Malware Analysis Report

2024-10-18 21:35

Sample ID 240614-wdngzathqj
Target 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock
SHA256 324d5e5bd8f3bfdc812a4728bd2d95aa68ce1d52a476e73b3abb2d0fe3808f00
Tags
evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

324d5e5bd8f3bfdc812a4728bd2d95aa68ce1d52a476e73b3abb2d0fe3808f00

Threat Level: Known bad

The file 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock was found to be: Known bad.

Malicious Activity Summary

evasion persistence ransomware spyware stealer trojan

Modifies visibility of file extensions in Explorer

UAC bypass

Renames multiple (88) files with added filename extension

Renames multiple (61) files with added filename extension

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry key

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 17:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 17:48

Reported

2024-06-14 17:51

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (61) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\ProgramData\AeYQsoUI\aokEwEks.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ggQMAIcg.exe = "C:\\Users\\Admin\\FiYMQcMk\\ggQMAIcg.exe" C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aokEwEks.exe = "C:\\ProgramData\\AeYQsoUI\\aokEwEks.exe" C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ggQMAIcg.exe = "C:\\Users\\Admin\\FiYMQcMk\\ggQMAIcg.exe" C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aokEwEks.exe = "C:\\ProgramData\\AeYQsoUI\\aokEwEks.exe" C:\ProgramData\AeYQsoUI\aokEwEks.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A
N/A N/A C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe
PID 2860 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe
PID 2860 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe
PID 2860 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe
PID 2860 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\AeYQsoUI\aokEwEks.exe
PID 2860 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\AeYQsoUI\aokEwEks.exe
PID 2860 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\AeYQsoUI\aokEwEks.exe
PID 2860 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\AeYQsoUI\aokEwEks.exe
PID 2860 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2648 wrote to memory of 2796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2648 wrote to memory of 2796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2648 wrote to memory of 2796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2648 wrote to memory of 2796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2860 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2860 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 2424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2704 wrote to memory of 2424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2704 wrote to memory of 2424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2704 wrote to memory of 2424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2796 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2796 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2796 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2796 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2452 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2452 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2452 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2452 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2796 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2796 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2796 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2796 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2796 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 400 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 400 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 400 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 400 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"

C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe

"C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe"

C:\ProgramData\AeYQsoUI\aokEwEks.exe

"C:\ProgramData\AeYQsoUI\aokEwEks.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CYUgooMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iKIsIgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MKggIUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TYscMMoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWAUooIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RcQAogQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VigsYgQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KkcoEccM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CWwAEEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iKkgkAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCsgIgss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AIAcoskU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NiscIwkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bawQYsQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XWsowIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwYQMEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\waMoQYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yGwUYMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oAQYgsMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Cyckkwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fGskUEcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tokQMwMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEMooMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pksccwQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fKkEAAwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQUYUUcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qWUcAcAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MuEcYQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qMUQoYkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\paYwMskA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\reggwIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LOwUQUQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NIsIUEIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKUcUoUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YYkUwEgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOAYwQQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKUAIIwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OqQAIQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQIMUcIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lyYcgkgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkIYskIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWYAQooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GygIsAIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGwwsIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uYUUIkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AqwUIEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcQcgUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PeAoscwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\foAsYswo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HAgcwUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwwQAwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KUUUowsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\amQcMwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cKooQMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoEMsEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LIskoMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FsIQUAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vykQEcIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcEsEIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lEMMAQEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qcEUAAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUYcYUAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gAcAQgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQUgwwQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWYgokkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FcUwIssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lekMswoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PMAMkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MawMcIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wAgwQQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qasoUUgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcMIMggc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tSgkQwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NOYAUcEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DOYcMUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TYIEgUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VcYsYgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUYsgIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KycYgcso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AAEAwocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iiwQAgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PMoUUAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FoUIcEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BWkoYIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lIQgkAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KmowMQwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SEUYMwog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aqMkkAgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yioocoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LyUYUEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xEIwcUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rekAIIMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tkkcowQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oEIswYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAosEocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gSwoosUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XkIUOgYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vSkIAAoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\POwsssgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vQsAIkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwsYUoIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GwEswIMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\usUYIYMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cogMsYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BusEAQMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwgAwIMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWMAEksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMsoccwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xQAUkQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIgYgYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoQMkkUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ImogMkYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGckYsUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWwcIQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jWMwkoUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\deIwMgYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fgMAcQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAIkkAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wCoIQYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MkQwIYIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CmIgIcUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sSAEQggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bMokAIUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PikMYEYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hOgEkYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XAkwgYck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmQAMUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIgUMkAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MucoIUYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\suAUsoIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUgUMoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AyskIscM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAoogQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsUgAsUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zMgIAIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGogYYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QUowIgAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkUQAQkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:80 google.com tcp
GB 142.250.178.14:80 google.com tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/2860-0-0x0000000000400000-0x0000000000435000-memory.dmp

\Users\Admin\FiYMQcMk\ggQMAIcg.exe

MD5 9451410877438bfda4c282d108a837e0
SHA1 e8e9d61f22a5b98d3f1600f8c4a1b8f5c8fde3eb
SHA256 9f3b933436ee0019f46c3e0e7ce4af6091a37539ad81085d9def852588f287b5
SHA512 4e51807c32841f1bd8f5df08bdc04ed2905e6ef771c1dd5b87eec5ef7c1ecce0a360aeb34d62ca3bb05690d7dc32d55a21bd471442ff6dc3f0d0f97c872bd4e1

memory/2860-5-0x00000000004A0000-0x00000000004D5000-memory.dmp

\ProgramData\AeYQsoUI\aokEwEks.exe

MD5 85f6035374639c46d83f24c45b0227fe
SHA1 b7bcdaec7deec3e232f94daed53ac6dff3e68d55
SHA256 af6f86c826b6f4e7473d1a227ac0dc69bf4f4597acdf103474dc1d658d9137c9
SHA512 717779d606f0703ba766367b373565862ada0de9d0b34108b07267cf1b754913206a71ae06cefff2855a75c15fa79166feef55e8c4098491bb6c40fefceffa20

memory/2860-20-0x00000000004A0000-0x00000000004CF000-memory.dmp

memory/2252-15-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3024-24-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSsUEgMg.bat

MD5 42aef8fc3ef804de95e5e0467e364721
SHA1 f735f4dee86520cc1271daeb6a12abab185fa768
SHA256 c3aec8f127485392347a3b7f846ce4eb94174331f6ab2f589dfea1c1056774f2
SHA512 48ba8ff2291f5cba819de0b99a460252229e5b1ea5e92663b0c2d52e502d3ac60f309281d8d016f62b7c1aeb57e477bfc9cab3c15576b3e5989a5f5ce68e71d0

memory/2796-32-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2648-31-0x0000000000120000-0x0000000000155000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CYUgooMc.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/2860-41-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

MD5 4b8a9dc8daa40ee3fe9ca2406b0a6201
SHA1 2209e19a1af6e0b4ef96632136e449635e3585fa
SHA256 07d3aeca5d09371344e66abd6cdf2151d2f05d84a568d31307bec54ef850600c
SHA512 63d8df0a7902bfc6d83697aa34d14f70ded087591a0c534ce68e2ada936a63609344b6e717b9e09c736c8e2edf371e83837873317d21ac1b20c1fe40f2617cc3

C:\Users\Admin\AppData\Local\Temp\eEQUQUwo.bat

MD5 e92e38777024b4f23dc5ac3675de7b53
SHA1 1febe5d3c84f22e31d798cd96b445a6c0763a80b
SHA256 379082a56cad1646f5b56feb28aa3831a229d75b417233a8ea391fc7861c4102
SHA512 a7aff69a0236c1d1d79bb167e2acf45b7b8aa5ef0ce0369cea349053f48b15fb69bbeaa83717ac505ce221b2b53a59ddadc0764658d3400eb96cef4f5daebd44

memory/2452-56-0x0000000000270000-0x00000000002A5000-memory.dmp

memory/2452-57-0x0000000000270000-0x00000000002A5000-memory.dmp

memory/2616-58-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2796-67-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\iYkwwUUs.bat

MD5 befa18264f7f370b488deb6ecc6a03df
SHA1 eb32e78951d888f8676d20fc90f70cb8bda139a7
SHA256 178a267cc23a49cd625250746526c989578fa63314d7e5803c22e0e3b6dd6f6d
SHA512 f9862d26453cc88679dbbe6e08a177599f18aad84b902a30030dd08c69c053dbdb0078417610274f20f1888d99873907fd7ad29267c7919c81cd20476d67c912

memory/2128-81-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1860-80-0x0000000000130000-0x0000000000165000-memory.dmp

memory/2616-90-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eEAAEQIE.bat

MD5 7e74df57832055aa57e914815a65aa5c
SHA1 fc99df96d52c49718fa3113cc5de32c3062eeb94
SHA256 a0acafee8a52f20805d0c25258da56126dc333f7b1d24b0f12a0976d3852fa65
SHA512 3393d77fbfe47a2b9edb4c75a910c4ced228d2790512bf8db95ae6e97d806162f64c2a4315a8413385c3bc99f3b34a4c477eae7681f1ddb7faf5cfc5aa61ce7a

memory/576-104-0x0000000000130000-0x0000000000165000-memory.dmp

memory/576-103-0x0000000000130000-0x0000000000165000-memory.dmp

memory/1396-105-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2128-114-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fAUwAcoo.bat

MD5 cf491458fc72ae025cb82b8e26d217a3
SHA1 11c04c5f78beed3c61892f2944cd21b3873f1d68
SHA256 5c721c712cd7e7def7c3a40b85500cd8e07b9279cf7b74a504321c77d2cec349
SHA512 9d0dc4334d61864356aa0086873466eafa4abc965faf67d75b8971e020d9c6c82029cafb62aaa63be917031d56d5bf529a77a9df73b6d23e2878b323b8e418a4

memory/964-127-0x0000000000160000-0x0000000000195000-memory.dmp

memory/1396-136-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\heQIQIgU.bat

MD5 c74d1bc129b60129cd556a802d821ba6
SHA1 d6f2bb49dc31253518ebf49d10f6ad369ab4905d
SHA256 5924ea6961c5bbf4a44e03bab22cca7794476ff0f2bdc5a4db0902608c6a09d4
SHA512 2c6c57329bb4b8061d78a443a6f3aee6ebd1d07cde452928048d38349f6d14ee13db6a3170811f3b6de7155b3ee5631e5c0586ef0faf5541f377201d5f12bdb5

memory/2068-152-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1220-151-0x0000000000290000-0x00000000002C5000-memory.dmp

memory/992-161-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DswAYAAs.bat

MD5 9b36316e272c6d892e38cda0df85dcb8
SHA1 2b5bb31ed6bd4c7bc42e60820cd2ab2c80d28d9a
SHA256 2ccd07988801c374d5e2af7a2bd1b8fff0ca51c151ea6af06254ceb43124f932
SHA512 8c035368541ca5b246e0ef3b4805015d68a0568a257a49057e4a1079361e77cad346783783946b530588c6e4829041ba8c39b4df4da91e1854743a6e42d850ef

memory/2556-174-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2068-183-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SYEsMogw.bat

MD5 b54f11c6f99b5430057ac8f2141bb415
SHA1 79c946eeed0ff1cfea1fcc46b9c6b70536b2806d
SHA256 2ea0c73482a5e7e2883c70ca221b13f496156fd649de83922b8bea4f64b9f12a
SHA512 b1dc86bd00177a1d7264132fa1640659ad133eec0d9211ec7bc8843de764bc7aa703855dd4c5994e2f584b2020db96505640c92964e7fc3e97a3208adcf5c6e6

memory/2176-197-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2672-196-0x0000000000260000-0x0000000000295000-memory.dmp

memory/2556-206-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oGAkUAQo.bat

MD5 c6a420e5862a873a3b4e1331a944c1db
SHA1 90770780f52b08ac5153e83a47d86b7360c79bff
SHA256 2b54174298824ad1b299194c0b10b1eb79f7679ad3bdfdd2becc581bcc783659
SHA512 c8bfad5f7847fee244fa5690a8122ea8273ebcc657157c3c2072bebbd304e99c06505343efcf37ef259aae2efed0078120814cc906f6f02e59ed709bf4869123

memory/2616-220-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1568-219-0x0000000000120000-0x0000000000155000-memory.dmp

memory/2176-229-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QKgcgQQM.bat

MD5 cbfebe7c25313e4888afad1e97ecfbe6
SHA1 ffedfd2f838568b35e81b1521260e1967a559a4c
SHA256 f5f560c594284e1cc4681fe82843da5dfe303cd09383c79a2f3dca3ce1a46704
SHA512 716f879a9ea168fa6f5d602c6c21e74110e67d88f78e5421be45f3fcb2e53bc91ea70fc497a74691f99a750f46fa2d3267cd7609bfca0a9cd61c091626eee76e

memory/1432-245-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1412-243-0x00000000001B0000-0x00000000001E5000-memory.dmp

memory/2616-254-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OIUYskkk.bat

MD5 19e7ec84a4effc3f70652c14fbb3121b
SHA1 a3189f64848d689538d1fa2b952bc029d7ee4270
SHA256 f8bb3d618275a6d5a810517dac7075055bb90addf30e6b4d94033fbdf1271843
SHA512 be671faaf497e30c9b822175cf90eb5fd58f240f4ce3f059f510e19a4799fef04b874ff0112073d3c8e7551505cb719c0ba332dd7931472eb889ed323c914383

memory/1540-267-0x0000000000120000-0x0000000000155000-memory.dmp

memory/876-268-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1432-277-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\UUgUMkMc.bat

MD5 fd2c102a1cbc7e8405f14eb5623fd8ad
SHA1 997b2b806d5219b1a45b7e72a5dd3102d0a29150
SHA256 22534e2be894bba38e45c3d85d7f978c0853a438bc3c69ca32c163422e457fd1
SHA512 05a46b1a88279b864cba48c8e4eaa2f3a3ccc1b72f4834341541e432977e7fa5eb56e590da8a98eecee60ac8040744b8f631ab8cb1d7d47e8e75b55a180aaf27

memory/1676-291-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1264-290-0x0000000000120000-0x0000000000155000-memory.dmp

memory/876-300-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zSIIgUww.bat

MD5 f32a637d77f1e387863034e2cc055302
SHA1 69c796e3906c3b672e80114cd9dc490bf13d0343
SHA256 7f7610cdf824b64ef907c848504b11b4bd3f626872dcbe9b5b099f5f213ed26d
SHA512 de64e9d2e0457cb12429bad8e0637cd613522774a87be72e9abb7b6afa15227f2d42b3fbe59953007b46d1b5ed9fa90bf71bfed2ba06ad588a0c810000d501ce

memory/2684-314-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2708-313-0x0000000002230000-0x0000000002265000-memory.dmp

memory/1676-323-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\XaAQUAww.bat

MD5 2b23a6eb44cc6c7cb21da4f817554a73
SHA1 45cf7f352769749a5a9f2d29eddedcfb84a73675
SHA256 706d94e6dad4de75450186f0809df437e31af97aac3ccd0adf6aabbd5a01a243
SHA512 c14408cdbdfd989af87db43b7c8e81872cc221e159f55b2c8c211ddcb274f933e8d774142f13228ebb5c84f40a18f8242231fbf7fa6444461d63987533674e92

memory/2276-336-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2684-346-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RMwwAocM.bat

MD5 2cfcb493f0803372f23bbcf8e58981d7
SHA1 6a4fb354f9561b8ecc3016ee004b9d8cde5a5906
SHA256 137277a43c1801b3a7ca1270808bc82170c51c7b7d119ffe44e9d83d4a136347
SHA512 4cdc20a235ce95ba221ad545629ec39c7093724992c1ee841a136a7e92758fd749166a16225fafef8e82e3af1d517f9a352951a5a4dd9518fd4ab5b018fdc7da

memory/1456-361-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2196-360-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2276-370-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lwUgwEQQ.bat

MD5 3e23c0d3f99ff4e4a701289471ffb2a6
SHA1 5a4507f12439350904ec636402d8b5ea81da7b25
SHA256 2c3d20cbcae111cbc3e6f475b6f1d92e780ad0de860f11c023ef05ac11b5aa7c
SHA512 3340953537beb77b12c04edbea2f301520f0b0d8d368f7fc3c63f37fee4d5831990ad1eee2656c7e462ff2e2dd9b344bc9bf6e2a100f61dc3a570fd35ba5ca91

memory/2756-383-0x0000000000120000-0x0000000000155000-memory.dmp

memory/2756-384-0x0000000000120000-0x0000000000155000-memory.dmp

memory/1456-393-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CQssUsEQ.bat

MD5 e5db48c94c54a05b263d6f2555137cab
SHA1 6e95ebba6ea193652901d095963bfb3681e15194
SHA256 9f1e6abfaa0528c584604c814df1fee89165d753cd52f72ea81bd08dc4472bdb
SHA512 e1e85dd7444e699412026ee30abef35d76d1dae7c88a57df54195b0bb85884ead511db1ed41028b1f9d2f945237cd6cd22650c0c40f8d195028228b3b8c26c8b

memory/772-406-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1720-415-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CIUYUQcU.bat

MD5 901e0bf86ac8d8dd159742440c86132d
SHA1 24d9e084118ef8a478f3c273918c3880694df023
SHA256 c4d7eaffcb442755b514860f2972332c200ffdedfa654da570177c5814a0ecb7
SHA512 30a183d7010043937c81653d4eb0da8a9bee875cae773eca7f4cd6f3981bfa920552c93950b32d5e532590b684e9a963ed91c720a7aa474e86d3e9e84727735b

memory/1316-430-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2268-429-0x0000000000380000-0x00000000003B5000-memory.dmp

memory/2268-428-0x0000000000380000-0x00000000003B5000-memory.dmp

memory/772-440-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EmYAYsoQ.bat

MD5 8c2e3a0d2aabab72c9a61bc884e71d78
SHA1 623b85ff2c9bd817022a5d60fb7facbb6e5ee754
SHA256 11d287454c3749cf1d293c6963b49945b21b0084a919cde6b834070ba8f7920b
SHA512 4258a696aaf4e4f58d43b6a35b54d1df628a7bb13059f41673156fe7db5740ba399d1cf8cdf79cb987a5bf47afdad2e36e5b7662ee24a39a04598f41e0c001e7

memory/1220-456-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2504-455-0x00000000002C0000-0x00000000002F5000-memory.dmp

memory/2504-454-0x00000000002C0000-0x00000000002F5000-memory.dmp

memory/1316-465-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CmAoEUEs.bat

MD5 5b88610cbb18b827f3f952724537e775
SHA1 cb1d465a637388ac862c0cf5519f2ec87c210125
SHA256 a663e050c0f307c9e23e69d8201cb57be68849bb22d5dce78de4ccbbd43e322c
SHA512 b72a3b532143ff8f5986d366c0ac2b06939c3e427cfd58d7fd38e97fe8bf6384c326bf846cd04ea62d113fac73cffefd569cd91892fba5c44db4bd89916fd153

memory/2960-478-0x0000000000180000-0x00000000001B5000-memory.dmp

memory/1632-479-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1220-488-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GSIkgUUE.bat

MD5 89d09fdc37f14776d4a34b9b42339df1
SHA1 2553aa2b03e4bc20cd0009d597186189d38b9b88
SHA256 237133b861c8d50e301a0cf220b61a206dad906bc005b37fe9b763761b8f2056
SHA512 1e456e33a46fc59eed82776ed4f2237b41af7d64e553f0d88587022a28a665e075699b4322cd00907751ea60b6662c5038cd1d3d091b80016f1db60762781eb0

memory/2272-499-0x0000000000290000-0x00000000002C5000-memory.dmp

memory/1632-508-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\hqcwYosY.bat

MD5 d33a8b663298cfea67fa1ac3d79071af
SHA1 c0bb2fd3eddee4acefd1be922f975fd90b0b078d
SHA256 14a866c9259817a30388fa9b2ca02345f354b2e6ca714078a9116c94102d7bac
SHA512 4cde493687db90bb5f0870501d11938e15da216831af4dbc9984bc3aaf02b3c2a34ecf03a7e590d699c5d06e65847211623a8d753590a7871d27d9bf09fbaaf2

memory/3032-518-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1856-527-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xKAUUowc.bat

MD5 6cc099ef466b399fd383af579b099cd5
SHA1 b59bfd8c948e458f439db9ee3e9a9c376c6d67d8
SHA256 2c22d050938226e97a23ef282c84ab89defc63802c802d143850fa2ce18adfbe
SHA512 3ab3df8cfa3c0ffa89d6a3473ea432e6fd860c0562f26d3361b75d30f5cc3b1cde81cfce01daac10bf3cc3a1ac38fa0fa7d7ec718c6ddc322944a7d803a5ece5

memory/3032-549-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1344-540-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1484-539-0x00000000001E0000-0x0000000000215000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RYMwEEAk.bat

MD5 7f8d5c88f7f6476219f4d09b1b35f23e
SHA1 f269ad6307d151a98900dd7358675d104d8dde56
SHA256 e81a01e31777ad0b3c2d16fee48f3dd161362aea1bbea89e50afa166603c3362
SHA512 e58871fc9b17b6e28be0fd3e8ae1bd5fb0e93cfe7592f118cc348a3b324db895a78335a5f9fea2ef293b8e607b8f90cb06639e91df87cc7f7319f4442e348b10

memory/2920-559-0x0000000000270000-0x00000000002A5000-memory.dmp

memory/1344-568-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rCAwkYUo.bat

MD5 f23e91cc60c6d6aaed181e5cf1ea3306
SHA1 486d8a25c38d523f109588c61b502f0e602aaeee
SHA256 b4e097f105e26e7252ee2445f5221bd34d197e3b7e4e755fbf348c32a8cfbde9
SHA512 8d1c509f1eef37189df626b1559d6f28ab4b4b1f6287349abaffd134c1f57a0bd07bf368bd479f38ce444be413d244f951c6dc8b97f8bec2b6894abdac2ccc48

memory/1868-579-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2664-578-0x00000000001E0000-0x0000000000215000-memory.dmp

memory/1728-588-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QqIoAosk.bat

MD5 1e28ecbb9564d0e594b06f91b6449fcd
SHA1 b3450336ea7217d3cc0d977ec9923a4ec32fb60b
SHA256 dddfdc1749f91d93cacee81ab942190beb3bd317f0c3218795486424e164ff09
SHA512 858e2d2bfae014648b801aca8f1ed54cca4741f9cab68dba815d7d15e8c72fd4b72294484f047ea54b4f751991cf073682fdee9428136b66548546d339e173fb

memory/1472-599-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2764-598-0x0000000000160000-0x0000000000195000-memory.dmp

memory/1868-608-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\kmksUoww.bat

MD5 0a4ade978bd4644f14a16fc91ac51331
SHA1 701c8f1e384a7716a891f5d5e089c12e03adf342
SHA256 aaeb8188ef262786b3538f58f6e68c788a71ae00b5a0a3fda7d332dc2d35ff72
SHA512 fcb51deffab6436d6fb2eae86f6ec6059d9cc4025cdf877ef9e4378628e9aacc75e57b41e40ed4c0ef89503b725dd2d9087cf64eac9ca0d56c47c7fe69c37111

memory/1440-618-0x0000000000270000-0x00000000002A5000-memory.dmp

memory/1888-619-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1472-628-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eksoAQoM.bat

MD5 1ce49d760124c6e8a2fe070534d2d5c3
SHA1 97a14ae3c361fd15e80a791190f8b6cd610e6beb
SHA256 b8335a17a77f24f1d1be946dd5ba6f8a1083a54d83143df82ddc69d669095631
SHA512 3454513e0fa9c9d33acd49bc8a1f1db45a19aefcf8ff8814a19668bc1e75b9b0219519e86a0ed555238ae008b8970bf43cf6d2a219a9151b8a5c55ce1c75645d

memory/2892-640-0x0000000000190000-0x00000000001C5000-memory.dmp

memory/2892-641-0x0000000000190000-0x00000000001C5000-memory.dmp

memory/1888-651-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1416-643-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AoMoIwUc.bat

MD5 eb1d39046124db0111d3884b4f4ec63b
SHA1 886f3379a0b54e709ab3c5ee164ee74b5c9607c6
SHA256 41b3593613847dd63bc9fc7b8aab67c1ca2d4249a10d49cb41a870b5817d7490
SHA512 05df51c969caac7900fcae29effb029696f37eb5c402469fcf28fb5edb7ea531d3f92b9a2ca931faeb96eede8f554916d45c145dc01104217231fe54a267bf87

memory/1860-662-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1984-661-0x0000000000120000-0x0000000000155000-memory.dmp

memory/1416-671-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eqoUEsYM.bat

MD5 1e8b70703f6c207b070755a37bdf9654
SHA1 f1c83a5a9b8b698d0e4a2cbbdfc7edbfa907560f
SHA256 bf575f600273ab67cca2743bcfeeb1d5574b95cad019f77dd55edab5f143a021
SHA512 7d6f1e72aa01dcb9088576dfcb9f2cffe1b4a06a95e534b22e01cfbe40fd6a9a0f0a0723c0d526bf4ae367a03bc98f56e6fe22c97ff56ab3597d91ea71374b6e

memory/3004-681-0x0000000000420000-0x0000000000455000-memory.dmp

memory/1396-682-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1860-691-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nEAAsYkY.bat

MD5 2299b55f5a50785defeb42f7c8757704
SHA1 460040098e6bd76013cb4692cbe83f5939957eec
SHA256 3ca5319e64804ba212b014b4f42c9d340669e3f7cc686aa137c443284f07d63b
SHA512 585a675aab7d50d7d2a5ded9422548c9ecc314b584afbd31a679e05eced6f297a76516c2952983384346bd907ce156a595be2f3d4bea5f52024527c6648ea59f

memory/2692-703-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1400-702-0x0000000000120000-0x0000000000155000-memory.dmp

memory/1400-701-0x0000000000120000-0x0000000000155000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\iocO.exe

MD5 c95e8ce167fdad67dea87af0cf5b9773
SHA1 0af37ede240c0fa3fdf4ca513349fdad0b655c4b
SHA256 b1ce0a2e11410b10cba1f835f25f853f3cfb761e31e2b3eea94366cea674ad2e
SHA512 2ce9ebf1755ef68b33c5549b3bd6148631e44e6caaf4fb637e74b61bb522bc1e265beba601c661cf574cb95c4b2ed13ee32a7e594ee77dcf1ff7420a77a1faf6

C:\Users\Admin\AppData\Local\Temp\lYYcsckU.bat

MD5 9c9fc1c430ecfd0fc63eafd3edacf06e
SHA1 ac70d1fea45b97a6ab8c93a50d73501a999ebf55
SHA256 3f0310922e2ae3a46fb896681ae707e153bd26fe4ec7fdfaaae01b704d16c4b8
SHA512 17aa472d9787baa036455267c8877be9a618f00b5a912b8d3a71a234a483e2ba911237e5bdebebce6f5786f160ee522bfdb38cc042221e33311644d1eb321b06

C:\Users\Admin\AppData\Local\Temp\vEkIIgYc.bat

MD5 689b9e4415316d5bbdc2bea6988ddcfc
SHA1 8d7ee69e895dd682488cc952d6242601f716a7cf
SHA256 ff24c3c3eaefa3455cd7c85f08f6ff3784aa98d6bb620fb3fa467abc5168c7b3
SHA512 cbe71ba8abf2fb03179e6542771b81d3517f642423cbd299572094773d5c81ef2657622544ea4654f2ad17de0c5f6b68bfae01b9d24752ef8c6e8147ea695f14

C:\Users\Admin\AppData\Local\Temp\HEUAsYcA.bat

MD5 abfcfdada576706fb99290126da2d5ad
SHA1 94307937e01e17aaf658d1615401a840957d5402
SHA256 5e9b113b5bf17560812ff979115a1713d8747c069569e928f27f97cbb56d4a36
SHA512 b5ccf523de4922530f56cbad67cc445bf02f47d93719db8fb43df672f7a6e84366b257e85dc71f51b05c75a20f9f9dae765e189d2f7da114510fd4c000b2fb1a

C:\Users\Admin\AppData\Local\Temp\IOwEAYEs.bat

MD5 6476e07b60de82c57d79c40aee225349
SHA1 a2fb260d5b4d760d08f5c641d197810194b10bdd
SHA256 f3a96236ed5047876f85a8aaae414a4c45d4c5c4d77256595119027c1c15eae5
SHA512 e6b83e95af31755a03e8395702fb0baefa8eccbd77cf3eb2485d06b71240045a60f0ee2252126ec537fa80b7c8abae08a3f940ab55dbdd5e1901c506fb989549

C:\Users\Admin\AppData\Local\Temp\mCkcoIoU.bat

MD5 d8e055968021344109631ab63a3eb440
SHA1 423585bd11e63f883f08392748dcb79b594b17ea
SHA256 facae04f23799693c1e613456b627e6ef1232102d5630ad408443c8fcdf342db
SHA512 1bc123e05b5e3f4d42ec91c90ad32bf36cfc6a5067cdbe9356a5ba0b34e09ba727e5aaf95467002a5b21b8243d8585c3b8b8645b9ce45e577a1037f7530da436

C:\Users\Admin\AppData\Local\Temp\aQkoQoEE.bat

MD5 15553e75236e909e7dc2df16690d3797
SHA1 e239be82b035054cdff2b777cdc6a602ddc2127b
SHA256 002c6bdb8e981f58c6eaa5ea3e9c334bebc97c5b952807f84915316f90ed4c64
SHA512 69008f33fba9dfe3e0a7c8306a32095ea90712d99dcadc6320c20a4e4f123845dd44f18cff46714bcabd43df301ca5f297090600cc335bf3abf82789b3d4c5fd

C:\Users\Admin\AppData\Local\Temp\mUsEMYEg.bat

MD5 2f85bd4a6387c381f7377e7f7f5929a9
SHA1 185af93bd0895d6e017a82b1ad28acb3d0a55668
SHA256 14eea5064a87b3d7a34676535830bff1b3fb9cb06a9772920fb6e8e810cbece5
SHA512 77b63d99435091d1262e4b73a46e7c3a0a3d8d8e2c0944a31c0d2a00e2f609419f66c8af60c884725872e635548d663c676a36880fa894cc6c78ae2c7ffc2e27

C:\Users\Admin\AppData\Local\Temp\pYIcAcYw.bat

MD5 72dfc38d88470ad999f4c25b48bb7a0a
SHA1 4ca0a9be1936187f872dd1256c0e0e507d4a3717
SHA256 feacd352b9447c518efcf7e3d042f627333c577e75508b06007845342eefd2d8
SHA512 d889b66ae7336c3236b4969ef87a22a7edd8d30dc3b553a721d37dc4d7fc88baa151ec7a833b74526de99cd241484ddfc24ebc26f254e63b276aa7460d94fae4

C:\Users\Admin\AppData\Local\Temp\rYcMEgok.bat

MD5 ef2bcf759d264d4894acc6341ebd84f3
SHA1 de0bbca9133267bbae3e2b20f89686196400aeb2
SHA256 45336c5858a628085d118f8bc4abad212530f2bd1202b646bba0614b086e36e5
SHA512 30aa50eee2db4413cfd523b9304e42fbf5bf7ccd87ae3f8d62bd52b6fec19169adcff3fcf91e8c6d4e91d049f73b22a812d1e85570383d9b5edf9496b1936a44

C:\Users\Admin\AppData\Local\Temp\ZEAkQgkg.bat

MD5 93f704b20a2bb38bda0f61830237a8a8
SHA1 2c2c1c37fc11f03aa3552605ffda288806ed9256
SHA256 07a69e4033f5364f435cf6e56a9776fd74332e174ff9bd8aaa041dc6098ced7a
SHA512 32d441592afde69043f76a1ff6206c35eb2dca331ae3d5353db5cec1927a42913256e8b1f13e83afe15cb6e802fa54f23958d6c860d36463af89af3fcdd523df

C:\Users\Admin\AppData\Local\Temp\NEUMUAwE.bat

MD5 b2544832b0949cfbf3304c163e62334c
SHA1 7830ed0f46c4cdf8bffe5afb526084cde290066d
SHA256 cd5316ed391d3242c09d2efc592ee3699fe9b098c1fa5fa2b5ab49fe475dbee1
SHA512 447ff2e2ec063508684866dbca6697ee9abd25cd25acd825650194be32055474197d584bd10f79d532428e3eba734173d45f3515ce1cae613b36111660652b7b

C:\Users\Admin\AppData\Local\Temp\uSMAMAAE.bat

MD5 0401c7da11c7c924a3193eedf9150788
SHA1 dec0982a97970d545fa8c2e25288180ce1a89237
SHA256 f6d19f95ff7b85064f58ba765a05706b25134d2985aad19671d71235ff784026
SHA512 58bf94375fe34a3772667198dd21b97b9a1718fb3bd7297257e90f6f359425fec4b024fae42f9d32308be912829b7dc4cd357bf8bd2286d19b77e2c6255720c5

C:\Users\Admin\AppData\Local\Temp\gsIAwEQs.bat

MD5 32584671e103c10bb1f9b426098466ec
SHA1 9259b17ccbb500c0fa12e3eeb3373be4dd5fccbc
SHA256 dda4fa5c90f554a9ce64a364d758db016efdf5bfb9018d527105954175d69698
SHA512 f302b34e0167fddf54ced2d42fcf0269f8a81cb5d5653b4d9aaa09caa09279f54c1377a7c4a3d95eeae8c881a66543a30186a25e64ad64a5ca01ca559a004fcf

C:\Users\Admin\AppData\Local\Temp\yeMwsQgc.bat

MD5 faae5e4afcdf175c4836731f62b3dbd4
SHA1 44f0b83b9eb47d00fe9048dd7605520b804bb37f
SHA256 8b6d65eb40b625886c75e75f50969a32ae97dcb65dbdfc36441abb099fd5e7fb
SHA512 2401488340d6769fcbfadf5e4a02f254c6d1dce6b40adbfcfac1f8224c56cf001ba148e068296e8aeca0d9dba1e8ce66cf4fcac26bc0cc3c4cb39279c693c054

C:\Users\Admin\AppData\Local\Temp\OiwMogsI.bat

MD5 c43248ec7f91cff36018c0878495844a
SHA1 574b5659ab29d08f7f55190872cc730aaf1ebf4d
SHA256 3ead1b195d166732e3c69f52f1ae6bd1b25381f7ae2e045e11036c1950b5fa35
SHA512 d24ac97b463ee627e303b4babcc4d17e262e4040d035b9225bd439d8a4367a9e08a7451f541ff311ed1d915ab3606f9d9ed9a4f75bfcabfd2fe4b236d20a306a

C:\Users\Admin\AppData\Local\Temp\oIgcgkoc.bat

MD5 fa7067a5395dc251e4278cbb10c9c750
SHA1 e2d4e0a6b7a30ace30093e0d3730e39f673dd180
SHA256 ebbb10d3aa8cc93bf894e76e26c6fada55f7568e27a84178008a463f136dff9c
SHA512 522f81399b2f8e8e79717661abe4d547c95a22b9800bc784397b14436b3e5b9afb74c827b46debd1cdbdb1155b02db169b65882c3c1513e8497926e7e143c9f0

C:\Users\Admin\AppData\Local\Temp\HEAIckQM.bat

MD5 f7afc6218e2ad15a5be80e107c303c05
SHA1 13face091804870ef980159f3e46f13d31857943
SHA256 811f8be4446a7eb88b981181b1428254d5fa720bca980aa40816e63b6d8359f7
SHA512 04fac7f6e6b8bb69de6bf5e54fed9f0e5664453e1344667b4b6dd0a5a0a639fc5c562b3015283506359484fc429997716cb46319bece31e1ee5e6b9152fc924e

C:\Users\Admin\AppData\Local\Temp\fWQcQogA.bat

MD5 5195de43ee45d25dcba7adfcd63f031f
SHA1 240be45e24a2efa3f97c5d73f3f78f8860884522
SHA256 4d70c0313711cf5f2522f38ea401723b455834db18b2e2208f2cd5f8bfda8bd7
SHA512 2bcf16a9b26042c97da9c7e2b982ea640e783259ce1bdd3aa95362dfe528e091943f610b013508975bb671b3834d6c1a87e33e93eb0f5e51c4666c7922e0ecbe

C:\Users\Admin\AppData\Local\Temp\FgwwMkkk.bat

MD5 dc07dcd6f5ec129527b3e3a19974ea3a
SHA1 1d6188225ed6dde3c9920439a0727272b1354fb2
SHA256 86dbb90509936cabe843ee40ca22667165e77af66ee0211cb5d750046509652d
SHA512 867f3d9771524b3b4974a78510336e0f358dee64537cd3e17919b325ab96b96062a5ced52866c090e100331ebdf25541aa613d8139eddab148ad754f26f94fc5

C:\Users\Admin\AppData\Local\Temp\DEgQAYwg.bat

MD5 f68ed458b84c4a63850c63e6f784d49d
SHA1 4c7018867b33e3431b3a7e195837a57e27f7c8b1
SHA256 e51c016c7a6a4ce5426359475275ec27b24bb3ae3d1877836aa944c26775c5f7
SHA512 14582702f9afd96231a3383d4edadc23eb7753600d59777ab4de583bde31831788dda66f1930e383ad65ed1c1c4be825efd1b9fe8c3ee73bd3cb8aecce912275

C:\Users\Admin\AppData\Local\Temp\CaEAMQkY.bat

MD5 ae7a2319620d40881ddbed49745f3da9
SHA1 49d76b8c39058b8db4a821dc2e3aadd13e0c93ae
SHA256 17cfa54963b2df7711cf4a320cddabf5648386527aed54b82e81b43b826a612e
SHA512 201c08c69e83c97cba1723982d906bc6d52c2e254f50c0605c3c225a77c680724c08f0bc09df46553c4e07dc4bfcc93c94e4af3d56f8cb592f20f909ae952485

C:\Users\Admin\AppData\Local\Temp\AWMgwgEs.bat

MD5 87464a6a7dd0d0b90c9ccf7de3e49235
SHA1 36dc2064f546cb8b4f18f8681c5401138ad1f4e0
SHA256 4eebf6e69f41cd855f2c5c130dc8e9da58049949011dc6effb1e1273fc75a8dc
SHA512 3b5a837127db7c7fffffbc6ae60ef0ef3f9247e0bbab7e084b565a0f52891768db7c44981789ef245d76ea5ec806dc5880fd1befea0d4a272ed4de448e226efe

C:\Users\Admin\AppData\Local\Temp\AYIe.exe

MD5 f9ffcffb8726364d9da58ab2e6f1ae3c
SHA1 9960e59b18390fcbb91c268bbd3048b1e8f55176
SHA256 723b6653fac804595c3c049f46dda6484640b37466fee071a114ffd764557bd4
SHA512 8390e8321077ac40c70d125a133879e0dbd618074acae9e6c7614b3d05e750dac887bed7ad1f4b1b38fab3ce3ab73fc29ace6c21f9c4886b8850a951b1e22605

C:\Users\Admin\AppData\Local\Temp\Kkgq.exe

MD5 33274f8c5b8c7081f71794faa891f66d
SHA1 7e4633e76c941abb4e61bd05fb9042ebcf22fac8
SHA256 359a6854a693c065be1f8fec554d5c3f0ab7462ecf7b1783bbd427ad843b3f9d
SHA512 5a739f270b04f7881885b599fee3f95cd1b7c1bb5bfd69351c3cbe568c5d010c74ae927f7bf544b59298a8690dff3090d7f4323980bf845bd76af1fb61317452

C:\Users\Admin\AppData\Local\Temp\eIcYUMoo.bat

MD5 e23d8e1037fab903dff9d6849a1476db
SHA1 ab73882d84ca1e4cf15435e56bbfb827c6508eb3
SHA256 04956fefddc923963ef9f3120954c80b0758049dbaa9fe88745bca72a9b7f04c
SHA512 4f8d8024b66e0c37484ed0c42603e281b7d450964908687f3af24f27bed4ad9502d51c19ab98ff0594385b7bd3bda33d5ce9b05758cfd944f1826bd4ed8285bc

C:\Users\Admin\AppData\Local\Temp\EUUS.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\KUQq.exe

MD5 ba9d65db0ee3af7e69cd4b14a9bbabaa
SHA1 c4d6ec0f2250c654698ba496532446f82fbd4a8d
SHA256 668b814d9e27e79b95040c0fea08bfe2eef307d3fa3da7d604cdbb0a18cf168b
SHA512 2e680d3561d6908d39863b1a68e92c3d211138a265a07278a885ac0057ab2c5100e77409acde4b6aa4b2c01a0f2c1ed060c4cca3f6f1615d76cbea86c38c8d08

C:\Users\Admin\AppData\Local\Temp\kkwO.exe

MD5 a0fa2804968982d1ae845bcb84faed45
SHA1 888ec5ab40d04a6cb3403c238c111b52d4f67992
SHA256 2a72354a0b1845b52d98934198b6aa737a5c49b536e2e977e8a6ed0021e6eff4
SHA512 7dc867495d3dc99e887c0f2d57fbc881e5ff4cbad09baeb5b3d0786e1b67f6c8262e780316bb6ddf89eac84f61169a5b2352cd76bcbaf21a35e303f79b65c437

C:\Users\Admin\AppData\Local\Temp\cAke.exe

MD5 0ed6d16d5f16b425cafab85c59b8ecb6
SHA1 f80528f94d102351e4a6f87063bbd960ea0bf386
SHA256 ba568fb282f50178afd5cfc98f85e22517e03414a63bd82e375d241b95976ce1
SHA512 f258545e88968ea91917fc84e7a087fff5a52d94f7279af509a8e0e987741c3a3d0f48336406cb4656ad949fed7ef47d0fccafd390fe6b1e19a806171d9db3eb

C:\Users\Admin\AppData\Local\Temp\Wkog.exe

MD5 b9d68a02b1c14088d7cba7273773d179
SHA1 89c24775af6aed2795fda77b965032afac317149
SHA256 75040f2c2b608f8085bcb1b5538ef52ea1b65af71e77b8cead065277ada52798
SHA512 a0ec215215aa62840f2a77980268b6c4071abf998108fe7de41d2f00473306ba460fe4093351be7936eb7648df04d24e58378a3a6721d5cf680625fb79f19fe8

C:\Users\Admin\AppData\Local\Temp\IsAAQoAQ.bat

MD5 8cbd387e12ca7e0da707ac8874b5e33c
SHA1 60bf9ab37540a161e52c51ffe6b7e61eca5b9e09
SHA256 672b667d58a7a8c5acd7a77f6d3f5e930073952ccb4d9a17830afb9dee9087c1
SHA512 69f97d55ed6413c98a2d7a60ebb9f074f6c2b8bd24f76b94e52fdde98ebd85c624f3a867158ffef02e26d9b6319c81ce7f149abdc37dae9a6096df205f1429c0

C:\Users\Admin\AppData\Local\Temp\qksu.exe

MD5 24a87e2ef34e359910964650d4a05da1
SHA1 4ee5f2269978451bf4a64f89f9d33c2707e70641
SHA256 58aa8863eef5c9cf5e5fd8fe8fbc11e923d5039451b22abe46a143b41aab5d14
SHA512 cf52db15aaeaa9bc7aab3a5c4c247d87d3447c28d78ac1e60496ad8127c552dbd33ff623e04a9facb1688b1f8988572ee104417b4191cc5c9c684ab0e8eb6efb

C:\Users\Admin\AppData\Local\Temp\wkMg.exe

MD5 ad3207f813aed2b987be652008c9e722
SHA1 77afc1a1b683d5037961eda4b2345a2198f2bb7e
SHA256 b52f25222528d682ba6a2ff5f16785dd8c739c7f2cdb45f995d23a753b517b8e
SHA512 ede1972696bcd9c98393e454de60a240ab5402b9a22d43dccdef3c289cde22369f05d5f433a7742fd9f1554a8e0a8cd2ddb950f8489a710ed65745a807a936ea

C:\Users\Admin\AppData\Local\Temp\GcYU.exe

MD5 6a10ba9585b291743f0e1ce15726edd8
SHA1 c19ea1f89a81f9e3681b4777b05e86a8ba8580a8
SHA256 5782b5ab4fb1946d0b7b9f9c49a155a47386084d579ff508753a2e22eeb88c6b
SHA512 663a690c296c56f7621827c3deb665727b21423192beb00e8faaa3a74200c0401c41cf5d68b64bd4a747e2c567739c0d6cd0a7d7c49ecec936494e656d9cb7e3

C:\Users\Admin\AppData\Local\Temp\eMUw.exe

MD5 30d49a4a7a9b31728c271cffeceba3b7
SHA1 e74f8a2a580a1cfc914740b04a830b242278eda2
SHA256 97cc0e62e0ba979980f7c39bf0ca4b1f49443410f330575e23256455cc75c006
SHA512 5c569a8b97ccb9e8b2173ea42b895edb071c81508c9f3f764906917a1703561319c20aa837daf9e16d2068f79d44a98f7bbf48efa7c2094533b01a5ff13e7dc0

C:\Users\Admin\AppData\Local\Temp\CMwS.exe

MD5 9ff73cec5c3c94d12cefadfda842dfe1
SHA1 fe3d3989ca114d557ad62b4aeb01b77e9229a63d
SHA256 8454a505690449480929bd20ad1d04c3bf386fc80d708cff79829549684629c6
SHA512 c6e834e62b832d2d984e02b627dc6707b8f9d99ca5777a8612a51b1500a5f0161e283832690b9f723b7ea3f17bb4ff6e2e3d6478b61d256cf5d58ed8168bfaf6

C:\Users\Admin\AppData\Local\Temp\YQsYoIEc.bat

MD5 e0726edd95cbaf5a38eb21f648fa6593
SHA1 68025a836406a6b120a5d36abb5a9ae071351e2e
SHA256 2762cd0aff5dfe8a3b351e3e61e0ad53423ecaad189b1c37fa54e9008bec2b9e
SHA512 6829a26f3219f673b90b936dfac0c7b2b51282e7d40a88fa46f88352bf9a14299bf92a173e94f3ac902dd65592d693ff9d16047cd376e677de33e73eb9a59c1c

C:\Users\Admin\AppData\Local\Temp\uYAe.exe

MD5 8f5cfebd8b57a4cae406dd2e121fe66c
SHA1 c74e46212e5d3a03406019651fc143a5632fd532
SHA256 c1bedce8942f6f3f7ef70b269efab9b66af7780a32231a0df42edde1cc7afaa8
SHA512 39bd8a5533e8312fa6d42a2d78a091832ed7b959b3172ad6ea668b2cd8a09b7b183873995784d0510ed3b4d0cb330c6d8ac2e799889eb8496386711df915367f

C:\Users\Admin\AppData\Local\Temp\qAEW.exe

MD5 35d94d2c329e23734619244e0cb17daf
SHA1 83242226aa89e090683f1e8a17cb4df23c546556
SHA256 2a9457d5ff1e8a039095bff2c1909ef9cbe26da7965adcb77fb59b3afa741d9f
SHA512 22b7455703b283ec8ae45693e6e686403d08eb7ea09b2045b040e71f9d5ac9984d40868a7d07a0c0bfbd11d029aebb7ed08b549a94d81dcd5b19c54266804324

C:\Users\Admin\AppData\Local\Temp\ioce.exe

MD5 271b212fe21dc031e15868f979f23633
SHA1 ef2c48c7f6922d1f85e0d17ed06f56499a7207ff
SHA256 d5ab2ad55ea4b2b1ce3588dcbe05bc0a21e79a70793e1a29e2e5b939fcbf17bc
SHA512 07508168f586021551aade04de36e8b1cc3c42849412a30294a40983ba063cc2be53a0f3d6bb09dae56f64b56b38a5009709faaaf671351d5da7879de7b1dbbd

C:\Users\Admin\AppData\Local\Temp\kEIO.exe

MD5 d6e1ac45e0ad97f1a7251f9e68a9a4c2
SHA1 adf8a39f5851edfa575c19406fbe246a2d167d82
SHA256 6b9ac852ab9ceba0d4c52794b1c0aa0f34273a7e5ccbd8990238ddbf811b5948
SHA512 086e92e3714fbc30afcab8d69f48fa7cd6d41f1dcfb028c52f45ca1ac9a0a9ffc345ee0fe00d974a0afa1bbf209e25b88f8a93ccd0a360926d4b7f04d807d8a2

C:\Users\Admin\AppData\Local\Temp\QEEo.exe

MD5 a878c2ba0678471c8ca6629413fd73b3
SHA1 40201838703e9ce4df2c7cd8d863e4c11827037e
SHA256 263a8d2a6601aca1bf9ebdcae27d7e592cfa36769c7473f8a9f230c08a0d213e
SHA512 a62daf8b06bca896af6c89e9560c3e8b079c80099382f8afeeebf0b543cd922d9e889fca71e58e389af3187e36eaf283ddfb029225495ca92bc2b81a70d11a81

C:\Users\Admin\AppData\Local\Temp\cYEA.exe

MD5 af2b8f7641ca265d402adc2e43c334cc
SHA1 3cd28f3d643d3e6134e9fe04c894c1604b84ed1a
SHA256 8d4c5086f4780c13c4b9c87fbd16101c246c4330e1e797b3b1818beceb0fec4a
SHA512 057ee3fb21b7d798fc8f6aad5b12f97bb2fd8941d87ea4402cd6e232a50a0b932701b93aac890d64263cdd7bfcf462292f47c4f2b839ccc6c4bf24eca73c0c63

C:\Users\Admin\AppData\Local\Temp\uIQM.exe

MD5 6dd8a852f1ae7021792f89de72581789
SHA1 3bf9766200eebfbffbccb33a1f4b680ed102b78a
SHA256 ea98955b8a683702698f9844ea7cf2eacfbe7c53358daf78d0830b4bcfa471cb
SHA512 74e467ee8a0ac1badbb9718d61240c9d20d33059048b28b6dcbdead6bc0b63015da0d33ae1bc93fa0fa89c4b5018af47d75c40c61c4d188a392f7947666ebf51

C:\Users\Admin\AppData\Local\Temp\UsMU.exe

MD5 bf722e5aa5c176c37cfd62e79d058aea
SHA1 93573097fe3f320d428d7118d5898970cbe39fc5
SHA256 6750af13fb1c489e02bdd6a886b24b59def3c0b5f628d0e9969294ca107bfa0a
SHA512 13dcb708ad604b9656a934c44b1587e09dfc44207ec85463e89202144d1ec4ae8580656f052c0cc7f8f1eae9ce2158c74d1e4f49aff6e0d3faaa6771ff0ce068

C:\Users\Admin\AppData\Local\Temp\jyMwwYMg.bat

MD5 fb1d92bd4d0bf7fc1e43b596a92262dd
SHA1 51d6504a85ecba7f19fa52b491f7049b30028d0d
SHA256 5d0ba35387aef698add4e67e58424c6a710e875a52fcfae83aa37ec24d5043de
SHA512 8c5afd456ba645d48748527079d45e13f36c5413a5f592cd7010e9c7f6e69a53e408bbb09a5cdbf9d4211724cf0db555b7887197e403e7ce9520dccf3a7bced8

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe

MD5 87aedae330eddbe5cc1c5f362168e9f2
SHA1 9e652d44a3b91e9ea5ab08e3a2f490d44f832edf
SHA256 a805dac7c8c290dcf1dcc76dfbb4bb8fc24ff639a60f3516cdd71fdce1960fd2
SHA512 dab669ef94c32d957bffa33f298ed2be3be921bd9e14f12362c041730a882bb3014b28103d3c7280bd67379cc6f6d8f8fc2aa136dfaf8e5c4db811ddb98a4889

C:\Users\Admin\AppData\Local\Temp\sEwa.exe

MD5 9fcce42e5584aa87fb587528d765bcc3
SHA1 caefd96ac11c70b4f39888db0cef873bf545044a
SHA256 8ac2271323e1dd9bdc9c606125e68ef6deffe93e7be5deeb1e1acb6a369e57df
SHA512 2fae4c843deef221f07cf450ab1ed2507829686cea0986d147abf279a8c873cd04f2213695563d384f01da856c994bdadef3db045f8c78022e286fea32bf7a73

C:\Users\Admin\AppData\Local\Temp\sMcE.exe

MD5 2ea9a1b696c1a68b3bae057494a37bf9
SHA1 24befaeca3185bca62f716d40dcf90f3c1cafc12
SHA256 a9a0b55b89d33ff4f2a8bb5b61a8a99fe6b9aac1886aaba77276d284cddcf47b
SHA512 675caf927401feddae0df3124d997760e731a36cd5bd1563b7880d978ef4891f2606445279dc98d3ccb6465eb7e1f5f53b7c43b2cb0022ea930ef4cebb6576c1

C:\Users\Admin\AppData\Local\Temp\Ssck.exe

MD5 6de0bbd1f9c494836566e6a9e51894bc
SHA1 f244f5991be0203843e730087516593cacad1a8e
SHA256 bfe1e93809fe9bfa214399c46381367a458a5a232c868d0f6a528e50db754005
SHA512 98cbdacdc07ce1d6126a4ad1674e9425ccb2fa9b3486cf613184f83c04b0f0eeddd3c0a000c78f875cc8a0e94c0f1cc9e1989828fbf1c1bc51418168e1e029d7

C:\Users\Admin\AppData\Local\Temp\bCkAYEkg.bat

MD5 1beb78002393bb358fb82b15069b9fd1
SHA1 44da7c2100cb2bf804a8525368eda076abedec56
SHA256 ab9cca22fbe6296c485c16f542ba25df7ab869b55c5b4fb46850ae038eb48f9d
SHA512 cedf3ec4c499f0fc867c569318502b06f54133e3077e9d5f9172896cfb2def99b19a64f1cbfc727fa528234b27bf455fd8f9677c5e23a866e5802dc40f2408a9

C:\Users\Admin\AppData\Local\Temp\MkQe.exe

MD5 28d0caffac07fccdd87f8fd57cba35d8
SHA1 cf02029aad331292ccd293dc9db99e77be736fa0
SHA256 dac71fba1eca8c2501f8e76b1724b8453f179891cb3aa45e8ef7cd7c133d392b
SHA512 0cab2065a3c246f3b2dc7bebf03b9f43e25b1b91f2b012bd28f2072661926b7b9813c0f21074a21ff04ecd301ff096b0dd057fd6d7549cb7c971d2af490b1934

C:\Users\Admin\AppData\Local\Temp\yYwi.exe

MD5 8f1b7e871439a4596fdf224586c01091
SHA1 55b415a31775fb0edf8d18e26cef8f2e727181ea
SHA256 a9f8dc0375520a4205cf633af14be14f1e36c8a4f2e068dc636bf853b0570451
SHA512 bacb4fa48379ba88c169e2ff03387956803b8e1008d33213b0d73c0cef136e8365d3b455b6c1d14e1b19d3cb33d2b63dbe5ca3310581577757a93349179ad161

C:\Users\Admin\AppData\Local\Temp\yYgW.exe

MD5 fc22b638f0dda89e13c5ab3129d76cf1
SHA1 284824909e3efec05585f57535af362a973b60de
SHA256 53ea21e3dd2107338ac2d9b9c9aa53da92ce4acc41fdaafa81637ac2ad10510c
SHA512 3233492070b698f39b32b84ee29fe44030051a73bc0cb613f5eb10bd65d252467eaa7da7d6f41361ef717ff14625d4e6196422bf6ebdd39716c3b66fd97cf583

C:\Users\Admin\AppData\Local\Temp\CscW.exe

MD5 2343e0e6617a19e447dec5b091557a3e
SHA1 5d2432df0427bac8b997a5ab037e36a0431b469f
SHA256 2fe8cad12f054de1b1560661f125c97ee9c2219cc9bc6e22aad35f71ddc676b8
SHA512 ed6433627334d54ea3b283338a6afb065934ba87b4f8526e92a54e1f11636fda95f2c49979f7220c9c1c433bbde3cb188ec7f09a7d109473a1eea9cd065c43ad

C:\Users\Admin\AppData\Local\Temp\ukcU.exe

MD5 943cfd390a4539565f986412d53d087b
SHA1 857fdc73d6775e6a8d765aa48f20d15c971dbb5e
SHA256 119181534b3111c0eb9bc2c080e371e9a7e919ddd92c7f22579b1542be5c108c
SHA512 b8ecb66b5ba6350711a3cfcfca89aa5d98a92218ebcb7804bd92a08dd16de294b89626ffe989258ee30987709988db709b89a4fc3a2a849edec6f3c7dd6e125b

C:\Users\Admin\AppData\Local\Temp\jqQkEcYM.bat

MD5 68063d77231d7d5602ddd7176f95db99
SHA1 5b1a1a93d6d9e6b84c396675e1ea602b90e98b11
SHA256 faa1a349b697ad8bb2cf03190e78d5e451e30bbee833e7f66bf2c9157b0809f2
SHA512 34c3cabf0f1d97d5528d6f4af764b5ea131caf06f31605f43487df2a708dd11947b01442b9be8edbbdb002ab31803f12e7488c4fbd9e70a63d8004bc2c96e659

C:\Users\Admin\AppData\Local\Temp\gocs.exe

MD5 f87529d7df8b82e760bd3e8605052e16
SHA1 9f4272c85a64dd0d95834f2264b6c9819ca04e00
SHA256 a4183cf4a3d5173f3c0e43b259a547b2b1ea4b96ae405a1dd1a46bd112246dea
SHA512 f0cbcbd2aef433bd343afa690bac52df18ad326a0f43177c462e2fb10e2fae480afe6d1a991a16846c358f5f8472e968b6cb83b509326d0fc6fdf9fa7afcd609

C:\Users\Admin\AppData\Local\Temp\OQYa.exe

MD5 c4be63c8ca2f9e8617582993d8c5df74
SHA1 76837afa76764a8be6b113913022d3eb6c650b34
SHA256 dee253f8fd7ab2aef0280c3e5e7b898e979b4d967f4372c9fabe9d86875f2b87
SHA512 93bc53fddd857e58c5943030f5216d678f1712abce0c98c6cac6c8faa7f2106b7764729ee0e08c815bc0da4bc599e76518ac351406a02cdb48913df9820133a9

C:\Users\Admin\AppData\Local\Temp\AYww.exe

MD5 ab680ef6c69cc2e3eb8cf66797f42d8a
SHA1 01d0ecafd49ed50964b94e5af5429626297f312f
SHA256 49f6db5388e034ea830cfe250efbecff0d82283afc9a992659e843990d615707
SHA512 09178bd467124bf97f5ae0cff0828b9deb9f4f7483abd87d055bbdd0546648bee00fe580bc842a814f9fa2b555bfc2e1f7d0043e330e55063a35e6c274005e55

C:\Users\Admin\AppData\Local\Temp\EwMg.exe

MD5 e8536197da0d60191e11c059c7c208a1
SHA1 b258545ee44cf10e9ae551e9f8a9a9cfc7ff013c
SHA256 b1b8e017dd9cd8dd99daf98764ffc6df88deb12376f5e2b0632bc5a43552a2c5
SHA512 2b8ed4389e174f32f613724573a5a2b0ac983592f2041debd81aeea929e34eac10dc6fdd7ca671e04402c97921520561ad0c341cb22e042b2be600e3369247ec

C:\Users\Admin\AppData\Local\Temp\LkUkwQQA.bat

MD5 0d91bf0fd2fca9e96aafc31a4ca57963
SHA1 fc548bf911eeb2e575f9d1a0b7050289fc396510
SHA256 be2dac298dbe6df01826acccf9e67bbd52b9abbc4a4e412073a5d0b7548c7aa7
SHA512 58c1e516249c0e09c2938a9b9b4b5c3022f6a2634b386bb3255ac2960960df537b2c8e7ce8b77b8ba2c7f6a644bb0837548a902ed2474e27e7305c7219d2b8c4

C:\Users\Admin\AppData\Local\Temp\OkwU.exe

MD5 a6001aa97065a41551e7f7eec8a7423a
SHA1 c0f2a878928f2bb865d1a0774490b735aae84fe2
SHA256 26bd39f0a809c95e6a5d77704ef03e66bebc5a5eda07543378f9cfc77e2befc7
SHA512 186676c11e21c9edb6767690cd15d197a56ce269a0f765a313240385a05dadae6a998524f2e4433a0875093e6932a73e15c0485cd1d4b0330e6d9bb8620801d7

C:\Users\Admin\AppData\Local\Temp\ccQY.exe

MD5 3bd543847bf59260d442cd7632f212fe
SHA1 40c8ced249cc08e7a6ffae9bd0ee8aff2d738262
SHA256 d2246cb9c27157da81156fd18f88a24d8608cc0d72fcb60fb1eb0e5deee28a7a
SHA512 f6205af9eb909c29dac6496b3dd4db0f500295f1cdbf99d7c32e623ca81f9872e3ff0d5bed085274ace2d803327f7209c23a2ca98efee98c38188644204330e1

C:\Users\Admin\AppData\Local\Temp\iwcI.exe

MD5 16b48e9a45a3b1a8d2d80869993f9eb8
SHA1 a534d6b882a24b729feefccfbcad998c0f3ecaa4
SHA256 cbb2954b182b38f02fc5082ae917cd734d692d5d0dd36c65eba1a3e2f0822947
SHA512 cd0d489fe856b56f874b972db3d6836ddda9e18ffa9e27b21ad545609903172d43f0a0983739e3ff29996d07fff0411857001b370ef684bba0ae61e7424a6e9f

C:\Users\Admin\AppData\Local\Temp\gcUc.exe

MD5 d705c7ff77db55fb88e8899d5ae55f16
SHA1 d9aac93da46230de52ad3213fe71028f0c3f65a3
SHA256 050f837f84b597ef91bee46ed6ddee9e83b8520f275f721796b15dfd077c365e
SHA512 079f83f4772e9173f603fce06d99d690daaf0dc9667301c623639402a57225c979c65f8b5f9a01c87afb6fe9fac7e8bad22e4fd6f9ef8e776f1ef39691eb632d

C:\Users\Admin\AppData\Local\Temp\QAAI.exe

MD5 c6851f6a12d04bb89c6968b963826456
SHA1 22a8933918964b8e7f288f3c966204786110821e
SHA256 3e30458e2b2754e3c34a5e53159594bfe2ac2eb6cc0a043948509b305575a836
SHA512 41f31c50fbc45e9b9ff450a8b2472bcd17079db3988586e162318c01f84c2f6546dfdf2718fd59a1f2dcc4675e51382b22986667c2d1628dd6b22b22ab20e18b

C:\Users\Admin\AppData\Local\Temp\wAEK.exe

MD5 bca69933b9f0ab26eafbaa76046d1064
SHA1 02cd7040adae911db8bdb4a386397e4b7c9308f3
SHA256 b6977128bd3fd51932569bdb1ac6947dcd4a70f596fd01c1661dc41de503cec8
SHA512 226cc04f99f1b8dafcc88f8fbb61bc6aeacd6051ed2527fc496e8a6a33e7c2b39507a61a75bbc094f2525a903a47aad0c7ef9745d5bd3470bd935c96e30d9f86

C:\Users\Admin\AppData\Local\Temp\QUQUUkoI.bat

MD5 6a5fcf43b8481cbbc3009d3d02c12a8f
SHA1 ca46c0688f9e3ad138cb9a7d5338a4cc5f87dfd3
SHA256 0a11fe69370ffa53d1e89ea5c933e4afae6c67cb9a97983a9bfce29362dd0e50
SHA512 41f8123d8880055a66dd441f661fdea36012b283a9b8a26b5c1399f1fa80b26dec5c86288984d4a13629e716798a0c7be4b7a6f928b68b27eb51d7bfc6177ded

C:\Users\Admin\AppData\Local\Temp\yEkY.exe

MD5 dcc610d79b54f17c9ae5ca8140adc02c
SHA1 cee0d276a0d823a8afa064bd01a9e344488edc1f
SHA256 dfc60dbadc04b16fbf0a6913ddd5cb3797fff5c1e7eca4932ae9e5f61dfcc6c0
SHA512 f49013f000b9751b5a3057fe8fa54e1ef12cfc4188b5aa4c3685bc3e9598549f8e6fa83d369b25b696949b29a83c451d50ff394050c6cd9270d621d5bc0b57ba

C:\Users\Admin\AppData\Local\Temp\MEEw.exe

MD5 4391ea80d720c69d1542b1d3f318f1f3
SHA1 c5e804519962c35fbae2526aad152ca85684ffa3
SHA256 f3106a982d73fe81c905b4d5b584ebe39564dba02e3bebf03fc022a110d035ac
SHA512 d408f8e942c551509efa624519f63797fd5046adda75897ba6fdd37ee2c4e89848dc5b6f6ee0616d43c2c351cbe9b6ede56d76972f6618fecd7e0a5ab680aa90

C:\Users\Admin\AppData\Local\Temp\okMO.exe

MD5 a4120eab37c24429bd9fc3be14f720d6
SHA1 4fe0d1be5cb572a1e45d9d8f8e9503444f9d6302
SHA256 51ec9c09715c51548e14990333853fafaca410a77c0150f709f810a3bffa3ed6
SHA512 45ca50ffe5a3de8798b86f1134078cbfe342ba1e65f5b09d17bbebf65100441d104655f135f3a177d083c4d0db2e1a5fc0e9642817dadc87bdf4d92fba6b643a

C:\Users\Admin\AppData\Local\Temp\swww.exe

MD5 5b504229c17d6fa07143f91ed53aaa5a
SHA1 fbe30fc7c4d4443af5ccdcfb0c6757047fb5e9e9
SHA256 4764fe6a29426668800a642281c7503678e3c078839ba5152227e72946123ca7
SHA512 5aa8ab42907b22ba275c86f80ef4321acb84124708eccd8e478c36afd77089e4e7ec823100c56578fc5371753b48cd7e75ac02033c6cc7a62dcf1353bfa1b6a4

C:\Users\Admin\AppData\Local\Temp\IWAkwAcQ.bat

MD5 8178d890c331e823743d1b9c88cd2481
SHA1 063168bea86df42c50ec11f9264a0095b2dc01dc
SHA256 f290294d4c59f4348c8bbe9bf459846ad59c0bbcc4f44aea8cfb15f27b36df8d
SHA512 9b41b67e0f184c8b13338dd5a36e06d0e6078e007558277f3b55027e42eed3bfb6a95eb20c9d8cb58d72913b131cd63d8a18c8d819a8ad3e1822577facec1217

C:\Users\Admin\AppData\Local\Temp\sccA.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\okwa.exe

MD5 2f3f72d5ccb3ed410697e269a6ae62e2
SHA1 d1a74a60d2b1cd8e7f07f8181796f3b855d9469b
SHA256 384f04ed38205a3a780e09dd209248b5c23001cab5714df15f78bec4c1739cda
SHA512 442b8bd9c47ad35ed3d04ae5cab0eeabc0d00dfcf83f1ce9e21ae64569fda98b86779f7cd867bc24a88a1eb438485a3938d3ab9061aed19b52196115385634cc

C:\Users\Admin\AppData\Local\Temp\wssq.exe

MD5 596cf3237196088cd29e6f188938ea31
SHA1 bb8373a44d7e5f475dc9c06179c68463ebf87d87
SHA256 37c4fe07106d57acbfd076f4a1d1831a0807b7fb26aac4f3825a223b933d7875
SHA512 33a53010ae7e9c41f3ab348b8ff817b8067e92b6772384cf5c56faed975a6d275df996c8d94bd3961cbf0509eb827747e542633220dceb446bcb8d7d3ac96d04

C:\Users\Admin\AppData\Local\Temp\ooIk.exe

MD5 243865a074719dcf361eacec83c441b6
SHA1 fb1c3a62af80658974ef46ad7cf64eccdbfab21f
SHA256 767bfe852f3cc31d3c7a5085edd73b3965cf0c9945ccb78d649b3f7a267b62fb
SHA512 a2df28765185050c679dac3c2361ca2d93fcf6ffe232fc627018b7f40953986e36d6260142e1c871e912028ded2150ee3878b07d0eccd32c36fb6c9db7b453ba

C:\Users\Admin\AppData\Local\Temp\uEwI.exe

MD5 135a0c6bb39a416943b6c99158c9b342
SHA1 b41d4237a20040466e04ba8867e1dcadd2a71758
SHA256 b58c97d9669b3573c4bccbe6bf7987a752849e9dacaa359218da4db1b3d2cb8c
SHA512 79ba351107fbb106a7e6772b40d40525aa858081214910c3c93b5164444eae8729bd13a95488e72187b613d27063157218c23ddcbe585e8932032e96a2a7b655

C:\Users\Admin\AppData\Local\Temp\UKUYgIcw.bat

MD5 a8a041910075666d182cf6404065d40c
SHA1 77254efdb9694190642a54a81615177d2c383379
SHA256 9ec81c548c1ff34a88c9de473f777b3d83913380c522acb84487a0d39ac604cf
SHA512 52cca4a388ceae4866ec05bdbb238386f50bd2433d0639e01263f58ce0e143bf96184f5f48d1c7fab3663fdada3f8b979793aa24fd2e8920c360c23c53af17ff

C:\Users\Admin\AppData\Local\Temp\OAYkkgQk.bat

MD5 621df08851beb45cd96280433846cfd9
SHA1 88aacce43e162bf5060b607b42f7bbe5be0b746b
SHA256 b5946df3cb842cafde5a51426fe3ac0f1334f360cc0b2350a0efb31f2a019ce5
SHA512 3c4c9db9d019feb803a15896599a7bf6d2abe8efd77b0777eec51325fd4ffed7e059fdfd6a7f69b3fac581f85a03582456c13b3b179871d5cb2079e00d55748b

C:\Users\Admin\AppData\Local\Temp\biUIooUE.bat

MD5 0efa5e34c209720af41d8a7b6ab35047
SHA1 e904af6370918229e896ff79237ae7d124d460e4
SHA256 92336ba4094c379c815b67669c689b22f3bca8cf004f6b270162bcd2e0a20dce
SHA512 964f4960af11356335bf5d730b1ab394372b00069921e530d14793fbb57edbce82fcddf6bb86fd26c22de1011596254e876a22da65dd1289feb96b4ae5ad809a

C:\Users\Admin\AppData\Local\Temp\NKUgwsAs.bat

MD5 6026715bb84df4f9700c25f98996432e
SHA1 4d57fa21b6357a847b44f33ca57fdf0f2abd1951
SHA256 7ae5b87e1fc0d8d67b55ccf8a2553c380ca0e22dccd81ba1a5b0ec3d0cfa9233
SHA512 4dcdd59fc55795dc2e51300af92212d2987f3492eb8674c619f83c68204013e4e2fccd15de8d8ddbb6d8e453c1f0804bdb7cc6a60144171906e37d1d15a2dc7b

C:\Users\Admin\AppData\Local\Temp\rocAkYsM.bat

MD5 cd5641b24445e3826a65ae2288814072
SHA1 fe642c9b2bbe8adc57c175d88ec4c293b22e9bd3
SHA256 9680326fb82fcd856f2019e099dd27e53a8fa4ac5cd9b8124723e85e46f7fb0a
SHA512 2f9c05361c2b21fa2ddef45c45490f0e599029e0c36176600d371d763db4a857e9a1b1b618a97ca3fe8b4eb3682d388e7352e5abbb808ec2be2565bb4e626cfd

C:\Users\Admin\AppData\Local\Temp\bYQYocIY.bat

MD5 b1c8b3c4fd59f23fc81e848189a0219f
SHA1 15969456db7b1160568cd49f63485316ff2d1f8c
SHA256 dc957bd73549f6ebe66dac5e27116081178b43ad153edde830ad04337dc49d94
SHA512 607e0155d6ba7874cb609202dcc301b43b846e8005a37e03150df8efa08121049d06b1808ef4842e4150fa5ffe599b4f0a97ea660abbdf61f44e4e2d8ae2cf1f

C:\Users\Admin\AppData\Local\Temp\WAYsMIUY.bat

MD5 81b296df3e0dc857e272427c14ea4f51
SHA1 0663984166538fa81b0d107a6b3185a9bd36df59
SHA256 f58e2aafa0b61fc095b3ff6dc559bd73a4e2f46c359f8138dc75e15e27f2a6bd
SHA512 b0be2604517ab931e4cfd38e97595e706015b7475ef20814285cc75a3890499f269ac462ad19e41c658ee7a0173c93da91e17bedc256103ef59cd63a1d7e694c

C:\Users\Admin\AppData\Local\Temp\QwUgIgEU.bat

MD5 23e77e295711a2c35536a2842f5ed3b9
SHA1 25922f9fd59ffe7f6b5d7ac955e628907c07d130
SHA256 6f2bff449e36ba80c0a5f0337a195b606a6968cf83a768bf4285ff404f5f8f91
SHA512 ee4fabff429e41b65a0919544b81c1c444b364af523c7073f4a199a2842ace3d0feb65de1bfdc79363d223778551c0078f959fdba1ec13a0e52bb166dca1f1f5

memory/2312-2171-0x0000000076C30000-0x0000000076D2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EccwAIUc.bat

MD5 0706fc8bc70ed4e01fc7020fb4530074
SHA1 61a129f5205a55244ca92a6d813d894597dbcd81
SHA256 99e49cf17b35693e0709a881566f4cc15210c2d590a8ffb7a93daf377e319dcb
SHA512 145ae6c8d5cff2944efb4966eba93b162a6f2db4e4680ccbc9219c9202d782984c2cb17f8d9c8863d3065ca45436899d2efac284a77c956019c34a837432df68

C:\Users\Admin\AppData\Local\Temp\uosYAokg.bat

MD5 5c1be632c0c77530730d9765fc89170f
SHA1 43302a8db0084836451d865cf9c0bd0b40af9f5d
SHA256 2f4b98ac43cd68e23359deba4ddec41c0d03e636c28e4a3c84a46fb143a078ca
SHA512 7165aa6956ae312319e42e0cca7a00086c090327812313bdc2e4e9f1c027ff1a869a15bc33cc39ffbbfa33d9f11c66741f3cf67dccf5815a9ddf56ebdab9122b

C:\Users\Admin\AppData\Local\Temp\AeYIMEgM.bat

MD5 cb88d839b9f958ccf5c8e6b7d907142a
SHA1 6a698dfee96d56ac3b24e797d9f4b6ca48d45436
SHA256 56164e831844dfecb62141aaeec65068e19f91644a7e3256fd2626523a7ac8dc
SHA512 d06f197b4af2a0fe89351a71b5180936b40f7a1c98dc73ca369e0d96edab3b59c06b3fba9a219525b5896296830675cdbef311bf6991c11c50b44100b1ea0d5c

C:\Users\Admin\AppData\Local\Temp\tAkQAAYQ.bat

MD5 0cec1a896f794fd498ca6bb5badfc112
SHA1 6b9744487cf407786b75dd4a12c7a904e790c499
SHA256 d7a30f5302bdd2a10f9e02168b7ba90a82fbe1169662f9c4a71b46a6929f3814
SHA512 2e5ac2307a1599d11b9e134633f16d016d9e6e64afb4a2694ccd10643baddd7a9e76324cde228e62357f56fe39560452216fca7adaf8663d4c0e279ebcd94cdd

C:\Users\Admin\AppData\Local\Temp\OoQS.exe

MD5 16b79adcc30ed2a183b9ad286cb7eca6
SHA1 cd0be3ee2f3ae01ccf179183a712d10ccc88624a
SHA256 235ee2b3832d7f9e6ab63e10644609b2ff92d762b43dccab277b2d2a1847cdad
SHA512 52cc88f18430117fae16da6c8efd21de5db71ec4001e2de1ef6244176090d4b3cc1afbf9f7de8d5d7162fee639f53220cdf66142c7eb58f4533ae8caeee09c37

C:\Users\Admin\AppData\Local\Temp\fcwMcEgo.bat

MD5 60bfdb4e1ac3fd16ac1fcb3d750adfba
SHA1 79f154a926b725aae7d6e9d3300464f37b284d7a
SHA256 22d8f72cecd5b1455b1c8e6041dc1fd72abcbfe37a0e4fdec1757a1c719c4ffd
SHA512 2d10ea66911ebb79f0f3f96001648d349957b6c6ca9be71ffd3fb119c23a699b7ca96a22911e96b439710ca30b95aef24a83a9b0b2fc8d405c0ca0dedca29c7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\192.png.exe

MD5 9e0f3ef51bdeb7b1029ab961ba1c8ca2
SHA1 9956a61290f62e601527f2b3ade86fe77b772b45
SHA256 d54266cc217561f062db97d25ab85ca3c8f04bbb9fc42410a7ead7060817ce86
SHA512 ea96abb47e653c992a2a20248cceb38aaa12e790aa546867675a39807a53890d7d736c91ad726f03e18e8008617554e7acffb771649db6ba4c283b09af4555ef

C:\Users\Admin\AppData\Local\Temp\aoYc.exe

MD5 d760bde27a8501ae3ca90dbe1ad1bbc2
SHA1 93cc95c8dc393950329df6b0ee406a3b5de6f9fb
SHA256 2f5866b871244ce2b1a002d0aa0ab56f431469e0bd35c95be7e421390fa230b3
SHA512 ac8b85e806e69319ba7b3aa0618c05a870feba8f64309e6a6d02fc4ea28d1df1ab819517d742b25b9b997b5232951ded92496975c203989b9daeda7a076a0d9d

C:\Users\Admin\AppData\Local\Temp\SUkU.exe

MD5 10c9ecd1e845926987003150b7155d0a
SHA1 ef82b1297e563f2f9b8afd7294cced04c31b4e63
SHA256 8018d32b082796e7fadf4102ad81761fe986c97350e5823fc789e5ee62b3b6d8
SHA512 670ba65378c114a100837618f8c0d6d2c3ed328885f3a53c5582760b8861532311d2d22d89233d38e8640ff907acda7e504f95fd7dc0bab67cdb3af313734169

C:\Users\Admin\AppData\Local\Temp\OQga.exe

MD5 fcdfa403a1b85b4635c9373197089bf2
SHA1 6364d542a9cc8805fdd51cd42fd3c1cd1ce90bbd
SHA256 0a9ca4afd8fec57284e715734fe88700b134780f68dc7d3bc6ea97db07eac9df
SHA512 1d079cd8d44346a7012437e734a6f7691f60ec4ca6ffbbcf77a3836c0a31b80c30c545f098b8a006e30188bc3bb87b5a55dac449032809c7e62aa3bb2de3d55d

C:\Users\Admin\AppData\Local\Temp\lAAscIUs.bat

MD5 47a7455ea59ffd758308144a4a55f532
SHA1 0ca3beb245aa2acd6446d60ca3a7bec202478936
SHA256 b84bba6496a369c0db2a8647872f316ba1e75e8bc88afa8e9de6330abd6ce767
SHA512 280662f783541e7d9bfd2224b4d800159a3f7d612dfd7f300ccb5b2b9bb67a2977168810f5fb2194e4501784827c6e764fa8403aa8a752cd07703c8455bcf943

C:\Users\Admin\AppData\Local\Temp\SMsG.exe

MD5 46445920d74115e0ea71da6f22de63e1
SHA1 bef35d4741d1748eb2e83c516a1e678b366d449d
SHA256 ed73f30af8050128c5116b1de820e2f78b81692abed1b9d16a5f5ed5b9d55b6a
SHA512 6970e7f9503a6ccd3ca52afa2a03a8da43d963d7f4442ada26c163d9ac867c1335b95f8049c11fc91b9e9603c4c16806af9818dbd3b5e184949c2e444052b086

C:\Users\Admin\AppData\Local\Temp\aowE.exe

MD5 5fd8f3662a4dff2f73ac8266f9bb9ed6
SHA1 83b32b0bb39f016a5a314b26d7acb3aa180bb6bc
SHA256 482d89c992e4009752eb14f93051e93ae6e0e272db93acb8a5d980ef9b58700a
SHA512 b80313d6bcd7f06e7f50d1caa5e83e72c87a3dff5ff760e87e98b8195f21f74a9d577f7a9cf9a64d3c2d43c1e70be52291bc0eab120328e0dca73cee2a6c12dc

C:\Users\Admin\AppData\Local\Temp\esUe.exe

MD5 fb429f77e054279ee2e54e62c7d80c12
SHA1 7c5b2a38304560e2148503be245aa46fa05853f7
SHA256 d529d9eb9b5216d71c5b76028ad142c24e495fc0d2f9cd9ae0ff6f87967879f8
SHA512 fcef3ae880a63d55ab1505bafa2ded772cd726c3e4284496b35a42e6fac23597d072af6e15f02f8fe9961b375cd7cadb083a5ac3d482363e7d808d14f4630aa8

C:\Users\Admin\AppData\Local\Temp\kYIs.exe

MD5 b8c9b8077f864e1850b0092a91f10abb
SHA1 322b6d7508d5f912c8267ee625151e0845c2478b
SHA256 0f43cbccbe2ee2e147a760cf9069c574ae25acd669c2b46762f4a4da1aaa9157
SHA512 e24099876d0df28ba01d2128cb4325da64e2c78409b786e91d41235de11ce095cc390a0b63502613c6516d48f09df1bff1315b22cbafae4f97a47b8fe7ebb32e

C:\Users\Admin\AppData\Local\Temp\RikgsAYE.bat

MD5 bbebf74cf183ee5b6af7646b335900ed
SHA1 8904033433b029ee23367392dd4b849faace003a
SHA256 62e9747dd0ee4fd5d034df9e6528963110a9df2b6ed22ea9ddb860bff1a817e1
SHA512 cf81c5619a7043448f8fdb7b9398838c42ab2b9528908236f66519a298c127eceddce90fd9fa1c6df2467d0a540ba75fb032ea4f3ccdaa02d3228195218e46d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe

MD5 2f9e4b4ce9ef1740c9c08e464f2489eb
SHA1 c2a7eb57ad36a872cfdbf9e6337d76d738dd9201
SHA256 f4772bdd3af8ba0235455754363bd0c328ecf2a35521372cc25b1edcf135b3af
SHA512 79d184a3521998bbf2157db18042d62013ea5b6ce1ca9be86277527789e00a9df78614a2b7e772e2b05b62ed1d869fbe1e95651e968ce403537883911221b104

C:\Users\Admin\AppData\Local\Temp\YskA.exe

MD5 f2f3b59012dfc491b5b810cc29ec50d3
SHA1 15fee123756ed872c5af3c71d438a5c91af1c50e
SHA256 c18c0dea6790e70641a9a427aa5e8a2556c807e5b01e53d00eaec87eb5ebff81
SHA512 96762c11b3587cfd8584050386fbb4c71c837dcb126a11677a405f9edaaeadf8cc5ca80a3c2807f510403be90de1a58f88a3f4092e7176dd26c6a456c7f83f02

C:\Users\Admin\AppData\Local\Temp\gMUS.exe

MD5 be95ad3bbf0e8611a89915abc6c995aa
SHA1 4d55913b6d877738be1daaf74a25d1744ef86ea5
SHA256 6d5d7848d0583c62d88740925b6fb78d06771cd3e8c6ce2269526bd23458f661
SHA512 39abf9323f33e7a4b8ac955b3389b6151c94cfd69a91d56b69a03c4a52c1789530de7e4aace0fdd1d285080ffac48ff9e7d32684519b0fec38466dc4e909e16a

C:\Users\Admin\AppData\Local\Temp\yMsE.exe

MD5 678af9d14991d68d4c138f6483de9aaa
SHA1 7c82b9c4457d293afa58d2fe63e5e3a5e17f6510
SHA256 8a285536bc4bebb72dd380b6201112e8934a92561c43247966d06d8f6100696d
SHA512 9c7a8c933f9e71bc77854519559b1974699e8c0a7a75a4fff1b8f465b9ed4527fa23447919c0aaada36fd6f8e296dc752c5eecb604559746dca684342d501bc5

C:\Users\Admin\AppData\Local\Temp\UsUi.exe

MD5 38fdc0d29b647c5b091277746d4cb824
SHA1 cadcf7b62c2fcd577d8288153319e413458b40a6
SHA256 5f2e97978231e32d95213342e0f03bfd2b5a8f8af92f0b59fcf7313ed9973fb1
SHA512 51cf7a0ebf4a729dee328a9746a947c85538ed10bd3debd7264937efa554682fb50331a358630a2e6d09bcf033e71a2b7041652d157355b95d80aef9332f96da

C:\Users\Admin\AppData\Local\Temp\MUoUgUQA.bat

MD5 2e0f7ba016f836dcae49a034995bc279
SHA1 903d020eb928e49600e3228f3d253d9d160f1457
SHA256 1bfdcd70d6f9f5cfc5e6902a791829b0d148e8d85f33a2bc37a257b5474048c5
SHA512 f63d6fead58efc117bccc0eef02435662bfbd6a22bbcaa9daf35bc3b7ef4b337d73270527d22bf0fd464111cfc296aa3ae57d9b881ea6ec77bf79216f2bfb7f3

C:\Users\Admin\AppData\Local\Temp\SYEAssQc.bat

MD5 5d29dd0dc8f889fe267d0b953d03f14d
SHA1 3d635e1347610294c65331b394bccc1fb354d588
SHA256 be92a9af7d92851e3789f7f7b2e1bab47eb099ebb9790e30e5122416c62147f3
SHA512 839814741b4b1cc89f4b8f4c6f79bb366f9c48db10b6c11cd7c89e0f1fb25fcf00b0312d60c481b1cfee22734c30cd0f06ce7e40bb005357e34b396118799628

C:\Users\Admin\AppData\Local\Temp\EoYe.exe

MD5 20c7f3cdfb2299135d725bf1ceae9959
SHA1 f44d84d01b6b1c14477cd031881ab3c77927fd76
SHA256 c1f604096403d6ec423af8654c808ace76d352a329f66ef15e0148eda37d5ac8
SHA512 127cb51693222311af3126ce9636e7ec0b99d1d5b32f7643123e0c92f6ed96ff7943d3648324e53966cc46d80325dc412af72df79612bdf81dc5967e1c4ba9bb

C:\Users\Admin\AppData\Local\Temp\IEkS.exe

MD5 ca27acc6b74f9ba7020bb7e2ef89ea4c
SHA1 35d31fc3de36a936f3735879a595770f776180ab
SHA256 d0bdc9983c00593ff93b8d63ba78fa8086bec04863520cd5d8e3d31099d22c6c
SHA512 b62702a3888554f4b2689e6ce600f1d7c7e1db834e98550e4b11a6be60d4f0dc7096f8eb51edcce2623425bdedfba2f43d5785d65feb80200575dbef7e229259

C:\Users\Admin\AppData\Local\Temp\Ksoc.exe

MD5 4a60ae33121f87b6337c3c60e8eb7bd2
SHA1 4acc9a6a52d3fa562921c6072c74d02f093eb528
SHA256 e1ba538fe023fc510dc13367a2900029c235272d2acf99d3d62297edab832b0e
SHA512 8ebdfafec060785525c18aebbf41e7b7386d8002ed799ac1f2568b4cb0458add39e58835ee701d23a6859a56090bba0448a711e30e70359a860b6c2e454360df

C:\Users\Admin\AppData\Local\Temp\gkQm.exe

MD5 904cff5cc82491ab1428a517d188e4c3
SHA1 1c89b9acab770e0ae06a3ccfb94b101063628e79
SHA256 f6cfe572666722b1d063cb12366895d477ea940aa172b2ced81674cb43c308d7
SHA512 82aa24e8ef22407f535d67607270e3359193a6806e2c3617de99892315fc6462e91d5417132f341ee7f1d2cd33ae115bb97a471208ba2c407826d3f24a8fda81

C:\Users\Admin\AppData\Local\Temp\CgwA.exe

MD5 b4a93b93eca76b2389c3f413a56652ba
SHA1 1df5b013bbceb3d51a2c41a4b5ac9e6e9578a58e
SHA256 60d2322fcabc5608c84059d32f8eb72946d2326316ffd9289b80d247a495c50d
SHA512 1aabdb202608fc64185114826870d33a653324c5599b496a2d255e893892fdb52a62b688d8783457b8b82d0801d7a48a30f9e284d8ea3d7e7ff7a0c08d88d484

C:\Users\Admin\AppData\Local\Temp\uMYAwgkw.bat

MD5 73ee98b94db7ea38fc37f0bae0edf209
SHA1 94da1f309256eaef4b3767790ab65536aa145932
SHA256 c32a4234906a07322884ced5beb45b3e0ebbf4ef7b629c96e10b1ade6c7a3bb0
SHA512 10ebe0044724303863a378dda82d468d62afbd10b91a468ca78f740e20e65bcf9e85af86ff4f620361a71d73a7f5cc1634a0efa17fc9e7c3cbab5056d9675022

C:\Users\Admin\AppData\Local\Temp\qksa.exe

MD5 6ccba3e7e8e4d580d5bc6969d93bdf0d
SHA1 dbd4849562e82550cb6a54dda4ed583268760457
SHA256 1c6c9bc3f0edc65e85dceaa93aa35a4036eb6ba2c69ac9a17b3981cebb355649
SHA512 430a6fc69af993d0d092872a002a4ebc58f5085c59b99d9786f27cf350c0bfb0b0a867870108c8206ad4b5afa579e9d8bd3644f0e9392e80ff773497fed5e112

C:\Users\Admin\AppData\Local\Temp\iQgk.exe

MD5 a5fb308133831a244b5db436a75a3c9b
SHA1 7568ee86df29fd79665796f6038b6010d4dea5b8
SHA256 c0380ad2d8ab712be651c853736b4c48b98a0cceb10995df84a1732351086cf5
SHA512 7a07a1bb7bf337a322d51b8c61bb7488648488452d140d057f4e4b70e0fa16ed1ad00f204de3253ccd58ed61080b189573ae6f8232ad30a76e1a8964c87cb3cc

C:\Users\Admin\AppData\Local\Temp\SYsc.exe

MD5 fdf137ca7f6006b0f5c3694c38af396f
SHA1 48687a194ee9926312d77c6fd62b0d7f5e678b86
SHA256 c315943c74b56fdfc2437c133e14b524c3ae9680135026f82e4d9741e583e72a
SHA512 05b53d80ce605d7bd5b67f2d1d513ccb4ba66721c1833c865fdff11129a25daa57202c2f4a4f0d6976e0f93a4bf8ae6e45b6e67cc5bffbd6c0d9a5234404c89a

C:\Users\Admin\AppData\Local\Temp\cMsq.exe

MD5 7d07a6344209a3f995cc353dae2a809e
SHA1 7a6109a72e927c237e4c26296b28cb8a9d8c4ef0
SHA256 198896365780725b65a815397ddc3f81011a2aebb5feaa528edbc80bf82a697f
SHA512 19969b41579bc0a8dd9f07ef3580d1bc49a1a9e7b1e628503a7b955b38c60d19dc8d21b2d6d667215ef6da96bb72e97f80933ef60de37e280cdb0a362b0f4ca5

C:\Users\Admin\AppData\Local\Temp\MUIAAAYU.bat

MD5 374c6d189c19fee04b04b8715de1038d
SHA1 fe2178ef02eb6a8db23ccdbe87a78d9dc2c3ab76
SHA256 f6bb3258e830b54d107ac0b099ffe7f6bc581519843f0c7cba2e6ff080799ecc
SHA512 d081d79eda29e7fe0fc172b6900d797dc1b86bb55d12f1eeb94ea754d71b859f4ec6695b8a96767e3d938777d05e1066ff6ba3a7125b026278e9bf08312d1242

C:\Users\Admin\AppData\Local\Temp\okce.exe

MD5 50aee8b662610ffd58b46c4ff11ced94
SHA1 3c1ca72296174bfef18480676054195919e20c97
SHA256 06e9b03c8ec9cdf617310e96d8fb648dd7228d96d304f18c85aaebfba65d3b35
SHA512 c655848dcba6b9cc8a68533129ed1feab9494031176b42ec80dc5e16ab815afb2b499f37049c5a9d6c1ee4327d3235eecc237e0c1cb4821f91d120912abd8636

C:\Users\Admin\AppData\Local\Temp\YQcE.exe

MD5 a729d18957b2e46d46b1bd1ec3c98321
SHA1 3aa79c60820009286940537ecabc2b56e3bda4e6
SHA256 b9a0aab341cc15130542be5cd99db315a524c2de93c61bc833d8f940a4e4e52a
SHA512 318ad23d4d476ef1c7dadd403228bdb83f25819cd912b4f8a6c7f221e4995e309a96f7c750affba93cdd2ed8f9c704b4bb585291ec606d5768e3eeeeb32863f3

C:\Users\Admin\AppData\Local\Temp\XKswIkAo.bat

MD5 986b6b1447e898806388290a08737c7f
SHA1 cef20ba562b5c2b754c7798ad971aa0d5d90f118
SHA256 c0105ce6971a45c96e5a9037d82aa99032f8f51a642f88a5344683ba08f9a743
SHA512 054e9d93be20aedfab2ca58f226b407df66de5565a4d1ab9569b02b99f515feb9ef8a4d7fec15ea8b904b73e157789e22644806ced7a5697ed3002d5f7304de2

C:\Users\Admin\AppData\Local\Temp\AQwm.exe

MD5 bb9b4b99862013dcd44fc5a0746981d0
SHA1 c921019f5ec3e6ccb18eafd68b6e2142e83bebb3
SHA256 339aff76519a18c7e104c95873c64383a619026399fa50d9e10cf7b73ade0562
SHA512 5c12b70d4b6be968dcc3d1c0fab09bc5943a082ad3d6189985f69912a2ea55d39660bd626b83b5c3f59f4e1bcb3c48117dcb3be02f9b48b45ba391539a8bccff

C:\Users\Admin\AppData\Local\Temp\Iwoy.exe

MD5 80f49f0751aa2aee4e8eaed189614c09
SHA1 ca52b613997ab51a3c9ee232d1840f0ce95a8abc
SHA256 67c8e2adec69099ca8a3e1e561f8aeac4e1958712e5471f2d9652f0300dfe467
SHA512 ab6382caafc37b1654df77f7a6cd7e446bfea04bcf1a38c2705fc91101ccf3c59d2c1cf8b86fde4dc8618059471ce0f3f0554de1cea4d75773a8e89efed76456

C:\Users\Admin\AppData\Local\Temp\YwoG.exe

MD5 3cacbd111f0e81b821bcff4f552424be
SHA1 a14c888035d15249b05319cc640f09f02635f0b7
SHA256 06ccf47f95dde160bc1dcb2cd99a0091664e3b0dc3310c51ee81ef425809e4a9
SHA512 250bb363e711f76babb93f7e4c1af12e0643e5f0bc988bf140c24e51adf3b52c51456bd43d4da92b200b7acee21b21c6765a2e04ff1380912275ac426353887f

C:\Users\Admin\AppData\Local\Temp\PuUEoUcA.bat

MD5 b293ac9ea201b4ef4efa4a6f5a958380
SHA1 e1e61cd139b7c7143cf61f80393e4ffcfa5baf65
SHA256 a79e6429413910b249622aed3b838e605d66d83dca98e98149a1f43ab21048b0
SHA512 41a78baa0ac879ccd03bc99efb07ad79c4e509de47b7e2fdccff6f1205fcf7f155a3b749b286c67a14f30c154f8cf3f6c46383ecdf27549e607b99359a199659

C:\Users\Admin\AppData\Local\Temp\iUIO.exe

MD5 cd34d56867f771763fb5a896bd0b37c1
SHA1 a983e28e1a732dffa43ae81598f9460baf9a5cf9
SHA256 00be0aaf3e8f50451b03f09d0604de62c95e3eb88703f10cb5a14a699cbc46ea
SHA512 e151de5e7dc3822037c7b0540aad6c6d907eb0500ef71f6aaf3299dd5c8d445f372564494836145da10ad7fcd45e9e6c6834028afaecfe09934c1e555c01bd5a

C:\Users\Admin\AppData\Local\Temp\ksgy.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\KUQg.exe

MD5 9b54ea0e34312a103133747f38665f70
SHA1 730b4d14f57414555dd3cafcd735af3383cd50eb
SHA256 4f87507c35d32877798c814273e01cdebcadfbb6c59b02c86171726c8442d79a
SHA512 029b57e07b67472513ff86f9257e74a0ea7018a40e7b2e981fc22d15802967e53525ebf0c5210707821989aef59869c5caa5a757a78a499df6230bdbf52a942c

C:\Users\Admin\AppData\Local\Temp\QMYw.exe

MD5 33506c9b72f2700eb58b8ebd6f39b69f
SHA1 a0cd39ee80234d5dbb188b4c51f4f67106ff964f
SHA256 8448a14b58a1dec1306e547271c13b18e5cd011c4d2e8e871dd1748adbbc8523
SHA512 2e7aa0346dadd03ba2c52ffa35d2eaac3c7933c32e0c4078d942b13f448f953335d8ce7fb36ca2a210d9fb6e2d8d365ebafc5cf38d660fc416643db636dd3b96

C:\Users\Admin\AppData\Local\Temp\ucwM.exe

MD5 9156d8e188dc495534fb154ce6d43e4c
SHA1 0637e044aa5d503d2c28f1bba031959094400d9b
SHA256 386a4e11ded0306b23c4975716564d80fc8130ccded12dd48a1b58618a96fcf3
SHA512 82241380ce6feb6cc861bc048de8d34836dca207bd00de07ac09ee3e2219b21912a0e1dcdc77ca68c0c25e8d49bbfdc942bad4fcfceacc3b954d80b025f169bd

C:\Users\Admin\AppData\Local\Temp\qIgy.exe

MD5 e5a82d76067f19a651ebdca57fd1f637
SHA1 59d3ef2b2747391fe2c707d0920b0df68344a282
SHA256 449145640d495f2ae8b1c0d0941f7ff8bbaa34a03280ab3076195d46cfda298c
SHA512 b041a9f368ec635b64246052f3e284b5c086190264fac4bfc4b561da0d191b7bb0e4a22debfc3fe01a0b6bc846b7cb39c0e4c1203b1a6f4518c3a407d87e2720

C:\Users\Admin\AppData\Local\Temp\MgwW.exe

MD5 c2fd792ce346e624f063477fd8ab073a
SHA1 a278e04543eaf3a4bc9b52caf2afe6a5bfe3db06
SHA256 025b78457a71e3825d343f63c35a577b81073ca77c77d9ea3a1357d70962ebb4
SHA512 87f201eb8b7702093877d2fe92ef0dc220ed731b3d5150f36f9082efe91715a4839d6fd0e595604a6a9750cdb4478843f02e1ad0b238de7847a4c212e5dbcb45

C:\Users\Admin\AppData\Local\Temp\dWMogsEI.bat

MD5 77538292169fe6a6f3f72d3e9647af16
SHA1 fc56b7f026468c869c483b5a7d91101ec4b38027
SHA256 5470ac325b167940b593f08cc944319afa7e028c3f619b978c013957f940d52c
SHA512 e077399b0834cc72ee1f54a0137d8fc88a63cbc1fdde94f578970ed3b1ef9a0c4e7364b06a5ee23b4ca99985f5ddd3c3e656f0b56b268d0ea39de29ca46aaf5f

C:\Users\Admin\AppData\Local\Temp\AcAY.exe

MD5 f804efb9b37605457d92136aa9597cec
SHA1 7717b06d953956eaaea23626804d0083d97ab3ae
SHA256 1135670472871462e83269500e99333d9092fb8edf4d18282a2ee6d8662668eb
SHA512 5d6bfcc489dd980045320c804b06cf92223f78051c6d392e89af954a47713de3408b5c325467b09f170bf6ebd5610a2667ca34535385928f4f8317832193e633

C:\Users\Admin\AppData\Local\Temp\YoAO.exe

MD5 bf3a3d36b71b84dcc6fe07192f828b4d
SHA1 ce5cb1dfcefc1f0323964386096e3f99d91b3865
SHA256 9d63f3353ba1af0de2d1d06b71ce11949258df4c90e05f57e17653a41f3679c0
SHA512 2981272117223baf89ba925cb88679f40a3f31cd0d2a4a459c2e056f04f770487cf54c2f3f9a186cd5d384953be057f6d7ac591bbf992934718ed70e5e10e89b

C:\Users\Admin\AppData\Local\Temp\aMMu.exe

MD5 8bd1fe70b87facf508c386e0f7dca81e
SHA1 fcdaf592fbaab2fcf49d155799f7ef45f4e43aca
SHA256 160c5f12d271f68431dcdd79fbe069fd192e32436b6eb3d526493394a1010908
SHA512 24fce0eb553d7420e369d9e514e037c5f2be61116754edfa647457d31d1b4a0c928cbbc51875799a73d0c3a7522ec0e8ee4aeceabbb140cce759988e55f01249

C:\Users\Admin\AppData\Local\Temp\WwEe.exe

MD5 497d73daf4dbd11f66b936790e1d49c6
SHA1 fc670766eb1e313db27557e78e76d00b53e2dc4f
SHA256 6641c96f6c86a112953568ee22f90ac105e0c1ec5b5c4f8390f3dedb4ef2202a
SHA512 0a5c2795360900e9c3edbd7a91488cfc6afd64f77eb7b34cee4311af1192562f7afc9b679c78ec2200307a6b613d9a313f2ada782ac54b0a26f37190ab03e519

C:\Users\Admin\AppData\Local\Temp\UgAY.exe

MD5 12d1fe223d74b98456649ed62cc527e5
SHA1 02b87a7d95f210f8b2e10ee6b97acaf8a2f91be5
SHA256 b0541084ac5f04fbbcec632eed76b605461d2c24829985a67ee2156f65ed33c6
SHA512 9e8e852d206e1e98d01b4ed9f46f0074017cd9c8b0f78781735ac81ba03f32db3cb5a224a2f466f6a5ecb3504520999106885a06911185a052652a5cd64a82a0

C:\Users\Admin\AppData\Local\Temp\zggwUIEA.bat

MD5 be4d2cb0378528c2cf90f8e06c494f7f
SHA1 35a0e2850ac224cd4d2e820e778e8b01c5c94737
SHA256 e112ef496c399ee56ad74537313048b82525fcf6e18c3391efa731b4da88d244
SHA512 2a22c302fccf71476603c02bcdebdc150b4f348925de02d71bcd852e15e70d4d7e6875230da46c9b42073a81d6bf1bffcca0f337d65214b0f5c2ea704dae9254

C:\Users\Admin\AppData\Local\Temp\gUII.exe

MD5 3443401d6fdd4093498fcc45d53f44c2
SHA1 5142ae1380c3c46485752cbe08fe0868ec5370db
SHA256 a0ac0af36403b910da268d5c60312223181e3fe7c54920586212eb4e021ca9ca
SHA512 472fc132670bc292c5f2e5f7aef5f3fb428348c9b3245723880fba4af2341660dd6ccb5b8695322b06681fe86d60163bab9f81b27c22dd564322d36eac3912da

C:\Users\Admin\AppData\Local\Temp\ykYI.exe

MD5 5a1db66c69fae8b5eb854297cd6d3590
SHA1 f461c6d8b7e15d8937a504024a3ff76f29540fc6
SHA256 dff67e8f9558240afa13edae7cf01fc9665bfa37a4f28544be14a7df19d7ed26
SHA512 52dd405b60849075ff4f345a643019482382ccd35735c4fb19b72c9f3f62d91ff93f849a68154488b77aabb3dc7f365b922cdbaacf78e32000003e2c26462917

C:\Users\Admin\AppData\Local\Temp\SIYu.exe

MD5 52c883494959d425f3eb4e7844bdac43
SHA1 d60a2ea28c489bddb53881614a766086d7596810
SHA256 715715d55afc319eabc3aa89a90bee4f1ffc57733e20f804743dc4c1b1b95f8f
SHA512 dec92b489c640e0316fc9b4dc8fac11c2859a974dd9e047dc4b764cdc7ae6e01b766f4639cb3e2191c76427e5aff39683febf9885f449157e1c17d526843ca64

C:\Users\Admin\AppData\Local\Temp\scsA.exe

MD5 9752bef5ca9726a479391d1f70f84ce5
SHA1 fbd43e684a73f0bf4ecaa275ceaa2a8079039a11
SHA256 597be7b626bbbe5e29ffa081eaf543a207bae77331f925f882b7f1942df66c82
SHA512 09bbc65e65832b8092e838c9b13f5546c893e217750b9a6b5fcc5c894abe777b28fa1c31decf900afab8e16edfca5d4056fb0b2b1a2b63c3e2540b0ce69cb856

C:\Users\Admin\AppData\Local\Temp\yMgq.exe

MD5 9fd88776e878fb8b4a22ac113dc524fb
SHA1 2c9c1abc046d73da74165ee9952ba96d6ad9f88e
SHA256 fc0644d2c5f08dd557a4e96e8e43f989d034d43ac10d8683dd1f8327d2901928
SHA512 2ed3571de00091ba6b86fe88e309737be92641fb599d88f01e9ac07ddf39dbbd127d3ea6dfb8e65522ea157c6de3f9063e7a4a571242ec3109deb6b1720c876e

C:\Users\Admin\AppData\Local\Temp\kgEK.exe

MD5 7fcc8dcde8d7caed65d15a99b0bb49c5
SHA1 8be8eb573cb8be7666ff988a41baf52d40c02fda
SHA256 f95f2516851140b8e262446a89b8230eb39f89dbd42552422c9e0b6a82dfe05d
SHA512 5bcfd6828a07c69c33147518a1cdc2636a47f97033f0dc4d64947601977f75b9f5ec61bbb3a14a9a106249e42bbe2679b5297eb353014be2eaa324c92eb42b4e

C:\Users\Admin\AppData\Local\Temp\YgQi.ico

MD5 5647ff3b5b2783a651f5b591c0405149
SHA1 4af7969d82a8e97cf4e358fa791730892efe952b
SHA256 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db
SHA512 cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

C:\Users\Admin\AppData\Local\Temp\uegAswQk.bat

MD5 eb5dbc1b88547841fd1de90a4cf4a9cc
SHA1 881a2981fb2a3a21c1a30b71914050217a74df2d
SHA256 5dde165f550591b0b37c5b3fb3734a5dd5238de9309df02e648261ecbce52f24
SHA512 15b7b118aa6b5cdc43ac2fb690aa367285dce6938b11a716b9113b9a94f633bcf452c2e441b8a36cb82ba30b51ca4e01e0c8538d14247dacaf21073c1035c0ed

C:\Users\Admin\AppData\Local\Temp\mQgy.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\CwAO.exe

MD5 3c75c1d038144d5091da8d1c4a542d0e
SHA1 001ec3bf443e7e8d8eaf2be4050de81366dba85c
SHA256 f3bc4a60fa2129d5d4520167572c86a0c734581a07020f33fdc6b493311798e2
SHA512 0c4bb5745554f52ffb19f5146767d124200ec9acaa25784d5d33cb18f046b7aa306e7b8f7886ea4088dc482c920ae5d077264f12079195bed5bfe3b672add5bb

C:\Users\Admin\AppData\Local\Temp\WAoW.exe

MD5 b24d7635d78b037f8a4f400b2c5f10e0
SHA1 f624ed90cf716fc6e90ef4f1f6b4e1629380e3f6
SHA256 41a1c716fc9b29a3f091d0d5256a43f76334f22725e62cddcd69143b099c9cd0
SHA512 2f55f9a6fe73a66f8602b096544c85a4e29bcc51c2b84e418a12cc00c33eebc5138c0bf600c68eb915fed3c57f2d7800e6ebc79682a9ddf365e8a70ff25b8ce7

C:\Users\Admin\AppData\Local\Temp\EssE.exe

MD5 1ad8cd93351ab635c8704a0b3d07ab1a
SHA1 3ee970a9ef2700afe42cb26ab9669e41bd990d3a
SHA256 5e5d375d5baa5237484377ea1600ff0ae93414fd37cf5d5ab975ccee10e63b27
SHA512 7766730d5add836b440f29e7b33de7fad8730977f02859e82c31f23a12f2fd0779d66e6d1bfdefff3ff7fd763dbe8b2fa8a4d1ee16794b5d285ffa00b8426dd9

C:\Users\Admin\AppData\Local\Temp\EsAC.exe

MD5 0fcbc914cc702f846399699b15899ce5
SHA1 4be7ee2e2b1983f96a291aecf23f36e1cb501144
SHA256 bf4300668d3222210d9caae2664259da62fd355f3675c676344a723948434a37
SHA512 6592176819c2c114a79cf31e1c9c9e1e01de74b045201e93ca821ca2eb48eb592553448b198c032eae013c25697ea281241ec087d90efb629ee880b0b087b5ad

C:\Users\Admin\AppData\Local\Temp\WgUg.exe

MD5 78c571b58dec76a50cb5bd0258d093ec
SHA1 58cb7b0937b4ac7df4d0c8a14f595f955a1b2b8c
SHA256 6e2614826280f4652cfe0d359c17542c29737fd1379570afef87c9f8ae236614
SHA512 0af1f9bc62aa1946d254851e1fcdbeee4455d84e546dc28f123e0d6ea9e4edf85b96dd55412b556881fde08625fc641e9c9bbfdba923aaccac68ae007fa3b725

C:\Users\Admin\AppData\Local\Temp\QckcMgsw.bat

MD5 e89e3c87fd03f6fd88536095436820a5
SHA1 f97488d7a7d5e842490adf05ec3c4f6a21bc9e33
SHA256 845e27a46b5d076b2d80486c39bab37120fc7759126ffe4e984575198823fe36
SHA512 8fe8b82ee65ebac0a928fe9d91f1d98ba486861d8ad8c73944cb2f606dfd4595bb229b935745f2d6ba2f472e8793dadd9d164ba033d632677095cd97efda501a

C:\Users\Admin\AppData\Local\Temp\KMgc.exe

MD5 4f2499a3c4af1e725618fd3131eab61f
SHA1 68dc040574bf6f31bb4f9d03906ea271e95a70d9
SHA256 a84f3255bf90eb5c0d5d4132e3bd95ace1c589d4276c574f0de701340051a81d
SHA512 e28ccee0db15ec3033fab9048221d84b0d1e27a91ce80c6a8fb9b1b9d5b25765a44a147137c4da950ea53b3359170cebbaefd0e3ed1d2a4a4cc7fb5b1ba095bc

C:\Users\Admin\AppData\Local\Temp\kEUw.exe

MD5 57bf4498be2ee3c8c1c5f3f4403be5c6
SHA1 b07fc1deb77d2a2a6b284aeced478844f7e0c387
SHA256 6034bc745b9fcb4115fdfff28381ae7cafae282590d37b2cb5317a9ced8d282d
SHA512 cef9cb5449e095bdeb6ee6abac9eca5b13ad8ad3972d54842bdfb198d761079f1bb99ed0d575ad9b77af02e267c3032b7d49f134ad46be97dc82b9555f691b88

C:\Users\Admin\AppData\Local\Temp\OYMa.exe

MD5 1f52604fba9c743de7fa90080e15d9e6
SHA1 100f9c02198703b4d60593422a27ff1d2c91b57a
SHA256 08b089966fa4d5b24184ec70810e77eb121eb7a7ce250fe61d510e19b47b71af
SHA512 b3db1a2a81d467cdf6aca4627cf9671dc56ad40925dd8e2a5009781970a8a370338c7bb327725794d18b2f2036cb29cdd4b0fa3107dea1ae7ea876263bf533ec

C:\Users\Admin\AppData\Local\Temp\mEUYUokw.bat

MD5 d71b04ab4acee6b9ca0a3efe3557879a
SHA1 037cbe94840b6c7bc3538fd7d0ea27ad63fd22bc
SHA256 3ee7c381e63addf5e5f6e1f86073de97d920e228e1621bf80bd284b28cb5581a
SHA512 943eac5f8b16c222e8cbb192e82473a216678b3fbf5e8e2741ac71147a69bd7247298bc2a9b2815c3b4d766e8ccb5e0266b9f55112bc781dad47afddf55073a2

C:\Users\Admin\AppData\Local\Temp\aQQK.exe

MD5 33758a0acb318f8fda998de9551cd3be
SHA1 eee26c18e938c15fee6991fd4115a3ca2249a64a
SHA256 d4f8acf0fb29564b6073af25be70cc546cd8ed57e2cca8053f461a3b76165e65
SHA512 f6e598402a52ce7859790fad77b40f3c231891b6e9a898dea8dc9bff4c78cc9484355d34f8b082ddbfaab408c4612288430454265e9cacd4e85a5d810e84dcff

C:\Users\Admin\AppData\Local\Temp\IsUE.exe

MD5 63825d539d88358da7c2da2c0aee5b6a
SHA1 151bd0fa0d9c4ecd7ac15c221a3b1b632e1e55cf
SHA256 500b2ebbd8ceeed19334f056e6430425d7801fd679c2b5decbfd76fd64c0530d
SHA512 c1de53e93ee2d3144f78492aab3f4dd9bd52f52c729e7e53272ee721ba14b700f2129c0a96f081572c11efd62d2627e6e87c87c83eee1d979d16c2bd18141530

C:\Users\Admin\AppData\Local\Temp\CQQQ.exe

MD5 8b96b3d0317f729ea521e5dcaae141f6
SHA1 340a7d22f8fe510408ccf44cca517a83e18193f8
SHA256 159e05ad6a1e8c953ab1698bbe75df6912142861fb0fcea406c2c4df631c347c
SHA512 baab5b016ea6a1973c0d11539417ded1a4f7d017fc823179feb85ce9882340a8997d849445e70d54e09ceb9133108c5ad4a11e39c40f4e679432c0f17c413535

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe

MD5 bbdade21844a6b18cc9e9d8b82e5baea
SHA1 7940d4046e443f58a7b23067d9b3ba424ad5cfeb
SHA256 26c9b71d6c9d7f7fa99d6b3b0af7baf9a7f9ff2cfe8729746d6282c3fe7ebb58
SHA512 d5c676458c0c351c166efd92a36d4b7dac2a2ae22eabbfeacb52e0ada40a59f35ac259057f2ba8b293933a450b156abde3c31c1d9662e2b769f45a7634ec2b2b

C:\Users\Admin\AppData\Local\Temp\KOIAgwII.bat

MD5 556f2efb8d4429efe14b936a9dff7637
SHA1 f6a978fd4ed8179bc3e5dfb14ab127337c079f12
SHA256 3be83ad68f71fa3aceeca6fc3f467daafa995d02295c219ce71271e6549eabb9
SHA512 12f5fa8d0af12c5a143053afe58b395f998640c758bf28c459589cc59dd84925714cca64f4eafaf0756da5287373c2ae3b63bc44ceb9681337437740462e4d5c

C:\Users\Admin\AppData\Local\Temp\McIM.exe

MD5 0cfd7eb04641871577c55c1892174a33
SHA1 7b12ac3b14b3c500914457b0f0ae1a1d3819db44
SHA256 47c67508543e0fb0eb61d073920b5c6075dd1dc6f0128cae215d60cbb989ed80
SHA512 716b8f77dfdcd4d6cc8564626a45b39542beb01610262a94482e72162f74c284ea89e94a3a983f6a0aba68eace21366e92d4a9a33901619c820ac7b6a1de38f9

C:\Users\Admin\AppData\Local\Temp\WgkM.exe

MD5 c7dc2f4c4c2c48aa7b2dec12ffa5993c
SHA1 975bcc70247e94498cae09f1a2ea5358153401b7
SHA256 b98c97aea6f4fa54003e1d1bf35cd51f1d56cde42f57008ed0f2974286cd362c
SHA512 27d09bfd4a6b5b6ebfab810d548c37aec046caeb339175a42bd880186101df4b3566b3b26cce53e0201d533f6b1c8e6df3a713b7d14e6ab48fc2cfc733a75717

C:\Users\Admin\AppData\Local\Temp\QYYS.exe

MD5 9e939b38ef8604051b9104d131662e90
SHA1 cdaeb0cb6cded361d1543e80e29fe3dab2e2b221
SHA256 43f16e22fe72b94fb42e3a4b7c78ed3fb68a8f084c4506d97bfc4edad6e5bad3
SHA512 e6284ccfd50d910fd845ba0a750a579e5311386a38b121f0387f208fc5e1d63b26e33049a9e9e17a7eab77d6417626666982906721f1cd45d2b149ee5586b62f

C:\Users\Admin\AppData\Local\Temp\Oggy.exe

MD5 21938f80c18b0801f43f71d87b9afb73
SHA1 730ccaca8e71ea9eb71d89e51b27ebf8e8b3fedd
SHA256 355c7ada9e768ba48a79692106da3dd8933fff01728a69961bbecd53cd8fd559
SHA512 efd6835a3e0718ef5128c4baece1f5a9a3a56504498c88c928ebfccbc50f512a852e3b9cf3cdd8a37f3c3f719f0e8514096031214878f50a362557d79fc7ea00

C:\Users\Admin\AppData\Local\Temp\peYkMMAI.bat

MD5 f439fe920d8ef0e13b982a8cc712152e
SHA1 2250fc46fd3089aab4d47391a2d5012b7cbf5a6c
SHA256 111e9bbda31e1f43f2c5de50a56c94d74d42e95cf3c9a1f150cb8bd1404845b9
SHA512 784b91cf5c666edae01d4fb8aafdc3aa086163d77ace1440c7de87ce9de939413c4bf96799a5331aca6d1a7c35ca1dd8bbc79ba42f83f27b49de76922ca91455

C:\Users\Admin\AppData\Local\Temp\AUEe.exe

MD5 24f2e842255dfe554adc419622627019
SHA1 b7faf4ef699e69350eca6ce205c92fec3f08556d
SHA256 f4db682280fd1a0b835ab3b2db338762e4871bad515f55c047eacf739e074817
SHA512 eb442e5782a4368e5c18cf6ff59db6c1ae6ef856004c3cabec2d58be088f30e494df449f41efab1b2d7e4d88d8a07731013cfef155eb779b7e6d9b68e6a3b526

C:\Users\Admin\AppData\Local\Temp\oscM.exe

MD5 2342233d6064e5bf36922941ec572f37
SHA1 fa9de95ccf2702aef197814a2f417f3ec0d56b3e
SHA256 cbda4de8067485b4f7c2c51cfea5d76121a71a642bf1194bca597374114a029e
SHA512 cbf8752b55fd67bddb59b507ebd73e78aa4b989503227024847d43f6ada195c4ac7259221921cb385548413bbd92325d2e46a0d2c5b9f1765c6f692de1fdff38

C:\Users\Admin\AppData\Local\Temp\mAso.exe

MD5 2f9ead818b10bf768a3fe05627ba8012
SHA1 f026617d7abda7d8ce79543e1bc6631cd58b99cf
SHA256 e77ac48fe69beb0398c2c204c5c515f26f0ab91431604a6a6fecdd6a46967be4
SHA512 cbd11f326c24b1f0cf0114ebf686803d90c1c31522b56fc149647a28945bf4e76e261ede5411c98dd9736cd4831fa5fd31b02d8f218f3611857611b0193ca6b8

C:\Users\Admin\AppData\Local\Temp\EgoE.exe

MD5 c3173ed4c9e042577bab3e1b7bbe1134
SHA1 ac32d274343e6c26bc69ad32d0d9b0302a45655c
SHA256 fa570e885cbddb74356ed8e5adee03104342b6684a5174105a54df9223275ee6
SHA512 baba0fe4bda770aa7df719971d8baf4b2c0f559a43ca1f594d82d343260363dbf6bccb4b073231a90c30bd81c95f16d4c89a7e9214561eb3872ab8afba0b2d18

C:\Users\Admin\AppData\Local\Temp\lSQMAAEw.bat

MD5 a3555ab611cb17777970cee4459606d3
SHA1 e01407ea924b1ec4589003a0015b72bb9b0d33c4
SHA256 bcea94d1a479a0bacc69e1e67a3fa922784b50d042a9217261beb1b8bb52436d
SHA512 e862d425d12af13b4311e4b90f2122b3c9eef6bfc8dc21189d030bc12c0f8b5faeb0c6d9e15d7c64afcf17483b004e635c20e93b48849f22a1fefc086dfb90e5

C:\Users\Admin\AppData\Local\Temp\ygUw.exe

MD5 63d885e20741c00686d85c2b1292b629
SHA1 d1fd22d009477b2c4184b0b71382e9887d9b02c9
SHA256 14de19c140c981c17f47df1793fc6537647a6258a2848501b57cdd601ae832c6
SHA512 98a7efc4d4ddadaaa7d041e6c7d9fc4cf6bf208035955121b916b187ee49716e5134d787be22ac0113765539addbcd12a569b19a5df4e2d1df66d7f010f5279d

C:\Users\Admin\AppData\Local\Temp\Uwsm.exe

MD5 6800166570b7768e6651045007972203
SHA1 b78c9e1ca5317b8bedc7b0ad2330c00eeb54e0cf
SHA256 fa19ed87f4cffbf3a9c4edef4d12e2fae9750727c684ef58c9a1bd6ab1f4edb9
SHA512 569df44c45030f8753d3d53a239957a5685e437fb734a12fd79adbaad91ae3b25a46470a045a1c64682366cd5aae8eb2e9311055bff8fef2b36252c28cc9d9a6

C:\Users\Admin\AppData\Local\Temp\QgII.exe

MD5 1b6bf37c0b5a8c0abd7008e0f01a9d34
SHA1 d539314d116f15379c37728734ed62a795cdc8c3
SHA256 68b01a0b4e3d7f6abb769d60c3f570a22c2d1cd6263773ba524a30f40cc11b40
SHA512 a1eea76f55e107cf891330c409e8216c107017533aa009401e8b9385a8ff3eb78f4747b1f8c05cbb7563e4f8f5a4a7b5adbe5a7aabc922742f816f1fbfa46fd0

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe

MD5 8508003dfd2b87d6b7c67cac56f30d17
SHA1 80296171d3eac2c1b5a9830b2c86d3d054b2fe87
SHA256 8fbe99005840c2f51d004e861b75e484f6934097602a4925f11f946dbb8ad692
SHA512 ed5e0ed2bc26fa37ee56643eb7f11326db2934dcfd2bd1c14e4a87b13275a6884f6a20c41987be5a9a4b79ffd2415d035c053210f27e5d774f068a080b464812

C:\Users\Admin\AppData\Local\Temp\HcUMsgkA.bat

MD5 69156a653c26e141a3ca997fa80d8d41
SHA1 c4fd02c3f16e0f00c6fd145bbb121859b7acc9cf
SHA256 f11f21c04922b4be9365083cf0e070920d859d312f1e183a1eb393b28deee9d1
SHA512 ad133c90007dd98bf3c23a0008f529de5016a5a91eaf141473665c5ab4bcef3c2c7f50ed2a44721702539bc8a3330c8d87d1f9694954cd7126f98af08c304abc

C:\Users\Admin\AppData\Local\Temp\SEkM.exe

MD5 7e6d8b81ab4a35d8242c18f0ddbcafd4
SHA1 89b174ce200b6cb2a237918266f03e3a57808d2f
SHA256 b37c5b4fab75f7f99800a6670725564fc7e64f3959b94c116fe5bdcf1bb878b1
SHA512 624510e9197dba3dd5bf599a1f4250116ac93ec8a28a5ff7922376d77fc146e92b9eeae67e0318c62ae33bb735f3751ac2e07ce144d850f85ab06bea4eaccdce

C:\Users\Admin\AppData\Local\Temp\ycwK.exe

MD5 017592cfdf62e55f5750dc5d0077638c
SHA1 0780a99474d1d6574f2c5b829da9532209f15f58
SHA256 e8990ea7fd352f4748da0f61721e1ea31b55d546b9759ff832b9674fb534a61b
SHA512 7be1a8f9db9f36e08526c748249171dd2947bd0a51ab9560869578e187f7bb0f537a253d03c0b6868b6512c79ddf1095daa1def9a64131e45e3581e7a9522be7

C:\Users\Admin\AppData\Local\Temp\gQUK.exe

MD5 12d49c328234e18073f2d3308d288454
SHA1 bd2dc83bb72a66deff6516d3bea05da86c3ca8f7
SHA256 7c2d83023c53779baab4eed38dc96a6bbcef4c234dc8c70bb210a0701d3ac6e4
SHA512 ffd47223cf45e041479466e37ebc4aa58587c4f2e6d14dcb53a1a9d703ca9424e94265d15995010477823339735337a80526f3d63dd3aa655ec67c2b92aea49e

C:\Users\Admin\AppData\Local\Temp\rOkQcskA.bat

MD5 e862997e6d5d4a841ab09ed7a044a0c3
SHA1 e2023c5cd01f84c3f409c4fdee2c4b41959fa1f9
SHA256 23792ddffe98d5e4dd931c812cefad40a1a994c4b7882f8d03b55d46f907ccfc
SHA512 4b1b282bd0e9a2da697924aaa2960ce2c07776db4cdfe7279ccae9d7c8e2311c0d8edd19ecb03b2651314d8c9c4feae7fdacafb5378ca3c61476a1233960dc96

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe

MD5 05bd080eb5b87673e99ace1c64b0bee1
SHA1 189a8d9ab247972821a47e3996cdb7b0e0387686
SHA256 20d67633b389c2e75b76e18dbf186a0eeea8afeb3b54b5691417141d6a91297c
SHA512 b7c12e2597a4f3d21bf9c4ab4cfefa8c5cf7b238f19306875a0ed4fcf8c3cf3dbb86368b57b6fba0d807eff62e051c12666aec72b65e3f0d8cd490d52f9424a7

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe

MD5 51d271f14e9a2e6869a492faa0ec246a
SHA1 9ff7061917c82dfc2feb4100d74f79063fbff0ac
SHA256 731f128f9112e11275827572ad005ef1269b0ad8ad510ba86618087fe37a749b
SHA512 3b85bad49d5b84fe06b147ae3baa8de5675652a9ef8f14f90c18e7259e4ff898d5a5e72f6184acb3ce04e5b17a66b7ed09a7a3eeb976d1b3ce8fdf6ab7e2aeaf

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe

MD5 8d006f6229a567815344731d76beec3e
SHA1 7d40c2e9da650cb43007ba36cc97ea9dce21504d
SHA256 f29067296def7eb727a3a8a44195b7893095539a8632c8a40848172e8487c25e
SHA512 4509da18de4d2720012086ddd6a63ff39b2a5617ce13a56eb734acaec95dd44d97bd98828e56ef48160b824f3b5eb1dd21df6d978f4615a9d831b3513b4b0c1b

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe

MD5 1513ba8a0856cef9c6b92ee4b168d88a
SHA1 eba40d2a05d52c98b25453048fef1961b1ef14dc
SHA256 43fa50471a9968278ea73c65ff85b1c7547133188e8441e32b2ea4ed5d576c91
SHA512 228227c86a585f7a376499e4e6041995dd14758f679b685f6ca28349d6c6c08bee1295cc58567611680f876b5685b1368651b0d829daaa32e8dae07cf2a7a090

C:\Users\Admin\AppData\Local\Temp\guYMkUQg.bat

MD5 13472950fdad72eae948f0c952b74b9d
SHA1 8e543524d11e45f61b916a3551c87620066cef06
SHA256 47eab00e2f23b6b63df4be48683d7ba6921b859afc9a0eb464006b2eca74e865
SHA512 0c289be679620d28d0301c394af07e09399e32fe24ec0959cb50e9188ca95709401a5bc35a820c30c71cec43f095b93571596b2be3f428aabe433718ed2af260

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe

MD5 7e3bcb40451c8ea2503cd1c85d9ed5da
SHA1 581cb7e7dd6ec9a1d9e8a1280e128a017f878fdb
SHA256 a271d269cad1e9d200aab1f3164fef2503ed9560d5608ee37a7e0e88ae2332f5
SHA512 dd964eb9fba387f8eb4c1dc3bd54a6f2ba61793439d02c350110ba4308c3cafb9249d5ae13d33511d51a104eb265504cf42778a381e7f1969500f55f3d23a437

C:\Users\Admin\AppData\Local\Temp\SEIg.exe

MD5 d5a57b94ea16a7a2ce738b9b0f2b1e6e
SHA1 0a9d5b4f006add3b104e29cf177557740f0ed32b
SHA256 dd0417dae29f0c81405adb14cc3ba54c7231f2ebb42d1217d935fa49b51db46f
SHA512 3dffbdf4d65cb1c40bec3845e3ac23be483e09a8f4efc6fd481fdbfb825d16c9bc54f471b6365cb534dcebd345578303daa7a5bca0f26d8cf2c013d8e9a9a73d

C:\Users\Admin\AppData\Local\Temp\agYU.exe

MD5 d5b3c0d4ac314d5bdaa614e42b592bfe
SHA1 fef661c5e8fdacd50720e6c66e3f606002c8a9b3
SHA256 142bdace08b4f416714bf80a88947204c6347f7401a4a17fb66a3388df86f5fd
SHA512 ee7c840092e45ebed60f51e803f21faef90945e8e9b7b5b159e439f2c41d90dfa58c0ddcd16221530cbdbc0c0383505f61a03d4e6bdbe4a9526c870971f1f7df

C:\Users\Admin\AppData\Local\Temp\KaQoYcYg.bat

MD5 e0199abca21235d737b10f2fa4661103
SHA1 41817f6e12758b4cc400918d6dc0e02772d3ecc1
SHA256 d2f6b00745cc8c88098c0cc4e716e73117b5da7b5c76a6ce94cd407e194750cc
SHA512 27e80dd54d67ae4a80f6846ca69eac454ca1e8a69f3374a6348381e1b0cc86bdea3ed7eb1d64dce7c89a814be6e1ea45f9a730cd2badc8cc5fa6263ce7528dda

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe

MD5 0e4b906652b19acf92b07f9d958a9038
SHA1 74f1e80c902de18ba568d1b0c76d91d0d29384db
SHA256 bca557666b195d2e85280c6dccecac421bebd3b7ec9f5633b2c2804d967f30af
SHA512 5ab838cfc16a609cc69b753cd54e8bcac68850433c47a448c2c7ce02946844953052ab1fd3fe893d4499cfe186bb4c050ec78b6efd4c2164f5d6bbf45d85e0e5

C:\Users\Admin\AppData\Local\Temp\UosQ.exe

MD5 58a5b225a56f8aec7f5cfb6d391566a2
SHA1 36cfae152ecb5ae8e8734ae3420fe0f8da6f12c3
SHA256 c2ccff18739bfda93571f15e92fa7d578d4b9cc6233bdf423f14851205b8b513
SHA512 de397d791b70224955427f1e831cea9f54228b91dafc2e4adcf2295e1afb961cef8787ca6b1996d11c6697cd0d03f8afdeb483f93d8a41f47e102da389050fad

C:\Users\Admin\AppData\Local\Temp\qksE.exe

MD5 8461b9cc2bbcc4b0f5cbfe43f80ce304
SHA1 e5cb7fc3bac50ed798f705e9df2699592ce36871
SHA256 24a97b02b046ed3fbe590cfe7ce2f4c3e71df2ccf417f8b2d4284442f75918a1
SHA512 f69b7df9b8b521c63e9701b976e116fae6e3e5a3830ba9009e15dd3aa09d877e53599916c8060630c6a0303377e17b62f70bafd22db29c5ba2c2d936dea0c452

C:\Users\Admin\AppData\Local\Temp\ewgm.exe

MD5 5ba2430c87ff3a788f434f0bd6157d08
SHA1 a798c22da17eafadf8a8091f2f293e72881437a9
SHA256 69197ba9c9a5e436ea68297541eb95955344437226c226177be26a60444be4cc
SHA512 02d749d13d2e4b3ede1baf2488e76b3ba36cb1ba75d121859d7386722d5ce70d579e8c13b9234a050eceffeae44d82db40d3013bb7d47eb1f8eb87b5ad85798d

C:\Users\Admin\AppData\Local\Temp\EiQocsAI.bat

MD5 9fa8e83400f13cd0559c1808168c6de6
SHA1 1596eea4b7ffac2367deb0101276e1fb280e63e7
SHA256 32872c6f71a17a92ba1cb9aec153f52573365da7decf5528ba054b458726fa2b
SHA512 0c57e337649c78553ec54cbfacbec127a6e8be30145940329bab47d5d1ca0f046c18086dbfd2b29082b94059a2ed2cb1a80d6b7c35de1e51f4a79dab72b8cd5a

C:\Users\Admin\AppData\Local\Temp\EEUM.exe

MD5 a1c02821bc4d53d1a33f6d5857400078
SHA1 4d75f4a1a19df83710ce1312a844683298439749
SHA256 b642eea7d477c30f1357dcc43ce5351a342e963d732417faddb0db4c6e773099
SHA512 458038384976f2bfc96ecbebb543dfa83a4fe94b226bb3912b04ea03793b435c6a3ec191648e15cb7726057a864d95b9678fe3facfa9c7f57623e2b46afd0de0

C:\Users\Admin\AppData\Local\Temp\UgwE.exe

MD5 d4293c2d9995abe953c098ba558417cd
SHA1 b9f8e4b7e35c6c44af89ae3809766295e5c586ad
SHA256 78f231b0ce1c733933b24acc30442663aa4a55e3bbcfc24fae843f8c3d1a26f7
SHA512 cb512498ef6a84aa8f68df0a412ed6e87bdb8563243bccb552b041ed29f9157a0a50787429d7570be4eabde90d7907db534b9e6054b6423c0b1f69e4a05a0418

C:\Users\Admin\AppData\Local\Temp\GYYE.exe

MD5 5dfc070ee98464a94451fcc17ca2f402
SHA1 dccbb74f6cb59d4eae51a57be7b55785c0bcc7af
SHA256 62eff6699ad969a05a32afb5775e79ebb03d0fcf1c1654e85ad11b6426a85a57
SHA512 7fe8cfa6d8643c6c9617b2c048c20deef1c85d77d2038f8c09d86f9e028ec5e36d1ae83e96a4ffbee518b07a247c1eb881c8db12cdb3972e88ce7ec8ec1293d1

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe

MD5 7d7a4eda1a8489637728629f63431a13
SHA1 5c70c6a8d5d121a172e0b68c18bc0d2ba0aad833
SHA256 c672098608542f3913bac1ce51404c2789c213bc83eb890deabb2e54f8d7a92b
SHA512 6332bce86e42cd608fe662719e6c41dff0471f2e81481d7e909fd921e173083d556f5eb4e80153ff6cc10250f3141253fa05e6cb770c785e4a0c101512229caa

C:\Users\Admin\AppData\Local\Temp\AcgIIUAw.bat

MD5 205260f82f79237a12a07fde1bd0daf7
SHA1 8cd3b00292718a36ce2ac3fecac62e8e8571df83
SHA256 fe161c2f49da6ec798017d5257952ff632b34a6056e8db4724a41fd21e616e80
SHA512 586431d53fb6af5d19322b5978ecc954581d650d15d1592e579e1b303314e333875cc7e067af2322727330e402a184e4ba9dd2674dd7fad8da86f2ba02d013da

C:\Users\Admin\AppData\Local\Temp\lCkEkEAc.bat

MD5 672c2db511877659f1e39bce1d72b2e8
SHA1 140fed2fb262adfc8fc42c2c811154eda4a8473d
SHA256 fcd78f448c78f48c979b15397b997d0eb2efd11900e8fd6d8a7556fb05d8a1de
SHA512 41b01093337c501b0c44d3d52568c5bece266533601c4b7ef43ae64649805233ffb64b6a869d29a65672d7b9789e74dc56c8c79fac9cb50faa436e1db1574827

C:\Users\Admin\AppData\Local\Temp\Sscs.exe

MD5 fc0860237f0b9b8796f6dd6668668cc0
SHA1 4a37d7bc799cfb7d07719e3aa5fa5c1044c9f28e
SHA256 68ba156f4aad5d5e6b419c4144958baecdb3c0d0ea1799d1011e361a4454a278
SHA512 7282a5a9e685d244fa71ac0b8c9193bce4d4d60827fe05344c18be8333c83daf797bcd46632b5203995d6e4ff0fdd5b8e9f122955f9db4da96e5c320a9c87966

C:\Users\Admin\AppData\Local\Temp\qEgQ.exe

MD5 1b934a2f6027bf92e506e8dea3df9a07
SHA1 d8f824f6546c0afeaec288fb3e7462ef58548ed7
SHA256 7dec176fb4281721c9286863ee0ee169d24b5248b76af9a49ead165069b6fa18
SHA512 b99012552463dcb0d33b31f653716a1df8529cf84b62d3368fe437b13a99d180c611858cadec85c8a95642d9ebf2abadc0ebe26453fe3291976b4a8f8663207c

C:\Users\Admin\AppData\Local\Temp\sQwq.exe

MD5 c1683a8b0aa436580700a1fff775effe
SHA1 723e3ea67f45108254273ddd8164629075584e7c
SHA256 46904f624881c517d86331541e1ad2e9bb6c4fa2bb4203a363046f4a30a971ee
SHA512 5a4b5ecf400907e3bd9e8bf333d76d30ca35bb0309419e277a0088e5dc2ebf44d020ea3cf067b5ca9799c7a41a8336f5d1f45df2962f557570b272ebd47767a6

C:\Users\Admin\AppData\Local\Temp\WUcA.exe

MD5 82008aa224000db8a8b454cfd2db282d
SHA1 a3315a41c620d287d95ef7f61f7df12873ab903a
SHA256 5ebac1c9bba02bcab202f21e86fd3449535c71add5725601c94eb494695e0faa
SHA512 b31ee549a74e5420cbfce9ed04a089b217eac137d4e588f432547df45b31c74e915d0c719ad98ab2819560202f31007a1f8c7e354b066ae67fc8fdfa9b4bf269

C:\Users\Admin\AppData\Local\Temp\AkoK.exe

MD5 f3495c55d3d946e56cb2601f5116f745
SHA1 3064bfea2a164008e4ebc4158b0eb4225409057b
SHA256 2367e2a5bbb036468d728102da1565f4a233a192156fbfdec2f565569f3dd818
SHA512 99cdd6b3741d2ab15513bf6eba9525ccad58ea013a46fd78948cb4d2fa6dd6db58ba0c5266da265c6b89db406374f56d8467fab3fbefbefcc07b6fa44c2b9b37

C:\Users\Admin\AppData\Local\Temp\gUke.exe

MD5 0abb21d54805d676de4226ab33453805
SHA1 9cbfa9d8bf8a447c5f87308bc14b0c501ccdd157
SHA256 5783cef3ed1d3bd895660571e61898be3f8f6e43e4368938416f0280f67d735d
SHA512 b386114c10d19290d9ca2a2135a56f736499d6137980bf26491f3991301c7a23b576c95f1e3ee6100014385bccf21bab408ada360e1cde75ca9361f585d09867

C:\Users\Admin\AppData\Local\Temp\aYAy.exe

MD5 d2d404be942efa7c2d31c9d102a72ab8
SHA1 1d907e30f7b25b5b27677fd873c161c02e4d3d0c
SHA256 4b4802b85691d2b18ffec9f5216d1b35c60fc46f02c1877fcf653e0f97e25f3d
SHA512 a853b491fc44b40100004c0b473a18150ba868c8c06809055e68e17f2e46968ad6aaa680a7dd6748ed1463e46e0d5dcce248ad57414640b85b7f8fba3a932107

C:\Users\Admin\AppData\Local\Temp\XAckAUgI.bat

MD5 1ae99501f0953da133c7e60ff1126136
SHA1 c424f5486d2703574521041a568d58fa100abfbd
SHA256 ef89a8df8889e2aeaff80fe473e570d175dab93312fc54d5e47ce85665d5002c
SHA512 0f9ba257d54d89d7fdf3b797d3106241b624602d0bb6668c9b89a14ee81e65b705fda9736e579324042e4de443c0e1e9b7c95121c1fbdc9912016b3e9f767486

C:\Users\Admin\AppData\Local\Temp\WcMK.exe

MD5 cd76332827f47a04d941c5cc2a064b63
SHA1 2d4d4a2be4733bf6a252eceb780f49359d1ae5f0
SHA256 7b0b55acc864632c7010ddfa54f6c689d8a8b0d18ebcb7500269e16f3046db8a
SHA512 5e4349ba13d8575a9e0e5e940045c32372cbf692fad5f80333f299220c5daf76118b9417b8cdfbf67fa812f8ea2c901313f4d14f125078e7e0f573b4959f4938

C:\Users\Admin\AppData\Local\Temp\kIMO.exe

MD5 e7a55d6235c055adc28f33a6e5401d6f
SHA1 d96464825691c9f046967459c9c0eabcc4a25b32
SHA256 ffd8f02f5df79a35f57b20c13307185f147f99d537acfa88de22090b87b5fb05
SHA512 b693d3d2370ca39094e59d111d1cb89dbd3050f134e75527f4d56085cb52b731fcf67fa6d1fc79d1f71c47791d442b39cc41b3bc6d9e9000c510b8e466b0f3b6

C:\Users\Admin\AppData\Local\Temp\awAA.exe

MD5 1ede137848cd084420084b9093fb7777
SHA1 3da5c216a9037186748ef9ce3f41a8ce2f7ac76d
SHA256 0507fc0775cccaa6f9fc4cae61ead870ff81b24bc0a58380904395630e09b71a
SHA512 0c9866b9b449141b0920600637ab3c4a1f22e8fdda20a35d602a71f3227fbc931fac99f77b1eb973c74a6a48c1e9e51b254a97ab7153da8431bde2233583834b

C:\Users\Admin\AppData\Local\Temp\rIUMgUcM.bat

MD5 f2c9b19b3472a3bcf0d2606690aebe45
SHA1 2ce776a915132a6dcb2d1750169e5a79b6e66d80
SHA256 f18506952447f57d2f32c51424fbe1b5af517559a63d01fe0dc8bec1c60637d5
SHA512 a4d67aa962601b69f50d7271cea131c696bdbdb4f99c4d7aa6c322bbc3b4a5dde88d16b6bd13058aa033b466c72c3fbf630933205a80ef656a7fa83defbb5c5a

C:\Users\Admin\AppData\Local\Temp\aCUQsAYo.bat

MD5 a6ba90c0ba03f534ff1be88cfd1f6f09
SHA1 80ac36f915d113ec8af9397ca53528d81f0c9f30
SHA256 93e06e5095468d1e2086c83f1a7d57f097fd646dc7aeca17a12b43d76a0abd3e
SHA512 609ec1c838b1627fd1cdfe47bf261db55903d73773f9c5b6af7370733c8c6aad9a949330528375909da3d6a388849020cdcc643edf43c3054b6b69186fdead07

C:\Users\Admin\AppData\Local\Temp\gqMcEIgU.bat

MD5 09707025e6475d75d2ea1ab6426cc399
SHA1 9f290b08565dcbb3539d633e5edbba4843cbbaac
SHA256 f211258c52aca1400b65fc0fcd201e0fe99b628128de0ff34ff20484a1429ceb
SHA512 b7d31f902881d895c7a2df3ace26d91fa7bda8351bc46fac52d8f63a4c8da7a964d23d288bb98055a21e925405d0fa4fa466508d527a42a33000bda18c05ab9a

C:\Users\Admin\AppData\Local\Temp\kGoIQgsE.bat

MD5 22e4353b61cfa53880cb9f1d166304bf
SHA1 be16d521606850a253bd5c52742336375220662d
SHA256 e80851016f98a1bdbfd8c1366aa3cee339030f415a5273f9f5e5c753666eae9a
SHA512 7def6e306e3951ba9bb637e768a7b9adfa63291202668b6fb56bafcd4ebd8891f4e92168f084bd6d1539158420ddcf1dcc5620f3125e9f079b1fd6475903d22c

C:\Users\Admin\AppData\Local\Temp\UEAkkQMc.bat

MD5 16dac7b15e04868896d288b6a0c76dc0
SHA1 097160bc945604396d91a21e5eed5f56081f19f0
SHA256 a53bf179aecbef3558ab80464f32d08cf5c17f7e076bab45dc0eddcd36034a5b
SHA512 b03c8a7805658515956dc62b2da8c762b47f3837862ff7a9b41c93eb376664984b2127d917034d80e952d4f14d564e5f32ae9b2421f926bd6e5f643a969c4692

C:\Users\Admin\AppData\Local\Temp\zecMQsUA.bat

MD5 2c0d1a02468feff14626ceb945a53de4
SHA1 1153ee6558bac7179aadae4c635c878cb053e096
SHA256 98af19c68d0b594cafd31d353c9f6f669a819aa1749628271ba1cbecf96f2397
SHA512 3f245eb47c82065be4d548ead650370ed99f795a87a62a43a45898c6a875019bd8b80ea588cc5ba0f38341abce12ff2fe0355fdb38027b2bcee1370360c021e0

C:\Users\Admin\AppData\Local\Temp\LEQwYcUg.bat

MD5 3373d092bc788cc7a5dcc8470c06721f
SHA1 1fba824672928157926bbe9a6e4ce08c9e7d7848
SHA256 1bd9c82963bf971e59b34dce6f796462db19759d0fcefcd077d35bfba34a73e0
SHA512 5c459937eea86210e445d7195a1b140faa48af8e8c34ca2f90f8136e5f5b4700f75c856965c2926e5282d6d798f02333dd009801d5c77bcdaaeaaeff02a4195c

C:\Users\Admin\AppData\Local\Temp\vAIsoIcs.bat

MD5 985a1aa24c7c19a8102a4c936ff86f25
SHA1 d57dac71abce8dd3013771a10a316c54e0918627
SHA256 b4017409910250d06662264489180fc445cd144b441b092c4838c71e4cfae077
SHA512 630f29e6abdfb6f10ff1eaa77dfd840163c7f3ff5b9936eacd0e3f2769580382a38ac73c69923e94c892d02fad550bebef8d47785447b7e0f7d4eeab090438ad

C:\Users\Admin\AppData\Local\Temp\fCQwwskQ.bat

MD5 5a6c72333b5e8dbc62fe427a37f4d6a1
SHA1 ae706e281655922731e25fc483502366d0fbe1d2
SHA256 f56ea910742aa38f5ef9356984e3c9e7b4738c72a5764ee7492b78521c6936c2
SHA512 a9995b4bfd85d64ffc2684b6cb2a390299cd33b596cb426ab18c52209c5df9481804192bfca4619332e096eacf62dccc9177f3cbe21f0950b8ce4e39126f74ce

C:\Users\Admin\AppData\Local\Temp\xIIwQkwk.bat

MD5 c1d3b84d2296d44527e3db3bc616d9a6
SHA1 4ea289931846f8a0371e9decae938ebfb8f5fc9a
SHA256 d4c484529ec911287b10df4a83fa93978210bc9a4c23b86bc68fbc5a59ab49f3
SHA512 be5735694fba9809144a443e9720b74ca6ed414d6272520a36182435dbb6bedc97fd3b6623bb8d01ebe19023f7c22f00c9c5ddc5330e1fcb5e35028a5510cdf7

C:\Users\Admin\AppData\Local\Temp\eQQoYggc.bat

MD5 ed349cacb1f530a57ff0a6c3e16f529c
SHA1 c5e65e626f6c8f0f13ccf22b39bda37f2b094097
SHA256 5b556fefa56612d490f9826cc75889c6c679190f2fafe5e219ed854476442821
SHA512 cd1cdd32e1f6d749e3b3b939998f13fa0c250607dcd950fb1c2b5075b451c36cc7739e94f8c7c7abae1e33c2c6b30d5326ba57bd48051b39e2f4ad3f45fc14df

C:\Users\Admin\AppData\Local\Temp\WEMMYMwM.bat

MD5 443ced16748f8f1fca64cba95659e6b1
SHA1 ec575908efee7e6c45b7cd76774ca4959158e38e
SHA256 ebab0ac1c83aadeb792645b241fa3a37ee5cc7cf3a8e9821577c7769fd01515f
SHA512 900ad87b574d3dcb08ba1287398f802975a359044df5c39bd41c3a5199bedcd993072267c8a944a2dbd0971df1d6a73821b6d219e1c48a711c02c2573517ab09

C:\Users\Admin\AppData\Local\Temp\qykgEswI.bat

MD5 65f261191e0f30edba3294e9c6dec841
SHA1 cde60a505cd1a9fd1409cd295813d5823e2923e5
SHA256 c7d437e4775431111446d70d4d4892940f0900878a550744d88119ca85832cb0
SHA512 121ed0be4d3fd87eb379fb9c37b4205c61dd20539424b6562a1bbfca6ee8e0abfab7dee186eb7f1d4deb659bb5c7083ba701b0ce13a585df32367d42c664aff3

C:\Users\Admin\AppData\Local\Temp\IEwkAokI.bat

MD5 10ef9ec02a6a9347435affe402531a9c
SHA1 f044d836b76884cd920ecc9fae7af0446649b99c
SHA256 8cc1742f949cb76b117534804a1610295ea2b17341e6e39f7cbc607ed4e028e2
SHA512 fb14a1dd296b0b2ea5287c17eec8fabf3b7b3c09b2c391c0accc561c0f1bb9610bbad672453959d8c82c66a9be8c857cd2a0400340739b323784c4db44ef4539

C:\Users\Admin\AppData\Local\Temp\NIgEEAUY.bat

MD5 406a659434c9f74f81c5b65a6c74dd69
SHA1 bfaf44c3bfeffec86dc5d12c05cd6fc0148b4341
SHA256 d0e10d3f006c17f52563757f80d9e5f34aacdbb04876e09f8d1b125d5d3e799a
SHA512 e2e84c676e61c53c0854d41ea5d4dbab6796032cb82437ac629e0acd7f4e348ee3ebfa7988404fb74f522056421987dbbb0fc2b1201fa3af54672ce88f39d940

C:\Users\Admin\AppData\Local\Temp\ZgYsQEIg.bat

MD5 265945989114b0c8604e52ca70724591
SHA1 6599eeaa75ae1dd7a49f4475909031602886b312
SHA256 ca6a197a001fd276365a63a7bda1a474d29ba730e82df0a7810c28efb9ac0611
SHA512 6eb7178decca35afd435d7321b3e14b9e5d5fb63305dddfa8a2146fe4c9d1f2de24082090c158be85b264a70f34899f844a27bad39b6f0bf993b6f2cdfebdd95

C:\Users\Admin\AppData\Local\Temp\VIQscUIE.bat

MD5 9ae33497512fa033d1a1eacffd0a6432
SHA1 b0193d0a686549cfcdf5c8c4c09b52bbb327cc3a
SHA256 af293fe49632bae194225c6216af9279e89a84c3f44e93002a9b41795b09384e
SHA512 5e0a0b9b9b8c7a5b07d895a2a0ea395789c89d3d9d9af22d47a6a70cad9e11725a7e777330d3be0d0cbdb48b787780a7be3f8f07eca3d18b4c464c18c7baf17c

C:\Users\Admin\AppData\Local\Temp\fWYcEcIc.bat

MD5 d9ace627fc00312df554d7ce177c8d7a
SHA1 07606be62bbe5a2a6f982ff2de0b3971da8f2613
SHA256 b6f0a56838991374b68f056d8e06aa91831e9190ea3099b1ed7276872d5827eb
SHA512 6a8e4944948cf3b14ca11a186d621dc0c51644522f9513baf74abc4d120ea191254fdc91ca98c8d849b22d607576ade461af425c6899e445690e8fa1aae51008

C:\Users\Admin\AppData\Local\Temp\AIscgkck.bat

MD5 d6ed1429b68d4f0657ea157d9d8d101b
SHA1 5c07871815fbec920824549cfeedcdff071e196c
SHA256 29a2758814267a42345cc5df91459d5ab825311d155ce5d46cc55568001bdc26
SHA512 8655b17bf084d1d128f44df821eb85ac0fa3026a27f1735ed3d04698d4cfb7c3bd89b0ed051d9fbd1820baa46aa4aef7deee619f809d59e7a31f0a908ac0f99a

C:\Users\Admin\AppData\Local\Temp\MwEMEQoc.bat

MD5 a509efe6be99bef86cf8cebbf8d3ce1c
SHA1 440bdde9d9c70d442c5f10504b146b402d513450
SHA256 18b2388e0abbd60487485f6d44732ad547c4373b2fbafa096e859ea4d0a417f2
SHA512 aa1061f97c68db8481f4168a6d9eb4778a7ba857e738e565f1144b97b84151da6918cd9af37a3356a08c4adf18e3534cfc219fe608555e51616d0c3ae313077b

C:\Users\Admin\AppData\Local\Temp\oiwIQcco.bat

MD5 e5962df4422471bdd890348bbcecb4cc
SHA1 133bf7105c7a290036e36c520458dd3c1674f03a
SHA256 29c768e680c6b328b9ea176217fa6c2402efefbbf76ee2faf40e3a1d561458d9
SHA512 09afe1fe3cd7a1f93ee98b1fcbe58671370af39141e89525dadbe2a29c060f25bc90e20f5e491256cc1219dcdec99333c963542eb44809748a4fd27ccd20d4ac

memory/2312-4679-0x0000000076C30000-0x0000000076D2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\iioUUMUA.bat

MD5 392fedb863b3ef7542c61c8c38a802f6
SHA1 563ebad0f0a0e29296732effd5dd03a09df3de56
SHA256 008c2fa480ffd86488a41e1076ad6ca5363b66c2270c2e05c9825bdc7d47bec5
SHA512 c3b1a89a7095667f2105b9b069a16703ea62699aec056abe3b2a3c84d4465c37f5a979626302255224d54473fd37c5b31a87e449588a45680329d4949256e38c

C:\Users\Admin\AppData\Local\Temp\SSMkMkog.bat

MD5 3619d17bd35da0a319c60a9e1b6171a6
SHA1 ee1d5fddb5ce945cde987d47e021f62ef1fb056f
SHA256 81aba06d5a5b36955a1567a37237d3f4580f66a3c24d3fbca1c8839c7d5d2071
SHA512 81f0bc395cde61794c2292e31c63985a80783e7da2d4978d7be57ca22221a854a7e315340f011bf96d55c1dacb668ae0c9d34c27d20ef968ff3a39a17100d942

C:\Users\Admin\AppData\Local\Temp\ViAIsAgc.bat

MD5 f20cad86307d566b88e783467cc48abc
SHA1 df487f2728d2fef6630280295f084a2448e57348
SHA256 d791e185ffbd2ec655d52bfc52240ef0cddd753c70e50e46ea2157958a56c9b9
SHA512 67e252d28434c68516353770d29eacca4369faed22f97cf0b8f5a07e578408ee4a1057aa352dd2d0bfbb94b68fbc07d93a767d1aee96342899cea380e371cd6e

C:\Users\Admin\AppData\Local\Temp\DckcoooQ.bat

MD5 2676005e4e19b2c9d8438f53bd9487f6
SHA1 565cb1643ffc2c1465046694fdf4be473271e989
SHA256 9845e9b598c398991f1aa71a031b2c2535165472e4db7b9482dd46b5cbb80d77
SHA512 4310ceca044674f5b3225940e6c6060665f67da03d99211fdd1e4c39835041b338de07fa2785789869f7c05cf0e2b04258867defd4625d651a426aa98aa652da

C:\Users\Admin\AppData\Local\Temp\fuoQcIsg.bat

MD5 4171dbdb63e84286ab6e3ad0d0148566
SHA1 8aeaf217d8df049433d8bce4112c73ed169b2715
SHA256 2daa46dd6963bea5d0354cd0493192e82e727c70fbdce7bfacd5ea6dfa16f123
SHA512 4cb397755058c94d6d9eece84e7f68f87142029a8919a0557c86a8eab8dd398ae57572a8e3ad17c52fa26741124989f90de6d731384f9928c2b746ac1843fbed

C:\Users\Admin\AppData\Local\Temp\REoAQMAU.bat

MD5 f797829f9501dfe04c3e02b43e6be3a8
SHA1 0bc42facc95b46c8ffdfc2e2e786e3c91891ba34
SHA256 2b7601d60157ca1192f84d2df0ad2a8b746a6b8c115a4b707ff80fb4386046ad
SHA512 1ea16b744a2a092f3259f4106fcb4f1cadcb7c9991ae2b261e2bcef9a10ac60601f9713fe3247313218cd62121df15c4091d45eaecc18992ec7c6d59f09b3513

C:\Users\Admin\AppData\Local\Temp\QSMYAMIc.bat

MD5 9aee283da450c174afc682f0eae35808
SHA1 3bec836f964bc5824c8b5c287c32a7acfdded008
SHA256 c74bd50e9e7e49a841e552a6b11d1fc858a71e959a2331b1119082108464715b
SHA512 46ec18ceb62fc9f250574e7ae3cc8f8af79b10ce475f471be8df005815175ff295ca3475c0004323c0c832117014bcf6028a20819c95a60ab720c1fc5f3c5d15

C:\Users\Admin\AppData\Local\Temp\QiQAgwwE.bat

MD5 2035307e6a03757ce9e748db4d549fec
SHA1 47afafa935e63f66f9c98fcfde63f6412e80dcb0
SHA256 8b9f1bb97778ddeaa368781303ce93cdc066c3f4dd8cdf62fdd8242d2d930ac8
SHA512 e27524a31d98468ef282fe91294f174c579bbfc3770c73a98ea0f0a12d40214f8cd6ce39111da6acfe13b7a127e97bbd745a21fc9de21da03d5f8ca290e153cf

C:\Users\Admin\AppData\Local\Temp\GiEMQIsg.bat

MD5 ca0b9e411ad46048306136f2f7dfb98b
SHA1 77740900f970e8fe07c0e914d7f1fd212e4aeeec
SHA256 84142e1efc60a659814c5fee379ffef10241ec7972c37fa89ad37db69e07f4d4
SHA512 de2edb72c0196cc8f28d420c0a241ef00037c3b20a9f441d8d978e56e5b1a3882686fc12dd5f701a0fafe95cb7f243475b6d7497460092c3a3140e2b2bdffde5

C:\Users\Admin\AppData\Local\Temp\uqcIAkEU.bat

MD5 4d8bd54a7092a9119c2d1a37da3dd677
SHA1 a910534785092a641e153f3d2300def45ab97996
SHA256 c41d0667bfdf66e610899ebf62ea2427a986b99bea4f683b785aa8a9a2bd3402
SHA512 ae6f554b5a5119c344750cabca405c963beceb917003e2b0ee50cfce8346e9933ec931bde79f7c349717a1401cfbd242776a44942e339724623bb7ce485a8c0e

C:\Users\Admin\AppData\Local\Temp\sWEcYcgc.bat

MD5 be79100c0c057381d462ead5e3c5b7dc
SHA1 d75e642880577b031f1d3d1a5a77b4656d0ed4b5
SHA256 2aeb43080b784fb42204e0a94ef9186c45be044ac8b5d2d0e6a6f9dcbf719eb6
SHA512 10d0cfb0b006f42c3f09711ad94bbe9f58fefd10eb8446745e46dc61a5af3472b2ab902e19ab5218537b80323cb9a24d97d3bc40c36e0eb89832d9b30c9eda2a

C:\Users\Admin\AppData\Local\Temp\LqQkwUQk.bat

MD5 ff562752d8cde9f86834629f717692b4
SHA1 e15a8a5434622896d47964580c9d1a86ccd18f71
SHA256 b105a38c9b9be8ceff9a05ba915d55c9d8056256813eb0572fc1d11d0c29ad21
SHA512 5ebc3c1ead1c940855cd8d94eacee2379e121481e10265b5a9435e64e7364366a2e5f2ae986149ce3fa062571ffb78c5f057bc0e1367c74b5b04dbf5c7809791

C:\Users\Admin\AppData\Local\Temp\RaQckMMk.bat

MD5 9dd811925bdae6914b606f3163a2fc3b
SHA1 e161bef5c95c0c51b963deac63e7fde11f08aab1
SHA256 018f186c7864f1c28c34eccd95814225fca4bbe78b939cb75610dd68d2bf074e
SHA512 4dafbc0a66426e065ef9f8c39a259d089159bc8796f61d1a15d28e3d199e6a9da81b145e421d9ad65c54de3d8eed46577a2ed0c39b1d2d3185bf936e52ea30cc

C:\Users\Admin\AppData\Local\Temp\XYkYogwg.bat

MD5 29fe27c379f88aa139e572e9e4f57687
SHA1 1fd7b7dd124e844fc3902f279622cfcb5e9d3caa
SHA256 7fd93feaa442f9cd3103d9e7bcfe7ff213a609fface8d86ac40aa369984d7919
SHA512 93d325d3571309d182e6f35200638f4f5441b98e1d492ac65177253344dce2fe3a78dcacf658215f45400e803b52620e511a21cd5e8d9b8cbcc15cb17417b31d

C:\Users\Admin\AppData\Local\Temp\zQsEwwoA.bat

MD5 37d09f7127e9f098304b57f23f9fcf1b
SHA1 c9845d2fca980139362c15cf113b9877338a0432
SHA256 c01ddd097fc67890d67cf122ea83af822fcaf50b65f5ae4c7918a94eb31f4845
SHA512 2bc29eac7aeb60edcaff0222a8c85588a6b74cc2ec7496c4f5cc3ac01858e485e6f4f1fe76c5285b983b55dde709ce5bdbcf71c4b59181c3780a5717976149b3

C:\Users\Admin\AppData\Local\Temp\gQQsEMQM.bat

MD5 40c095d9026deb76baa902ed5293ce0a
SHA1 2583db7117a0e27b05d5a3f2cb037b73a0a6730e
SHA256 1897f4949a9b5f89828177d25f2bfc723cb44118fa72c16214e8f1f113f2813c
SHA512 accd281aa0fea602f0915effd9d5eae73e9fe031d2fa4540c7f82399f9a17ef9277823909b3f7b41ac3699a5551c37b51f806173abbaf8fcebceec2849c2b545

C:\Users\Admin\AppData\Local\Temp\UQAssQUE.bat

MD5 d1fb93ebc20f6ff2e5d0f1a146ba556a
SHA1 7f8ffac0e3e54fc1b556aeac66a35ccf19eac563
SHA256 aebf5e4ffd5252828502c873e7742371c59784d7c0499c47cf175eda4d13db84
SHA512 b7daeaff5fda30011a3a2e5f7be2cee2ddd724ab0d2c18a9ba4a13d3bd5fe760bb2c1942ba10680df4fd646464e8e530c94c347119bf5d5efc868158e3a22416

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 17:48

Reported

2024-06-14 17:51

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

59s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (88) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\ProgramData\cEgQscYc\GqUsgYgQ.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GqUsgYgQ.exe = "C:\\ProgramData\\cEgQscYc\\GqUsgYgQ.exe" C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kkscoUsI.exe = "C:\\Users\\Admin\\ViQgIMQI\\kkscoUsI.exe" C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GqUsgYgQ.exe = "C:\\ProgramData\\cEgQscYc\\GqUsgYgQ.exe" C:\ProgramData\cEgQscYc\GqUsgYgQ.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kkscoUsI.exe = "C:\\Users\\Admin\\ViQgIMQI\\kkscoUsI.exe" C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A
N/A N/A C:\Users\Admin\ViQgIMQI\kkscoUsI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1852 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\ViQgIMQI\kkscoUsI.exe
PID 1852 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\ViQgIMQI\kkscoUsI.exe
PID 1852 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Users\Admin\ViQgIMQI\kkscoUsI.exe
PID 1852 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\cEgQscYc\GqUsgYgQ.exe
PID 1852 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\cEgQscYc\GqUsgYgQ.exe
PID 1852 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\ProgramData\cEgQscYc\GqUsgYgQ.exe
PID 1852 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1852 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1852 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1236 wrote to memory of 2640 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 1236 wrote to memory of 2640 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 1236 wrote to memory of 2640 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 1852 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1852 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1852 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1852 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3812 wrote to memory of 4660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3812 wrote to memory of 4660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3812 wrote to memory of 4660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2640 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4524 wrote to memory of 1580 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 4524 wrote to memory of 1580 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 4524 wrote to memory of 1580 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 2640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2640 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4472 wrote to memory of 628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4472 wrote to memory of 628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4472 wrote to memory of 628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1580 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1580 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1580 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1136 wrote to memory of 624 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 1136 wrote to memory of 624 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 1136 wrote to memory of 624 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
PID 1580 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1580 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"

C:\Users\Admin\ViQgIMQI\kkscoUsI.exe

"C:\Users\Admin\ViQgIMQI\kkscoUsI.exe"

C:\ProgramData\cEgQscYc\GqUsgYgQ.exe

"C:\ProgramData\cEgQscYc\GqUsgYgQ.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vukUEIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaYAoEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LmsMMcck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyAoYUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUksYogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aIQQYwow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CKQAYoUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DEsIsAYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xaoEkEgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XMUkQQMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyUQYUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UAEEMsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYkkgUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SessQgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kkwYYMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGQgwoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYgEYoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TaUUUYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKIAIAcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eewQUYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kYYgksIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AucssoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BQoEQMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vKYAcMsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqcQgMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmEMcoMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yAkUcQkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UGAcUcUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OagMsIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VwsMcYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOsscAEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYUoIccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CqkkYwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOcgMwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CQsQAEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqwwoswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TQwUQwIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSMooMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOcwUEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUMUsoIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kWEYYMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KEoQgEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkYkEAEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\viIAokoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGUYYMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMcEQgoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEcYokMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\myEAEUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgQkUMsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIcEswQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUQYswwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jqYkIIAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oCUIIUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UGoAswwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYwcgQoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkYMQMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEwwsIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JKgIUAII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zccMQAQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkMgYAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wkkkwMcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMEMoEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\loEkEwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSUIUowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RiIgQIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsAIkYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eWokcgIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYAIUcoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeIgAcwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vIMIkMgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWcEYEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAAUEMMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VMkAEsUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uQkYsgEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmsocggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQUYEsMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IMQYYEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIwocgYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkUUwUMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pssUEwgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWIAMAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MasowAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wgkIAsEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqkYwcoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOYAMYgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LYsIUUUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSksYoQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMkogYkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CEEAUQco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQMcUcEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUsUUQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgwokcQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKIEYYQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BOIUEIAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQcggYUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQckAAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGEckMYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckggEAEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uGskMYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FekcMkMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZwoowAwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\paEkkQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQAUwMsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkgYgwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QCkcMEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GiMIwAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwUYoUAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deQkgwAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DeYAIwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GqoswYAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqkYQkAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKgccQQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LKgEgMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWcEYwEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rsUMswUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\skEMIUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QicksckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYgsMwcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGwwwQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NckEUwcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PugMcUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAoMoUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSUogUgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\esQMUEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaYwckQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMQAAMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAwwkEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSkAIIkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YiYogoQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe""

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/1852-0-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\ViQgIMQI\kkscoUsI.exe

MD5 afee880579f7c0f146c330eb430e88f2
SHA1 9f54d65f03358f03cf997ce01495657839bf7e96
SHA256 ba6461f19fe1e4af106330ad541ba5de63059c85d2b5d5d2daa83a3b9005a74e
SHA512 f410e84d53178507cc2733b8493162ae5118c54cf7734503c4e1f918f362c26eab7fa17a5fcd1a82ad10e7dcff92bd4385985c6e0071f1327a4c1230e9bdc883

memory/4920-8-0x0000000000400000-0x000000000042F000-memory.dmp

C:\ProgramData\cEgQscYc\GqUsgYgQ.exe

MD5 403cee95305e2090dea35dfc772487d9
SHA1 ba4dae150f1c41d5095143465acff8668ec72868
SHA256 dc55ada595e2cabd8a509a46ec25f3e30e986b3eb6be3e11f57b9676b88a578c
SHA512 82517f9c857162aeef20ce79e566a642b80b645101a65b865ede515e7488759028f6487d9eee37f60867dc8577a38b54cee04bb7c0197c293331bfa2dee4ab54

memory/1992-14-0x0000000000400000-0x0000000000430000-memory.dmp

memory/2640-19-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1852-20-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vukUEIUY.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock

MD5 4b8a9dc8daa40ee3fe9ca2406b0a6201
SHA1 2209e19a1af6e0b4ef96632136e449635e3585fa
SHA256 07d3aeca5d09371344e66abd6cdf2151d2f05d84a568d31307bec54ef850600c
SHA512 63d8df0a7902bfc6d83697aa34d14f70ded087591a0c534ce68e2ada936a63609344b6e717b9e09c736c8e2edf371e83837873317d21ac1b20c1fe40f2617cc3

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

memory/1580-31-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2640-34-0x0000000000400000-0x0000000000435000-memory.dmp

memory/624-42-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1580-46-0x0000000000400000-0x0000000000435000-memory.dmp

memory/908-54-0x0000000000400000-0x0000000000435000-memory.dmp

memory/624-58-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4624-66-0x0000000000400000-0x0000000000435000-memory.dmp

memory/908-70-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2388-80-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4624-84-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2388-95-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2204-103-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4408-107-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2204-118-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4640-127-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3300-131-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4228-140-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4640-144-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2316-152-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4228-156-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4816-164-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2316-168-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4816-181-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4060-192-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3688-201-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2776-204-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3688-217-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2792-218-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2792-229-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2380-237-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4284-241-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2380-252-0x0000000000400000-0x0000000000435000-memory.dmp

C:\ProgramData\cEgQscYc\GqUsgYgQ.inf

MD5 ea3ee869c8cb326aeb25b506f27c6126
SHA1 8c6c80c606ccc7bb694348194e875122d3531f28
SHA256 8feb47793cd4b86fcc9bd9c4afb8ddb25bac24212ffdddd0b528c841b0de7b5e
SHA512 c47d6bc59d1ea752adb0a5eee4a82f2388259dbaeffec4f3c1c97894c9b3b5a77ca201dddb7c3d858822637c96e01d03b524da892a96bc10b8bbcfa708a3ae34

memory/4980-265-0x0000000000400000-0x0000000000435000-memory.dmp

memory/464-266-0x0000000000400000-0x0000000000435000-memory.dmp

memory/464-274-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3696-280-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3024-283-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3696-292-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2064-293-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2064-302-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4144-303-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4144-311-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4804-312-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4804-321-0x0000000000400000-0x0000000000435000-memory.dmp

memory/8-320-0x0000000000400000-0x0000000000435000-memory.dmp

memory/8-331-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4576-332-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4576-340-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3224-348-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4032-349-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4032-358-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2036-367-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4216-375-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1036-376-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1444-384-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4216-385-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1444-395-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1184-400-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4788-404-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1184-412-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4544-413-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4544-423-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3808-424-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3808-433-0x0000000000400000-0x0000000000435000-memory.dmp

memory/448-430-0x0000000000400000-0x0000000000435000-memory.dmp

memory/448-441-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1140-442-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1140-451-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4412-453-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4412-461-0x0000000000400000-0x0000000000435000-memory.dmp

memory/644-462-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3544-468-0x0000000000400000-0x0000000000435000-memory.dmp

memory/644-471-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3544-480-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4564-489-0x0000000000400000-0x0000000000435000-memory.dmp

memory/372-490-0x0000000000400000-0x0000000000435000-memory.dmp

memory/372-498-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1444-499-0x0000000000400000-0x0000000000435000-memory.dmp

memory/876-505-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1444-508-0x0000000000400000-0x0000000000435000-memory.dmp

memory/876-518-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2404-519-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2404-527-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2836-528-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2836-536-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2052-545-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1188-547-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1188-555-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2388-563-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4412-572-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3208-573-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mgoQ.exe

MD5 664d7b49783803165cdfaa73472b5491
SHA1 af345e4c32e0514a38f2fc30edc19da90ccf6cd5
SHA256 a88fb7f534d6c42b3b1ef07e46d4ff2802f66239913ac4ebb4a0732a6dca64d3
SHA512 99c05e52f57ff4855512bfd25b12420e0237e4dfc21e7b3bdbdff403f15b729a81e833978c2b6cb4d2c045ec8b75bed5b37f2ccbca9845106ab5be45a5c561cb

C:\Users\Admin\AppData\Local\Temp\YYks.exe

MD5 3ab4a60b2132161e5ff01c512986902f
SHA1 490575c94e8f992ddf312ca041fd6022fa565b0d
SHA256 b8473caba1625e348da262430f9d030604057d5e8f30c7e82dd5ab1763175a2d
SHA512 566e8363758c2a66c3be4f1492eb76c42693b71a5ae65bf6298714b152454870c74afc3f43adc75043a3aacddcea746920b6a8fd13bbeb417003d72ca07a059e

C:\Users\Admin\AppData\Local\Temp\Qkom.exe

MD5 17d474944853b4011595ab06c61e0d15
SHA1 edae80e92d8c8d610b61cdfc6b4ec4d438ffc7f4
SHA256 3755e839dd2d671ea166f68efe519b004723a084ca054e67dd82c0bd6fed63ce
SHA512 711c3cf5cb427930b711c841c1523b27ab8e4fe630150e9018ab8019e788bf0584772c1e5c09df2b3532cbbe912d446920bbc4d57116d7c837f8dbfbaed86019

C:\Users\Admin\AppData\Local\Temp\wkIk.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\KcYM.exe

MD5 9ec5da0cebcea47e573d1109605ad54d
SHA1 272c93816d26d4b6eafec056f307621ae96f58c7
SHA256 d43045c56f0c99944030585092cab2d3b43898e12933688a205bbc23661b39d1
SHA512 44da831c5d510ac4fceeac63133874686f4189cd5b001aa508071855ec63963b1bdec7a2b1e9ab4cb97e1d2220515919420d02667c279ac3c76b3906057905ad

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe

MD5 efc2268e394b65f447f231f0b6e628fb
SHA1 a2628a06930d98d53373e4ade5b77e3d222d8257
SHA256 dd162c4afa0f54eb65eaf622cbc37b5f96e5c9ba58448d3a7e7ad43e883bd20a
SHA512 1294932d4bf48ecee80f6084ceca0f0b388f3d995651654e5cc4f4bf7d28ae2e21da396cc720fe52fcdf55bdf64d3456d41d6da622368742ce5457638b9c39eb

C:\Users\Admin\AppData\Local\Temp\iYgG.exe

MD5 2e4c4891386f2ce0232f0954bf88bb21
SHA1 e308ead0ee74f074657dcc2ddc6cd4fcd77d7518
SHA256 6321d8522ec672fc1ca68deaaf843a784fde81480f52b0a5d0ded2a54b704aad
SHA512 268c29a388cc5fd800596714c8f0d5920a5155add4778ccb05f4dccab1c1e796b799f238c51e5dcf91b103de87a0440cacd7e9ac81f25666eebd70545e40ed79

C:\Users\Admin\AppData\Local\Temp\qcwq.exe

MD5 1fcc930522d5619cfb4f303686538e3a
SHA1 b869749d941e1685c5fd224ad8197b732780558a
SHA256 c2208fcb5875dadf63e2d611525da9edb3dc2f0c2611173025fd9bebda37cdc7
SHA512 cfdcbeeb80458c6f39e04b0a4f754e3a2f1871673fafb03ec37418ed1bf817e73ea66466e4356efb7716c1fca411588a953756631b2fbd556f6bf438220251d4

C:\Users\Admin\AppData\Local\Temp\mocU.exe

MD5 6141fa40ee1014a30ed6e3633c94dfbb
SHA1 a0bfee48798ba0f455374f9abdf8b73a3453316f
SHA256 cf4840acade683db5b9a70bab21451c125b5a467ce1950db2aa175e55d35a5cd
SHA512 2bd2e4f7c07161763d539d09268ec06f579d612e0da08a994fd3dd3f0a9d7779f380db7a2ac4b9a1453169f76ccc64e81e5930990d832a68c4a6903e3a7ac2e0

C:\Users\Admin\AppData\Local\Temp\gIAY.exe

MD5 59c8938a5c86d7b006813ef6eb11d080
SHA1 85991ecdc5fb95d5497bab1049051222febc5684
SHA256 e4aff0dafdbc06b57f03b87630b58bc7725e6819df88a429817305657cc1213c
SHA512 f07e44f8f4ac4f6bfcfb3073a8a2b4af5a29362136389a22372af5e2c6ff2465948924299f4b0c469a8302c8b881f2bcd7d21c770681b3acf39dce2b122af14c

C:\Users\Admin\AppData\Local\Temp\WIsS.exe

MD5 03d298f6bab3f3be0fbbda157befef22
SHA1 cc4b4445bcb5b0a20f2b3f7ec309cad600c74014
SHA256 5d134b8c9e3fbb9b3c77436a2025146d8493545067d8d361f58d5b30bc82037a
SHA512 39e741f972d2b94d7216daf7b1aa5066e6b7e998f085d4ccea196bcc4cab89f4f39cfefc52252c03b730b55f3f74d0d2d9ae269bf879390842077848aacee8a9

C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe

MD5 ce75595d69ad04eaef66d7b9ebf163e9
SHA1 2733ea2ffaf595b7f6de5c6d17965137d7113b50
SHA256 40c67ef5f8d0aa1f4a05ce4fa02a86da46a88b34f3c067992599f5c6a77d2083
SHA512 778d442cf03c6c9b54d836adb0345a972aea55df2f745bf9dd6f457f7165ca15f5fe5ace5ce67d3e8a3db46a23be17b8d9c32e0d5e47d4f4507d01a8563c7482

C:\Users\Admin\AppData\Local\Temp\eYEO.exe

MD5 d521f06e9fcb5d978432723938081ef1
SHA1 9de6cd6170c144bb29fe06dd3d6179cea365b736
SHA256 0e0e9c7539cb8cd1383a2ee0e26d0f30059308afd7ac78cbb164708a7d5ce587
SHA512 3a0177234e2fe5f5e53dc72820d9b3bc412ed4d8a9a7bfadb7add1d671bbc46a2d66e4ff7bc6614666765c2ca8d067efbf999b180ae952040a54e46bbaf805eb

C:\Users\Admin\AppData\Local\Temp\MgsU.exe

MD5 dfcf741c7e3d3a436c5ee0054cde9256
SHA1 c2ca35984485fa19d456c000eda29c2772dd9c8d
SHA256 7dc57ab625be7b748f21e5091ad839b8986fcca8b80b957626fd9353d7da5df1
SHA512 01e95591852eaeca563e0320dc609c972b67d4f4a52e4e4d44fc54bc2d1e1f8d8e10748d9d6a94628507e75532eea697f701c560d537b93b103167a5085fbc84

C:\Users\Admin\AppData\Local\Temp\UAEW.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\IQYQ.exe

MD5 9f4e9226e93c2cc036636b1c28327f9f
SHA1 fbc20f153d3af83b08dc819c99423bcdad70301d
SHA256 0049504b72fa1de22846822f351365038ccdcf387e175bdcc8b0fbdd44219ef1
SHA512 8b237104f5a669888cac31923bdfaf3212cbbab392ecd14dd726b1d859281599b953eaf70ab4d5cb8de8a336243ef5fc545a69678790a13d6a2b3a5d7312fd84

C:\Users\Admin\AppData\Local\Temp\agkC.exe

MD5 dedbf1fbc9c8edae98874b88ef70daee
SHA1 e8f6d89d510e432043e2907164333447ba741c86
SHA256 c455a8f7c3d43803287422479cbb2f9da1d84f41f3485650137c127ce5079771
SHA512 ecd75113e13d1ffbf0d1f23a92c5785dc14b8a731619316c4134300c2e47603ce23f0cc338118d5dffeda35428e1861575aafe81e7f03ce327cef16a3ffd941c

C:\Users\Admin\AppData\Local\Temp\MQAk.exe

MD5 1c375ce1ca0859d895d354abf7e76df8
SHA1 60973befb3af5a6a32bc86bf0b8097ab8656c07d
SHA256 87c5719d957b3d3a7dcefa202a8654f1d9818f95e21916a9651ebbe9c51167d7
SHA512 c36ba0e1c99dce61ce14fc6a931e576f3886d39017ae9bd2af59628bea12fa336ae29bf8535ba33406ea3582ee7a04ea297831cef7e1c1189755983c707e2a99

C:\Users\Admin\AppData\Local\Temp\KgwC.exe

MD5 4a86ab39a8a3647baac23cdd9723c3db
SHA1 29699014e3a5378e1f2af31c0bf05af2f08009c9
SHA256 31a97cc57b879198e9b7a9f2799c69a36811e17857c215e88a032100e7528bc6
SHA512 43b91ff248962dbc51965f4b55a01b025afdc1eebab1cd83dab4b5fefff7356b28f6b43d1792ac4c8b5ab6bfb3c3a24d5a737677444b71221fe3ed11e4cfea88

C:\Users\Admin\AppData\Local\Temp\CIco.exe

MD5 73d5560403a189907f767d27b2f016a1
SHA1 938c2bf2324088c21103deab441b1c5f4e2c228b
SHA256 2398014fc369eaff0fd4a17035b93fc1b2999214af98aa0abe7d4ccd9a7689dd
SHA512 2088cc96e89ae7fb7375e2c9a4618d791d079c773e1ab8dac868a74d583b3472dd3aa27cb8e433a1c978f1d48e6efc9d5a1eeb16dc921f6b1fbf43af9a32494e

C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe

MD5 e4775c86289f3b925b16ab054a022628
SHA1 66e2bb0bfd855646c3a87a6d80f30821f06acaba
SHA256 8e1403f0adb585caef2a8f30ce1eff91255da105569d5d87565f6b90bea9466c
SHA512 73d945e53dcb015f8ea534984fe2f2a11d2532abb0986ec7c5bfbea5f0ea5d2da0757fcfc667a3526b60c7910bf6bb7c7e0b0c60f935c07c582102729d5fff06

C:\Users\Admin\AppData\Local\Temp\UAsU.exe

MD5 a6a978a45f564822cf99b29f2624b9b6
SHA1 3b658b0e530fbc2ec93708ae23762ff7fc46bef4
SHA256 65c70e924fb311675e631a12fa70e8c2e2f26f34f40a5cf7573363e1049e2d4c
SHA512 61a1767c2568e1779a106598c7b65ba2235e7d42d7aba83bee9f3687025ccbf04df2bf8b78c1505aaaed8f083921e3d4bb699ad92cca06fc921f314b02a84fff

C:\Users\Admin\AppData\Local\Temp\eIMc.exe

MD5 3ec8aaaa09a32b162d56813a8349077b
SHA1 b831e3888da393b4c12b9048a1b83ecbc13e337b
SHA256 f213ed849ee2ff5d90c1f3288732a65b178b88a0ec29958ee234ff0ecf8dc452
SHA512 1f0d75286eb4fec5b1f8d8c877a13a53a643cf7c4bff083843b1db0477d2e3b3f098dcdc63442d536e835351341e4de0a011e30bec9eaeac5ad55c83363e1489

C:\Users\Admin\AppData\Local\Temp\eUEU.exe

MD5 eb5cd29894f2f11937fab703861cb896
SHA1 eb21f6af1c9f055979782d500dcc77f084490219
SHA256 e56ae8e1ff8c96ec5bdefd329015fcd0deba0f7878e7ef65f99a307b182a8314
SHA512 8eb894cd8b450362fde1fb04b50b58531ef729c5672d31add53fd726c81d72819d13f4cf5c928554b1072e6b73c6a773eaeef7ccc0b49a7e04f8438e0a96eba0

C:\Users\Admin\AppData\Local\Temp\Qkko.exe

MD5 e1b509458d27b079926a3dffed189f39
SHA1 159acc588a64ec2ceacc438bcf8dad6a1cb7895e
SHA256 5958d7feea836387cc767f0213f9b65b72c4b79d597431d383183b2066667de3
SHA512 820fc0d28a0b0f939b9628c6244f4d6ad0f0d43637b88a126c0a3f1fc3473f4568d53e6fa2ee28eb7c10f2abb5c0d88d02be0cd519f38a1bf5001dde079dcdd1

C:\Users\Admin\AppData\Local\Temp\Kwku.exe

MD5 c861f3d5df4655c96390cd11342b1d32
SHA1 31db21218f13e312cce3cbfe6f54b248ea280f52
SHA256 08d08f3bf65228b7fcfe29105a4286871e43a72924e17f0fd470ccbb67aa2d66
SHA512 e8b00210e33da09162d244bfae025daced0f4babace0a1d93ce974ec946572f1987b145bb18e4a67a27538a89d0fbddf30e7579c2fd758de9184ca6a9fdb8d76

C:\Users\Admin\AppData\Local\Temp\EMUg.exe

MD5 bff16708be062630fa2789c4455402b8
SHA1 2a97a0379e0e3a9430eb420e9d080b0006496925
SHA256 bc76896078a5736a72c68b95049ef84341df6cc95e42260728f79650acf58a99
SHA512 98d5f7746dc50566390df9134bc7139d0506548a94086b5cb1557b9533ac2e59f8d15b7ae2a6fe14a209849bf6eb0e6b73cdcc7fc6203abbb4d23409b4f3be25

C:\Users\Admin\AppData\Local\Temp\wsQa.exe

MD5 2f15e7af748114c5ee0b81262dae339f
SHA1 63bdcac6d6d239ad8dcd36d9430e95a0a63389b5
SHA256 abd2d5518cd765e6effc918d6934ee6908273aa6cf9dbc4c1db492627874512b
SHA512 0b2160e7253109b686a9fedc632840ab9a41aeecb4ff1bd053ec78441a281489d77a2b92935af62b88116a164edf4a87ed0573f1d5fecf4647ead966edd97255

C:\Users\Admin\AppData\Local\Temp\GoUU.exe

MD5 6c250513ad32641342e3448851dcca5a
SHA1 0137d8df9bd879f5ccbac0a94489c4c12fbe883c
SHA256 5d07c5c82f36cf4a4c078bcfdcd3e442146b7a8d633c237454589369b9143d14
SHA512 83d63d59162296fcdf822cade7df923896c576bac19c03830b70048a2f8767c2ac0139531f623a11059f2072e469177e056661df8bc917908f50a6fc85f4b205

C:\Users\Admin\AppData\Local\Temp\csca.exe

MD5 c7abafc93209343faea9dccda033984c
SHA1 de64833eaaad47d92af480dfd92e60c1afc6ba0b
SHA256 fa53fdd2222d3c010ff2c36c972d9c308497c1aa400c81e726de65e444bffe01
SHA512 060526d8c30a5168c93b0063f843ccd88712bfe2076c119276b1b8d385e4c8259b378e362a7cfcca5ca40bce397c77b71a0d72b787b11cf6a7b67c6d00859e82

C:\Users\Admin\AppData\Local\Temp\oYsg.exe

MD5 7d567875849a23b6847ae8dea1184e30
SHA1 19b849d994db5205e4724d74b064d4a322fea21b
SHA256 72e0a70bacc5194c9988290f5e132e92243450520c8f825a81f2be6205375e52
SHA512 cc98402a24f40d562f2911da1676a71f418e8c11ca34e1f62eaecba9a5cdbd161077afd4e0e278fcd97563b96cd49de91ab415d67a512e0f02532ed9c0905d9b

C:\Users\Admin\AppData\Local\Temp\qUcO.exe

MD5 96ed85c6d72d29c3b299b64b42efc818
SHA1 8ba664a8c6e9f06019a17ea3dbad29469b207498
SHA256 4f2bbf0052c4d934a2100a922894c79730988f455e704e0a60cac2242d43c4ca
SHA512 9335b3e3e875be139cf91779a3054e66b7c2c5ccc6a06e8a43cd162ed4513bf6fd67e9cc7133407127034578e681859b1cc05bca8e5282090a8200e4d98fa5eb

C:\Users\Admin\AppData\Local\Temp\EEcM.exe

MD5 8328ee4bbbfb817c974bf13474fc5454
SHA1 30ad5e32f23cceda4e64baadb773d592b59cdc3d
SHA256 d42cb8b02428677251b18a6039944b2929698096feeb9f1815339082e822c1c5
SHA512 bf465e6330476648d2a0486c9e415311f1d332e621d1f47c61f9b5add99b66349d24aa367dd8ae1da666d7ae84a06e82195d1a901236b651a550667f373dbbaf

C:\Users\Admin\AppData\Local\Temp\MMkq.exe

MD5 500fb55cf331d5773b577ae8f566d8c9
SHA1 cdb6514c89ad434d02221b7f0ba26956b958da61
SHA256 f55fbf8a11195df5ce917745da3a3a9e58dc1fbae0ef5580fd4d21c87aac183c
SHA512 f2f9fac60fa7e99d7d527206761248c041977d7b52ab97b296235338c508b6433a8b38cf9953bb1313cbba532f4ad5652e3b82952895774c1074a5b2ac7f06ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe

MD5 73733da813970e5347fbd497b34dc88c
SHA1 47618bef5239d75791530280498b9a600dd8a045
SHA256 4b277a9e3ebdfbe9ad28dd05a8757369e0fb7f236003160f1b0bf73ecdeee829
SHA512 5e775a30611fc6a637990034596845155678511b9ec0b63f866e4293c04d4d7d940b2762da6c8d29dea9d6b4b6ad9d5f79456771ac975ce4765c5da555a9151c

C:\Users\Admin\AppData\Local\Temp\UUYa.exe

MD5 a843ce048ae35e685b1e092e426e690c
SHA1 e78bb62e229a467c2e786c14f6e39f4121a1d502
SHA256 20e8626508b27eac8124670030c04d1df1397f59eed13ffb33cecc57d920bf46
SHA512 27163da9b723e399294200ab5d0a50fad90708d6c2a3178a328e39fab59ffed0e59711c5340bb73d680ed25be714227dd99801d25f832ddda13ca39a67c20f19

C:\Users\Admin\AppData\Local\Temp\KcMs.exe

MD5 c07fe1271f8f6e3bb46f23cc8237aee2
SHA1 6305e49163cf68fc0f0894e3ee33213a5561939a
SHA256 4e01b92416160d8eb6983261d7be52e0a3480fb663197eaca6763a9cef771346
SHA512 c02c0ecdc7eb8a2b6504588c5da4bbd4f7464c5261a1d8e2e9e54bddecd334d35cd6b7e64e179db32f712dd68597aac29900b89e855f1bced0c7573c1d76b7a6

C:\Users\Admin\AppData\Local\Temp\Ygsu.exe

MD5 96e979c5eafc01c9e1be982f1698586b
SHA1 bb1ceece01cec4f2fc470adf9effac208910e909
SHA256 7d6e4640158357e55c918fdf3bff569bf8881da0dbedeb4f426a15294cc533e8
SHA512 d31d0f2f94999a4235b49e96aa3a7412956608a4247c9627921a85ee5b44e732d1f9935caeb2c954996fd75bd25b7c36b193d0cae4ab8aedff985182a7dbd4e1

C:\Users\Admin\AppData\Local\Temp\MoIQ.exe

MD5 a6b36e38b4233dab169af195cb9dfe66
SHA1 4bf58972b09cf0ae23fd9ee0a89f4fe39e037528
SHA256 d310aa4e6f72c5a7943a2a708b7531a967f95219c1ae3a00370599f4d5448e94
SHA512 3f87707f79254d46cdbb9b49d767680c0ce4354ee23c0de0e3a5a189758c3eee490a9772d5b3dd016da4a20b18b9d479cfaff7fd9937cfdb891ae2e85c8365b2

C:\Users\Admin\AppData\Local\Temp\kQYS.exe

MD5 c91ab8662e2513b064774577421cdfb2
SHA1 c7d84c057dfcd21f86d6c7d16170dd80b667f5e0
SHA256 5fdd02223425a8c2ea413daa52777e3b59ee4f8a86e0b31c7babcc42ea83a4d9
SHA512 96f10a75c564d6bc738af155ee96b844298167dc3b99c6f1abda662d77061331ffa07414ac77cae52ff9bb81cfe315f23b5ea3422e4de43d630b1d68dadb5240

C:\Users\Admin\AppData\Local\Temp\YosW.exe

MD5 d44071f52a389fb77edbd0c4dd644843
SHA1 dd54aa365170e4770877bb2edfdc22bab21df2c7
SHA256 990e3798605dd7d14a12c49c9d1be13f7f573fec676cfdbd6954c14904904b7f
SHA512 0a5fbb177d877cc4d6fc0c1b671a0f264228b7e1bc32b99f7408a4fe9bd41382683a8ae68b5f179daaa070c2192fe5c0030dc418f88458583694cfc4785162c0

C:\Users\Admin\AppData\Local\Temp\iwgu.exe

MD5 0caeac65abeafca874b79c9117861c60
SHA1 6a1c121c7ee25a7e8f4acf94770cf9a4fc84bbf9
SHA256 ee0be55ecd31b470536d30067aea18f91ce1009f76cb613bb4a914834ad2b976
SHA512 f78e9303a7d121e0e8af5b3c0ef1ece91300b06e5185f17fb41b72ff4c266d4e8871c66ad9a4c6243d36dc661e9910b6875a30e18a1b21e97176e20ec467c3fa

C:\Users\Admin\AppData\Local\Temp\McMy.exe

MD5 0c0a7838ab4a083a25dadb78b37e9af2
SHA1 c2c369645b269b5b8f5bccb50f9353e4ba00f176
SHA256 ede1a0fc8c1ef70796a3d6627b6743d9c601fa7c721757323e1f4eb9b671b7fa
SHA512 2363389f34e17d41e112d806bdf4ba46962f0d0ebe1c0e0cb4982dfc561246c73442cd84cf864466cf665914c0b0e7cd24138ddf5237bc67914d3c914858d071

C:\Users\Admin\AppData\Local\Temp\Acce.exe

MD5 9a49136831fb7d6374d509f7603ae904
SHA1 56484cc5eabaacb2ce8622da683b79bd9f222ee8
SHA256 61f4b01823f601171c112bd45617078b5379183e0a0b782fbeb82ff3d15fa37a
SHA512 c56f2c1a9173e9a0e6df3dc98b80e0604acf721f6025e2ddeb411df31bf9d4fd6347ba3e105ea0b25f60f0d8e3ba29986e27c1335e9b085fdf135f3fd304fe5c

C:\Users\Admin\AppData\Local\Temp\sAUS.exe

MD5 08c09264f8485cc19a3653465c5d99ea
SHA1 c28bd84104306be292ae3dc88650f2e02f2e71c4
SHA256 797a7805e24e8ada4a2523d5229362cef37b686848040cf17778e1492b036e84
SHA512 3f2609d222e20659a67b389e8bbdb1e3aa17c82d83c8b8308c166c9a9124c93dc2e4fc3390dde9d2a29364e09723aa393c2cde2d069016c0e8f435aeee0fdb3e

C:\Users\Admin\AppData\Local\Temp\uUYU.exe

MD5 d8d5693bff9941f9be192796bf7d9f2e
SHA1 9d04b49af1bb9c510716ae5ba19c910133643b7a
SHA256 e0f092e5a71c00af7818cfde413546a74259eb9e29ecddf034f225edc31ebfb4
SHA512 26a26d6ceb4d43673d54bac3eee23f16f05394cb7587e857e6d1b33b3dbe361b84e044e8cf77d6331bc9aed6931d4a357357266cfc3ba2f9573ffc6e65588f16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe

MD5 8ce976ead72a90b10ba49b73b2863e57
SHA1 6fe76bdeb218b8491d5077e47dd4be84dc93c91a
SHA256 2985e4f4cbe2a2d6c79b21c966a381ebee5a41d576337173acebcb0cf04a9152
SHA512 b8d685944296262961da21bdd0ba7908bd99106903e319f4fbc7e2c07bb69f0939c7970acc75eca948b773b2e49510aa2ccc3d0bf441a66fe5f96761525ae1d1

C:\Users\Admin\AppData\Local\Temp\kQES.exe

MD5 07ddb872aef761d3f23628f59ba25cda
SHA1 abb09dea597b4dc18c75f66cd4730d5fc1de7405
SHA256 119869f9a1f5ffc459861a3c16c9b4ea1c9e3e11cb0ba35e074c1f332cba1fb4
SHA512 ea1eb27e01295517855a5f9b339983282b4b912f1d76aa59a2ae37e781a3fa466e7c204b46276f67357a53c9eec94951abd9ba31a178c2c56eb2eaf4c025a92c

C:\Users\Admin\AppData\Local\Temp\KcQi.exe

MD5 c678c73d6f7dd63221658467166110d6
SHA1 2b2982d15a383cfbfcaa289a62120f315d29dd69
SHA256 51b894fd5a3dbd0a69572fcce15be9f92886fbd332379ee56e9559bf2e7c6cba
SHA512 b2ef84d03015f1e8bf7ec4ae1af5609ba1160e772ba3a7e4691d7cb230aaec4859ae4e96c68b99780c1db678d12342bef28caafce2de21209fe669dc7c9c7b76

C:\Users\Admin\AppData\Local\Temp\aAgW.exe

MD5 b5f7108c906d4efb8390fb9d9d540523
SHA1 4a3ea44574df5deef84d17df2e959e65f57af322
SHA256 98518257f96f338d4510a4508382ae25f6cb6de629b20067cb025b18d7dda479
SHA512 c2bc52cdb624a99567713b21cf52360dfbd400dfceea76663a9b77acfb88056363acf5d06761a63efa80c3623d2194fc8b8baf62d867d8730da444b5ae1dc8bd

C:\Users\Admin\AppData\Local\Temp\mYkM.exe

MD5 0e7710c5ede30f140f9dbd56b44b3187
SHA1 c659aba941de9be896f98c96fb14a1137c10cd68
SHA256 0659c40f6b5ce180ad80c04b7b9c48c0621544266f72c46267005cb0a8e87871
SHA512 d32b00a01c2276ad17522e5ccf01f243a125b8f8dd97c0d8f42913aaef77f33ddeb290ed658104835b1cf7a6f4be0a6df2c0da2488c23576e2af099c74c0ea21

C:\Users\Admin\AppData\Local\Temp\QcEe.exe

MD5 8a4ca924633f30148b1a9905b0814204
SHA1 84eb837d6fc9c5e9011f5ffdc82e4295c13dbffe
SHA256 0c83aa667deecc54f72b6a1f331b9016ea2f6dbe75e0dd554facd3700f1760fd
SHA512 82f0511c813e5189645c7c9a0dd4d324ce9770c53b34eea6f61832855724b808341fe6eed1bf8c2a11f695167dede81e9b342339f1caf7cae54c05999bf434b3

C:\Users\Admin\AppData\Local\Temp\oQok.exe

MD5 a0096b1feb81eaee636fc9dc58335c73
SHA1 39986310bde8178bf64d0438d9c64642f46c3cc5
SHA256 0ff83b636d6ceb663d4912207cb3be5dae73bdb23aa43b30c6a120470f99e5e3
SHA512 61ce9a19a025d517803764252392d26ca3df0c310ce4aa9208318c9bd3f7bf992dde43e2ad844c79f3316fe516cbd338c3858cc703be215e7e7cf2714968134a

C:\Users\Admin\AppData\Local\Temp\qkcW.exe

MD5 6d5a12f018aa7b822958c1f79ba7a1ee
SHA1 fb1fede0d3bfcf69e3b6c59de6acdf4717e3b724
SHA256 006ed04410a682be65bb379b1c4d89383b9c361f83ef824bd8b7ae60535c8c5c
SHA512 11c3298ac50ec08b7cf7082e9747d939d17e673f60784cb7d8a7bb38176a6290d7e15a5b7dc1f441b2d1359f31c06c7a0371b255a5350cd714220d8ceaf1ba65

C:\Users\Admin\AppData\Local\Temp\eIwM.exe

MD5 7a449637f84db158657a1d8a57c86aae
SHA1 794d6cb967c8c15b236823d46b5f8b1d64a0a769
SHA256 39d9c2b084dc00a5ad6b8a43121e03b231754d9f5a5c19c8318eeba365f61056
SHA512 2e5cf482379c09464b18636469ae4180e1050baccb50bdbbe277334bd014355a67c8c7d0c4d9d6a4d498ae8da4e1b58fe01e7d829685819350fdfd61ecb69647

C:\Users\Admin\AppData\Local\Temp\scgC.exe

MD5 4db118fe33620a293010c89e1152e449
SHA1 b865efa5656079da1c77b6b10c10172b865c1875
SHA256 1c4e9ef2997712e9a007ac04932b0712226d7065b56f6997c3e83c55cb2dfeef
SHA512 b5d27c2af0f9aaabae9bb849b2d58beff29b6bce46116dd66bfd8f78ebd19d8343a9801151cf1a32f29102d600d9d8168c62c977a2e160691a88bbfc1c6127d2

C:\Users\Admin\AppData\Local\Temp\KYkQ.exe

MD5 554f92d4c2cd3a7388596d92e377e053
SHA1 ec69cdd364a4ad991852b9dfe78a6aad587d3fbf
SHA256 3206584446c481e6137f058a50787931b02e13e794adee4751b96a353f89cff8
SHA512 e24f0a2b5a4b7c2060c6f805ce9d5be549ed13fdea8bdd7aad894cb4a7e2ef590f0a11e92217b388de5bf6778776ccf26c5723e3a3a201f653170db8b5f6f56b

C:\Users\Admin\AppData\Local\Temp\YQom.exe

MD5 9d7581398420e5d031d48d88d6fbdc40
SHA1 a25d80edc589f66c4df46a029d893cb42a9a0c21
SHA256 7f303b4584eb704a5918f34c4f32c97102d4760cd311b5998c60bacec49f5084
SHA512 2dfac7abbac1da07322dcb85d69612e9e4ef67373aa419c301cf6fc156680f1867006250bbea77b8dc8de17c57b5164e278be17f64734367afa18f57a602d2ba

C:\Users\Admin\AppData\Local\Temp\kIky.exe

MD5 1a310c74ea0ef6a20265fcc37bb284d1
SHA1 64cdf613640d8e29f6093e1433003a23b9bcb360
SHA256 951c14ff5d8a6d7359ec3ae2804a76f3617cfb051b3c9eb0bdbed05696bbb31c
SHA512 6cdcfc86d591cd805b5c42906ae74f92f1b0cfe629ac37d0b0d67884ef737d4933095173c3730c041271415e110f55745baadbee22395c343ac60eec6b824d24

C:\Users\Admin\AppData\Local\Temp\cwYm.exe

MD5 4c430ef88e4edb5287961d4b2de1e4d5
SHA1 c52d258b2a85935254130f412231390e2eb7ff29
SHA256 07b71fcb06e521a5c940f80ac60048ef722240933c5d6e0e151d0e6e86f7de6e
SHA512 6fc7a96596a8e8e836cba55295b4c987c1f7de09f32ff671be1fdbccaa68747c627c9e563df14aa622797d47f4024283f94aaff365c20387ce8660d9007f91f1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exe

MD5 019fc20c2b8d8d4c0b700d72eec768e4
SHA1 b670a662c2b48664e1db77a7805b17ec1d239ad0
SHA256 8b9dcdd5ae7c72a1144e136c4be2b895c5bbb458f79d0766911e748d2f33707f
SHA512 0723b4e32e57f407d611cb182b55b1d419650748d7740e880641a96172e18aadf67344a555275c2859e3287cbe75d2f336f84e4cc3cc10799f43c3e60cc5e1e3

C:\Users\Admin\AppData\Local\Temp\oAsy.exe

MD5 f11abd9904cce3fb53602c25ef17cc87
SHA1 dbe0c1c2f61262e3abf3f424af64588a4ac36607
SHA256 cac6fade0041b27b870e7b9cf04ae42b8de737ceeffaeb6d49319f0a7de9e33a
SHA512 abe26792815214dc3f340d8d78598b65e045c25e813831846f1e033efc102f57dca85fa6a936336cff08b27bfa37c1295771526cb92f8e9efb2e81fecc5af25c

C:\Users\Admin\AppData\Local\Temp\Aocg.exe

MD5 35c4041659acb1dfad124bffdc8d147d
SHA1 acec42dd4314071a173f4add9231ea0a0daec6f2
SHA256 5508ad8c6c1a7785fbd1de348246564beb8d64444aa1d01e63c9adada01c80dd
SHA512 a5d51efb5767efe820a1765ca7f4bd94dfed74e8a90b58cdde5380fe16f64b81f3266ca2a99a27710055c602a73fe214cfedd751120e5ccbc579a9c241c3c947

C:\Users\Admin\AppData\Local\Temp\YwEu.exe

MD5 d13d5cdeddd0499596677d268babe9ee
SHA1 3c9006dbce120fceb8c3c7c5553104e954e63ada
SHA256 be565e863f6f57afbee4a086926dad20b441cc4330951eafb04d25d12012a379
SHA512 85c88746982d2f12dec570737f2b2c2ea12c6db901b56e2abb8d06e08db3495cfb0b60f67376f837c44174d5ab7d92627ddd136cbf156664c62c4873a7aafc27

C:\Users\Admin\AppData\Local\Temp\SAgG.exe

MD5 a1cd458735766bd7d9d14eda4d450801
SHA1 66666c99fdad745d460856ac953193c795792092
SHA256 f0b2341949afc95db4f17ccfe8ce8e8a73a49f53f27723f7caef22ef0a09bc64
SHA512 a72d45d798e88d51015b40d8e7c62f068019b2621377808e6067de8c568ec50f55fe166bd6b3626d871e9f51e05cb6e325c871adb625eb88e27ee2fda328efd8

C:\Users\Admin\AppData\Local\Temp\WoMo.exe

MD5 bea8c9de60a8f3112dcfeefa96b9eb3f
SHA1 e22a24ce44dcad117aea15d413aa03c816f18744
SHA256 5b42db57bc5bb5475a598ddb6fd6179fb86720eba93f85d4dec93415c508ea0b
SHA512 cb514775488fa57df2d689fc08c330998e3574ee69b63f9968312f138fc30bd2d0b45f1900880ea3452519e9e5ef603d8b172f106babaa249d59b1b5fec65fc8

C:\Users\Admin\AppData\Local\Temp\UAwc.exe

MD5 b4b767825a2b6fc6f13f0616a37690a2
SHA1 01c027f5c4bfa6ac222fe2f69e1661393ca16f8d
SHA256 d405697021ab1d33c520be360fcda61c9d873ab1140832a8b47ab536b705b28c
SHA512 7bbc77c47f845b4cd9c923f2ad9b604ae147910145a8e8127ae3ff06fae8daf5c4608ea6cd8043b689ea7da0566b4f8edf6fc0ecc606c575ea24dec073f26708

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe

MD5 c16ce3cfea8cdf4dc36cd7d2bbdc5bd6
SHA1 4ac3f8c52c3d623ab3253c0036104b7e176cf959
SHA256 60a59d46552108c3de88db3f5638fae8a3f9e6d53379215ef998974944c09e40
SHA512 ca4e10c68c07b7f7b9c68b382c359bd493f249c628991361ae0e72c4a7f23f06e090c9b16700bc73f2ea54cff31765aa512c98ca17407a8301f9f5fa530729a9

C:\Users\Admin\AppData\Local\Temp\WQgC.exe

MD5 a6bb2e1c61d00efd8b0cfcd01dc72a1a
SHA1 9a404820c449c09086d85bbce1bc5e75de479f97
SHA256 e95d6159c18b4e25dc691d6a61a7c367405f451b04fb1abb51e3238c9ee8d11c
SHA512 acc831ae53b85e65818df0a7dbc129fff38a1de42de3540f57d3e5ebcf6ddc60125e121d8d392d93f98553dae70ab11be21687b4c6e763446b0942c9045da030

C:\Users\Admin\AppData\Local\Temp\aMIY.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Temp\ikQU.exe

MD5 9a649dd73c41a25c6bb669601e517712
SHA1 b8a3d2f83258b12e1a8d1b2b940469746922360c
SHA256 cc9cd0c1d4b21246df298ced092d356a8d683175ec27b06da616016bb26130a6
SHA512 90057eb7d26f9b0e51f6c394fdb7dc323a2ddc1b34034dcbefd0f45cc964a4959ac22d8f49dfbfc86d7fc74753af7dbe74d1c2122cf5daed46876f34d78503a3

C:\Users\Admin\AppData\Local\Temp\UMkM.exe

MD5 7b27213ff6b8376a094798aa2ea523b5
SHA1 f0d7bb90e5c97ed72d9ce13eeb3cf77342d3701a
SHA256 e6a03b69438eae5d8a0b5ef74717b7d1af937c2837280ecfb327409a3b0ae913
SHA512 18fff0337150740970fe558d11022c1313bfa19f0f7151631a0f54b3d486e10f84587dd73eea7187ae7b11e1d6649f9f278e11cb371a32087ca3c4ea5f4f3984

C:\Users\Admin\AppData\Local\Temp\wUkC.exe

MD5 42629fd8c21d3e70074d672049c15318
SHA1 b22f7cf8b159a8dcc7cc71a942bb557fa6d159bc
SHA256 ed015b8ff7afd6908eeba1d922014bd68332963ea376d3e62d6e834c31f6da30
SHA512 3f5f222d571ea7706e6760f8a650e0ff97374038112d56ffdf33f965d7ef2f0d8beece6b1be2cd7bb5d40e73263f2c643bac20e6aecdd6b60414773795fca815

C:\Users\Admin\AppData\Local\Temp\eUou.exe

MD5 cb9cc2298246d62b22c5fe23211905f2
SHA1 4409d83e19eb927d84e993987071d4480b99cebb
SHA256 cc827148112940b5efeb28e59ea281f9484d8b7c39afaf63a91fc691c3cf92de
SHA512 61f8630b2a9b1f4acf382889cdfae20607e3895de6fc7eabbc02f8f28a9856aec6a64be445eca483471c56406603be48cdf78b5d34497cfdd5c7925b8dc9a61c

C:\Users\Admin\AppData\Local\Temp\sUAc.exe

MD5 b090dfe950c9b13bd9dcc84496f36217
SHA1 ab3766514ac12d27e341673c4f1373daea93563e
SHA256 39237a54c96aab485ed26f5288a1d57feb10b57f899846b80ff819c68a9d8642
SHA512 ee4be063ee0f5361923b3331a163fea4e238146e6de57f5f2bd2081911f49e39c3d7e562c09ffaf4c6e8ce02141f94c86d0f30c332ae12689b692972fec0e0f6

C:\Users\Admin\AppData\Local\Temp\kwoe.exe

MD5 2333fccfb5c9c19e11582ed564e596b2
SHA1 74b50a48ba139168ff7da429105ecb76184fa775
SHA256 da5cfca744e6d97bf16272de48429a3a2dcdd7d4b9a089c0ed0b05376e563f8b
SHA512 9e424f5733da2c8e911c4f599110885598638072ffdac1996d5486364098d285468ae04304e2558ec39f045ebee7c7c40e792c13ff40e62107011d914c74aa3a

C:\Users\Admin\AppData\Local\Temp\ecAW.exe

MD5 76725aabc19d11c9f2e768c786ebe4e8
SHA1 d42b4fcc182e29c7ac0a2488f6f5584c23e95644
SHA256 63844eff6ee44681be6daccd2d04978488427ef3f2fe4281210dbca3461a85ba
SHA512 420c739d8307fed3aba14a75176691591ba74b198cbfd8b0fe9d3c07c7a747041fef19d681386d31e5955a1e8b7bc9244188ec2c9d6e17b1c0d7d0ae2c6b47d5

C:\Users\Admin\AppData\Local\Temp\cMsu.exe

MD5 4f6e4c1387a0d04db3002c5bfd3d2d4c
SHA1 d3a14afabb3e31d6f37d685c72fc5ee8867350bb
SHA256 1948c62a589aaa6b4b57cb1a187630c209d5f8a7c798ab46069dca5acffb219c
SHA512 a5a3c03cc7ebc2a664e5ec5a7ce9685b48acece833b0896ecec7e3e6ccf08941bc9c8ccf3bc9004b350373e0e713053c8eabd1d4e066344dd772ec5f95e94818

C:\Users\Admin\AppData\Local\Temp\kQcO.exe

MD5 f15a34791862f3f8a049c80913c8b376
SHA1 3bb814402b75dfca3963b8bd04946cfa213b4a61
SHA256 8481262cfb44fd6c09b6d7962e5f58e98dc9ca620a8a419df8a2a7add120fdb4
SHA512 0ce912a22e86ff3fa6cacec43403ca1cb7704b3f951070a41dc5d23659cf4dfb02ae1a9fedb062a70e83436412e3648618696c2c156311260e5e1bdcfbc82372

C:\Users\Admin\AppData\Local\Temp\csAU.exe

MD5 248988ba615386d74ccfdf3f2c9ce20e
SHA1 7ad1179c432bf340ff89d44d0831140c8b4f2f2d
SHA256 9487b7a5c8ab26164a32a703782c663e80911a9f02d9d88a59902dbab8bc05c1
SHA512 04c23ae1e8a3e3af2ec623eb98bbe3991b6eaef309c1ca07e5baeb710bc5e13306a0a6127af32fbdd47fc1727143f1741e1c0592fdd30f9771fc3d4205b74163

C:\Users\Admin\AppData\Local\Temp\yosi.exe

MD5 ad2550afde4819d877d2e5dbe5673e3c
SHA1 d823bea52ddb50a7f30c32ff6561d110d506e041
SHA256 d5a2cced0cdfebd4098cf5de64c1f1261e6366e4dc0451d18ad7f60aae8d732e
SHA512 806e4db3b3e989358db9a973023f1d2e63541646a7be950241d9d498229bff88bd7e39a6555e0a67aacc6217a432f95ef9bb25b022a4b46c4f57af11d8e42a3e

C:\Users\Admin\AppData\Local\Temp\CwIW.exe

MD5 76e576726b65d458feca500454b38502
SHA1 9926e9e6d82ebebe795b10335ac6964f6cd335e6
SHA256 6103d5148cab673a92985d4b18f5f97b9906b0cea0927c4ab84ad771f4c03c16
SHA512 666dad2b9d9c86bd5d58a1660a2827bf6ba63d3dc276beab3443b3568b2767f62c5b142dcc1c5b767b700d6ac82d19ef806ea0ae0dd487cbd64b12bc32c65b34

C:\Users\Admin\AppData\Local\Temp\ooES.exe

MD5 3454f33373a48b95614e858d59c96ca4
SHA1 e0dfa97efc1ae252becc3d442999db8e2bf065dc
SHA256 3388ffbc90e3ecda193b9eff402df0a1040c90f2f2614af83a619c585c6b373d
SHA512 9d86cae0bf558e93df3dc468806d033f26fc279e6a053982b4014106e88bbe0ae52787a7998ccf9de34bb0273c2c3e64d4338d0dfc5dbe1e4be3d521469be2c8

C:\Users\Admin\AppData\Local\Temp\GsQo.exe

MD5 240a75d080089f4f48efb266d547614d
SHA1 a3c54b64a006606a9ac9d88dc3cd02d45940ea97
SHA256 25e216741bd1dd0f16af35731c1d413a3047c279f00e167c553aa83a513ce727
SHA512 0d9ef3f18aadf06ebdb4444deab3b5f1b5b901f319b3782f8215a69059205d2254628942234d01e81d614fe91ea5a589b96baab10eb7913900211712b6bf19c7

C:\Users\Admin\AppData\Roaming\ConvertRead.xls.exe

MD5 e51e0979cd440c77e780d04cda80c0aa
SHA1 ed7c4c70e595b28a62856d5749d78f755e184939
SHA256 edc9045ac4b06d9ad68f7c176a0707ed9c51e5d03ce5ad50c50d3cd4c67823e8
SHA512 dd205a4ab4d6280675698f02bc9a37762d8e26053d02faf334c1ffcab3bd0d223057ffa561165acf37592c2f04508815bc5b5430f1ce28a1380fe235a77c5b9d

C:\Users\Admin\AppData\Local\Temp\ycUC.exe

MD5 4ed92dfddec56518c7b29423026b2ee2
SHA1 c266765f24bdadfceb7b982722bda7212c9e255a
SHA256 45a6de3d2c6ba10bbb001427beb8227cc8f89d00efafc0a77b9d0248b5c0f7d7
SHA512 e18f60948599a6422d0b43e1f2844adc8eb98bdc5b71b0b468623e0a79800f81dd0aa89f2c57355c1d08697b17c5446c9d952f2425bef01e6d770c7b41f31c0c

C:\Users\Admin\AppData\Local\Temp\YQgs.exe

MD5 8cb9fdaff020423feb26cc0a09fa4443
SHA1 2924825eef281941a9e28393d463e055a9118392
SHA256 2a7aec08dfa40fc139c8d7661b8ad46a1073e0d33bc6149663c613fb77f9f88a
SHA512 f91c87f29052acdfea6594a1e02ef03d62f6b4d756738e3a3fbbb15b56415c9c4972757bf5ed87d0ed096e505f6490fb4e924ca4d2151ee63da14255f29af3b2

C:\Users\Admin\AppData\Local\Temp\kcAM.exe

MD5 d8bac079c38e42384645456bec136baa
SHA1 4e0c4838376da223383de3786a32556bb90bcbcc
SHA256 0e4cbda2c0cd85a5ae47fe5cf36a579cf30318f2ca702ce6dcb80562abdb59a9
SHA512 6cab6c8cb302a8989dd61b9aedc294c0e1fb2eb5e2044488295eb1b6695cc560cff820a2dbed785040147099586e7eb344321c347363e68acee8a50dde67caf4

C:\Users\Admin\AppData\Local\Temp\qsQQ.exe

MD5 39925cb388bbcf316cd9c872fcbc359f
SHA1 2b7b62d05671ef39a81b12f6edae8d59bc388c0d
SHA256 e9247c3bc88d60fb069426acff8e596bf5d029c0506c7cf1691fcd5a6ace1373
SHA512 31ff44fdd571bfd690421fe5904280993ec2bab35ce4ef1d3627b5916239c694b449963de359afe9921b14e439f1d272dae79d3095d52b95dd80dae3ca0ae296

C:\Users\Admin\AppData\Local\Temp\QIAO.exe

MD5 22565c21a506db93109e43c764c1befc
SHA1 7a7b5b0eabed3503c49b9ed31c1ce162202737be
SHA256 4a189aa5af45a510f7cc39967f73a56640a40813a418046a5388c028a0ce3ee0
SHA512 bd87bebfb4bc763c9921c832b6ebebde4b75ba22f566ec0b024de3bc0e9b4f63d7aff9e4a6ce143296a9519042a1b8f518f35ab4312157db1e33bf12bd130f86

C:\Users\Admin\AppData\Local\Temp\CEIc.exe

MD5 3650b4a5fe125b5ccdd4b44723335d49
SHA1 8a16b75eb23b13d76a9e57471b9fec1ed5923e60
SHA256 2e0c6e9064387d30f5d957399c6f8ba6e5e966b79ce82227c4cd7abc28145343
SHA512 02582f36e08464d11864532f12b9abfd748478a74decefdc05bac214efcca44934222b0573e6b1c754b1345ea53cec70c753c4785cdb7d4d9e21a8df1fc36a14

C:\Users\Admin\AppData\Local\Temp\WwgC.exe

MD5 def5c76ce34c3a2b6c2b42ca506e5883
SHA1 45c524cb0e4e5ede7ea24bd436e0693aa4839fca
SHA256 db4dfc75e18ea7207c22ec741fdc3b55284f48aee290cfc4d58651062bd377dd
SHA512 bc7c8e68f353f75e505198362dfcf47f53c136c18172cfb3989ca9fb1aa394459a57e3ec65c49fa64c26b2ae1ee8bdc348c863040bba0270762ef5596f6c37b2

C:\Users\Admin\AppData\Local\Temp\eksc.exe

MD5 eeb54462c5beada2041e4525a122c314
SHA1 39115168fc764f2dc5bfa90d2471c05cea848bfe
SHA256 a4bda1970d57582ea919449aa8ee1ed6a1daaae8aea1b10f68c21c604d2bb697
SHA512 55c6955d86c49718037300971ea4b19381203f11edb78c2e22347008055c43b05ae92be271b9e5a221b093174201cb5fea93619736e8d1750ee584a8912a5739

C:\Users\Admin\AppData\Local\Temp\OQEO.exe

MD5 8c0db7e38bcc5f456e809578e25795d1
SHA1 9b08d9428f8c9a4e816feb0925bad39e077f49d0
SHA256 576b6dbeff4b945fe6fc0aca27f13f5150f129401b7602925cda65dcd7fbd719
SHA512 781c5515d517dbb7896a44fb074f18aaa194b011bbb4a6fa1f4da4e72311e7f9814fe66ec7a51ecb39cc7d37fc13bbacf310490e4763dc2b66ab70d62c0515d8

C:\Users\Admin\AppData\Local\Temp\mgIs.ico

MD5 c7fffc3e71c7197b5f9daaea510aac10
SHA1 23262fb8038c093ac32d6a34effbede5de5e880d
SHA256 71254090503179540435a1283d04301f3d5ba48855ae8c361d4ac86e3abd2865
SHA512 c3cefdb76a9fc74299a7042096a549e019db3f2cf79e81deeabab2f3ebf2bbc9f2924a84cbbbc4848a4bf84cc3a0886c6c738c6bb37c9140dfc57f1f797e9c1c

C:\Users\Admin\AppData\Local\Temp\AoMq.exe

MD5 46d996d6b0b09c447e8efc39716b642d
SHA1 c8bc8942a82dfb85eb4fe4d9d3477f075f077a35
SHA256 6e0d4434905ed80b6dcc89ab05e7032d73ab2e280aa1d7be0abae3d89513cffc
SHA512 816314f0bd0d17be1f7e32f7c431c0fbdddd86ff792b8c4c3b0379f6b2cb7ccc3e694bc043f5956499c2bb182ac7db5cc2381ee2a44ce89121f8dcbe1e1055fd

C:\Users\Admin\AppData\Local\Temp\KgMs.exe

MD5 4499727f83e71811712bd6cde30aa782
SHA1 44fc38e599b043b62ea1fd774a55d6d3cbbebd84
SHA256 8a1a0ff417436d341e38b5cb786698ac28feb5beaa5c011949a4e3890167e537
SHA512 b582c4f9e579742739b222380503eb9e51f10dfc7c9b0c3da86a7fb2f0d7931907f006dbed18c63ac3191a6aa45dfb5e2c66719da3a63e62a7e7a539dadfb1ba

C:\Users\Admin\AppData\Local\Temp\ugEi.exe

MD5 5cb58d4abf7c001c7273a234331ab15d
SHA1 b347e8819039777ca901fe7aec6e3f676f36c966
SHA256 a3f5d0b01961cfe8dc6fb61f4021094264859bb164d95d8364022e444d620a47
SHA512 6927194a84bb8361c7cf5605168bca4bb16ffb5989a57d5aaa1ba2d6398aab5ace52edd3bd8b73157ae6a947c56073ca646df18f8cc589f0a4e7fde91d460793

C:\Users\Admin\AppData\Local\Temp\SUwe.exe

MD5 069dcb70ac4fdba6a32d7c93061df6cc
SHA1 581a69c4a0abbe3d7e42589421a9c46f36a81d73
SHA256 1b8623e3761e118c706c43b8e78eef8378532da564787a1b57c909a9a07cd6e7
SHA512 19df519b494a3abce90acc02a5c824cae6add2f0370a62bb6b9dda2de303e7623aa737b162e260b520b62ec8e777632f8699b3cf3b2b3c137925335b225c243a

C:\Users\Admin\AppData\Local\Temp\ggMs.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\WAkk.exe

MD5 401e4917cc9335d5cee3cc67c12e7e35
SHA1 d6773895b2ba1461fa6509d5544676f0e2c4caf9
SHA256 53c24fca3b63e1c47eeffa3bd8824230873c12d9e3c0a089c9384bb21ab4fcb1
SHA512 48b60b72e5b2a16cde904fc1cae6d9165adfbc6e43bfae877a448dde8a97ec06582f7fdb03906506783bbb9b93564c79ebeaeb1a70bd8f6d1c5452bace334606

C:\Users\Admin\AppData\Local\Temp\YIAi.exe

MD5 a302c540ae68c0bf71e9f4ec3c619110
SHA1 900c16448304383a6b1c5416eb1647a25120d002
SHA256 ab014620b65e5b5d26387ecc76a13d340dce890d527e32c4e24b0317f2fc9c7a
SHA512 50a6eaa843b86bd245de51c523cd887084028d5e05fd2aca9a0da728f1a2666467b3d9367f00cdfdabcef53657f068430128c4757815ce0f58c294011957f7a5

C:\Users\Admin\AppData\Local\Temp\KEwW.exe

MD5 60b4de5b2679cb0928d10edc1c8e3dcd
SHA1 0808b22b2a6e20660a86cb8af0f9b4c94a2567ab
SHA256 572666f5dfa1ce610b18b82a578923c4a5953aae252da2e3ad1248ba69ce02d3
SHA512 be530c3f91fcd4955f1a08fa46926a10b18f67679b14ba8b3adb1e3de70861067bcd6bb2b0515b73b2a6b8ece61ad1e857ee64b8ca6715381acb9dffde343763

C:\Users\Admin\AppData\Local\Temp\IYcs.exe

MD5 ac639375e887d2d70c2a29bd831e27f6
SHA1 0235da73aedc73fafb7450a40cb82e9875190cc9
SHA256 5bb7667cd724347d1d069947e05ccecb381bbf4e41490a9b072db7f7dacf6a56
SHA512 bb769cf66504427bd1bb582866db28af8c3ad6753016bb4ba65d9b80ea4044672a4a4cb848c239efde2cc4925a57952f484191084ec9dbc64d78f2c9b49bee23

C:\Users\Admin\AppData\Local\Temp\yEYM.exe

MD5 dcf251cb70992b393e713fefcc5644c2
SHA1 44f978cf0247001769ef610daaf4c114396968bb
SHA256 5a823399ffca5fab7888a5b8a68042ba87a1d7302b0e446e6cfca08d05d1ae61
SHA512 986e2fdf1fc7762f05f64e437d0fbd1d891c84973d6ac39275e53ba500ffb178a9208dee8b7ba1f8ed134494ced8735c25f30c9c5f982b0289fc9d4c6a0d7e91

C:\Users\Admin\AppData\Local\Temp\iAUi.exe

MD5 5a33e3c160fee3770be7d68fecd4dbb2
SHA1 3267e1b555b96a54f6d690325c69e42751862e5f
SHA256 ead1cd435eacd8471340861286a78ed31d4ecea28c5c499f0c741cdd6e632105
SHA512 ab9a390a8be7cb2146e9777b41080b1b46aa94df69fbb814c4dff8d5c8a37a02ef1caffe2fdc9fdc70b7b2c9547586bb9cc41ae788a79db41dba4655087202ca

C:\Users\Admin\AppData\Local\Temp\ocYY.ico

MD5 7ebb1c3b3f5ee39434e36aeb4c07ee8b
SHA1 7b4e7562e3a12b37862e0d5ecf94581ec130658f
SHA256 be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742
SHA512 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6

C:\Users\Admin\AppData\Local\Temp\Mcgi.exe

MD5 de4d4916e56152f06d51dc40cb3c8658
SHA1 2adcee7114050f127c66913575966d360672ce74
SHA256 3cb003c4402b184815e3b2bc90a7c07649c1301830703ae52108209f78034a4f
SHA512 f7cf22cd9db77854b584cd705d948c682b7a66be8cbebfb89929c9800efce6d903fdeb6fabed486ca6ca345b08f221b97285ab7d952d0153cfe672010003f306

C:\Users\Admin\AppData\Local\Temp\wAUU.exe

MD5 85f1fb9dc24b5d9f134624fcdeca3ac1
SHA1 977d6f65e2e41c25b5e85a2ae7eedcb71b8573ca
SHA256 101ca36f134db340c9d830089b56f586b10560f42f5c3b95c03e665a7f01010f
SHA512 45caaa577cbd97239d8170b73478ff0b84c2008f50b2745c3c8c1330aac4ad739e7a12f10948064dde578ebcd878072c6451a6e7147633e449a88af44194bb4a

C:\Users\Admin\AppData\Local\Temp\Csow.exe

MD5 1386466b50d59776c23f99df8879114e
SHA1 17dc7beabb390e4a7dc247dbf1bfc0786c6b11d2
SHA256 7ee3e879e6ceea33eb48bb1226077a955fd94113c16ec887d280d6987fdaad49
SHA512 3b94df45a64da2c168a60918d4014c22b27798c4a1b03ab2aa192bdc14223a6fd845c72f0409b68595dc01d616755572ad9b117e529666291d71665cadd28173

C:\Users\Admin\AppData\Local\Temp\YgwE.exe

MD5 0e446f6cf9956cbc8502be5c0bfbac7a
SHA1 9ca4ded0fd35ff2c120737c470f18522384bf49a
SHA256 7ef5bb97370736d7b9fbfa52e32176ba146aa92f3e7b5745ed2aea2b12f585f1
SHA512 936cf3334dd37e2fbc53d75a79d633c1b31dbcc344d6db66874e96788d9c22063cdb4fd9df4765a8a7fd2f4a0721729d023c94054baf4f047b4616d5b724e85b

C:\Users\Admin\AppData\Local\Temp\kckA.ico

MD5 ace522945d3d0ff3b6d96abef56e1427
SHA1 d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256 daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA512 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e

C:\Users\Admin\AppData\Local\Temp\KoUM.exe

MD5 652f9e44de353b9d77918f51b229d78b
SHA1 bb2eb15ad9207a5fed44e60cc7832e2af374fdff
SHA256 90c6b8d5abb4efecf778661357a8f4bca1744327bcf4dd3d74cc0e9406aeae24
SHA512 715d4c9b86aa860804ab4338584d188fa942ecd30b47efba85e38d06dd98b571d4754cc11f2d2c56aefab8f1ac5f45160d9ba7ecbcd3ae610b43d8390a4762d1

C:\Users\Admin\AppData\Local\Temp\IUcu.exe

MD5 367489e8c520d7ec042438ebe822f325
SHA1 93808246c306feb32d6415999b17a009527650f0
SHA256 f407a43d620d43e7a389412b8d4eb3a892307a1f4201fb900f905dd321d339c8
SHA512 53d58054f08bfdfc8660479929e52ee86dc1f3e3622aeec292cf828f9a1c570434a82da6c6fe2894b0de8b2dd5f5eb12096e0a3e0c6e9df271e822a900cbd5af

C:\Users\Admin\AppData\Local\Temp\CQgs.exe

MD5 baa252cfa468de78cb4a36f01327d4e5
SHA1 7a0069efba15e098defb79d1547ecbe21498d83a
SHA256 e96d79e62bad09e56957db41139212fc86912e6c3a3f5c65a7c9939da2a55dc7
SHA512 10eb6d62666008ea6534bd2cd48e179514b3a54b5977668d5ae0e3d9df8c2e609b698c210713d5e94762ad3da91703120c0e9071577265f80ba0c0324b951ec0

C:\Users\Admin\AppData\Local\Temp\cwMI.exe

MD5 05769aa4fec09651bbbb40b9005f6698
SHA1 69e5b53e8d65aef181c849068ee15ae030b4343d
SHA256 cdbe0a5c910e3c33c4ccabcfcff2249b68f0af2dcd78e1a03eb49837d8df9043
SHA512 86ac43098b12203af29a9509ca8ae5225a50cfc91fcc89dbf881e52c7e91564f25331f73c63ca98265d0c25da6816ab36f223b1f7e8b104bcd498d2ccce02c29

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe

MD5 4d62d6a262c71b8a9b65673cda3d4869
SHA1 f5d6904e9af137731d124850db760745473baf2f
SHA256 93bf07a0c14a682c034e50cbf6733b60084f1c78f6288c7fd5c9afb087114b47
SHA512 dd0a097ac8ac2e6f6739a3ec1a828053fda429c3325c357aaa453e1fac0fb879bec806c5b6b7b5a785925c5e9d9036a0ebfcb439368f57223f81f8bf65533cb5

C:\Users\Admin\AppData\Local\Temp\SssE.exe

MD5 0f74cfaa67c0930270cbc0b45b539c53
SHA1 9a76deb672eaa9756244cdf15eaab710b3022089
SHA256 9991973ac5dae622d54811de9f919fac5ea37361191f270e6f8362ba1738fce9
SHA512 e34c16d00fb84e3e0d421ec9c8d4057ad559049882063c8bf8f4f549b4a39905aa4a8e75faeb85540d68e70862b6e8732f5f76eda4884523a902be95bde31809

C:\Users\Admin\AppData\Local\Temp\kEMu.exe

MD5 d736ac9115de28d97a012d32ce8cc740
SHA1 078a93cbe583bc44030508201ca8c69af8a69427
SHA256 9c4fa7e8b5def70baef0a115d4ba2007199593b8166cfac840feedbee513aeb4
SHA512 a10475ef1f4ccc6ed54cfce7b96667b19fe9a59e79da5152342e528516b94722f3047f2240467a5233c69c70ece61a28449adbc0431f0a4dc90498c007c20fe9

C:\Users\Admin\AppData\Local\Temp\Qoki.exe

MD5 ada0a1a9c14cfa69a60191b081344ab5
SHA1 fc38313a6c88f4bc6339f27af53f77623bc939a3
SHA256 0014fce85a9a3d2864ad48098c3a2e847fe47406faa9127af51ce6cc62d925a3
SHA512 cbab3c2e80242a357723cd2a711df530e702128edad02df74cd15be2b03529a47147511501461fbb33d2b7fa6f8cf4679d9bdc528dde82b28e248625d9373e76