CCQIsYAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\saswQgQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HmkoIMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcksEskE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWwwEooA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dGgEMAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUUAAIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKkEUgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osIUAYMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgQgAMEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAEMAIkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsggYAYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMgkwwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qSUkgcss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKQggkQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EMcgcIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcAcIgUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zIcEQEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUAcggAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CUEkAUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GaYwIgIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WWAkwAEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEEAEcEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKwIwwcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGwgwMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bEckYEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TewkcIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYQYMoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ywQkoUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQUEQMkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeAcgIQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VIoYQwgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RasIsgUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsEwMAAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MWUMoIQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\coYkMUkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IoUQkoIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POcYAYUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JasEgYgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tagwgIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEwEAwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgIAQEsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkEkAkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yCAoUsgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BqkMQsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NIMUkMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XQUswcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SoUsUwkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiQAYoYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGkgEIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEUIowwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQEUIkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LaMYocUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hyEcoIwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uMMAkIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiEkgYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EsMYAwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tMYEgAUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWggIAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOIoAIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bqwkwgEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YycMwwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osUEQgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
FR 172.217.18.206:80 google.com tcp
FR 172.217.18.206:80 google.com tcp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
BE 88.221.83.250:443 www.bing.com tcp
US 8.8.8.8:53 250.83.221.88.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/1752-0-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\yeEQwYUA\HCwQYMko.exe

MD5 6d97dbfc897bf3e28a55f9e164981b89
SHA1 33bb9eddbd2ce8c81da338ce43bf65c6fee5c736
SHA256 b4b6cb8a8da0a02a34d1b71730c86d7c92cf68851cff5867e352020ea80e6eb2
SHA512 bad71e939ba95999c53eb3ec5ad39ad9ecd69b78ff047ba33ac0ebafd5439dbafd1aa223708a47b9099c2fb492e1e42c2bed5271d6b8bd0770b7e6491871fe97

memory/3284-8-0x0000000000400000-0x0000000000434000-memory.dmp

C:\ProgramData\NmcUAcgo\gmYAscAw.exe

MD5 31d442b2f50b6b057560b8843a22d432
SHA1 7d937160bfaebece366532f60d41f8284078192a
SHA256 b99048312f2d75107c65ef636d2ec77435b582cfcee58eb40877896bb6fda4de
SHA512 3327b72234af36b4540f8863bad778a3d8077b90064711641ed38db574c70a3889f2329d5a7ba31c1d0fe9be31f55bc811cef640d2bdcab6a8754be0bf491e06

memory/3492-15-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1752-19-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2208-20-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zacsYMUM.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock

MD5 59513752b20c9e3510db31c99dfc5c60
SHA1 cbfd0cd3f52fee958f730d8d31b2372370bf26f3
SHA256 4cb21f95bccd80bca6baa955d8f9dcc1837e5a561d1585c9aaecdd7d377db8ab
SHA512 08479b2361a3b3d6a80d47260442718a7ce0f72547471b2b674aefa3dbeed7fa012df9c37efae73d729cf973f579672ca996a48552359ecc1fb2b4b32eeeb560

memory/2208-33-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3800-41-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4560-45-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2560-53-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3800-57-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2560-68-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1796-81-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4632-92-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4696-100-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3096-104-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4696-117-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2104-128-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4752-136-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1636-140-0x0000000000400000-0x0000000000431000-memory.dmp

memory/528-149-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4752-152-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4920-162-0x0000000000400000-0x0000000000431000-memory.dmp

memory/528-166-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4920-177-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2164-178-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1988-186-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2164-190-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4368-198-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1988-202-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2128-212-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4368-216-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3760-224-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2128-228-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3760-239-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4908-250-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\yeEQwYUA\HCwQYMko.inf

MD5 923947ca1b0c5ea1b87df7d6db6dc91d
SHA1 d8e175c636ea19d5e6be55fadaab22746c9d6b2e
SHA256 e49e7826deeeedb21f867cd7c6d9f31fd02b30aa0677b0351a01aa568c4f28b8
SHA512 cacb75e47bd215ba311b67e2a2382cfe3541623e3171e477abbaf405179cdd14ecefb4cfedeab5698ed41ba0ca64420a7b1653929cb9f48cd7d0d420021a62bd

memory/1764-263-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2448-264-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2448-272-0x0000000000400000-0x0000000000431000-memory.dmp

memory/752-280-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4960-281-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4960-290-0x0000000000400000-0x0000000000431000-memory.dmp

memory/400-292-0x0000000000400000-0x0000000000431000-memory.dmp

memory/400-300-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4896-302-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4896-309-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4656-310-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4656-320-0x0000000000400000-0x0000000000431000-memory.dmp

memory/624-321-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1356-327-0x0000000000400000-0x0000000000431000-memory.dmp

memory/624-330-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4748-332-0x0000000000400000-0x000000000042F000-memory.dmp

memory/3708-333-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1356-335-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3528-334-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3528-343-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4748-346-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4000-347-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4000-356-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1360-353-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3624-362-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1360-365-0x0000000000400000-0x0000000000431000-memory.dmp

memory/5088-371-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3624-374-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4724-384-0x0000000000400000-0x0000000000431000-memory.dmp

memory/5088-385-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4724-393-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4300-394-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4300-402-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2944-403-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2944-411-0x0000000000400000-0x0000000000431000-memory.dmp

memory/704-413-0x0000000000400000-0x0000000000431000-memory.dmp

memory/704-422-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-423-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-431-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2176-432-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2176-440-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4780-441-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4780-451-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1828-459-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4024-460-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4024-468-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2504-469-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2504-479-0x0000000000400000-0x0000000000431000-memory.dmp

memory/392-487-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4932-495-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4972-504-0x0000000000400000-0x0000000000431000-memory.dmp

memory/208-513-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3440-521-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2308-529-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1748-530-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1748-540-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4636-541-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4636-549-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4704-550-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4704-560-0x0000000000400000-0x0000000000431000-memory.dmp

memory/208-568-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ukkO.exe

MD5 9a9f023ebc03c6c0496b33bcd9324726
SHA1 e4929304dca3553ef393ada14331b3e8cfa068cf
SHA256 ec6e140de4061366a12c93ce4d0277da8b5fb35b278652281a59201bdf87d630
SHA512 33372759f1835fadb7725e2b26446f2b0dc9d0d9c79258988d19b31d49e7442c4d0fc3c8829e1ddd3c4a7f38413ea46166fda3c06f8787133fc40db0dbf47109

C:\Users\Admin\AppData\Local\Temp\QEMK.exe

MD5 56b95e0105fa0ea8332c17f8a2b5f6c9
SHA1 5a41b4223704e8dd2a74048efb699251b25b8920
SHA256 cc012074e7a643bcb57cbbba31c20ede8b73b3575b001ffb11037cd32f97896e
SHA512 4991f118391dae02599c23806a3b2ab6481da2c20b15328a130dca75b0c11cb8d690d0dae1d2abe9175de68c718a78185bf1cf1090241520b1132b54579e2520

C:\Users\Admin\AppData\Local\Temp\KIEW.exe

MD5 8aa579bba53f31b59fa3c6fc3a27859b
SHA1 a27386276a2eb3e31e8aceeebaf6b117ac8a34ed
SHA256 823672420000c704a14768308921aa6c4556e1921c68b79f2ddeffbfafaf02e7
SHA512 43149a0781b1775db5ec33f35b045d42eee16059562c7826ed788bb4934bf37828c32792b8081ddb1cdf49787517dc63b307060329100ddadf4cc7cfb1534baf

C:\Users\Admin\AppData\Local\Temp\QEcm.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\SUIS.exe

MD5 08dc05666e3bc403a59bd4ebf571a5a2
SHA1 31ebc724791b836235b77679f3dccd0500a58a2d
SHA256 023475d1cb0859de4495e8cae1c9bdabac9276229af7ef97ecddbb7e5f04c18b
SHA512 23af7f51b38cebef4f8d7a2ae5c59674e30de58fc37977a3ad8a7ce7b72e2fbd356c9c198993a5ed043d0314cdefef2aee9de58ce73a5e84e9022d2f3d8a3f40

C:\Users\Admin\AppData\Local\Temp\uwcY.exe

MD5 c55cec59ec929be4b38695517cfc22f1
SHA1 72d15ca08823d0e65940477f81572e35889933a8
SHA256 472c8cd621119cab42700c0c1d1c5a9ccdf8cbe1ce1f27527b2aca65843b3e6e
SHA512 292faa9d4a834f667f7bc3cfa985c35a723d635d32fee8e2fbd080effb688eb485ec096f67383d291f2725734108c1dfba4f45d50b45a606b920ba14001e295c

C:\Users\Admin\AppData\Local\Temp\AAQc.exe

MD5 b426515ec2713f92b5bad0e3b6c27779
SHA1 e98f5ac6fe7021f38f356ccaaf0948000fc6e3e3
SHA256 1f0bdadff76e962a65bba5f417d15083e037d4801738a497e6fbb07bb2bcb8a9
SHA512 87a11f49bae0a187e0516618f2a8b72cadd3bd65a61019aadce4b5c8c442ed7463e003148e6f1d28a6ee7869878eec10bdbc75deb88389970e4266734b4c24a4

C:\Users\Admin\AppData\Local\Temp\qAAy.exe

MD5 9190eeb7f328ab36ff5650d2e53deb3d
SHA1 1dce75f923e4b1a1852d08ec5b1a08e19099c28e
SHA256 c0f1282f24647de453c4ed559daa3442d0ddce0dd5c2e24491ad6d3e3aab2bd1
SHA512 d63227952d4d723a3a63e28f9c812fc88456bbacc0f35624fe63a73a4cce5a0bc65cd4a6c7c00794cf01ed92540e918385d60dabb23b7a9fe28f45ab1cc500a5

C:\Users\Admin\AppData\Local\Temp\aoUG.exe

MD5 a96b5ab374c58a1fc46fa2c0c7bbdf65
SHA1 e73e66d4d5f498a946c8a02689fe94671c1ff374
SHA256 6ca35c2b05d4d3bbdd31e244f7f831b736436e6abc26c13e97283dc9cb4f786b
SHA512 a2a2704968fca9c4775a38d9b788d7059eb275e61e7bdc590212547250be4821810f6bd2348a3e07afe25aeaaae1d522fe31568c1ba339a1348fbf04033e0bb1

C:\Users\Admin\AppData\Local\Temp\UsMc.exe

MD5 5c3060ad190b2e345d96af03699bcca6
SHA1 99caaf0e19fbd8343075978c1142f175658b5ef5
SHA256 2b957347c1d4d2e0982300d52301abbb9682dd0523c394507561c7d790be8fac
SHA512 d275eccd49ffe63d8d3c2bdaa7e790b1052116b66818d5c377401e610fa41fc3aee4cfdfff267f7e38906829202cc2bef74eaad84fe8d05832c1e0dc3e49cefc

C:\Users\Admin\AppData\Local\Temp\CUIi.exe

MD5 ab503cf2f327f8d344156ba0dd6a3fcb
SHA1 efb32142211083d7595d24417b465f5e3a1237e5
SHA256 7d919354ed71200ba58003562b5a648a0e96d0d5031479c754b6cdafe70d903e
SHA512 c698864bf3bc7e15ffd6f983eb5dfde4f21795946d49d0c0f5fd569d63e9b920d65cf95a1e4308b5bfa475dede5c9d4970ac16bc46e89d79cda3a971d2d28c04

C:\Users\Admin\AppData\Local\Temp\EMUM.exe

MD5 b843714b2ef1163778264e71a56e9282
SHA1 d9b0739f40527e8cf02b731050f91a085f869bdf
SHA256 8426db75dc14ccc31d936e8f831a4de60b917b8b51ff5068a0382fccbe91f48b
SHA512 aec379e6820c3c73cc255f129568d4bf5d49615affa29eb40524296ccbbe62bd08947510c8e117588a8a51c625281e8544fce8a2dee9b4c9cd8e6d909d64212b

C:\Users\Admin\AppData\Local\Temp\uMYk.exe

MD5 40ab82d1fc148940f51dfa90c7768274
SHA1 28e643f28735992dcbbf2355f5167971a5cbee63
SHA256 889bf6afbd76ced96cf174baa7d4f437434fa557dbd53d7db963cff2c4120d32
SHA512 bf5208590a0ce71000929b857f29bb1f10b29e5bb0004491a355876353ea16fc834ebdfb72990f93103a4eed7aa189d895d12ce11b7038d396531a5cb623fb18

C:\Users\Admin\AppData\Local\Temp\CEIE.exe

MD5 a38925e2a6c0ada6272138c9d96e2153
SHA1 6c34874f7e06e2a6a2e8a47a8f6ad522b8cb4601
SHA256 3a6ec6b77dd4891a96da5f464a7bf0ee3e8fb79ee7b6075e9f5f79bb4dda55e4
SHA512 e8d7a0b65d5b124cc5833ad0a095d57bbf4dfe4c1e40d914e537b72fde38b07a2a69e1fdcad83dbd75c105e30042a9e843ffd60c05f7730a208fa0ec316bd6d2

C:\Users\Admin\AppData\Local\Temp\CEsq.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\escu.exe

MD5 a7744a98623f30c97f52dfd832ec2de0
SHA1 c7097f2c2ad3919565cbb584e06e371e7c62eebc
SHA256 4d5bf5684b4e7915e803550de8add5175f063f98e1beb3487f303355251569ee
SHA512 dfc44fae1893deb3be97ec155b41b8b12043872c7886d27db1faa8c70fbcd2da50a41ecce60769391b3ef789fc5fe2342d91b09bda5f111d0953563b27324415

C:\Users\Admin\AppData\Local\Temp\yEEk.exe

MD5 6b451faf29808fd59f6b2951056b8a98
SHA1 887dc932d645f19e5c8fdd0aca27a5452d5fc3a2
SHA256 7ccbf8c50b98f374ee8f8da80a4360fe8e524dc11e33284582321a20f01c99d6
SHA512 17db93fe085ba06f9b02837aa344a603e9cc4c8d9ac3e28e8600b588ef7553f6ab342487d33f2bec39c56063ca2cbd73cc9cdc30fefa5e4ef158e90b376ff582

C:\Users\Admin\AppData\Local\Temp\GMco.exe

MD5 2998d5cea587c31a51e91e9cc6aa91e7
SHA1 313373ae5f15aead79aeb225e9ef3af1ac7a63f3
SHA256 4bfb6ac51a15c660c2485ca68cd6d794912aabe75001a2355f23f2b41101ab54
SHA512 9a6e619227026bce10a4c8623a44b942c2951af79da83b18b841d19a1a82de2bf743b71eb09b34d83b78887924c7aef87d53cac3a101172bd7848d50db782991

C:\Users\Admin\AppData\Local\Temp\aoEU.exe

MD5 de8e583dc84d5fb6f6d0ac52c422710e
SHA1 3ee63c8b8211eb768107921fc6594278d65b7217
SHA256 2bfb6119f820411980835d426ded86d8205ff20c74588c338cbfc29b6533fd30
SHA512 2c7f5213bfa21fd2f97c940a5df82572f5e3fe8a95d872b3cd17ecb466f8bf908703d944e70880961e9bafdf19c3a57033f5082813031e2bf82e70ad913be3ab

C:\Users\Admin\AppData\Local\Temp\uMsG.exe

MD5 20eb516f3fddc0adc0e3520b609b35e9
SHA1 2ec4dcb7e98cabc78f55e3186377394cca0cef12
SHA256 68f27e1c4726719367d97b0998eb51ac258707e8971756dd9dffdcbe9445294d
SHA512 3522be8b623ec810b99cea5003d7134681e9d9fae2d7a0e304d99c49583185d93c84102e3400dc08710e524d80e836596ee7a9ab464647ff8afb73a3d45dfd81

C:\Users\Admin\AppData\Local\Temp\yEgG.exe

MD5 8a9e4302d7a3597afb24f2c8e9c360b4
SHA1 41ac1b116405e032fe44f02ead7a4962a2ae44b5
SHA256 97d427fdf3e4393ccabc2a2be82a8273f1d3603703481aee025bc8c4f2c7b873
SHA512 b685a7cfb96f9006f115cd48145c3dfe0ad4dcf3db20e28469418f49205a5b112b37cff3b1c02604f97b12cbb78d0ad3e26c291233fec1d3fa1b2c31f5e4f56f

C:\Users\Admin\AppData\Local\Temp\EUMm.exe

MD5 5077d1d2845c4880431861b59a62cd91
SHA1 c244a66dc06e0cf55f726d72a65d7dac22a8427d
SHA256 8ede49e577be8815c9b0b7b89c5f2c058c1390ce0bcbac7209261f32e3b52d35
SHA512 5e3df0ebeb3b96f7ce9fef82281f65a26adb1036f77f8d68ab35fbaf3243100cf1a2af375d66ae530f12f9501350ea315799fffcfcf6a1015b8d8972738bc46d

C:\Users\Admin\AppData\Local\Temp\cMoK.exe

MD5 3ca2556864d05ac4098e90a0312234ce
SHA1 281f884a366504e3b66f781039bed4477689acf6
SHA256 80bead830c875b47cd1ebb14e8f9c0ae7fa80b8e8f0ad909ded0c2347f0851b9
SHA512 f73c518d0d542482d0c20275d168e9cf2955b16ea54e10b4013fb887cecb1b2ae70b60637d7407ee6282e17ea8daa7544c4517cc85b0b755fadfeecec0a95875

C:\Users\Admin\AppData\Local\Temp\kkEw.exe

MD5 86e6d67b5469b21792959ff51dc26140
SHA1 78ce7b74f213d6a5ed904d661794eb69bfee8219
SHA256 f83de99fdaf8cc1b665458694eb082f066795990d0e47a3ffccc9ccfbce2c354
SHA512 782ae6f7da66faecc91df427148af35687ed602fd0d82706fb7c2b41d62696b8a048b0302efe01d6f89614487ab29988afa90be26808597ca2e8968b204503ab

C:\Users\Admin\AppData\Local\Temp\eEMu.exe

MD5 bdad102513340570ae87fc7569e06d59
SHA1 4053dca96191d224b9eb4a8cfb54d9e53b8d4538
SHA256 681d427b346055564893c35c7c3db42d84547c3b6cc41eab529cc547f063fca3
SHA512 1517e2fa5c95fbc26543b3b5041cda112108d32d0aa2045bb4b88696fe54fe516f76523987dcb0b0497bd0c67bafe60395a3e70dbee6ec780b2921a8cafe11bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe

MD5 24246a341cf19a7811a68bd86f259ffa
SHA1 5d9ce5552b6228e34a307119dd51c1862e873212
SHA256 4d8996f0369a79b36d503d7378a98ecf78129f64421526ef2087123111af77a6
SHA512 eed18b817b67d054621f0d0f299293ebf21229bbc98254e1bbdbcf279a653c98c2a1e85c39fd8a57b770a5fdce7735c6cd49e0e8aaa7073b175fceb7514d392d

C:\Users\Admin\AppData\Local\Temp\EIIo.exe

MD5 2656f2d990eb90f6677b6988d2b56ec3
SHA1 3324029365bc06c9d0b350f3c7a0df33e8859abc
SHA256 ba395974e80c61aaa1a12494fbeed803bd53328b28e420da3765d7905c0f65a3
SHA512 cfcfeff46d2af02e9eaf3f386b8bac5be974a508ee48e7c346886ded845f2b6a55cae8aa2935f6e6023e38a64e5565fa7c89678e3c3ecc6b95251859f8cc6ca0

C:\Users\Admin\AppData\Local\Temp\YsIs.exe

MD5 d141e9e50ed6a96d7ed0281fc397ca15
SHA1 00f5ae034e8d13b57f03a25086604451d667ee9b
SHA256 db2c3b2f380c48f587fe422f3e59b074149fa43eda8c29007e10392a7f3973ab
SHA512 f4a67b71274c86831f2194d8cd69c5416dc238b2fb0ae4dbd062778d7b7932a0cb66a029b0eb389580efd208daad1b2442f12f554a0b1c4c2a85ebcf9ca8c575

C:\Users\Admin\AppData\Local\Temp\sosK.exe

MD5 49f0e16c8edcbd5bacb7d4f4394361ea
SHA1 bb021c7328e49afa0bcf58013fe1c8a901492a1a
SHA256 f2a308939e0ddfe90d0283cc413c53cb68a7ecc6de4939ccd3cf532f5a270619
SHA512 aa8b96636344822864b36cd5f2ba336d70eb0a1000f43265899cd6f0acc9e5a77998c926348a849acdaa5c3479b61218ded1c9f9419db8ef33110440c58089d3

C:\Users\Admin\AppData\Local\Temp\EsYU.exe

MD5 288a5f195633661f0e396813e9056c7c
SHA1 3e32d8564b1ce8a9acdecccc347449673a9dce7e
SHA256 1eac1a464a1e89caa68670205aa53fced5e46c31f4bbc2906d57a20a384dd9a3
SHA512 91ff8fb5313ae91b529431d4de9f24ca48cbf70e28f365384fe095234102b95ce3ec9add73c69dc76dfaecd687971ff9ba22609fae996b759082484f79e67282

C:\Users\Admin\AppData\Local\Temp\MwMO.exe

MD5 cc0f527090bbf7a3698cb17ad3588907
SHA1 37b1ef526a7a154935c26ecc78e019e9722cd94a
SHA256 46a50438da3151b9145a43b919da820ed26d4b3b008b3d6b1a93faccef4822da
SHA512 350f1a9dc60227492f3ffcbdbdd157bd8ff52b514080d059e81b67ed8df6b7d6a1d9e222c1612abc361cb97f546bf2bd64d439aa2c2c15f2eae96d5b10c306c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png.exe

MD5 cb29e43d6a372e67a528ff51e59dad1b
SHA1 c00df8f021307994464679271b86cc6c69fcb1e3
SHA256 2a10b7b00fc2a7ee71eea2f7f2c0bfa3d21fcaa1d14955d13481a6cc9589393d
SHA512 299bea44f2866ed37a53466194496d08f12ebd6a5fccc7f8d2ed4116357cb0506b0f3798739d10da78c7304b9ea74bcc2a9e6ac86fc2d65b7510dcc0616b22eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png.exe

MD5 c10a6714b942517b7a616a520050851b
SHA1 adab41ed4a0f7341c7b60a804f7be2567e506782
SHA256 56f12f9f466f3e72d04aa6664a208815be150d1c427f7dd53871eb89a325b96a
SHA512 b474d1f594455405cab894d68f2da77177c5cd7d4c84156a19692c290409e685db063e0cbb998220379bd5a15936b4ce2fafcd8d234f39026ef258d0b5791cec

C:\Users\Admin\AppData\Local\Temp\qkwK.exe

MD5 33d4f4489a558d6e3ef2df1b74e6297b
SHA1 d71e8487524a2c5df0fe74f19ad698a1f899c844
SHA256 6ec72572682db20fc324455565321af0a0fb4f7b13fb24687081398445a8212f
SHA512 69a2bb5880808eb8e54d6d59dd0b7f538087e44b58e6738d80edf81e48f07d0d20addd62228fd583647f92887d0f52d18c1ea682f8696a243036cabc19ee795e

C:\Users\Admin\AppData\Local\Temp\MosI.exe

MD5 f3cde5f73057eaa9c59ea14c4b98b6d6
SHA1 256a1270a01b6d68549038f960b804add06fb842
SHA256 ffbb6a23c289bab24b40207e8c9c34eaa79d67a3ab1c4d50568ccb18b8d1ebdf
SHA512 50b82f9eb643a0ec59eeb9fb4a3b8d58d421aa69fcea52a98e6853fed15b3b95e83804c532b7fd3d5e62de1428b35491a9684698ff93b280c8b8003dc83a8aee

C:\Users\Admin\AppData\Local\Temp\eUMW.exe

MD5 7c173f74bc99d29f28779a4935497b33
SHA1 0abbeb9ef02efc582f53c65f5b85c8a81b950297
SHA256 b83287f16e1a79044309a07b761f4b97a50325224e7541337a5e611b8c8f52ad
SHA512 f78f8c68b7caea4cc93478318ff666093f1bdc2b9d49669f0cf92a95117b27dabc634212012eb9e7d3bcad07f82af5b3f130cf116414b839f4d5cab4492c6fc3

C:\Users\Admin\AppData\Local\Temp\MAYY.exe

MD5 33b6d64f0b0fda6cc0fdf605d54f138f
SHA1 e70b1445b2abc852b3d28c3fe3a41aa87f8fe28a
SHA256 13cfe0924e0a664893a09d935a8dd061be2d43d3440d2d51ee7a6bd476ee6b0d
SHA512 b2e70bd6ada4f9349fb22d615c7a10a9801e8d3f4e6f8e807e6f81c145cd7884bbb963ab9283a535e3bcc85a7d24ff62d99f613fbc8c472618721c5d93361538

C:\Users\Admin\AppData\Local\Temp\IwIa.exe

MD5 75ced039edd6bcd9e46dccf53099b94d
SHA1 90447d20b6fb777ad31c297e617612aaa331273a
SHA256 42cc63f00ea486674ce3238781c8660a83ce3e15d55337d0aa8d5de2937b4a8f
SHA512 010bb0115fe25ea114fcc6ea167d1f64139d215a17f0e640c1be9ec8b92954faad09ba2695d5a244e0c5d6854ba4d96275bdf8034df05a6b1db2613730a2a020

C:\Users\Admin\AppData\Local\Temp\EQIG.exe

MD5 45fd75e274e1ff1805289f6fd7a7e72c
SHA1 3f422aacef12d9bd4b5911d8600238076ac8c0af
SHA256 43b08a592bfe5d9b4b184c55ce4b96ca5c0a0e7c65a69bf0148e07e8defdd576
SHA512 3f33911ab3cfb213a1441273bf31b9f249775165d3b6c2b9c53bfcc24efb037b20f05a475a198a883174a94a364bc4808ec2c7e926c8dee2605db61ff0a5ffb3

C:\Users\Admin\AppData\Local\Temp\Gcci.exe

MD5 8c85a9a6b6954c15c6f2fc2a35c36679
SHA1 af7da180e07f14f25f09ad27f2ff097a2b78c9d6
SHA256 e9301419d869bd90c91cfac46361b0d230441447b3e510aabcc977ae5690b125
SHA512 b8b855c1c7a655f17e3b2a092a5c69f19d06e568adececf4aac1be5d882bacde2bace3c75404c800683f4b08d1a1e16a399204a018c9fca03f9d9a5b43a0af88

C:\Users\Admin\AppData\Local\Temp\uoQA.exe

MD5 d3910236905ccb1bbd1c57db7b1c4544
SHA1 3441c89fa40d340c48c19354b8ca629ce6ba0ac9
SHA256 b344286667eac53f3920ec4920cc93533693026a49d5282eed2769cd1070aa61
SHA512 1d5cf719ca03e23e55d53b3fb22c82f3ae266816bb3aa8c19170d9a189a991b88178e793cd83fd125b140312bae725a5190bb3c5809aa398ad27c5a4412c81f0

C:\Users\Admin\AppData\Local\Temp\oYUm.exe

MD5 5a35b6f58748d021f0c6ab1b4ce7a769
SHA1 196723c36ea5c3a589b24ee5f4d96ec091288990
SHA256 563b8e103dac68b6320eb238d7d1822b0ec344c76ef27cae43483700650504b5
SHA512 adb86dbcdf14a721c323ba40e2d2a32ab455bf4ccd0fa6d103cfc16b1ea3331fecb26afacc884e642dda27142daf655c05d5e4febf12365b63bea9d28bced30e

C:\Users\Admin\AppData\Local\Temp\aAIE.exe

MD5 2285476f60903ce35a11a3a4e5a2ddb2
SHA1 6bb3188b73d41733623bd73781c575566dde2573
SHA256 4eb5a358573891e1206ce92a37344bb22efa5ee8ec7538f40fd2727e2209dada
SHA512 63d64cb7662725ce801e181511146a125e4e07f7e619fb5bec1b34db194ceba706ed28fc34eacde55c5560d34cc0970ad3610d0cb1877b086640ee3e28f19fb6

C:\Users\Admin\AppData\Local\Temp\IUcu.exe

MD5 1bd16d1b2bd01b39c5271cf6a539dc4e
SHA1 c55cbf4748ca8de33fed4d094acbda4569c43055
SHA256 35745df0fb14e97a1add5392d017fd66e048b55b4b31b814bc93af1fadaf7611
SHA512 257b741c0fc89b40db2ed01af0ef86f9fd3a410489bcfc3a9666b3f043974c498dfe39e2cf25d37e1ee57b04f6d03342285a40f5a3f45aca4618c12ea08cd9f5

C:\Users\Admin\AppData\Local\Temp\EcsU.exe

MD5 38cd867aa280823c8682331e1d61c862
SHA1 fd3b4708a77c41a726b386b7e983f3869fa0137a
SHA256 19431897f088301fcae474fb3e5a28afb2765600e92ab3fd80e7da1e323b3a8d
SHA512 4dbc17dafb8fae672f2879ed963cc61a958a07af8437e6afd1cd99deab4306fd400c8c6911dab863a410cc02844f2df6b1f95edc5642ec3044c0b4b809c323eb

C:\Users\Admin\AppData\Local\Temp\mIIm.exe

MD5 5744805939f91911f4e5cbf3de0329d7
SHA1 cd2a25d8d628227bc9545f3a366dba0ef7b3dea9
SHA256 991458e5a29543cb56240350a0d5b7ab0d3cf37babbec5504353e724d288781c
SHA512 883b0318c93fd7b48f32753e99e1bfcc7312ef602913aff17ef355cfbf50ad4ee5c168fb70a4781166beeeff99f2f45f9ccc9f5656c372c4afdafcb1af260066

C:\Users\Admin\AppData\Local\Temp\mYsE.exe

MD5 59de8a147bbead3c77e7bbe98e66e6ba
SHA1 253fa850a9bb9184716cfec8d384fd4db565c6a2
SHA256 f7435f492fca28101b3f5195e9813c3d284bbf30e19b1da34fecaaa235f7efc6
SHA512 84728d110395ece58f387eac799936624e6ecc9deb2ca380cea17ba69e22a85c4a8211a3e80ddf9552cda68991cdafe9c0908c05824cb6688b0a3cc40dc86700

C:\Users\Admin\AppData\Local\Temp\YYAQ.exe

MD5 46c6ee41c9e3c4b6cd73338f634583fc
SHA1 ce9c15b81eb096e36ac91918fbd7041fd4bd033d
SHA256 8c910ad454a46958efd2008d8b3508dc480bcc364f6a81228d627213b77bb1c3
SHA512 cabc5c45958706d8cf0aeca01e945d3d4f858ba0eedc68ed6637c0a9a6f6ad26eed2d5d1e930b71a749d7c7244b45cf6558b0f9e8f8c75e5b880d2cbae1ec008

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe

MD5 949141f00cdac4a4a2775203f93e1aea
SHA1 260c744270f7c1204ccd88e27f6dd01c9ed133c7
SHA256 90dd1ba0125fa826b3e0c9b75fdfbec57e4726de4272f2c1d193f06b7dcbafef
SHA512 d37287d2fcc426c4aad7ef040063f63dd1e5507f00a69cbc89dbf756b0b20dcf30bc8fe20dbf0f5e29efa86147aaeb3734c9c815ca6b1f5df98a1ca59aec5b32

C:\Users\Admin\AppData\Local\Temp\uEEe.exe

MD5 f70abb77155fd92bafe0f8847ed33b46
SHA1 db15c4fa3e7a989b14bd79292fd268453d12733b
SHA256 ef27373f000fdfb5099a8285818150d3538494b9f419a190a91c7f9474c1a9ef
SHA512 7fd177b09e609481e76fd55c9f54fd0e8afd4dc1c4c01b1add970e33b470a7fcc9c078f239f5737c19842df467634e10b1a309669bf98c46788a479bddaa55cf

C:\Users\Admin\AppData\Local\Temp\OsQI.exe

MD5 be700e07d33b3301d1eda2ff11614223
SHA1 8bb45b3738b47659b3f91a30ec9103ff6020c8ca
SHA256 ac53e9050282660a4ae3a199a8decacbe58dd0d48c4bfdbb94132189d3404576
SHA512 481f336cf3cb7ba4ea8017d53ce0ac3741ed0232be55f4445de64945ce8e9fd1130814facb38d9a81a85c475e967e608dc288cdcac45ca6ded0c16fe036c3918

C:\Users\Admin\AppData\Local\Temp\AEYm.exe

MD5 caad0f2bb327a718f694a48a9ce72fc4
SHA1 c225c1c67e958deb20ca30c3bb2810f6d746ee61
SHA256 74bbb73e1d38675799daafe20defbf03b8f174a9a344df6c8f6fbd830090e5a8
SHA512 600cde45f631a98ec95535f85db35e3dbe2970c83d2bfc30d2f7c1495a6f527751fdfeb4ada240418a0286763819c2ef577e7ab21f6337faefe567ad7ebae827

C:\Users\Admin\AppData\Local\Temp\WkcG.exe

MD5 3c565c76c43c1af491c418a4a5632bf9
SHA1 bf606669cf2cc1e1982671fbb79af7f50f944e8c
SHA256 04463ce5b156eca897e9b571cb0fabfcc1858e537b0153726736f506ae1e222f
SHA512 867f542539c78de43492486816acea9fb6e2782f6ef1fec9d81cca4779a8804b0402a9f29b251d5f97daf177efa3bf114c65526943a75ecc6ff0261fef2ed5ba

C:\Users\Admin\AppData\Local\Temp\sgUm.exe

MD5 5870d6c3882ba7fb5f0f9b693a68e626
SHA1 a4084ae65c7b6157f2a090013065957e10bd31c3
SHA256 2a83ea2586c8268fa21aff9b2cdd18d9f39b31a288a8ffa26351dda504647b28
SHA512 4bfd37a90ef7a2207d3da477224aa2eaecc148a65be17ca5ee52996f18cd3dc8ab0714fc16a69b3e5db9ca45a4b7f619f972bdaa421d46af71f63e5c6205b4b1

C:\Users\Admin\AppData\Local\Temp\oQQE.exe

MD5 f0600491c3b79c0922017b6baa1d943f
SHA1 939e9d954707cd152bf39397aa573384fd5b47bd
SHA256 ed0f13aa78f7fb0742b1eff7adbdfd9fd63dab76eefda57602cf2e91f451e372
SHA512 648f615d966d24a6468ac2a7098b46a1cb1dcd18b90305247399b3c307af5ba805580c3777e658741351e09ff0d13cb0ce68b301cfb1160b7845f9c1f8d3ce3c

C:\Users\Admin\AppData\Local\Temp\okMM.exe

MD5 a90ce66be47da485b3b49c2890afcd30
SHA1 9cbfda5c1ea71cf555bbd282d7322dee3c3c8297
SHA256 4eca33fcdc815de3094b6e7d682e913c30ec53ee77384d570cbf7988dcacc78c
SHA512 06197ebb61bfe1151455047ffa76e1125bcf1eb66a9cbf5b5cbd6028e6d55dec9920c259e8747b37213e0106f01da47d977286b7b9b957d1023141f8f4452656

C:\Users\Admin\AppData\Local\Temp\qgUA.exe

MD5 e394abdb497a5047f17d1782520267e8
SHA1 7e1f5d2538ebf9a090d2eb1e3229c1eb366145f6
SHA256 134f83dbffab444ca02608e31e7b9ac067c41277f99406790fcc77420bd65370
SHA512 81d572445ab4c51bea72414a03f9bf1c2e871b85019d16c40a3172429d4ea2f53da320c0c651aaaf61964d8ef3a3c9ea7ad2afd3f67877202cd2b9fb4f31299e

C:\Users\Admin\AppData\Local\Temp\UgUy.exe

MD5 42d2c44f2204c5c486faf97f5195b982
SHA1 da047cb73d4ed6d67239422c6b361e20ae9f1191
SHA256 62c5d456adf3465829988e7652c085c86d30a4de79216799cbee49ed74707cb2
SHA512 d15fd4fc1193ea83d8a51fb0fb196f441cb6115a79c8ef48f1339eb4e7c6571682641357898b95fc67deea438f9a7141444619a1207faacd29ae331aea07c6da

C:\Users\Admin\AppData\Local\Temp\MAsi.exe

MD5 7c604d514fa1b9d8d7b12921ebfbc4a7
SHA1 03f94680cdf4dec57c3786e6d141fdb00680b377
SHA256 5e71adc16d0e80b55211c7a1c4c9368d33da02f755bd93addf1c356cd168597e
SHA512 dfd052d1ac46b9ea985bc191345c5a7181aca1736aacc7c91db04465bbc6fce36e582944e6da1dbf3a1ee8c6c47ff418d16e172d355029fe11ae29ce0c8f7628

C:\Users\Admin\AppData\Local\Temp\CkYq.exe

MD5 02d1c04c1d623ace7c513cd29634b35e
SHA1 4f09edec8d9f791695842e96ca474e31357ffcdb
SHA256 6638805c57d68c4855177b0fd773f8cffe18479e7e4eb9630ea3c6ca76f508b1
SHA512 98377a6a3e879bb9537237152b1c3652c3a810898603b1a4b9873f003d64f5bc496d7da6a2aef42c58b82698b97bc22fa433732ecd688d0572b1040fdc9d403e

C:\Users\Admin\AppData\Local\Temp\uUsG.exe

MD5 9ea3e606de9447b78ec19cc221def12e
SHA1 53e67dcf5034c08e844dbcf6ff594d753e295b49
SHA256 05fc3b7d4bfb3ef3c3c458ed160ea540a919827d0512913de11ba287604a065f
SHA512 e645ba0ab41513c082efb2b0a025a5df515b162232ad6c005628191a356cd5bef7eb412989c17bc4bbf4c5dc9812b2e90149189c12ceace1ff2ca0aa76e80148

C:\Users\Admin\AppData\Local\Temp\SYki.exe

MD5 038ce8019dcdf91e96f3d07ddbb29e98
SHA1 f868cc3906b94ca58ebdeba3a706d81ffd4f6991
SHA256 1622bf2ad9febe22e3477e1bd6516b313f0d104bc15bc1ff82dbd596b653ddfa
SHA512 58e1291f53839557a8f9c2ffa008563877fc78629fb97a6d940a1faf8d7beebb06a883b56746507c8c0269b35750e7afa896de29470e7f7793bde9b73268024d

C:\Users\Admin\AppData\Local\Temp\wQkY.exe

MD5 f5a6555732a995d63fd68cbe39363419
SHA1 ae3982ca0ef1a20ef1b035e66ccc046e6c8f128d
SHA256 6b44689a78f4d11430d92e798f8b0ea7231f7263a7a75fdb4844f8a6ccd64286
SHA512 d8d5fba8f21bba426b05c2ed53304a840d2bd13d45c77a84deb2ce0870c47bdf713fe750d7039c16c85679ad25cf9a85350ced936157b28081bdac48f2f9c96b

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe

MD5 187939a74561f72b55daec40f9c8ca97
SHA1 4e9bc959f90792bfd98c762688834942d5997896
SHA256 e1a8013d554fe33298c62c674640b324620123b43bd486a218d683d742bbc85c
SHA512 418154ed50fb536c3fa792909b2fa99548bc436cdd0046e0c3b8306e8fad7ccb1e67bd06bf6633be3646dd6b92b24f199d8c7a243757d6a5ee10ed30cdc83d0e

C:\Users\Admin\AppData\Local\Temp\mEYu.exe

MD5 1f5ddaf9c4037bbef6942d92ae45e0bd
SHA1 63bc5b3de49f07e8474bf7deb0093e23031e498c
SHA256 97d3e3e39124e3184d855cb90ca76b0138bb811474fb68f71c3429b02077b79f
SHA512 00c80fb1dd70002e95521913f88d4aa81bbdfbdc6708e68bdd5313899bfc27256ba9d2b04dd08ea2d21612e5b3b6ab9039f92a84b639c880cd7bd8ddc1632159

C:\Users\Admin\AppData\Local\Temp\kAgw.exe

MD5 7988eb7115baf4bf9d437123ddedbec8
SHA1 634354ce0a01270d9757862ce1fbac26e33223ae
SHA256 a49ddca67552ab0566d1c50d3a4db24f5fc1bd59129a5f1d516e7e7cf971679a
SHA512 3759a6ea0a92ec3327a6d66a75875861e28196a676e2dfbaae3de719d8bd9966a313b4ff885a3d64da781026eaa37bd24ee8e7493e50c8cfb268d6a3786c3129

C:\Users\Admin\AppData\Local\Temp\eooE.exe

MD5 a40c59c9f3390e00fdcf884890d42b58
SHA1 d094b5e58bc42c6c4437604a629a5446ab9fe4c2
SHA256 696ada0fa8d584a76440cceee8b2d630e9ca18dba75ae41f13ba1828bcd3f239
SHA512 f534a9514641c631304f580439d7ebf14de2fb981ec334f70c5fbb346145c414c0866b4817ba394d90c8508682bf9d72fe984f1a42e76a96fe8c877c554215af

C:\Users\Admin\AppData\Local\Temp\Ukks.exe

MD5 5ca12c2ae2cdc4a2213b4b5723e7fe0c
SHA1 2bda33f453bcdbc89b4855ff98634cc2f5646e08
SHA256 5e42488a189790fca4004a584b073456a25174bf3bd6212a79b4b61959fc084a
SHA512 fc13c6bc0b95cc40d386d394cf236247f727a46bdee469b7dca7ef9779302a4b74cd6e1dc395c652c4165918688eba57ad59cf77b9e64d1edfda1fdd8e4aa18b

C:\Users\Admin\AppData\Local\Temp\yokk.exe

MD5 f24ae946dfe33919a5fafb9be4b59e40
SHA1 f1551b86173a7675903ae8911b125188a7dee31e
SHA256 5b9e7b1fca4f4bd7446796a2240dd941e490ec506eb578c9987f0c3e79a8a778
SHA512 6880e9667209a745286852f8e644ed70ffa1a3d408a17683a4b31099c23ec2962776eac3d47117eb3f7cc2ef96ede22851f0122886deedcb08efefb4f6894f81

C:\Users\Admin\AppData\Local\Temp\gosK.exe

MD5 a51aa60046364ffc1496ab80db6c6f3a
SHA1 be7f360447cce1553aa434644e052ec2d3dabad6
SHA256 5e92f7c03533d816e66e4ff07788b41b86ba0dc0523230ad8652f00c32a14455
SHA512 440740a1ce1fa9cf3d49ddcd5e01bf9a13d313a71faac6aa9dbe59642a8b1025e8710a2b2bdf16458dabfca98617ba1dac9d018fa9a1c82effdad44244a7ac7a

C:\Users\Admin\AppData\Local\Temp\wwIC.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe

MD5 dd18b2c8655fab4ab9fd0b2c03cc655c
SHA1 2586c8d30bde9d7a7a6b91e92fd95ebcd56dc9ba
SHA256 d305b9471fc734e609eaafa480822ebb707cb8e36ee8effb11b803f0374b00e3
SHA512 f8b4eda7363eaa80ff9ee232c16df7d02a9faf03d88b68df7ee05af311e30091bf08510bfe40bccf89516899d29294519a525b0aedeb4195c4749305cfb5a66d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.exe

MD5 b6e85b3d286b2ed129bf6c8ce88843ef
SHA1 645285edd2ecaa3ed1e56d309adf43f8a704ea1b
SHA256 a4ae3d3f881cbaa6586f1d5e31bddfef76f24d0a0c5d3cff72e8a379f6ae81a3
SHA512 9dc1aa3dc65f176f624728cb493f7b66cfdf70ba507c6959415914d9a750908846f5ce62470ae75da7598d55ed7db812e6ded15c5d2d1ee84e9a51189f415b43

C:\Users\Admin\AppData\Local\Temp\gQkK.exe

MD5 20028c914652ad8d5da927460813b515
SHA1 ae3b8a4fac5e3deb41e830247812af52ea60d66e
SHA256 4c17a6650cf9c1e5d201a6d643a7859cccd5f5ebf14137b39f1629b9ee741a01
SHA512 5e8247fa37aad07e12674e05dfe40a72ca72a26e8957117750bb76f553e727456d55bb8e86f75fb59cbabdbab9b9fe04771ca10b7a6332ab6f924b6d8016d5bc

C:\Users\Admin\AppData\Local\Temp\EoYe.exe

MD5 22592e258fdd7dde6b58157c3a15d204
SHA1 b21117bfb82b1a3098a3c129f35021cd74648f47
SHA256 e939c3dc8feea16bb80740893274aa080d76e895d6bdad0690c74d3b57c8e18e
SHA512 ca7759dc33dd498ac30443356d365101fd850db5b1e2dfbf977ce767e6099aa7c386a447898688936771a48c92755cf0dedf3a5acd3e7dde00b617c3e6aac3ad

C:\Users\Admin\AppData\Local\Temp\GEsq.exe

MD5 561f4bcff8b8ff29e2bf9887917ffb98
SHA1 21ea7763cd3e214ad604e9ed5d8536cbd3dbe7ab
SHA256 31742b23b4795e8b6f88ebe572fd2e262aea9e3083b8c3483ec9cf828af75f5c
SHA512 208237f312dbbcb1f133c0f6e956269174c8f6de7676949c76ef67dbf5de2b31b190d90492f4dcd3924f61f457bf5b79fd89f48a92cc77592d6d13112b895060

C:\Users\Admin\AppData\Local\Temp\ywMY.exe

MD5 a25a6e14b0d9a538956f4e3514211373
SHA1 755cfa447f0c125d89de9855268fd313c60b19d0
SHA256 18f70c57f0b00495c99984f189a59050c3359825bbdd80225976625e4280159b
SHA512 7f5e4243dd842f7e9b547ca8fd12cf8fe36ce7158708c112a045a870773971c090c85a6acc84704405e90e43cbf041f7470ef965b2fe2c6c8779594369d38e00

C:\Users\Admin\AppData\Local\Temp\qwEw.exe

MD5 ce3345b8d7e663aea1dd7453890f3b43
SHA1 09d6e6d7b6c7b14781c7f2eaee4fc8a6a0755d8d
SHA256 c20fc7bb430f7760f22eb6cd33cea324a2864ceac741bb070e43b1806343dd61
SHA512 e130edc3b366fdf0ce8f9779c903dfc44590f8e71b1c41e3749c20ae5e1bd255ca7f8f25115c66f5886529d3eac03e979370f3f452844c9d8e92c860f7e7aa6a

C:\Users\Admin\AppData\Local\Temp\QAEA.exe

MD5 95b556bd8997d45b63662a153f49ba6e
SHA1 8f123b220ff6130d1c32427647aa20ee60ba12b5
SHA256 3374eb9c001aa30c5af12dc19ce144f8caa1a5569905cda173ccb94fe3494c0f
SHA512 6ba9e5c5e60a0c91420b47a73a1c93f9b9841dc3f7cf578adba5ffbfef2cefe313736d9dd8f0def88864e0b945229dde5ecb36876b978cf5dd76d2f086faaaed

C:\Users\Admin\AppData\Local\Temp\AwwK.exe

MD5 9d4e9c339646d6d38fb30c566d12d298
SHA1 1fea158357efe182611bbc48d5861790e70ec7fb
SHA256 33a3b6af74c367ea25996c561534b6c66de1e51a20676276ed0af77ad5718e4a
SHA512 7b7cb407d43a082f014fafafd09ad090c451c20d54ea5f0cd5b41c0e582eed2bbbb1dd7755a9c67202b29d94884adfdd7dd53fa2a6a7181a5bdbfd3b44c51218

C:\Users\Admin\AppData\Local\Temp\sMMi.exe

MD5 bfa1985d8cd6b74cc4101bc2f9db8430
SHA1 13b16939a75ce5c1715d726324580d7d3e9c4dcf
SHA256 cb1b7660ba7f450985c0243bbad34f1b816fbb3fc9dfc0fd46dcef2b4fed7568
SHA512 6fd3b897b4053912f9fcb76a0abbf7d51db009ad8c72d716b4f232a9835dabb1a5abab53583d6f78124a31cd82d3dc39894c50968dc0d98b9cfc4813885b8c23

C:\Users\Admin\AppData\Local\Temp\cMMG.exe

MD5 4dfc0448e1e68ff4c1892c1079078ac8
SHA1 1299b973849dbcb2b6ca8f0d7674138d03b3e3a3
SHA256 4159664601f50a7853eb41f8f11d55c2f83f8f3e38a82ee999a14859bae3a39d
SHA512 55e90c5fdeb63c8a07251089eed402944e7d98da2122d97052742e1d8acdea5283dfe04e9c8ca945798ac0fc72ea06150d1797e6001a63cffecbb18342681e06

C:\Users\Admin\AppData\Local\Temp\SMcK.exe

MD5 d4d1b191433c2a8f6f4af7e4e9a89476
SHA1 81c486dd80a76c9cc10e04ad8f229252140dbe10
SHA256 cbec3f1181ae2f7f915b01e8abc89111ce618eaddd65093b28c777a03289208c
SHA512 125c0237d7c18e4abfc64a99ccd94cc48a0ee16fd7b11990011644cb4fd29b626efc3b6c4d1a24fe332a0da78e236c4e218d2ced2c48e58cdac08f2b3b5d9f63

C:\Users\Admin\AppData\Local\Temp\KgAE.exe

MD5 33be991d58e7ac94263db6b16d38722f
SHA1 9a2c66f2b32b277a10fb2829d2ef409f950a4dbe
SHA256 c13b16d532d6e3056125608b26da8ec85187b6ff3cecfc8f883d6682a2629bd4
SHA512 0c1fa4295a963916b608d072e7fc952855c974de583e9c1425e869c53e21412dd6648a9c9a45983c08e8e44617ab0ed86ff96bac4b81320a936d888f667a07f0

C:\Users\Admin\AppData\Local\Temp\MYEe.exe

MD5 551ac380a76cbaca800ce3b81dfc129f
SHA1 beb41440d79949d6234fa474155cbb6a5bff476b
SHA256 af30ae0ff3e7ce47d24c1323e7b0786bcdbde50ffa5e84d47e050f6b09e63b58
SHA512 6f9f0efe1f53a59dfca6640c484e06317a6ab1e030df578df11da694318e9a75660edbaa09e7d5444566bcd0ebb1d086fc3485b6ef00e9831eaa56d9dfe6e8f6

C:\Users\Admin\AppData\Local\Temp\gsgK.exe

MD5 45ead1d5df89b3d99af8025ec6257ab1
SHA1 b46c98080a45a758e3b738258776b91fbe6a59ae
SHA256 db2f827c066a3d2b34fe8b09ae69bac156d4747ea65c5d1b229d042c1e340ad4
SHA512 2e9cd3e85b417445681e434cc62ade3bfce9073c0cbdcbfe60f3d954c5355afbd5c58d653f204e624b9d37c293ea2b1f0978d507866383538bc65417d6d23763

C:\Users\Admin\AppData\Local\Temp\MQIC.exe

MD5 c995aadda81c2c6d2c9e9e0bb5d0088c
SHA1 24c440e5ca73b5dee23061aad00b4b0cde5f9abb
SHA256 d1fb9ea4db04760f97ac282511ada6be8bf17c8a6b8a450b9c4c480faeb6ad74
SHA512 0bbf9a6ccb061dc0693dad2f330d5bba8051e6cdb70cdffb69a13cea4521b1be7d039038686f36df2a27d7506a7f578dee1379b216343e8e548dd650c005e905

C:\Users\Admin\AppData\Local\Temp\aYAW.exe

MD5 5878a3f5dc12f34d1ed1c9b61a040343
SHA1 501fee94327179536f60b094d9178dacdc2609dd
SHA256 9f245c946ec055e5ef11341bba9d2bf494731b5ece07afdde4e942c00c9ea05a
SHA512 e3fa16b81bc4d4d91b8662e90a9061f3b6906da34c3bc81556fd05473d2609036f21e7d0fc6bee31026c731cb48637a9ee98dd63264732fa0e25ee1e121aedc3

C:\Users\Admin\AppData\Local\Temp\Wsoe.exe

MD5 9571c1d731682f0f3f7eb5f76f0b1e3b
SHA1 dbc274722bdc69ceb7bc14483f51f44d187b0fa9
SHA256 3821c0cf72ba246abb114e3f871679b259e7346b0fab560f4f4b2c18cdfead2b
SHA512 d7a1af071ef308107d2ef3af924030f7dc87f2813795b565350c73c9ca5343dc2789d4ad67eb0f9a38a9142870b400bc8ee5074764d3ee73df799bc23b5951c0

C:\Users\Admin\AppData\Local\Temp\kAsi.exe

MD5 aea73a68d028fdc2238a418deb1bc72b
SHA1 03d262fbf5cdb49b11a25722ef161593f3e102cb
SHA256 40800d8d0c84146cab7997ce33c185a45febdef6004b76b4f42a82f3b7afe430
SHA512 d8148601113924a957065f7703311a48f4abdc3ea4250742da42374e5586ab57e4ca82ac2c22b2dafb2191fab9b82509032e95c51a24425ee45500e15f53b362

C:\Users\Admin\AppData\Local\Temp\qMEI.exe

MD5 f5b0d488ed360a8a79538e6f37b346f9
SHA1 f52cc489f293dc2e58d5d8bfeaad8ec338be3051
SHA256 20f197a0afaa1377b614847042f8cca1d3a047d4a75475fd45ab0429fe96aea7
SHA512 3bb1e0b10d74ba621faea4b7a3f46763dec6199420a18fa653fd0a9b14a0f4247c791a9366a23952b2b5ac6ad3e118b28cc70faf9e6761256b9cf2ff2f438e96

C:\Users\Admin\AppData\Local\Temp\qcgc.exe

MD5 b65fff25a6a16e8d0fd6cae4e04370a8
SHA1 91196cc91a513488b57448d2e976dbb9ad3efc24
SHA256 99aba068bbf6fd62c7e009f073351d3751321b11450c8f2643f89d5d1b860af1
SHA512 b24af097b30c5fe901e3c2798ea16ab7b0a998f2d82e7bbdbeaddf04c9db4450c093cba924c158df6305e95c1247217c22da04c5f0e48de119e7d59aae3176e8

C:\Users\Admin\AppData\Local\Temp\SgYC.exe

MD5 e89c2080d138923702c794dfb291a992
SHA1 b21d73a91c2a94a0f6172889947e7569265ee566
SHA256 0fd3f18ba0c6c1569ff2024e1c4914417b047f588ba5591ed3ef89df7a37a325
SHA512 b208c76e705f9ddc0977357e4760b158a3d75c5b3661f32cfa1d09dcf7772e935d973d98188671c6e740de37e8fa34ea5695d01bdd680656073c36b7086a9834

C:\Users\Admin\AppData\Local\Temp\aMkK.exe

MD5 536f3c6167c75d6089162071fc22bcc5
SHA1 be9d6b22a728d1f785d1e6ec8afa0dffd0601c1b
SHA256 aeafd548317224a8dfd2d6543af6a3adc996040094a111aa6f17022a2d7c0481
SHA512 94c72cb41113dc555b89099961825401cc7f1f6b88903f668366f7bfc0e2693cc57eac23895b7df38791e714b4ff93b7fd22c3268a6a32d816c0a431e333e7b9

C:\Users\Admin\AppData\Local\Temp\YsUy.exe

MD5 f392cbe3a9242ecbdc8949334d8d439e
SHA1 47c3b9e26c0f5c9b7ca97f37e3cd7ba9eb4d1575
SHA256 2c60e3f90315db2d0b51baab76599cedb80d24c7b803e965cc1f19627625a187
SHA512 721318f4f4da7813d3e7c917bbeba31dec59f6738a184c0a48cdf15bc2be2b03aa58e6151923acf9e2a1e9c46e539b35653c3cc46b276bf4c28aad14d9a6b995

C:\Users\Admin\AppData\Local\Temp\KEUs.exe

MD5 b5a79c38234ff87a0dd3771cd46d9e71
SHA1 428fe6fbe67c8f6a8827ee177b54b8645b26465b
SHA256 b32ced0565d42218e3677f45d08ce9e177c6905de99fe4d06ee68064d36e6005
SHA512 9a810817ce503eb886d7fb37024bd51f0d01fcc45655bd4577ef7a03955d9be6a975c3e7525348d4d5e5b4217ba28b33fe93f355ce530e0a82613e09b32507b8

C:\Users\Admin\AppData\Local\Temp\Msog.exe

MD5 861eb89bef59363e7ef1e23dd9ba5f1d
SHA1 f24a1ab9300c1e9fce6a907492a57a8504bfa50c
SHA256 df13a0f8644b88e179cc35eef5db08edcd21aa3995abd4e7c1bae1773254982c
SHA512 c7d64019414321fa76896d2af50faf689722e1f68a7c3f4f82fff0e787809a2c0146f7375837e075fffa8b22e9524b5ce9913074f4196b6ecc8bf6cbc3851cb6

C:\Users\Admin\AppData\Local\Temp\YQYW.exe

MD5 41daf687e8a39bb5952f07ef9d123b90
SHA1 40035f6d566f3f3fbe6cfb9c6f9285a6948e56c3
SHA256 ba89efc74af2b9d418de2db7ce275ff6273ad428da561523ae941b2effaf8a70
SHA512 fab904f8ff6a60012474e5c7a97be65f56e0e1b070d7c1f74bc8cd0f8125ba5f8e64e15aafa8317f39571b24462fc11d7e1c4e2b0108b520c397eea630028acf

C:\Users\Admin\AppData\Local\Temp\GosS.exe

MD5 663c754e53142663a5bb6039bc85387b
SHA1 994463c0df0338d33cf7d0b8b86b958d41282dc8
SHA256 d37f91ef93062b686827e1942be2c1df9e48e38b9582fecd93bf30de510d44bc
SHA512 572cbcb3b00ee99c1c66a9bbea059651adb7e69fc079313710bb741dd0e8cd07a885b57fba483dc1a60d10dfa47b004f52c9246e306cb2c47264fb453c904d1e

C:\Users\Admin\AppData\Local\Temp\WMEA.exe

MD5 7fbab4e94e6193ac87518d5213c124b5
SHA1 6894e93079fc562bb5398445d2668687f061364b
SHA256 c67221b1ac24b6a2808dd50f594136cfcff06a817a16751892e261456324f2cb
SHA512 7e594b531f36c2bd97b3b6935bc40ef4c20eb645add9aa19a08d71506c47cf9612e3ec7afae1a868e19462898de56712ea4be3b278c70b9e213adeb112279224

C:\Users\Admin\AppData\Local\Temp\mUMm.exe

MD5 fddcb397578153a41ba2155f935c399e
SHA1 615a5884e6561ba1ce8bd78944433125ca9ec7b8
SHA256 008f7ff01c0c83bf0dffacf81ec507aeb1e94d9fb05eff2868d22d1ec70482dd
SHA512 b37d4ace75838ccbd9bd4fe29e0b3a3aac9e9cad3cb95e06c3cfc65aab6a8359da2c5e53c0fcc40ba70a69737abf9aef0e64387a30c2d99c168ef1e94f4d751c

C:\Users\Admin\AppData\Local\Temp\aowW.exe

MD5 e032d27522b9ac7f1a3afe2b4d2948c8
SHA1 d5285712069e55d0210156c08b51701dc4b6e715
SHA256 cb386088fd5b4e26ce98c19b36f0987c8d0ce03570c5c37a8a02dd1acd96cc23
SHA512 793a2e78d74aea1780ad9ecdcb78dee04c86ed74309d17c86951cc954023592add603f9420778bd5d43047d75b2ae0606fd68202e487178122e32cd2a32c7ad9

C:\Users\Admin\AppData\Local\Temp\AIMO.exe

MD5 741e0e7cc711ee6666e7d40689632b7d
SHA1 73f36062c2c1ec3104057f82df60c8bb40ef46cb
SHA256 1b894f53fd41d961864e39632267a25af86b3b6bf98409c01c48d1991b1f3b52
SHA512 d7fed558fccb673d2e235e3d7459fa2c4b6146844c356ad22cffce26a865fbfada75e206e0d6ad0686a3d4c36c568dca7d81fe986fb9c7490ee8fd58aabd472e

C:\Users\Admin\AppData\Local\Temp\wEci.exe

MD5 ba5f94755743503958fc6fd4b2a3abdd
SHA1 1cb9c63f79143d5fb7eb7210648c527338ab6efe
SHA256 dee7ea8c77129f6b2a39355033e3372ad832a5825570adee6e55df4ead1f29b3
SHA512 1ae1e1f51f4dc386665199009459a9e8544d63a1320547428a97fb17ec49e7439d3bcccee460586c95171b043f83a822a46903621539d5daae2f829d2640f459

C:\Users\Admin\AppData\Local\Temp\QMsM.exe

MD5 f93ffa52ca29d08727e186aff44fb1ea
SHA1 9cd8eee466e1783faab92af41e93abf95b8dbb63
SHA256 120402c8e4b67c30623ccfcf77af2491b6410d0f0d013f3809acf0c490fdafc0
SHA512 c12a2196810bc717394cebd620d25209b039392dedb9f6abf7d350b56835f8d21a75b5a36a6972c58aa81b61f316fa852d79587b0dae6d4cef630644b8d69384

C:\Users\Admin\AppData\Local\Temp\eIcM.exe

MD5 3e478ac302323d081290dc6efac07079
SHA1 7be9b5083f6e9e610c90fd95ae4be512773f9bc3
SHA256 8b945b7de7bb4e913971521340ca0e4145b07079124c67d31ce84ab19fcd83b6
SHA512 bd8f596ed578a12109ce7c87f86cf8987c4fc758871e4d139d4bcc83eca75440d497334833368fa1f531142c2d30abc94eb2da203a7e0b1084eac0c715ce1ca3

C:\Users\Admin\AppData\Local\Temp\GMcE.exe

MD5 6f71672a3fca40bc3f621b8affee981d
SHA1 eeb32394382b629e3cd1cdd01344241a1a1a336c
SHA256 c163b777e734e6f35200511a9c7e45f0ee717d9e66541ab4e3c8683588a2dee9
SHA512 6bb34950f8777ad8581a5d8d92575520666d3e326b988221479117dbb968b7eeb3d71c894bc23693fcd31a0185ab84ce8541d0cf3582e9880e80c753b53fc7d5

C:\Users\Admin\AppData\Local\Temp\iEoS.exe

MD5 5e37b745a3d80667e48bc936c5014a31
SHA1 4da72a00b89ea19768b433206caddb7640742e81
SHA256 d59a9d949e54448bc5082d7e12fc6fb58f9d6bcb411cc58024fe92d4ce8f3881
SHA512 76ff94cc56e18948b94a80f495f7bc35ba47a39f1835ae7f2638cf6006790ad1571d074ee38a7db69d6fa97eecd1757e61a3a60d96c496aeb02ab88f473dcb53