Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-j12a5a1bke
Target 2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
SHA256 d3ec9fec4f73dcd82270934c04376a288db43763d4b142f0bf0b0a7cbad08900
Tags
discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d3ec9fec4f73dcd82270934c04376a288db43763d4b142f0bf0b0a7cbad08900

Threat Level: Known bad

The file 2024-10-16_e0a8441493e12806acc53cce247292e8_virlock was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence ransomware spyware stealer trojan

UAC bypass

Modifies visibility of file extensions in Explorer

Renames multiple (55) files with added filename extension

Renames multiple (84) files with added filename extension

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies registry key

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:08

Reported

2024-10-16 08:11

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (84) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\ProgramData\iGEQQkcA\jQIssMIo.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEAoEMQM.exe = "C:\\Users\\Admin\\RcoIokoY\\MEAoEMQM.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jQIssMIo.exe = "C:\\ProgramData\\iGEQQkcA\\jQIssMIo.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEAoEMQM.exe = "C:\\Users\\Admin\\RcoIokoY\\MEAoEMQM.exe" C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jQIssMIo.exe = "C:\\ProgramData\\iGEQQkcA\\jQIssMIo.exe" C:\ProgramData\iGEQQkcA\jQIssMIo.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
File opened for modification C:\Windows\SysWOW64\shell32.dll.exe C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A
N/A N/A C:\Users\Admin\RcoIokoY\MEAoEMQM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\RcoIokoY\MEAoEMQM.exe
PID 2168 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\RcoIokoY\MEAoEMQM.exe
PID 2168 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\RcoIokoY\MEAoEMQM.exe
PID 2168 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\iGEQQkcA\jQIssMIo.exe
PID 2168 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\iGEQQkcA\jQIssMIo.exe
PID 2168 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\iGEQQkcA\jQIssMIo.exe
PID 2168 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3300 wrote to memory of 2316 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 3300 wrote to memory of 2316 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 3300 wrote to memory of 2316 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2168 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2168 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 872 wrote to memory of 1420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 872 wrote to memory of 1420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 872 wrote to memory of 1420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2316 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2316 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2316 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2696 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2696 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2696 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2316 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2316 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2316 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2316 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2648 wrote to memory of 1904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2648 wrote to memory of 1904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2648 wrote to memory of 1904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4876 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4876 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4876 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1084 wrote to memory of 1888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1084 wrote to memory of 1888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1084 wrote to memory of 1888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 4876 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4876 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

C:\Users\Admin\RcoIokoY\MEAoEMQM.exe

"C:\Users\Admin\RcoIokoY\MEAoEMQM.exe"

C:\ProgramData\iGEQQkcA\jQIssMIo.exe

"C:\ProgramData\iGEQQkcA\jQIssMIo.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QaAUwsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PAkgQEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juUYIYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgEgAMos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POsoAIUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cgAEIAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qEoAwckQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkEwUwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uKwEIwIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWgkEkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMIowcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VokgokEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqscIEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\weMcEgAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mkgwwwMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsQQcUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ICUkMUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riQUgQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYQgcUcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zkUsoEgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RyAUsQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUMcMUIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOIYAMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UEcoAYwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yyQgkwYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZuMYQksM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSgwEIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUgAUIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luAYsQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MOAYIwgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UigksQUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaYQAYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LCUIEUkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vqEEcQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKgkcAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WgEYsokg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WyYgAYUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKYoAsQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sOswsEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGAMckgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XEUQEwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAwckYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSowoogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\geIQYAMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkYQsEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VcQUIQUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fmAIIwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAwoogwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xkYcAkYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmAIkoAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MEoEwwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wogMAUIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yQgAIsMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VCUMQIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hsAQUsgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fkwEgkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsogcAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsYUwoIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOsgUAEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcoIsgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOEokIos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMsAAkcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fCkgEAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SGUMEkcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmkoQEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSAEwEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UKccsUYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\diIogQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkogQwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PkAsQowI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWgwYIkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SeYIcgAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ieoUcUco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gakoAgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FokogsUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zigQIkQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zoswsIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mWwYYkkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYYoYskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iIwgwAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UeokEAsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RSgEYsIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HwEkEYIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HoEwMsUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSEwQggU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egMsQMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UiwsYgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wWoAAAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQUQIQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vyEcwcgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XOYQowsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwUYkwwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okogkAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aIcEEkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYogswQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkQsMYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgMIcYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAoskMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ngowwQAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qowMcYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaEoIcUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OiYUsYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KiAkwAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmcIUAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZskUgwQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSsccAwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSAoEcoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WGsUEwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\augEwMgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkQkMIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYUEEUQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEAYokIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bugYsIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XcgoUEck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yuYQwsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcQwYswY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yqMEIcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iKoUkkYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgsAIkMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkMcgYgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmEgYAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUMQoccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyAAUcIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SyEEgksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymwYowcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JCQQUIcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tSswQEIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bcMMcEAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAwEUwIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUYcwsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmMAcYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VGIYQkwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYoYQQwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeEkkQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jYAcIUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsgkEUUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KoIAMEoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imUMAswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaAQAIsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQkIQEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
GB 172.217.169.14:80 google.com tcp
GB 172.217.169.14:80 google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/2168-0-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\RcoIokoY\MEAoEMQM.exe

MD5 4d7bd3a3c0793b903fbaa55f9b724833
SHA1 4ac78d705e24ec4b1cb4bfa5edebd26e6923a05d
SHA256 ee0e559aa587729b2907066ec0e750db3b63a2ec54f1e2fa3a59fb4852b7a399
SHA512 c3d9b7534d790356119f0d14b8f7d48f86fcce25c2ea6b4ae6fc230cdad34b30fe22543e2c524702cbeabe6bd6c74eb8f01bba5f4b9dc9fbee216272d23ed16f

C:\ProgramData\iGEQQkcA\jQIssMIo.exe

MD5 45701fe5b5bab69da06a653eac836a46
SHA1 d85e7645b079764d76f2b3dde91582271de9d194
SHA256 4a5eb624d7d9f628223ee18d8cd1850df1f88430fb6a4454ea0943e54c262654
SHA512 647e74e423a2144d1f8496d804bff1274935b9cf4440a99b26dd1404d950a6abdcbc9723ba0027879608149c9920f69d8d0875e39937cf9e41ca01b6cb9bdfdf

memory/2848-9-0x0000000000400000-0x0000000000430000-memory.dmp

memory/844-14-0x0000000000400000-0x0000000000430000-memory.dmp

memory/2168-19-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QaAUwsAA.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

MD5 38523dacb7a20f049d5de61fc1cf87d5
SHA1 310f1c826385f858572a6c747688d897b851024e
SHA256 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191
SHA512 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1

memory/2316-32-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4876-43-0x0000000000400000-0x0000000000433000-memory.dmp

memory/912-51-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1888-55-0x0000000000400000-0x0000000000433000-memory.dmp

memory/912-66-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2928-79-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1868-90-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1852-101-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4704-112-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4576-125-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3000-136-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4844-147-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4140-155-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3032-159-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4140-172-0x0000000000400000-0x0000000000433000-memory.dmp

memory/64-173-0x0000000000400000-0x0000000000433000-memory.dmp

memory/64-184-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1880-195-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3596-206-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2900-219-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2928-230-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2344-231-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2344-242-0x0000000000400000-0x0000000000433000-memory.dmp

C:\ProgramData\iGEQQkcA\jQIssMIo.inf

MD5 99ad3b2ef9875786deca85fb0a227b11
SHA1 2464a1d3aa0b952a71273733090574d2be5e06f5
SHA256 8a855d38900dd341bdc0637931c82482db7b1f52e27d3026e384e2064371b289
SHA512 a420fc0963eac6238183d83b96ba65a8661cb6a3546e6972785d5dc6212dd5cbf7c73562349d777def9f260b45744c82d81dd822225f44d0be4e2e5329f6b29f

memory/1012-255-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2944-263-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4600-271-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5008-279-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2124-288-0x0000000000400000-0x0000000000433000-memory.dmp

memory/800-290-0x0000000000400000-0x0000000000433000-memory.dmp

memory/800-298-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3948-306-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4412-314-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4308-324-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5084-332-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3992-333-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5084-341-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1632-349-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2024-351-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2024-360-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4896-362-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4896-369-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3636-370-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3636-378-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3524-388-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2876-396-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3032-404-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2092-414-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3272-422-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3688-430-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2740-438-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4472-440-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4472-449-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1892-457-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3944-465-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3380-475-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3492-483-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2304-491-0x0000000000400000-0x0000000000433000-memory.dmp

memory/452-498-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2180-502-0x0000000000400000-0x0000000000433000-memory.dmp

memory/452-510-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2092-518-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4392-519-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4392-527-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3944-537-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2288-545-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4680-547-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4680-554-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3404-556-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3404-565-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2044-566-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2044-574-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2232-582-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2716-591-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2800-600-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1396-608-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1260-616-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3744-622-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4152-627-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3744-635-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4948-643-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2352-651-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3444-659-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1116-669-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2948-670-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1116-678-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5104-686-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4816-696-0x0000000000400000-0x0000000000433000-memory.dmp

memory/852-698-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4368-702-0x0000000000400000-0x0000000000433000-memory.dmp

memory/852-706-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4368-714-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WokE.exe

MD5 023daa720cf6ae2510907b030287e1b7
SHA1 e3b2d5c87c5ef7c214da119efc9a17862b45f464
SHA256 0a330495afcb49cbf98294b2592c5425a50d7d5da09cdd37a657aa75d69006d3
SHA512 8506783b93a50a239b83a50f2c1db675055b26639109a9a52550d3048c15ae1eafe6cd602d727bfe991d1256199f8670117937db25a22bbc7a19e7714044abb0

memory/4496-739-0x0000000000400000-0x0000000000433000-memory.dmp

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 5dbd4906c0a0fbfe343051d5f36f0986
SHA1 57b6623d6007d2e58bf6d17437c005e0eea4067a
SHA256 fdef75f85721ef8f7d7173d38b2348f760b3e6605cf651f590d5fc1b9bdc64b9
SHA512 42420afd81e05ca7d45c2bcc8bb441bd143d6947b2a95a07ae6ca00ea2c99ef8134c3262ab1e875e2bc6f888461d230614e9cd1b31b5cea319668896f2e11d4f

C:\Users\Admin\AppData\Local\Temp\yMMS.exe

MD5 0c6c3d8f49bdf7f80c1ced344b4dc7eb
SHA1 bb77af21fda94c18381cb642cdb5a41cc7ca241a
SHA256 0e87738f3090a4e3338c4b37f54a4928290f63694795ede7ab17295e0eb66c8e
SHA512 eb58f2feb418b69842909a03eb52f12ded5230edce643ca2e0d24f274bec8eb666b58d45a4d6dbbbaee01974903f3ca05a0c36c4782102457e6705b49ecbc23f

C:\Users\Admin\AppData\Local\Temp\qwUg.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\uAwQ.exe

MD5 93d1044afbbbef325373626851cf0848
SHA1 a25a7d014064100875222de0df51332121d1d892
SHA256 4a34a0df53f12e6b9a473256b97f12023696e7c25773061cfc71d305a23855bb
SHA512 b36968e4dcf079c37af502d61a834a11b824ae0e7d6d8a8492fb350a6602e36e8b5b1956904b4d63ece68be6e412cfe19bfb0dd52940cd6affe6c2d286da4ddd

C:\Users\Admin\AppData\Local\Temp\Kgca.exe

MD5 b598e182026555007d1fbbf06559480b
SHA1 c6b50a5c59371d6944993f3830d1d91cddf25948
SHA256 fce2dfbd00302e9dc9ca413e0501fb0a6d19fbfa009f1062a006f6bbf16c314c
SHA512 35db9b71f9dea9baf6af05ea636a2e1fa2248632fb5859c3ed7a1bdd5aa40d2e72a5b25ea7b535aea9dff095df704b3e874a6fc30b36724dedffdb0cda98e3fd

C:\Users\Admin\AppData\Local\Temp\CYIe.exe

MD5 50b3e3c1d9d48ec3523b8302c8627786
SHA1 7c29dfe7791c2156f73558fa45dc4cb00b16eed4
SHA256 95a808e05e44c9e52b838bfb27c44ce1d8ed30e7f4ba0cf47eec45da99f17e8e
SHA512 143dc09bb7720b8b82bf4357aed3ae01ac90ce2840a56278e9c1c89a39cc8e5e4bd1eae508b1c5cb1eed43404a42878950fb8a8e245bacfc2a66b325be938714

C:\Users\Admin\AppData\Local\Temp\aAwk.exe

MD5 709aceeac4a2861e294c1b6e04cba9e1
SHA1 8f1c9820434210dd75db19a4392e7202c8b623bf
SHA256 412f777d17e18b1b7bbe583f0782a2945f2ebd8cb5e214fdc35130628d6dff94
SHA512 78bc1650a54ade7a98a7a4a0d38e7e2cbe5f8761db82137f54e44ca7141b1b5cd72948e4fed414023434e421af42e11a98e7fa9af6c8b4340cfed33182997161

C:\Users\Admin\AppData\Local\Temp\gIAO.exe

MD5 12e9b22455cadf4f3f0e1ff10252a1c1
SHA1 42baac694a87f2d7d3151964ebea2d806c673d0e
SHA256 51ef62406fa5ff8cc4d29fc1e59b656579e8cfd88776b9b852829b42194e72ec
SHA512 dab353dc02836e845fcfb7e9078407847e6301bb418a7ba4dd14b00c03604ea302e59832fe0d1b1dd11b9f7167b70425335531ab70cff49e3b891626783cf39d

C:\Users\Admin\AppData\Local\Temp\ygYi.exe

MD5 6293dcc73bbf2a67dd9ec734f10af992
SHA1 938256bf030452213c10c35b795493dcabab70aa
SHA256 dfc7c993b8aa6e2ac5127036404127cab3a9b50c438b6f9eebe60f2e625056f9
SHA512 f7e8ba2485b7e9dacd56403166d99915f5e845c834fa2a0ffcf16deaf7c607d2e368dd42705e5e60836cf0adc2221ad42385c7e5ef83f2c263fed5ba4097bab9

C:\Users\Admin\AppData\Local\Temp\IUoO.exe

MD5 5498abcc7620f19f030b01b09be093b8
SHA1 c50661309b5503251943030aa58d2b5c3980ccbc
SHA256 46ce0d184f9f7f714c8aa1659ff02b0610dad378f12db737e1fae45810dadea2
SHA512 90ad4c68144fd5391f9e3430f9e31a8f988a551d45edcf045c935097a0ca917eafd26fed07bfc046f62a3d3f3af3d273e75b25d9923fb6029846778bde9374b3

C:\Users\Admin\AppData\Local\Temp\YsYG.exe

MD5 d30108997eb491cad670ecfd0e6d0306
SHA1 5b69b655797c04c23f9532e9b33f4575cc00fb5e
SHA256 19d73aaa4a1c55a13de34cd2e7942d9e1779a2632b763cebf4d56a2ffd168cd0
SHA512 f5f938c2211f15331525bf44ddd6a62243cc8bcddc003ff7462ebedb0023acf2d074c273029f446e61c9aaf6e20e874e5cfc96c68bd1288930c9b82c3be2de72

C:\Users\Admin\AppData\Local\Temp\WkMC.exe

MD5 cd73e00a451fa870d69061e553c81724
SHA1 2b47bdba45190dc9ba115dafee3574899b2da1f9
SHA256 3ad33d25a783c1d4e3bde3d41300db577959ddd11b24c74c24ae6efee328202f
SHA512 140acf90dabf7ccfb719ece60182efbfc6ceae67f1d6efab110048db97b8d1f581a33ba3bd537d1e2e1b62cf594ac072f63ff80d26ec7067bac1f4bffc8311e3

C:\Users\Admin\AppData\Local\Temp\uQEq.exe

MD5 8981a37f69632bf6e88490aa30fc4756
SHA1 245a82f1fc571198ab533e2fdc32dac688732c26
SHA256 a1571fc3bddcbb913490998e438aca274cd80827ac236666e4421210855b7b1d
SHA512 8cc6960cb2cde8fad104cbfe66643a2a9497dbc9c6c38777e3afaeca157b730df90c8e753a6f9c8b1db9379a96fae7eaac7e8d3c05cd9c429bbd8cd315cf944f

C:\Users\Admin\AppData\Local\Temp\SEwU.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\YYsC.exe

MD5 eed98469704b5b7ef5cf84105a6d5ec3
SHA1 6d06f5c0aa4a90ef70bc28648c70fe971cc9919e
SHA256 77315bc35c71b4fac0ed9ac4a23b2f03ca1d03b29301fb2f607952f0a1bd1129
SHA512 68fcc8f8c3fdc344c8a48c7aaf933fee35dad0b0f832cdd8c0cef0838fae02da3b5a04cdc04748097f7d2235146e95793a357f2a3ef03d06dcdbee786d03fe4b

C:\Users\Admin\AppData\Local\Temp\GscK.exe

MD5 a508b8347a620000434a3e7726253ac3
SHA1 5575a7f88464e90f48f5375d93be1072b85da286
SHA256 27d9c5904b7a3f21c37a3d0d77969b4525a9004f7cfb5fc9a3a080a9b59d6e88
SHA512 1ba7eead7aebc55323b8a1798f7c491614766958f6feea690f28db963aa4c236a98d18f97cd3aecd7c18f0d264dacdd456720c2eb74364b4a9ec70568410fbcd

C:\Users\Admin\AppData\Local\Temp\KgEK.exe

MD5 6c48dd27bffedf64c2a2fba645659579
SHA1 3f398ce8e86d2eb1abd2ca69eb6a89dab330840a
SHA256 30dcc09e13658e86c15a1d361a75447f0fdccbac73f51b48c3c8bf8c1d6ee0ca
SHA512 e0e66e74573aa98f541d59a018743ff9d694b31d4206a814e1948ca708bbd2798f5d9bacd6450b19b8ea319a8a0fdb9147b86f4b6c840dc232c664d7f9856489

C:\Users\Admin\AppData\Local\Temp\UooQ.exe

MD5 aaba61aff3f55defe1e192b66052d546
SHA1 093346f3859e91821c310190653f3925120c63f5
SHA256 03447be318509cc5684c6ee3210b3ffa5787fcf324ec613789df07bdf7c9cf16
SHA512 d17fe57eb6cfcda4e77290e0a986da704f54b0e1faa93b5a8c1815a63fa5c67cdbf0be1216c7b277c2e8f830876a0197183b823ae99a59fcaad1f54cec2aaf0a

C:\Users\Admin\AppData\Local\Temp\ucIa.exe

MD5 e78463bc8e5665ae6a0049a5f3d3be7e
SHA1 ded7729c66e920ae5f13f000c0342b36017a85df
SHA256 8c0cbab6c7585ef8095c476242adf08291385b700a6429ac48f1d77fa947cf2a
SHA512 152d2ee4f7d106f4cb64e5ed0c40a56b110de546ecf4dc7181b665e38925ad3dd980f8867a1412fe924f2808ac1d982da8e7cc77f2a528330c36f80a0aa841ca

C:\Users\Admin\AppData\Local\Temp\ussg.exe

MD5 ee156320cf08e624eeecd6b49e3a9bbe
SHA1 3dade4b346e9e61c054c2b88b3c1e46fa1221909
SHA256 8e5ff7329ab49268d9321ba7a4e3a5334615a941803d4709162827b6e7f00d57
SHA512 c7327fda74f4123c83de748aecb02ab057baf4482186697f14751c4fc8b8aeb7f317d57ff71f4ecec0a7ab7510a62bce11bc78a53f35a52a9d28765e5c4a657c

C:\Users\Admin\AppData\Local\Temp\AQkc.exe

MD5 45e5650073d3a7021cc432ed44752dcd
SHA1 7f726d613fb11dcb5d78891181f8ba2968bdc03d
SHA256 aeb87be9f373ebb823f2dc6ac65219af6242aa2ebc01175913602e4154f080a7
SHA512 e35a4a885f08da1b9df4862c0cb777950eac3f176c47be14212d7d43e1d52c07243980410b209a78d84fca2353a933427253d7a0c3f897e2e97c2f786145a3d7

C:\Users\Admin\AppData\Local\Temp\MIwC.exe

MD5 e2a8b30bad1107bc18d3069ff96d0a60
SHA1 7818e1cc5d24fdd00bbd60326654943fbe26eb27
SHA256 fd5de1111dd76002b6950ec1a6f675df9a7a63cb154b9c8188b2475330025fbf
SHA512 4d83f90eb98ab14a7fdde305c6eab494fea42998e139ac31efc6f96e716aa00ae5a25d19c16b29cbaabc3fd560a97e6bb3ba1ee0c2c3e1b76bc0c029a24775fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\128.png.exe

MD5 37c7a595f7ce371d9f1fabbe03d0d068
SHA1 ca9ced4a487287f52870abc488a049bbea001a86
SHA256 ca4c272e4524bcc4494e0e62bcdc2398496b339f10b039be66f92eff322431fd
SHA512 c6f4c73fe66bfb9b3339864e19be6121990e87f50ae53cee24f7789e7b2245af505c04d3b47f249b9bb7e411d2799a925ca8c22e832e71118ed144207f8ce892

C:\Users\Admin\AppData\Local\Temp\uAwC.exe

MD5 fef28146c0bd0eebcc336bfcf32147dd
SHA1 fb86b768482eefca9d3830bdb774531e41c12cd7
SHA256 32170c51f2d0526e227b3a26d51995f4a6a763b1e25659f25f134eba9ef77b77
SHA512 30614bc2425058ce7cc8ecf53bdb0644331d6fa460a344fc9a6fbb3c12b5e86123b5e1c3f4c73c90d7d134a9f9e6bc583dfce8984ef4d757af22280dae1dff57

C:\Users\Admin\AppData\Local\Temp\oEgg.exe

MD5 a12baa7c106a698ea39885c0a7d15006
SHA1 ab7858e4416d12409dc4985d41090c2b9eaa5733
SHA256 e72c68baca6bbe2d9a6735dcb7bb6aeb6c6b2cfe6c1533b9c77bcb5e95250f95
SHA512 b47d99965c70a3ccd0830206b99ac1dfeea10cfafa2ef4090fdb6c3d19d51a516b051e24df658cf1f534ee0e5006db0b7f3e9727199179c0d2a60cb3a49acb27

C:\Users\Admin\AppData\Local\Temp\ksYg.exe

MD5 119e71fd2cdaab606a75d529737ed36e
SHA1 26b1186340409627568d6e7b356ba00b7e2530a9
SHA256 f00302430f1593dcaa42ef968d4c6676f9ebbbde10e6e845d5f4c22ea9004b36
SHA512 a704d57b55fdb9ac014708a7c524b4e832e077758aed2319ad133794558d5dd3015d3938a1a3ee80680a57aa7744d01ff17e02fe2c0f26f99f0abe8fce06776b

C:\Users\Admin\AppData\Local\Temp\MQkc.exe

MD5 7ddc5ae52b6c31df17b35e2dea263382
SHA1 098a3882dcc62b58f904e0e64d35766f87687efd
SHA256 2269fe044a627a7c67ed489d6c491b45a6c38c5f3b958e1f09001d968e96e83b
SHA512 09cf49d4a17456333dddc9ffb3a706c8950ec939ea4b21d83faa21cb1d9c6abbe044e571b07c32ec0335e8b3ae7bbdaf8c85b16a0dd3572b8065ce113ecd94ae

C:\Users\Admin\AppData\Local\Temp\mYga.exe

MD5 f2758e0750edbf053aed162ebc2a5c4b
SHA1 d6757076813ee03f75692e62883b60e4d0b90064
SHA256 6f89609fb4f06131578fa128de636cc1fa65e7804d36a4deafe4d2c99a161321
SHA512 a3788e1fc5a4f5f17754d3f2b437b7b9f1bf27ee8031c6118409d68ef05736e2eada655969c7110065230b299fff93af2144d4639cfa09e8265a626bf33e7d7b

C:\Users\Admin\AppData\Local\Temp\yoME.exe

MD5 f8d078f979a0549d745edf307ecb92ad
SHA1 1ed5da4d9fd958136831f7af3d7670abedff5f50
SHA256 8875b2f3f19c89b723a98c32b198f135d37e0f9cb2bd88985f7440505e271349
SHA512 ba935dc2c5a13ecb28be88e85e8d35acc39dd26d8259e98523b0de4c7d65697fbf8548efae813eb2b919cac11b0a5d669f807785125cd68088f401099f86629c

C:\Users\Admin\AppData\Local\Temp\EwUw.exe

MD5 44d3321d5656692eeba6270fbaa83bf0
SHA1 75bcdfeef9b5eb3440551105ce59495f273dcde5
SHA256 5132060b1df942a8d86531b87f395b62364e8e854e52a2bca01fc6c0549b87e0
SHA512 008b795d6d2390cdb43ac5368996c835e95b3916b78f01891b90ba601bce58edea3ba9c53ea76612a7bb638ddb9987290df07cad65246ed6bb0f791f62cdefdd

C:\Users\Admin\AppData\Local\Temp\kokk.exe

MD5 11cc86802744aa874431379243ba0fd9
SHA1 3697784657681143c6ddb742a1da077c0dbfb119
SHA256 6a2b75db3bd6fbd29db2d4f2ff18fae52ddcf32c7e61c36bc6c627605463e933
SHA512 aab46544d4dbb5db901e4ac530fd03cd070a54aeca4236ddd435a62608d99c50c3ba594f54859bc0112b14c1c6c5062cb933a8d94821025db44b7393da652b73

C:\Users\Admin\AppData\Local\Temp\cMYy.exe

MD5 dc869c63e293226f0f665434730a99ab
SHA1 3c5284a404424623875ce4cfc2564627e71d58c7
SHA256 95e7883576bda11581cc89865711f0287f4571b369d876c5d409a71bc8f12555
SHA512 1f20fa2ae7baef3fb2136e2dc2001cd3605c0d6d6df25ade6d45e17c089ff7601b9565708d4c54869da84fe2431a430d7a95239e1e53b104c2c599bf8d6fd083

C:\Users\Admin\AppData\Local\Temp\SYYG.exe

MD5 2a917ea8e38acfa1c6d9fe338be53ebe
SHA1 a6215d9eaae11e7fc53228911d696d975083fbda
SHA256 fc297cdd672ceebe2a354ccd596c950912157c5f6bfe79d3b472c24d05640502
SHA512 458074051f67160fa9d94b29da688172f00b1491f98611b1ed8c85da86a4dd75239b6df6d0c594a5e9b0f5f7de0ca5a53dc803aff3f0aacc89b88304640a41b9

C:\Users\Admin\AppData\Local\Temp\YkAa.exe

MD5 cd096c079cb8e38b68782ef4bb642698
SHA1 2ed48fcf2dc296eda365097531b7c62497173074
SHA256 5a49dacf27c2b71fe15db91159ec2d2c3173661dff796f50af97a7fa61718a5b
SHA512 ba762a876e3d8521af8aa24735ee31bc7b4dbbeb1557a4b557fd4e47e5aaef219773d3823b0a52a2ca48235aa3f9f385e97237976599633f1d790cd21734de74

C:\Users\Admin\AppData\Local\Temp\IskG.exe

MD5 7dc3d198fc9f54e0f52ed62d49e89e0f
SHA1 d0da66f3cbada3abe9a9b2a5e254cdbfe5ae629d
SHA256 618f5b35d50718e93be81671203ed54bc8e8d2c6ef97a6a614c85086c95f91e2
SHA512 e509574805fb3867f078bff1f0a095b8316f7abe7a0d2ce5ca57eff3d47f38376c1fa7226a7645b0ada840e15de7ab0eefcccc159bbda374b97e5bd8126e19d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe

MD5 eab6fdbf30d1f000a5d7224814ae7685
SHA1 cc981baffc856056d3f1df9c1518853c16ba77e8
SHA256 6621bf2c33c9c1308f4d8a60fca7c8e6dc16e5e3dae7a8e37585c0e3db69865c
SHA512 dbd9d5e9cdfe822d8c531a12149d2a04d1776c57bbee2fbce3bc83a55fe181d1fcfcd6e8542ba33a6dad095fdb3c1f8649f666fcdae37ea40216083565430917

C:\Users\Admin\AppData\Local\Temp\GEcK.exe

MD5 113db2405a2b9a296def23a422521ece
SHA1 fe9d5792201e474ddc16dedb3a8190042b12a462
SHA256 8b1977595f455a73b84c01812f6675aa1be95dc276731db762ff3eb977683b6a
SHA512 b1be7d5ee11a675e21c6813880f36fbce11f111d902b3cdc9a4dd69c7fb11437d12fd7c0ea686f9280c9f5d07c5612b81d2c893dc58f00bee1bd62c0e141d801

C:\Users\Admin\AppData\Local\Temp\ScwW.exe

MD5 ef6fc11dbd676da30098abfc6d02a4d6
SHA1 75d495e96d510e6c33339fefe29da22a760768e8
SHA256 64cce7d47007e07aefdfcc624aa9dbe701c6b84d472e6534c7f9fba72e24cb21
SHA512 e842a2fbe3ac2566e610121bcf80a1249c1adbf60e4300af5d731ee9a480fef027cfc4fefeeccda3edfadefb0ec712667460547203371dc21c12e3ac06b0da0f

C:\Users\Admin\AppData\Local\Temp\iUIK.exe

MD5 bc0d7d536beaf378b812e28ef4819a1f
SHA1 bec76e008673fc2cc6805631a838f24c7fd0ab2a
SHA256 e96e25c77b2fec10f4ab40c3c4531de7f9950d45bc9b3563c80464a63ab2f7e1
SHA512 f091cfa78e16247b86cd16187005a8927110d5e74f90f7acb5635759e8d8a3fe4d00be8a40a38beb44055f7dc22690744981bb6454ed9971359f5ea00a375f05

C:\Users\Admin\AppData\Local\Temp\IkYw.exe

MD5 ff530be9cf8df13e80ad52fa6179b930
SHA1 03504e134ee6a2902ddd4e90e5285384e37b5620
SHA256 d446620e890efcd5f073948edbe6b43e7e3ad3a25018703505e48e501e343c07
SHA512 32913d6b883011944f715cc27f46a7ede798ac7bc92a24c7a6f626709b137db4fbf3c8c7c60bf9b96a898b3abf745bca2518c7d301226a6d73a9acfd378ec9ba

C:\Users\Admin\AppData\Local\Temp\GskW.exe

MD5 62e0e067e15d99a76fb1de5bbbdfecf1
SHA1 cee36cc8df61103c5961b95bafed5103acb5484e
SHA256 d251897349b6b4ac74ae1903b65d05c5c579956f78551ed26744f14abb7a0207
SHA512 83a1ed2fecb60ef0e26a2b685d25e26088140620e788298b040b59890e0c2b8f8aa83b6d2a21dea3edfe02992f45dae9956e4d2e3da6d2fd6f92d760518b0f9a

C:\Users\Admin\AppData\Local\Temp\uQwk.exe

MD5 dd853ddca691a91f7730f484c961e062
SHA1 0d508d15f8bd15d630e50ed27cf8039407ca074d
SHA256 a8076772f8bd66bff8643de6bce80846a096c4b694344b84492e710a013d9946
SHA512 f311533251b31e1f820962eddc6d2dd6fae67971a037c776a6f77e45fa858a0c049e5fc52fab7f8a8525d250bef79696a7c6be41ce4b2267c69d197a86588fa2

C:\Users\Admin\AppData\Local\Temp\iIsO.exe

MD5 150e54bb09c37e1cd365b1b5f2cb0085
SHA1 803ea44d17e7bb122224951adfae6b0dc7c178fe
SHA256 1f8a66ef71c1f5d934f7939581e46e854bedc5ccd6a12c12f80e7ff4bad25a63
SHA512 75ad411081b1d2d3f7bb8bce9a42ca9978af10e4b37c95ae9da13682bf45c6d438a576237d45241f90fdaedcdb272818fa8b4189580db28b3541d15c1351d2be

C:\Users\Admin\AppData\Local\Temp\cYMw.exe

MD5 f3ca499bcbb4b9410cef0be574ea124c
SHA1 0119eb71477bcaa5c08fbeb7639c2b270785c498
SHA256 16e3cadcc56ad235542b44d148293ce51ff99cefa22e41c73e165b80aab7c655
SHA512 14a8513dd1cbe3fd3576e8827ed3a8f06637569b7b14ef368290354eba21309901ac4b70526f2813fe08953269a38b7c38213a485fa8cdcdfc47da874249466f

C:\Users\Admin\AppData\Local\Temp\WAEO.exe

MD5 3908ce25a335a464eab058157fb7346d
SHA1 86ae35b27a98b9df5d1fbb34f878900bb73c64d5
SHA256 68f27b8288fb77a7797ba7a4dba00b3bc04e02e84cf5a35786f7a280487e530a
SHA512 18c18cbe83306af9b1a87744adfc47bb8887a31cbf19a302a4f1e67e69c0c3e29976778be5989ba40672fb9730920737eec7a3b7304a3c6b5628b82729b7993a

C:\Users\Admin\AppData\Local\Temp\Aggw.exe

MD5 9551f1f4257587bfc5a84166381d86bb
SHA1 185df1100fd59d8aafb84cdaff21034e12194255
SHA256 ed9ab5883537ce727292481113ab6bc566cc9dcda699d487e08571cb99317107
SHA512 537002dfa0f204013cc58ab7245d965b73ef11c818080651d9e045f87316ff577894555993ae573974d27189677d2141e5a952532d9b03c5d5e36649eb38d9fa

C:\Users\Admin\AppData\Local\Temp\eswO.exe

MD5 7d5d0a7b1f30de318bd8b3486b29c59d
SHA1 4400e1bd9e8075f38e92bf8ebcf0f7d2e6c66385
SHA256 660497a803960bdd34a99c196edf73823aa05a0af67704adb86508ec9cc8064b
SHA512 30c74d9d6374651d90f6d99beab676d9c1e4c715f526ce482aa5f26f86b83a7046b5ee69bf39074508cc977358e4d060ad5b72702fc4655f1623f002da0539d6

C:\Users\Admin\AppData\Local\Temp\AUwy.exe

MD5 952b176440f7ec6f332241f571005dfd
SHA1 e2acc9c96831c6ba635dafb3b80c95db44395069
SHA256 c68c4d13c4296ff0515a69fe74daa2a44e5b86b06983d1416eaa3df24d2650b8
SHA512 dfd70574624064d5064a8ed084b4a3f7cd81c9aa065eff5c9f066c9e21aee8fa602131fd9f7fd657bf9a6ecf28f314d98a08c7f39791b62db33779ec22f6ab9d

C:\Users\Admin\AppData\Local\Temp\Wkkm.exe

MD5 284340a9342c222d0de9b3d05d548ba3
SHA1 490e77c6f529f1674a88903b7191ff4efaacbd76
SHA256 2a97b54aca3eff61d1c39ca6722faae11bfa772221e0e2d6eac38be4c48fceca
SHA512 a694986bb554840b36db2818f22b6c9e3ae5dbd283ebed5835b61feca0c2450a76e26e56b10ead2d01cbff544b0fa6321d8ce63f0c0a06951c5ade8f30d48794

C:\Users\Admin\AppData\Local\Temp\IwkG.exe

MD5 e6d28ba1d6e4e3163ef3c8fd9f4e7ddf
SHA1 7309a768147a7d92cc297b09997b87a6b350a754
SHA256 36877209b3f9345848614050aadce93ca11d01af942c4c0d82b53dd81ea2d3c1
SHA512 c9dccb8771df330f7f08a701c639e6f376a7cfcf3084b1c04a69e95b3d3fae84ba19eb29f1fd3b80c8c983ef1958aae59a4660284069d16a3c52ec9866c4a25b

C:\Users\Admin\AppData\Local\Temp\AMwg.exe

MD5 bd34e1be4a3f476a65eda63322d5b132
SHA1 1511df3556841a24d96dba0ecbcf37f0ff22a1a4
SHA256 262f83f1f03f60a3c6b1795e07fee979343ff71f849fcdd9db352e43550b6f97
SHA512 6c20ea763940e674c6d26759d4e24dd8205ec87ae7a339db5a942244d3e2f24e234836c00e8c9cd3f687149bbaa9d254fe9ee10baa6bcccea18c147b227bb4b5

C:\Users\Admin\AppData\Local\Temp\Eokk.exe

MD5 3ee3bd83cf7cc71b8164a755e9cd2104
SHA1 5766118ea45c8cabfbf41f6b299e2fd9d24bd6bf
SHA256 0a80e1d95b1f19fbc532c7016a107f95f19bce6c925a075b868693f4f506a283
SHA512 3c094698bab8296909fed7f04f5734efcebddc4eaf85ccb54fe816226247ecde7cdfc761cac69809c64a7e2a88c8f211b2893424c3c0c42bc8fa691439c1ae79

C:\Users\Admin\AppData\Local\Temp\KUgU.exe

MD5 f3bcb0d1cadecf0d3f3a37efcd2a5811
SHA1 0223a504bf956c32b4d61724dd7ecf168b58788b
SHA256 920411909020eac3b2c0768f13b259e4e3c3eedf3cb9ac3b56ed4ba8e29e251b
SHA512 177dda9144ddbb56dea1bf27e1bba4089dbdb538117a5af3b66528ec3232b22623e02017c218fcaf7b2ac2b6e6b98407b7608ddd832af56e7cb9e16d30fddf5a

C:\Users\Admin\AppData\Local\Temp\igMA.exe

MD5 5a1a4961532c16eea24a07ecda365a91
SHA1 bcfd686de2cef3a6e055c962b51c8343f83f558b
SHA256 f851467296439eb32b267f767c0157a9094bd8e2dbbd97191fc02a42a1f85bdd
SHA512 57aa5171f62df18c73c121e6e41e177f5489bf60b15bc7d1f9497f38d86c2e62096263a297a013badf075032d3005f38d06d2b8d7a5281c90f786124c1bd3a05

C:\Users\Admin\AppData\Local\Temp\WsIc.exe

MD5 c012d918aef89769ce6b2888d3793ae6
SHA1 f34974cb5212c7b820dd7e6b91ec72a09722f56d
SHA256 c555075fdb70dea11b81c72025ea9e7fb408dc19cdd94f94218ce787e24ca7b5
SHA512 1cab4e2f7d8f3cba180cef54a3da8f24c20f442685972ee5b1801466f4281b4e66a3ae8f1106029d8b508d93f7eda22215a572e5a35a2718c5604b364581e0c4

C:\Users\Admin\AppData\Local\Temp\eUkK.exe

MD5 dc4e830307b0883d81ef410c59b64ba1
SHA1 6f0cd2b0204bf74229676f83733c16aad596f004
SHA256 3667ab52ed258564758bd97a6361fbd246659acb32744204d6651e016b4251fb
SHA512 6007100948b23b0b9ce7cccf407daf9b4e47cc7841ca9e05199acb4551873c6d4801552c98a8f0021c402300c831d430b89d473927a3bf6bff0298a7cc20754d

C:\Users\Admin\AppData\Local\Temp\awIA.exe

MD5 5599ac64caa945da991f3c368ae13db9
SHA1 044c65f014c69b24907b19268b0b9ea9caa16eba
SHA256 7c753cbefff94be55ea58032968756b6995aa435595bb87f9cdc592602450123
SHA512 e8217a5061bb47bb0d08891606ae86af0eb2242c8f16fb4853328c8f9c6049e1e11d8cc34c0f36a1ffae23683cc466591dba85691d130d12910570d9d8c5b025

C:\Users\Admin\AppData\Local\Temp\mgMk.exe

MD5 a33c27bb7d62ec6fabdf2ee6c56bce3f
SHA1 3257fcb8fd7aa1e12ea905d5a59e1bdeb7cd3381
SHA256 dd949feca58b7e148947f7ca7e71a305747cd2c946b311788e4632128e3dd311
SHA512 fb5c7150dd8cb80522836dc76899d0f73e6f469d0b3dcdc761d431d7bdc524c79e371472e7927cda7364844ce9346fafe84aab4b6304010e5874c393084d713e

C:\Users\Admin\AppData\Local\Temp\acwY.exe

MD5 20e308c011f04b7e8e62734634cce33c
SHA1 78951302c14dfc108455bf077047364660147eac
SHA256 9eb537477bd46fe8e6e1aab5ec8a05d93bf25fda293e9bb4e28490219c0af3d0
SHA512 d14b9364bc257fe275c4d1dbbd7c7fdfd2590b4bfdeae3c2a7ff6641b1b61878495e9e7860e15b35c8e625fc6399a9991725a97ddfcf3f54f9428bf83f1ece14

C:\Users\Admin\AppData\Local\Temp\eYIO.exe

MD5 d1d81476473d48f63cd3c837f21263e9
SHA1 7c25a73274dfe5914aff9b15ae2a9083375f1540
SHA256 92bc788a108596e75fc31c0da159754e7b6f900be53e06fc5db3e76b5b4f2247
SHA512 f1cb6b9c5b202d6a61ee815aa772ea69e9819b274460bb86fcc51c06ee9c7111dca3d6eb91743a4b178947a4cf02916978d90ae95243fa758d2907cd5b0fb5ca

C:\Users\Admin\AppData\Local\Temp\mowk.exe

MD5 fe1743f7dcb8e0d5c6238cef69e0b7ae
SHA1 658f82cf1c5e52e8898e7df9694abcedcc209c1e
SHA256 ff6a988451112d457ed8fcb50ed51f60a4c3194ee1287812ac3d7da398a4b8f2
SHA512 021cef78382e459dc260bebfbb76956568e160da13cc30fc742e66907f996bd64c04e7656ba745aaffeef8c4058b40a5afe651291c166cd5a56e6cdd2cae920a

C:\Users\Admin\AppData\Local\Temp\GUQs.exe

MD5 c94ba08004bb8c1050bc6bae35349145
SHA1 257237535f1b7e77656cf9853c89e2f6f286879d
SHA256 f48bdaada67c850df751196f791bdb1a309fb0f1ed02871b503d7dd232a2d53e
SHA512 eaee4d214608ff086c6e603d38fd21f4ce035186e8dc89b57365a5d5334cbd190bef58e40d44225326b4e2913c31dd96f94457594e1e71e6f3d42b602a20841e

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe

MD5 50a81aac1025165b81ce18a36676d965
SHA1 fb3d2220705f7a304afe2fc2110496c9e4c64d7c
SHA256 8fd60839bb4ebe3941c778ce0f7113a6ce6be2310448ec2078330cc384a2f035
SHA512 a914c3accae8f9355b56daea83cadb4da2bedceba11bcd268e496b66c8d4da58b688f8d5788c55bb9a2ebaeae54a0de70e933cf0e9ccbfd664aaaf7ae6c66859

C:\Users\Admin\AppData\Local\Temp\wckQ.exe

MD5 2a69466bcd5cd1a684c0246d4d3deb1c
SHA1 8388b329553945895820191d11ba08f1a06877b5
SHA256 d6de337d878604555a33d3ed6bcd503ddabca5e1329fa98ffa8148ead6921124
SHA512 e21a57e8f59ec9d4851f893203ddfdf752f22b45d026491662290710024e812ba233238982fe14ff8adb179ecd4085630520ab22322d56bbd4821683c41c3ca7

C:\Users\Admin\AppData\Local\Temp\IEQU.exe

MD5 bf9a843a7e3d19844310129be27e2796
SHA1 5b5f9b345407030b74e44f278038146cf70f99ac
SHA256 fbddbbc709c2cfd48338202c84890cc6ca6498ec06f1906c06d1c783bc75ecfc
SHA512 6a160a49caeee87cfb4592fd6e8477a7dfe0951daa940b7f48552c13f21127de6219f1a5550f34763755f79bc49d7b670d4760775797f017c3571a48ffc0db91

C:\Users\Admin\AppData\Local\Temp\SQkc.exe

MD5 5c87e511b44b101e8777d56f05bb03bc
SHA1 2d40fc5cc0d1dfbc0b2ac9bd6dc9dc527ef7fb81
SHA256 164efd1db3efee2490d092a75b9cc19589dd074bfbb53ad24f9fb62c256d6336
SHA512 a834603175a82e99d8ea0e0d6c6f6cfd2e94fad9fdc29600440c55d27276a9f19b09d1ff30f5ff54ebe577877bb6f9fc5b68957a1dd71a5dfc6ecd37cbaf52ce

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe

MD5 6727fab79efec05bd25ea57e427135f5
SHA1 d82c33dafb3210db7888dda322c73ce2f0acd4b4
SHA256 66bd931870c09072bc3d18c40488cfe1f0f022958758bfa7a4801e5ea1b3d4fc
SHA512 105c2c675797a02d36bcfc53bdf1753dded73fcd158fe2d22b97a53df064d4d1459389139a8c2c1209db8b74ee4b98a8268f2a826532db500f778ad3614f7109

C:\Users\Admin\AppData\Local\Temp\MIEi.exe

MD5 c5fea3fa5bfe4fcbfa29093465d965f8
SHA1 f068bf773c6646783ac595f9a8b563b64beea39b
SHA256 d55cd305ca06ef22645a16ee5577cd5114a0741f10dc3ff7a247ceff3637add1
SHA512 106aad21d1fd30a0f186c5a768a90fc61b190a301554ed02748db3c62a09ecced0068ee1544c6ed1240a670049481b710ee7ad76d079bae15b2499a241e199d7

C:\Users\Admin\AppData\Local\Temp\KAAO.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Temp\skIW.exe

MD5 5c92887bf207d8ef45498bdbbf2b52aa
SHA1 f171c9cfa1084859cceaca2025488fe2e96b68fb
SHA256 d9bab0054a59e09710071d91dd1b5860faa7e648d4e80116dd7f82eacf200e63
SHA512 e81b9ca153fd2a3ae876629fc86b995504c48829bd7754d1005ce0caf364d0a2c3742f3e7304333768bfa9a361459f62a84fb818b594fe0e23e1c548e2d49eee

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe

MD5 6948dd1129115a9183cd5e776691e9d2
SHA1 a0732a50526b77ecbb9253945bd9fdfd5cdb3a6f
SHA256 78dc29eb2cf2ffe6bda062107031e440c1a091987d0a61ec4c15082a62954ed5
SHA512 584bb4a188492819f31713ea0060e2a635bbc668d9382a28e9721a41fb9d8bb53f19c4585059db6f735f66c91c9403d55d47ceae18fd8cc52f1a6a5fa0e2b72d

C:\Users\Admin\AppData\Local\Temp\QQQU.exe

MD5 6205589ea25f2202485f387f238d3029
SHA1 47f38dd248308c55a6a6c06e2b9f396b48bc4e0e
SHA256 26e6568aa1ced35cd146bb07680c39d38ccb394e7a29d42829246f2fcc9f4d9d
SHA512 c4191a332e91d599974cb9155468dbb9957dcf29666caa0bc81f6e03c75714598b00e642294f4c9aeb3d95c6fce6cbff7667c9bdad78ceac44e9c42a411f18ed

C:\Users\Admin\AppData\Local\Temp\mUwo.exe

MD5 d40b0010ef730dd7f9793139c875b039
SHA1 772cf1230d3e09b5a8c1f3fcfc881c2e67058200
SHA256 55822bce2b7e901a381fd0141563f5f09dfb7e7a60561f2d4db061217952a572
SHA512 81691286f278e7d8214b27823ab900dd18a6ad141cb040c539fb14981b274cdf55e3f9d34586dfc4d649a2dfeb4700f60a1f91d03cc2a1cd14cf3ff5540ffd94

C:\Users\Admin\AppData\Local\Temp\GMkA.exe

MD5 42dd769444ce13545c71b0be58d7a82d
SHA1 161c62423d369bbcfc9f74d88f0e9b3771391d24
SHA256 0db40994cae9b165df9e116fc027ba73cb64f0c68989295086e15ab332fdfee1
SHA512 7ec23396baaa2a8fc4b90975686bb21fdb73ffe26121ecf26cdb2d3231a00c621ab233a2ae03ee912497ac375ab5c51f480d46e6f7769d8385943401b2487868

C:\Users\Admin\AppData\Local\Temp\ucsS.exe

MD5 bcfc5ec0f0a44967a701e2f8f1e0ca03
SHA1 e56068fe69d10c22437a2e645a5b2635c704b53a
SHA256 d16ab3e5919fcc24a239a65776a46dc2d9d3b5c2e03cf7d04c8ebae922628c6a
SHA512 6d3a9ff2ffd4e5a4e9eb9bdbc124a0ce04b767d39f97939abe0178e1baacfaed043fcc80423355330a8482c5407811e8eb3485918672be0146baa1a0d8499b43

C:\Users\Admin\AppData\Local\Temp\eYUE.exe

MD5 6d195ed0c23a705cec95244c09c5cc55
SHA1 b960739f033de3db57d522ecc65c33b445ccdbcc
SHA256 402239333d564d553e2890d36eebeae2b2e23c8afb39735b16207b8515965e81
SHA512 07948daff0bcd3fe090df75ace2252426c9f4df6a16993b4369203505ed9b3c1c2177726ab2fc5f1c09f7236f9af9a7a8359b9e846828921205dfa409eb0c516

C:\Users\Admin\AppData\Local\Temp\aIYa.exe

MD5 f462fcc6fcc8852bf957b612bbfbde64
SHA1 9fe923062a1178f4d154db55e5304576a0f8529d
SHA256 9e4c4eda0abd8d480710f9962b49304fd91cba6e85fafd0785aaa1ebd625173f
SHA512 da0b821692cde37a50367c74c1732dd2ec5f2e96f9900c2a19d70faff436438013badae5e109130d8658d017d602bc640977e14e9dbe436a9933aadef8c71ca6

C:\Users\Admin\AppData\Local\Temp\aUck.exe

MD5 2a1402b28671472d3bb0854e4fd403a8
SHA1 f26884b9b327c75df476f010839ea5975a07f749
SHA256 c59a57980dcc83ee13df4a02adbc1a6f236ccf761c5380940c60da14c46fa47b
SHA512 e37490b15498b4173be3761096b649329b1abca2d90ff39470ead70c54956934a6c9249b99b3799bd041f2355b5b6de2c7c2902baee50a7067d804208086883d

C:\Users\Admin\AppData\Local\Temp\QIoK.exe

MD5 ffd539fe455bf290debe16c6eada8a97
SHA1 8f4fb804710bfc2cda9910111110b64f7dfb50c8
SHA256 fb2ed1ec420767b148e791830f5fb12bd1ca70049299f6fd32c70c622fc4bfd8
SHA512 2eb60fc251795b3da39e6a01af325818f2329421b5ff1c9547cba146690cd1adc2a557321514759999e4d65c29fd7ee306e78b09c1ad628fc7d397e66ddc1b54

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe

MD5 7a29162f644cf43ae9b41e5843eab5e2
SHA1 ec93c76cd85728c091d44dfcdc30f3998c4e64f0
SHA256 70aba0c480b87903d4e45cd6c879bd8fe36f2e9a7d4791d71112c94ff75f8952
SHA512 49e4efb8ce7c2fa0f2c963087c5c609982f60b9ed228710d589da0080dcf7c793e6c84621dd5af67abbc147f18b717d910bca123da27015c255d8db8f6eedf42

C:\Users\Admin\AppData\Local\Temp\oski.exe

MD5 8ba847c670eaf1d749ac068998abd5ae
SHA1 c7d59677825f0cb988774a834a5028be16a24f13
SHA256 c489161cac5431b99f164c2149b8ff59fb7295e3043774d8f8403bde1a9a886a
SHA512 0e829a4b95e849c097d29fb4f06dd005c76b3dcb972119d26cc5517966a65f8c360ff78339b4c3a181e7a538fb3186e6bf28b4fd59e23d00c83e611731c25d29

C:\Users\Admin\AppData\Local\Temp\oUwC.exe

MD5 64d89be0aafc6d7305cc41004b698ad1
SHA1 fc08578eeddb57a187b6f43833cee72976654cd1
SHA256 1323575852e6f1b6fffe9e009ceeb286c078c737970d259c6b7d07336a3bfc6e
SHA512 fd78c5197007dc992616740e2894d2c8b01b8ec09253c5c7642621d3450f1530139ec06a5ed5446436099b9e42cf186575c355f4a0d10613d470406ab56f4606

C:\Users\Admin\AppData\Local\Temp\QkUk.exe

MD5 41195333ef26afc4a939a1a49814f637
SHA1 8cbd24f96d20a2f6cc42274a2dc39faa48f400ad
SHA256 7e5447c35b0c222f404b3ba32db1f0d68aaee77d1c6cb5eda6cae485f0c1dd14
SHA512 3967344dfeed7a0ae3f40e41c7cc85726e59d09caf904074dfeee2502bc7b85ae4bb0350d391c9252603a5d608a6f824d120b593e842c37ca99dc2c49b3f01f9

C:\Users\Admin\AppData\Local\Temp\ssIa.exe

MD5 771e497c9d38101ea653da4d0d16d9c3
SHA1 293c16ad3cdcac9c7a360d9b4c9b7e28fc41562c
SHA256 fd54a0db4d276cc522c94563e715f207cf4259d060849fab4aecfab85ffe54dd
SHA512 ef4954d2ae34f19f87bde8700c5d3a3689881478e0136019918a7c49696c1d3860ec1d9e292bd4be7fd842e8c2a24e9ad2044795f56c71c53f1740b4346e3535

C:\Users\Admin\AppData\Local\Temp\WIgW.exe

MD5 806c37be098479c90a5a14f4cff5a30b
SHA1 5f08c0deca04a1bdf46e27e16f80cc3743b735ec
SHA256 4d273ee3fc1bfc4b51e780add5c72334da7803fe4f41273bb2b7d74ce81c8e82
SHA512 7591f543d7672059fec957d931ec7bb3931d24f4918ab96ab6b389be3ceefd6fdbea3cc8a8f05c03b18c8847d4539a4a41ee7fee3aeb8ed7ef445471c600b799

C:\Users\Admin\AppData\Local\Temp\GsMq.exe

MD5 4252b8e6868dd7106bf6f8157249044d
SHA1 62eed7f1eec514387aba2500ea567be2eddfab2a
SHA256 6f606e1e927b0b535d8910dcafec7b2e288b9a6b097d3b9df99c8533db3c7d26
SHA512 431cd1764768f5cc6ebcb9876483d67d1a25e451c4de5b7e484636791db1292999c99ea7fd4dba0f982b0a74d5ffdc3f22fd820db0751db479d9edf0f27610e5

C:\Users\Admin\AppData\Local\Temp\SQQE.exe

MD5 01db6e8c168e35f68ee99e85b8a0cb68
SHA1 15e8f6b2a38dc4a431d70eb6e70d6949500209c5
SHA256 0d5f0016cff92485f077607db0a0340a593c62e9f2d672e57d2f47fc9a4e3037
SHA512 0011160d73fb9ea9fbe5e87a6b9006888fde7cd1eb9ef3b1b129c3b119fff62a47ef218789be2042f9691050fa8f2931535417d1420392e434b1c59607d210dc

C:\Users\Admin\AppData\Local\Temp\koYe.exe

MD5 5315be22a8911a4fdac8410cf018d688
SHA1 20296cf746b585c2328e48a966c9f112aa9f46c6
SHA256 a8fd84e730d67bd43be5fb6e5d1840adb504cf29e7eb41ac66cca7d0c017ffd5
SHA512 288ac64704e4b37546ea5ff995fc7435fd6a7565837c2be028d394127302d66c3fa25c3a9a98192782576c74c562e44bdf8c70fedab717df92cb64e706e422a7

C:\Users\Admin\AppData\Local\Temp\qMck.exe

MD5 b37e8962c8d49b9d51daaf2f750ff018
SHA1 c90d1eb145a4f77d853b31acb16d3372094e85ff
SHA256 6079617f308f2455ba2edaa8c34655cc5fec1b690857105fa31b9e33e0e2ad05
SHA512 7a58cc79cfa23813b214916e5132bf62446969ab4307812b8733e62e44430ccf83765e0d422d6f71891ccb8ce6e0d08117f5b66efe162a46e6ecbbfb4123cc79

C:\Users\Admin\AppData\Local\Temp\SoQc.exe

MD5 f654321ec9dd7bc6897818b72c83ccb2
SHA1 dbf823cc0bf95a94bb33a91e60bb801c7af43398
SHA256 7b1d2c9d68f9617325289cb687f6187788b39747eac6c4c13b1a82172ed2001d
SHA512 671c3d87a2567cebccaa182a14bb6100f3b8f898614db944dc707ac1475675bd122f0d1772703654706c8e6721cdb141130f1e64e9d9e387a76b3dac4ec609a7

C:\Users\Admin\AppData\Local\Temp\aAow.exe

MD5 0e1228342a4d6edd2ca479ca43d4d6da
SHA1 282817bfcc713f784e94938095d544466a32d7e6
SHA256 21f747f3048878498609905ed300bd2256d4959f7713823d052c7aca432361e4
SHA512 d0781b596f79e98ec218331d699492bfeea7094d068541af67c8596ad1422121d7501c2d75a8d4b9df14cf41d6fd906d653a31a52228261ec19b89ddbb1657a9

C:\Users\Admin\AppData\Local\Temp\uMQM.exe

MD5 ef10ad6a3cf911d0a360e1210d1dac0a
SHA1 102839530924b39cfa837d84bad42626a08cc5db
SHA256 99e06ed9ecd47ce9344a8241e2477dbe310e70efcdf320df3eb1ef435a3bc9aa
SHA512 81423e950bf47527164831f660a7153f22ad90f4cf667e1f61033f8cf5dd8e92e79afd622143785cc51ced58dc7f1f301629aa0d3a520e4d1199cae0753ae22a

C:\Users\Admin\AppData\Local\Temp\wkAO.exe

MD5 1152bb5263eb9dcbe71e68cc287bb9b9
SHA1 906e9c69f4fcaab7350ec938766fd6bf7e2db940
SHA256 981b62f9ee6fbfa724938ee0b4d959a49c57fb1cafe96fea165d57b085c03671
SHA512 3aa0597ba3eae60a16d2e868c574c486277577f485ea16b36d8b26715cd09b2e3df2f8b0c3c5ed13db5d854b36300ba340bd583e035993d177a0b2c72cfaef4f

C:\Users\Admin\AppData\Local\Temp\yUIC.exe

MD5 2c5b958e6de0157d6d71a63c42d6201d
SHA1 42ffea8278fc8de9a9bf940653287a7a434d79c4
SHA256 0de9ba23951ad7c8a3176546b22da3c0bc6b4a1fa621a29dedabadf19bc3a2e8
SHA512 be3815c5b37db0361eee3dfbd785c262a5a90b4770169b24f1b7c5240c6c9f23617b93fd176e8d63ba32a1f2042cec9750a6cf2dfb612341d259c5cdc4f6cd52

C:\Users\Admin\AppData\Local\Temp\OMQy.exe

MD5 0302417169c12191f2b76b7f9317f222
SHA1 9839f96c796a9fe802398f3118c66f4ec06af554
SHA256 560f176ae308e02b3e7df3daffba6f852b90a59c34d8881890be02e8f76be005
SHA512 204f0056af56ec075a5f6c839ba49211c3e8d71c422f2b0cb4953e54af6d4f0ce709091526849173463726e83f99aff447d4f8bbbd66ef178ed847083f400655

C:\Users\Admin\AppData\Local\Temp\oIMi.exe

MD5 13af05122e76027639d975699b5072d4
SHA1 564c6ac19d55c3b3aeeff69cf32f38edabc88842
SHA256 336bc557aaa76f9456935c5da417925c4c1b73f0f92a64bdff7627eeedf66110
SHA512 ddf9720e484d833415ccca33db146c7abc255c4f02ae8b3c3563a5fff2414a87a779785b5b75e65297351e5d6b30c57f4fb38d03eed2aaceca18a6a6d6aeb624

C:\Users\Admin\AppData\Local\Temp\eAQi.exe

MD5 372784a446828a4a4b825fa23394081c
SHA1 8e115db75b320870caf9fe69d6c66c2df7be900f
SHA256 c1649af10970302f95efa83e35534bf6e49c4dd62c84b39daad6c2a3c00c1796
SHA512 b1c74b25dc9ff62c64c251a3bf93ff8ebe024740136974fe72c23474c2109c5880ab8b811043e98fa92ceb952d017e095e8f55aef531f5a775b9a2be1cf848ee

C:\Users\Admin\AppData\Local\Temp\WkYk.exe

MD5 a24dd329f726cc6b3dbe5131975ccda4
SHA1 d1bc24844fcd7617ea9fd7375f2f04fb67e7a4ac
SHA256 c1526df70f322d67fc140b2cc68fde282f342e144b36b8f3287bb17dd97dc2c5
SHA512 89132d2f17bd50006df36579432e9381194ce69d534889eec800acd568200049d0b7adca2964cb6a402e3bce414916287acedb5bd51d4ae0bee501ed0c71188d

C:\Users\Admin\AppData\Local\Temp\YwQG.exe

MD5 9cac14ec6bc333b89540ba7c5386f261
SHA1 2a659d50e708cb1de60ad01c96b638fbef499daa
SHA256 1da07ce5f3260e87ff691954d09c13d75e47353d31ad4c91dbaf68831969f3f4
SHA512 07e151d2ee7d1edcb783b48a6230c75016803cf434308f61a618297eb279f731c29b202bdbce5d3cc267cfd56e3a1aea4add89dfc24dc92f9f4ab660d3456e4b

C:\Users\Admin\AppData\Local\Temp\mYoW.exe

MD5 f3a8ab7d9ebba444965df11354bd07f7
SHA1 f3cc22cb1873d0da47e08b24fd2fa20e4089b25f
SHA256 c50f80df6a75152c0d762db2901f9e161c8d5923632ead0e6b18f083258e4a68
SHA512 50df1f0cd2ec54a5b1e016c5294ac045b10a92fea122c1899a9ee64e5486831db71a565c9beaf30deff7c1f9b80094bfa0506792cc167046c34c9d1e4415c613

C:\Users\Admin\AppData\Local\Temp\eMQA.exe

MD5 900a633d5deb85fdea66ae3ae588d70a
SHA1 aa3e1079e3df569bc707209aa4c15a424f0c4403
SHA256 527ee0f4169382a12191fcbcce1783cc19adf266566c4a193395d216b9a88f8d
SHA512 c1d5d470131f77f904937cf7265adb2b201821a95e7b25171d015095cdd925c5d85f1882b76ed6ce7d6edb663e659ab4c92f3b9c26b3194527e413fa62ab6641

C:\Users\Admin\AppData\Local\Temp\soEI.ico

MD5 ace522945d3d0ff3b6d96abef56e1427
SHA1 d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256 daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA512 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e

C:\Users\Admin\Pictures\My Wallpaper.jpg.exe

MD5 90b6e49416b9fe17330ad79239710068
SHA1 6b042757ea777c041aa418429998f1d94fecf592
SHA256 7f4ff0d863bf16119f441eebbaaa228f3850f86e39cedb149e9958635baaf41c
SHA512 63dec135d23bd20ecb0787ab528ee849f98653ec72bad04497f5ead56fd06f3e676ea26ca983ba8d2e2abf56a2bd97eeca06bbfb7ec7f8f5b0af9235533dfebd

C:\Users\Admin\AppData\Local\Temp\qgUg.exe

MD5 3fa025bea04f2cefe1fc66ee6868dbb7
SHA1 1c6eb1362ee77fbccefc020eb8a200f32a6a8083
SHA256 649027414bbdd6e9be41e5720d75fa4d2d9473cec4455d24809909b8b66cdcfe
SHA512 df0da80b16e636581c9296981bd57eb2c6ae28473b79ef3af7b6fd86e512f2c56784e6cd6ba2363821b781cfae8f15d2f39a49b3191bf5924cd66b2c4f8d7f4b

C:\Users\Admin\AppData\Local\Temp\MAYK.exe

MD5 919dd1bd728f9f7a334b46b954873684
SHA1 cc460cec4d03c59744b4bf44108e75565b4f843c
SHA256 04e78328ae58be2a75d817604d0a6130da55a3f4e528ed10ef3a9556bfcf4299
SHA512 c617c53d803bca4ebdbfe34ccb5382264f8d84c502e6ac1d9e2ee065b22118546fd95bdb66ce0fdc5c2ec3c44eb8e5e8fc150c8ff7fc668535ef0f1ceafffa31

C:\Users\Admin\Pictures\TestExit.png.exe

MD5 5c24a6caf007cbd96b591ce759fba8af
SHA1 fe96537fc00b8b4183cbef8d950fd5a8bcbd9275
SHA256 944c62cecf4ade4e2bd0936767eabb95a552fc40ac27a115c992972e3e2c6bb5
SHA512 a47a61c817e4fa54592914cbac0039f84174cf19314e7d886d49fd9188a270ec5edc4ce8b263e82835f3b6c1ca2be48490fda64abdd042a08a4233d40172bc5e

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 45655dcf31d1229891ec1273549800e5
SHA1 06310513f73c9572e4ab1a90f3c8817541ab101b
SHA256 2cba5ac8aa5a212b551872c4efb1ecd54e81725736e64743b9bbfeaf83105f81
SHA512 8975de3069e9ab7256c22d24d766d83290dfaaaa084c9fbd62735b68d896994aa1b659e465d38ae78b779adb34b41922d15d9e63d50f329df604e6328979da2c

C:\Users\Admin\AppData\Local\Temp\YIYO.exe

MD5 dc7abfcdb93cc527be2b8cd9493d5e81
SHA1 a14018360b8c445cd8f0623b64e8af5381862e6c
SHA256 5fc6bf13cbf5788927157a931e766c8bc7d05f4cc72e9b284eaf1141c974ae69
SHA512 079e43179acfa2e919993ee6ac04b2966e4f7a8429ce0df49ff5dd2f3778ba99eac4fdeca20aafbf96f73a5d0b6a76367dff9f98b7dc945f6caa1f2fc30cbcde

C:\Users\Admin\AppData\Local\Temp\gkUA.exe

MD5 1c0500e213363ab54c0ad0fad9007863
SHA1 1104b02985c2dd32c8fea56bfbf99c9dd6b17180
SHA256 875a1981445c05e2a9854496c742d19b878d21f9e7823d353ff09dc895f3eafd
SHA512 464ee45dc07b8b9700ac2da23968f0d8999f414fb644feae936f42f7ed163f6164aaae4566bc077bdf77a37a37fa5709c56f798ad4a5843b3aab2fad7aaed754

C:\Users\Admin\AppData\Local\Temp\qUAQ.exe

MD5 a615711770fd5844f457f1ae005c10a8
SHA1 c7c98d4d5abcb2e556bfca2a98b577749a54e5b3
SHA256 be0fb4a268bdc801802b65253a464ee3d4bea8dd477ca07752c058cc51207152
SHA512 8c9d46f8730c412cf4d8e51ca940981edce500410f86586d47e65967b78bce4811019f9881d327a1e8be80b89e5ead06eaa1c7e4514aecd6cb251383485315b1

C:\Users\Admin\AppData\Local\Temp\ocEc.exe

MD5 c47f4884de3bc8b27a3aa86b5689b654
SHA1 4bf354f9c14b430c8b770ca06bf481cf64117a82
SHA256 2c7ec31c56acf20e74bbd7b689799f3895643ee2f98ed8d602a9fb5ce9404a7f
SHA512 a1d7648a82d9c7147e92350c2f87c65e2af3f9ea475c929c83814ae5640ed3d1f39bc00fc92f1f25dd0df8c28821c119868751389b68915d98ab2971e8bebdc8

C:\Users\Admin\AppData\Local\Temp\yIwQ.exe

MD5 8da30c6086d11e12e089da821829cb33
SHA1 2b28e01284d8472407758f00e7c98d2d5dbfad3d
SHA256 8a335c30202e9b2b6258a2693741415aac71879a90e28ce340be5ce4261b1d0d
SHA512 e6616339c2edee8b3c46c6f088499cc690d0f21426865a1f319b0a3effb7a2dc3d5669b1e4c6a05f25d261e33ebe865fbc7589d4cae5d539f5e6ea22df23fef6

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:08

Reported

2024-10-16 08:11

Platform

win7-20240903-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (55) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\pscoooMA\IogUEowQ.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\IogUEowQ.exe = "C:\\Users\\Admin\\pscoooMA\\IogUEowQ.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DEYcYAQs.exe = "C:\\ProgramData\\HUYYcsok\\DEYcYAQs.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\IogUEowQ.exe = "C:\\Users\\Admin\\pscoooMA\\IogUEowQ.exe" C:\Users\Admin\pscoooMA\IogUEowQ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DEYcYAQs.exe = "C:\\ProgramData\\HUYYcsok\\DEYcYAQs.exe" C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A
N/A N/A C:\ProgramData\HUYYcsok\DEYcYAQs.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1688 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\pscoooMA\IogUEowQ.exe
PID 1688 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\pscoooMA\IogUEowQ.exe
PID 1688 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\pscoooMA\IogUEowQ.exe
PID 1688 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\pscoooMA\IogUEowQ.exe
PID 1688 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\HUYYcsok\DEYcYAQs.exe
PID 1688 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\HUYYcsok\DEYcYAQs.exe
PID 1688 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\HUYYcsok\DEYcYAQs.exe
PID 1688 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\HUYYcsok\DEYcYAQs.exe
PID 1688 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1688 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1688 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1688 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2764 wrote to memory of 2704 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2764 wrote to memory of 2704 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2764 wrote to memory of 2704 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2764 wrote to memory of 2704 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1688 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1688 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1688 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1688 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1688 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2520 wrote to memory of 2496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2520 wrote to memory of 2496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2520 wrote to memory of 2496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2520 wrote to memory of 2496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2704 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1244 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1244 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1244 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1244 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2704 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2704 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2704 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2824 wrote to memory of 1980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2824 wrote to memory of 1980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2824 wrote to memory of 1980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2824 wrote to memory of 1980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

C:\Users\Admin\pscoooMA\IogUEowQ.exe

"C:\Users\Admin\pscoooMA\IogUEowQ.exe"

C:\ProgramData\HUYYcsok\DEYcYAQs.exe

"C:\ProgramData\HUYYcsok\DEYcYAQs.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xuAIQIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tIogMUYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TqIQIosg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZAsswQgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOQwMkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGkQsoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMYcocIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCwsUYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkgcYcEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwMQkYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsksQMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGcUAssY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TMkQIYIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoUYMMQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOQAgkIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CKwAsQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CygkoEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkAIkYsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYEgMgog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XKEUUcUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYkIocAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zWIcYcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKIAcMoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wSIMAggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCQQMYkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkcYcEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qioIAMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmIgUAAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TUgIEkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQwIowog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BIEEUQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqcsYEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WGAgoIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Ycgscckk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMUIEIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AYsEMgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DwcgQkoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VEwYIUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\daswscws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWsMEYIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCEscMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mUwAcgko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iqUMYYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUwwgUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NAskgIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEAYgUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyYkIwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JIwQwUAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VKwcocsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MIMYokMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WmEIEQgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyUkoQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWEkMkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\roMcMQsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEIIYsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xaIIIwoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bkIcgoMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcoMgUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\amYUkIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgQwEAss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCgIIIUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cswMAggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCMYQYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VeYYEgAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQMwowIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lSkkswUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VucIUMIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UosQscMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MQggwQoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yWUookIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwAcoMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VsgwkQkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqUgQMsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyMwYAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dQoYsIgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAgEwggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UoAQocwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aWckcEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QcIoskAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcMcwYYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lcgwgggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nEEwAsMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\paAIwQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\noIAIwcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oowwsQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gEskgQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkoQsUIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oSQEMYMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NGYUEIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JAwEEUUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BoogoskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\usAUsEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKkEgAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGkAMsIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAsgcgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sMIgMQsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DuAMccks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWAIsMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jeoQIYYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\heooEIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iSQwoIYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywgMAQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mEEEowEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NyEMgwUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bkQcIowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zkIsEAoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYUAQkMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aMQooYEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wYoQIwIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCIYcMEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AycEMAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lAsoYMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LygAUsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgogosEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqgIMMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pEMUswcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oyAMsggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGIYcYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ksIYMwUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AcUcQkUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\niUgQAQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQUsQMUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VAwoIIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:80 google.com tcp
GB 172.217.169.14:80 google.com tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/1688-0-0x0000000000400000-0x0000000000433000-memory.dmp

\Users\Admin\pscoooMA\IogUEowQ.exe

MD5 a6ecb76e44b9095db829df6f1de92acb
SHA1 8b2163865c0500b12ac26937c913309d358f78ae
SHA256 62b6e21931dacf3b5f7426c63a5064d9af39ff159174adb8a6b884e41b43617b
SHA512 b8e0ef931b9cd8d04970d93563deea7b364f912dc7da25be7e1007f79e98742be6d3f3f1d843b02079f7637253dd8722c305659e21ef346b4d52b5efed07cfcf

memory/1688-4-0x0000000000460000-0x0000000000492000-memory.dmp

memory/2400-13-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1732-22-0x0000000000400000-0x000000000042F000-memory.dmp

C:\ProgramData\HUYYcsok\DEYcYAQs.exe

MD5 f450a29720f0afacefa4d20dc47b95aa
SHA1 0f9b15cd2d567f0ef76f06169d2d138400dd1239
SHA256 7bb0b2e7288137de3948d1569638e1d0634690530347dbb5cb8e9a9631925ca5
SHA512 94ca6e9cd7cb3ac65ed98db0c641b34fbdff36db5e916e1d6e09eb4c570dd5d95cbe03fcdc5f304e40182a4f4525d571af49e5bb43ad3e5ae9f956ca680e7522

memory/1688-20-0x0000000000460000-0x000000000048F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZmgscoEo.bat

MD5 33ddba189b8fdd62eb3935585e6fb2a7
SHA1 2d5c83bdd4c9f1102d7fcffce4c8d11369c384dd
SHA256 758ef19ce5ddc8deb3ca48e24614597d48503ebeae132800c8a91e63df9fecfb
SHA512 d113cad0ca5f86d758d7af10c61749bb7d6ec3869eea654396b79f2cd468b730de4dbfe57fa75b5fd812633dd080a71ae7d21c7bd1f1ecda5b925e4c3373fbac

memory/2704-33-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2764-32-0x0000000000260000-0x0000000000293000-memory.dmp

memory/2764-31-0x0000000000260000-0x0000000000293000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xuAIQIIY.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/1688-42-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

MD5 38523dacb7a20f049d5de61fc1cf87d5
SHA1 310f1c826385f858572a6c747688d897b851024e
SHA256 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191
SHA512 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1

C:\Users\Admin\AppData\Local\Temp\dKkUcsIo.bat

MD5 58766aa2566fb1ef2a134f11563d145a
SHA1 93c9d71dc5c52e50e764592e7a6aadd24a39e2ae
SHA256 a697c7f6c3c5779f79adec0fecfe88d384f51200f47d27709f0344c06a6ec1fb
SHA512 d66259ba037ad338a20e6a3db4ef4c6af68b0f1ba38e4c3e0593898b521d464a0522d6ff40ef8b5463f50108cea331dfcafda6642437894e5f0b87aafc170666

memory/1244-58-0x00000000005C0000-0x00000000005F3000-memory.dmp

memory/1052-59-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1244-57-0x00000000005C0000-0x00000000005F3000-memory.dmp

memory/2704-68-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lqMMgAcM.bat

MD5 fd91498140a07411fea58c000ce23ee6
SHA1 c9b87dccbcbb332780e4b8eaa7683f619b54a082
SHA256 7eceda9e4f9ae70e5597b363522d9cd8522b8fd27aff1c636a7cc97460743efb
SHA512 e6bcce0e14f69de83d67efb94e6d5f1ff9d9b30082c740092f30b47c32876422c16ce5586065e3b2d41cb738c87dd25214902f4961bd9228b6d21685adb24511

memory/860-81-0x0000000000180000-0x00000000001B3000-memory.dmp

memory/1052-90-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JeIowkQM.bat

MD5 5315b569079582a775121c6aab4cf56d
SHA1 c0c472dd0eb92bd9bbdee9e54e84ab762817c9bb
SHA256 7975f874e3c06e302b82ea05553efb9c68d79f0cbe24a402691bfee90abd56ac
SHA512 d759b6fa384d4c0e1a19ad5072ccf9b53ec80fb713db68afe0b8468c185f8829d4789b73b74384cc683e9e7e0fd17a694be1e3cb325ed22b27bc7e9c025df17a

memory/1800-105-0x0000000000400000-0x0000000000433000-memory.dmp

memory/760-104-0x0000000000260000-0x0000000000293000-memory.dmp

memory/760-103-0x0000000000260000-0x0000000000293000-memory.dmp

memory/1968-114-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MccMokss.bat

MD5 307201c28268a53808fcad2f5f615c29
SHA1 2ad32b9fb0b3766822b256582e9cd66af9386ba9
SHA256 772d7c7ee1d43b7ad0d2e2162fcbd730451a79afb845f3675bbde0051b04c1ff
SHA512 3c0f20062d75ccf0fb79a831d0d5cfd8b204a79b466e8f2de29478d98cf8c047f32493b7e777709151a7b7bac5e0001b9121b54e7f32623650e8e61a627a8267

memory/984-127-0x0000000000160000-0x0000000000193000-memory.dmp

memory/2192-128-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1800-137-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\woAUEcUU.bat

MD5 c446d29890c9a097208db5d3e3bc9688
SHA1 bd2aa12d80df38f2d63bbad68d6ea1eddbdd2c9d
SHA256 c30d834aa64a586252b3646c9c02b36df84ddffd2a11e5c27fbb33e5e10e52a0
SHA512 a5ec304decb35f4ee292e461f582a288ed95bee93287ad5d359644a4a6836c376e528a0011bddf4cc3057e0179ec8e9a590fd4d77e0684e185a36281247173d9

memory/336-150-0x0000000000200000-0x0000000000233000-memory.dmp

memory/2060-151-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2192-161-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GgIcgoMA.bat

MD5 424d18645bb46672991443694a20ac2c
SHA1 f886b9766a51385721b9ac50d8b7ce7817ea7a25
SHA256 ec1861b186d0b5647d2d7beade8a11abc89aedbc938d2a168b5dbcd875f06afd
SHA512 0a12088ee5f3b35df3075610e47d3b128ae7f079248a8b462806482e9802857c12ba8666416642ac873dcb59eb8f118b741f7b5adbdef81475db86013cc55cd7

memory/2628-176-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2652-175-0x0000000000260000-0x0000000000293000-memory.dmp

memory/2060-185-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WqQwEUEs.bat

MD5 ba0efbaa35fef154a511197be4ca1d34
SHA1 b68b358fd150516106d0c67ae9209b5beb51fb90
SHA256 10eaa99da2b97801d4586d2a5b2f40e8b8bf342400c09c2017f4326f1cd76bf0
SHA512 37ba1670ac014d7e971ef15bc0cb2e217b11c881c30d5b277359f7e5b012871030b2dec9ce1f1d0976f590f956de4135ca59665fc728503b0e5758d6eb0b71e8

memory/2724-199-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2816-198-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2628-208-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\moMoooYI.bat

MD5 9a8ced22db7aa402e7cb78f69a6f35ae
SHA1 350a008f92b6c20e1e1d2eb2b5453881d02d83a0
SHA256 74bb1c5b3f80930f7c0a5e08fbdadd937e1030ea640eceec8ea120b0fa24e20e
SHA512 c1969f9013a32d42a023cb3c9029d0e2a4cd8643b300f7d7b9d15b892d42ec930fcc138a1d0aece6d31edec87b24eff9182bbfe0b662fef842e7953c9981e7e1

memory/2360-222-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1316-221-0x0000000000120000-0x0000000000153000-memory.dmp

memory/2724-231-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Hckswwkw.bat

MD5 afc0c26d519de5438accf5c1c88ad42a
SHA1 bcb5d34f511358e76ff2b5e054744a90c197699d
SHA256 5e88b7bb9f032b1d99ba810d1260e2607f5cc1afa91de7b78b1553fe32ec3ab9
SHA512 4a55624715492aa026cebb407dec45b794d705f0e6010dbbaf0d44f8a2164f98c9d81e5496c94c902730c9d451447ec0c5e4184c5d86c8b83a112483f554ba52

memory/1512-244-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2360-253-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vkEEsIMc.bat

MD5 ec219cfa29b1e26895b608d45b06fa9c
SHA1 0e60a4b80dc802ae31c57a49e93e217295914871
SHA256 9103bc6d462678c036299a5d128d4810f32b30700c15a588d06a0dd6e72bfea4
SHA512 6555cfcc932bd43f99d13fd7f57eebadfc5a09fde9e1a0193d876fbdecd0b56fd83c3f7871c34c6989b95b37f153e096d12889c0b30aa8899239dd7af15b0ca4

memory/1512-276-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vYUEYkIA.bat

MD5 50df76bd9a9107db99703f8e28c8d6a0
SHA1 e75571f517bc20fbc0f769d67be3291f192b367b
SHA256 1bc96c0e4b2d81bc926f0306748db0f27487ecb7f30f018188a3376ad1a01d2c
SHA512 fed6c4736baf244b891e122133af35a940f77a24f8221eb690805553dee5eec96c870662cf7041b590c5d61c83365bcd1910467936e0b2030014e0d46e3b540b

memory/2168-290-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2676-289-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1148-299-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JuAoUAUw.bat

MD5 6bf52ba88b0eb9167030006de69b6f23
SHA1 8ddd2906cfc31673f9f273dbec56d823dce370f2
SHA256 8589f146091032cacb7ea8fb968c842880619d83a0f7cff44d370abe1b714a52
SHA512 0cfe4e00dcc6376cda0c9e509296686050511ed165b713a8be38bbcd37de8e7b2ea8d79f749e7716a88028f547b544bceb9d1e83ec8a9ffad3d021dc87f6eab7

memory/3016-312-0x0000000000410000-0x0000000000443000-memory.dmp

memory/336-314-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2168-322-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZOswgcYc.bat

MD5 5c247f8296d0a8b6e5f2102d5b360d5b
SHA1 e1b76da1149954d978d2ecaa8af8965fff002d8e
SHA256 85b18c346efb7ba892ccea35a3a00776353014ad66e466dd7e103e26f455d385
SHA512 aae827cf7313e66368c210ca19089f7cbf066068976684f9c5d84c051a30b77d7752a07c313904c15be79a91bd6521a0798178c4f597bb7deece38431a900437

memory/1280-337-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2660-336-0x0000000000130000-0x0000000000163000-memory.dmp

memory/2660-335-0x0000000000130000-0x0000000000163000-memory.dmp

memory/336-346-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eWUAccIk.bat

MD5 8090f16984565c858a543d8d6a1c51c1
SHA1 d9e2d43623e086efe25e82f4234d2595289f15a8
SHA256 8b7930db65fc73644a80d57747ee4aa7ff92cb4a6b66cacf7476234a9a88ea07
SHA512 d670eb77e794854e15f065d4bc2bde44d54f3f56d69ca5d7329af414992d1fe5634c56015ed58fa7543ee33fd04ee7d877fb868252aca9e4b2091c77416eb7f5

memory/2844-359-0x0000000000260000-0x0000000000293000-memory.dmp

memory/1280-369-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AwkgIQcw.bat

MD5 96ff56c17877466e8fc7cde330d9c9fd
SHA1 3e7fd9071c764334b9c204ebfa215ce4db075826
SHA256 ee341497539445447911565015aac785fa7268dcd63abe5af1c857749fde92f8
SHA512 3e1e524bb938a3166c3343bb00eba70e50b9028c8e362eafabd4767bed2232aab8c9a1bfa0249dca7665489413614f0027f68b35adff8fd2547047f516bd3c98

memory/1136-383-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2144-392-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CqYYUgcU.bat

MD5 7ebae49fed8d7549c11855ec2dca1e14
SHA1 8e3903a0315d03c019511ac030b08142395d55e1
SHA256 efda2bcfb1736533f0284194aa4e9e5fee6babfc3c088be4c01bbbff293414b0
SHA512 44b41aadc9435c2532edf0c5bd70578267a5f30b2b5f420dd16b0d3d9c012db9f2bf64741739001b8ab7354b040b849362e728b53396056bdd83fe90d5ff9b00

memory/1512-405-0x0000000000260000-0x0000000000293000-memory.dmp

memory/1136-414-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IYUEkMcY.bat

MD5 db78ef1fead15545356f232778b82b1b
SHA1 d05edd76a829419597e9e5a52f6c6476d7efe076
SHA256 82f9bb52f365f38ac5e0a5abacf891b220771672d9bb04e869088999ba4e15a9
SHA512 72f36edaffd8311e91d7b2328e4adea120a0654c1035702fc58c9aae339e8f614453bd2185eb10cfde74cd8116c78f542e68f7808c3a5ef0cc4505094c6b6ed9

memory/1120-427-0x0000000000270000-0x00000000002A3000-memory.dmp

memory/2284-436-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FqgIkIMI.bat

MD5 4a2d36e0570e1ecb90b3cc9e082fdc10
SHA1 b46136de1a68cc78ecb4db50ba0e73075f391052
SHA256 47440259dbbd24b09948a98402ab518d6fb98b0c3a1ad5487944e818482f93d5
SHA512 999d98d93b6a42203b4414a605e82f06a578103466d38f44abbb0ffa37a14504b4e66a89804dc148bf25f7cced5908b20fc8660998df3b90296dd316df340471

memory/2356-451-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2540-450-0x00000000000F0000-0x0000000000123000-memory.dmp

memory/2540-449-0x00000000000F0000-0x0000000000123000-memory.dmp

memory/3044-460-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jSMYIokg.bat

MD5 8982a3e11c84eca6adb420b195c3e671
SHA1 12e49132314e9c707e3956b198334b116218e80a
SHA256 dd311dee394563ecddd144a54ff5aff20aaed30dae0673e457234398e1a75fde
SHA512 a941c7bb91287b53eeead3b6360ce22c8e321bb670dbd0e87f223346cb33b653f42bd227ee9e744192ff4e3219c12e41e38eeee4c7b4a976844ed1cb91556834

memory/1496-475-0x0000000000120000-0x0000000000153000-memory.dmp

memory/3008-476-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2356-485-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TuAAYkwk.bat

MD5 a1c468190bd1b794958f88955f5bc373
SHA1 d04011f3dc6ea7909392ebb1d3c2b22d2242b0cb
SHA256 9684cd898c335224708243b61c82f55ed9544500e7069bdad22c3924549f9746
SHA512 04620b773343c8754709ce3df818fe6421a64aaf22997f3883b4d9213c04c27e35abd726f07ebddc0b84e0f33b4040addcf68869283e1745abceabc04f290f81

memory/2868-497-0x0000000000400000-0x0000000000433000-memory.dmp

memory/840-496-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3008-506-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BOkkIAAs.bat

MD5 a1a22ae8b4edc01008df5a910d94720b
SHA1 9b9914319d516c87070a0de1886368fd3058cacb
SHA256 aeceaa44f1a7f71ea990cff52f8df2bf4e54a643d4452b3a5e6e52644ee58780
SHA512 95a2c880743bdeae9d8271dd069f127386a70e847b7d5445a56072c1cc633f0252cbaac2d945a526c7fa672e27fe756839d014221fb6ca9568ed93ba20d0599e

memory/2328-518-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1180-517-0x0000000000270000-0x00000000002A3000-memory.dmp

memory/1180-516-0x0000000000270000-0x00000000002A3000-memory.dmp

memory/2868-527-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tOkYEssM.bat

MD5 cad9ebc8f3f6fed6ddc51c5ade213364
SHA1 fb27377baa27afac253ea67639bdaee9540420e1
SHA256 aff252b2ca495db14184b9ec6e6c30b20fce1a709a291aacd3fcd9963386a0e8
SHA512 a4ecd839916badb1383ff6811b9e87c960102ce2ff773c55c23c0fe939b5bf1d43040eaf64d6f34279b2d6cdf6bbc83d0a52cc4b16f75e5ac70c35324c2f6c42

memory/2328-545-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GgUoEksI.bat

MD5 a9e7d9f8f55a36c9aaccf2d397cdb0d8
SHA1 55736c428b5b8bf7e16e03abf9c1e4689f0974d8
SHA256 bff63efbac0f292930fbecc44df8eb41b3c4f970013783e87a2e1c9c8f0dd6ff
SHA512 10c243572fee20a648d312c7fbc97ba69b809c6cc16e1443f03435b68645c9681b09c2d461fe86b2ca4fbd47c1aa52feadcc98ee5c695453e28d9322e9a02513

memory/2088-557-0x0000000000120000-0x0000000000153000-memory.dmp

memory/2088-558-0x0000000000120000-0x0000000000153000-memory.dmp

memory/2604-559-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1772-568-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IeEIUEgg.bat

MD5 30e8946a2f9b720c31fa5bf1ddd790db
SHA1 8c1f142769ef43ac3c4ad9f7103f8eef47ae8dd9
SHA256 1fcb821d6a6e5b83cd94fdb9c8463557d5b35c40f2e1c68d2aa35be51073aeb3
SHA512 abbfe390d3f4d8c2b135ecf640b5eb33461296c44634e41fd867972b5346c7bde435ff7238222f6c614df646205ade167b6c5e2539686bf8719e72b250430272

memory/1956-578-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2604-587-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ImIEcsUI.bat

MD5 e5f2b25e5c197161ce738a7895fc7531
SHA1 f34f65a96abba994d28372870ae8eb14d09db329
SHA256 390a66201b203232e26e691687ecf0ed8a6a42e139a6eb7848b1d08bd95bfe27
SHA512 52a18e927fe7253ec7b8f35c1dc84fcd428689f99e1d05645b8a00adf933456314c946ba4a4b6e650e985b2b7f63e83cd148daf9eea1eeb34043945ffa811b38

memory/2980-599-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2340-598-0x0000000000160000-0x0000000000193000-memory.dmp

memory/2340-597-0x0000000000160000-0x0000000000193000-memory.dmp

memory/1956-608-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MwQoIYoQ.bat

MD5 a8d2c0137686f05431afb97ed697b825
SHA1 053833478fb3a70a7bc7a96dafe8f36fde5464cc
SHA256 534e1a1a0f131784c5e2a3794c8a0ebc10c8e504690b737b817b5191f39224cb
SHA512 1189bb334a4881fa12115be72d3b38fac7710b77c7579905201e104d5b2b34497dfab4c979d5881946eef9d9ff78a3974731038494ec3d423187a2599370d113

memory/2876-618-0x00000000001C0000-0x00000000001F3000-memory.dmp

memory/2980-627-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pIUEQUoo.bat

MD5 5ad55c58f0a7dc40133235eb5dedafa3
SHA1 2a3d5d9e14ca9bbaa0e91efdaaa1418b2c53c3b8
SHA256 c763f8fb985e0323e3c8de7c8fc057b74dadc61742af19966cffc607f4ffdea2
SHA512 a5741bb85fa6d549393eb1c964ac35396c98aa7b10beb5146dccec25c130b98554cca8770f81b451dceae81190966aeb2663afa7939e6ba971b1784bac52616e

memory/1648-639-0x0000000000400000-0x0000000000433000-memory.dmp

memory/328-638-0x0000000000120000-0x0000000000153000-memory.dmp

memory/328-637-0x0000000000120000-0x0000000000153000-memory.dmp

memory/1796-649-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RKooUgMM.bat

MD5 442e48a837817130869f7d800cad1cf0
SHA1 53468c69e68a818e88025a321fc4dd40ce569890
SHA256 d7dd20488611a39cd1c15bca0f6e717a11da8e8eb5304f83544a758794b0e82d
SHA512 ec802e197388550bb4c2b30db4461a21fbc4c1df11b78c1d4c459d43081986e4c2f0db77170948ea934c56d93596f2feb93716aa44f981e38f47b54067090506

memory/756-661-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1708-660-0x0000000000170000-0x00000000001A3000-memory.dmp

memory/1648-670-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FSQQEMEs.bat

MD5 8871819b430f31c3fdedc04bc7e6ee77
SHA1 3ef6c4ea3f7b7c1206fc0d3c1ad5f6cd979ea5dd
SHA256 c6ef1962e2c1d24dd11004f612bc64d819c75b6d2ddd4cadf9dad1d7ff3f7952
SHA512 74c4b78081082eca6db9c2e8ec94f0376d57449445daf342f89a92275ceda75746d574f950edcbc1bbae860f4f54063559c497bf425ecf54436f38b67003c1db

memory/2984-681-0x00000000001E0000-0x0000000000213000-memory.dmp

memory/2984-680-0x00000000001E0000-0x0000000000213000-memory.dmp

memory/2492-682-0x0000000000400000-0x0000000000433000-memory.dmp

memory/756-691-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\VMAoIAYM.bat

MD5 b12f6e06b8516d885e69e62ebc86d122
SHA1 9c52ba3dad217d1c584fea55ab3763c7ac2f9933
SHA256 b50f08b89db44faf5e1ce17b83cbd06e6eb7763fb401d85c654b233eb976313d
SHA512 7314127a03e66ec2e66c9ec68167626163bd774bd828ebf79dd22f2587e68ec09dfaf205be69765639d4505cbedcbb9bda9dc18739f1bdc62228b6d1d9656c34

memory/2400-701-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2492-710-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DUswIQQY.bat

MD5 dadb55c0a5753b7dc80515fa671e82bc
SHA1 ff5deb0c692a1f6023c850284d6e83d225389c56
SHA256 0a14a25d12af11a2a26fb231990d947febc9b8ea4105c546fcc4ad54188610cd
SHA512 148dbca6d35140dcb29db5d45c0cc1a1205fabf4ed7e7cd97a6f9a136e390a51150edfda2992a9eb86721cbb5c06591de0e2aa65ee25b2d68c7a33ac23ba2fc1

memory/2732-720-0x00000000001F0000-0x0000000000223000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cEwkcMgQ.bat

MD5 b2997c674c312f8f90bc67f90a88add9
SHA1 f5fce6c6bcacabd625a6709ab9572c386f9e91ad
SHA256 78da30f775230feb3c8282480ae912d558579e0b14255f62ebb1ca508aac54af
SHA512 06ff01ebcd7cecafa44dab070b5dfaac1cf944198250783a3817c4256af4f942fa10ae409253b0fb21a901cbac008ff3f8ef81c74bb743d5e0d37cd4ca891c09

C:\Users\Admin\AppData\Local\Temp\skYM.exe

MD5 e7dcffc90f1e3a991f7044305007095c
SHA1 9e3ac12f6222a10a7bf1c23b6a887a1e95acd904
SHA256 07b7eef3a2d6c50b8cfd9913f7200c0c0a45eb85138e7ea7943551c69fcc6f09
SHA512 b81407fa087098138a66eff81786a6a1307a53a4e67426e90363c76553f5fce54c563f92d72ebec84333b5351cfc7949a194808616db39989c99aa280f023c78

C:\Users\Admin\AppData\Local\Temp\kGEYEUoM.bat

MD5 8e06517a1a5657af36e696ace3d54548
SHA1 11200666d522b496a253be74d684f27377ff8704
SHA256 6a0b3012a57f15ca6e3ad79fc506267112b0f04cd5e732d26c268d1cd968af5f
SHA512 2b0dfb3aa7473bf15f65a923af6e40ddc005a3d7cde89201d5cb4721ce4a29f2db8d7d3e8b1471bce287388ca18e2749ce1d4d529fdec3cb77314d2660287fe0

C:\Users\Admin\AppData\Local\Temp\ukYkMAEM.bat

MD5 d7215170cdb7ef050660fe21f009fa08
SHA1 a849d7c9f8f36b04cfa8f58d27846cf4b0da1408
SHA256 42867efc84eb3ecdd80147ba04745d8c6edf8d0947c141364426254e0358c3c9
SHA512 f1cde61d35483d4039f45847dd5e17fec28800dedc6edac0bb75f23d8dc800ceeb1061c1db117752e53d04c7023c49c25761e2a2a4336b4c90da3d968504c17a

C:\Users\Admin\AppData\Local\Temp\wUMAgkcE.bat

MD5 dd0bd450d45a6b48a9649fc78d1cbbad
SHA1 2129eea63ee0f9583e0c55baa96998ba1e7e1c93
SHA256 f06cff416ba402875fd6d2aa576ebf18bc052f903b0ee8e58049f71c022869bc
SHA512 2b48067df3c7657df2df912c48181ddb75089ee1a69ebb65a1a6af75f29da189bc4f182341d81fc51cdf47353c4388c5055422366664f726f676a3f07f6c698b

C:\Users\Admin\AppData\Local\Temp\zUMYUsYQ.bat

MD5 298028d6f040365a746fdf4274434e81
SHA1 cf1901a61e8b7b73cea915b402d74db6c40021f0
SHA256 30bdb689fbde98e0cba63e99e7686cf12c3f920d910f20f715b8a7c521002d2d
SHA512 dd20261bf66ff42c82b59e16de6bedbe491f29c92a76bb1ff10e60bdccd59dfb799490a5cc27ae7d11070f8be05ccc4a4ece2c43fe6899da256b28eba5f2a6bb

C:\Users\Admin\AppData\Local\Temp\LqkQwQwY.bat

MD5 bfb35c0778742b60af6c61f429ddf922
SHA1 863c042455f833c7ba2873b22415a2ab08fb13a9
SHA256 b7e4f8fcb74c10669f43d22e7596df0ab49f52a5811c0dd9c982d1b4a456334e
SHA512 699e116d27e4d7636211e2fe6d256bf5aea4a255defd150528f741b776bdb21d8fe6cb6f0dd5afd97053a0909d7ec22f6dda356bc2545ac267a77756d0eb8652

C:\Users\Admin\AppData\Local\Temp\tykUAYEk.bat

MD5 1f9bd7f2bb41dff406c35e5ce4bd57c8
SHA1 0f741a3bc578842fb981417174494c126851c0e2
SHA256 e995732b52fa1576a1356b59ed8192d94a392e039eefa97f52127f90244accc3
SHA512 655437aced72632383f595f07c7e31212700e04b90a2d5b191b9a10410e93892da61e4bbc96713c161cc5b3cb3968e356de1f1bb71ea5d1791aebb26f00c05d1

C:\Users\Admin\AppData\Local\Temp\jIIgMYkc.bat

MD5 c95a5b74a0815d6775d771f0d851a198
SHA1 b2e662eea0847a906bb830b8def2bf5d224ea4b0
SHA256 e57315d5d89bcd0a1f43df459c2d315d29793037b1f395908fd4bae3a20302f0
SHA512 a4ba9bda76c79c7fd8dd8f8aa1eaafa61772ed364eda2ebd98372a45dd703da4471cf8e655e100a2931e255e2123c08142efbc3f43b602a7739ed30745c71f09

C:\Users\Admin\AppData\Local\Temp\iKkwUAgo.bat

MD5 bf22f9bbd13d8e7a1262f6729613b7c3
SHA1 2ea20df4c1e3246b8fd13a89b3033a1e879ea6e2
SHA256 19ab8c15490d2f6a36496a4e270643ebab3bad911da9cf7e445453852c116302
SHA512 736839d0605a6cd3cc25a944c63861720334b686e4f5999fa3fcb22a28ef73147d8ccff113a8be8c9f3a9ca48d718d7b86a8f19498485358b8bbf113ddb32c27

C:\Users\Admin\AppData\Local\Temp\AWoYIsQQ.bat

MD5 84ade44e398a539e66df1b2974d55c93
SHA1 6c79e440c1d5af517f3540ed560465acf9bad9f1
SHA256 5ebaeaef4cbaa0be749409668fbbbdc0aac19caf61168d7721ddf44717c0f446
SHA512 cb9e201bf10acdb3450d1686142a843b2cb0ae24e849ea49283700f38b7ca39270d540c4dade1131387b729c4a2bc7f2b8893587ab457e24512d14254dca0d3a

C:\Users\Admin\AppData\Local\Temp\MmUkIsco.bat

MD5 e0ee6c6a8120c3882cb000317e162442
SHA1 9d676af0c1ea1f83b847c1a9aebe09e358dd117a
SHA256 be2f22cecdb6e8d48d9244d52a294e7492ec52e48bbfc988f19a427b7b8a8474
SHA512 c76361ed931a4e2e2133680c800d19b54ad035f4c863e66d5456ddf74519250e76b12eb820351492948af3507497418abd0a66e64535896d8f7ccb31ab54387a

C:\Users\Admin\AppData\Local\Temp\uMcoUsQM.bat

MD5 0414c1c166b616b98ad19ffe240273a0
SHA1 851f0bf3c73428f011ad3ad0db278b9e8e04bc15
SHA256 b46b67c0596d646cd950684daa705651a5e8a546f43f79ba5922e9b588d80dec
SHA512 189582ee7d5e993dc9599e3eca5b3333ad787bd01bd3957b00f3d40acb3b0759617752ee215c652c91d5bcf38b2330033ccc495d5c3f98f9905230bf5b66851d

C:\Users\Admin\AppData\Local\Temp\YyogsUAI.bat

MD5 ade159b171a8c6d94301c15561d5c10a
SHA1 b55e10e1ea8d897182c87268ff559aafa0d3c4b7
SHA256 45a661201e21146dc25df197288fe033df3715707dd11cc62f38250312bbf755
SHA512 6e45947d96127ee8c18092603f4b89e810c9908ba87cd41fbf60ddb3491dc1759576443e52b5f231a0b649e39b4d15c370b3eb6eb038cf71b82118045f85508d

C:\Users\Admin\AppData\Local\Temp\RaggwkEg.bat

MD5 b014aeccadcbcb1691a7259159a68e4d
SHA1 165b7f1b0178c6ac07080f10f6ce2dfb74890432
SHA256 dcd984c2fa6bfee35e10ca36585c0c4a2270d6650b14ff7d340154278a7fc32f
SHA512 96c51da30d89f4c48f0f3528f28e69a9d190a7ee35f12eeccdc36094e6f1237cb92bcb0398df52b17f52c242accebade1afc6ecb4a6c259b0fe886d3aa43b899

C:\Users\Admin\AppData\Local\Temp\TWkEEcYU.bat

MD5 ef6171bd5d549d71fea029bc2e5d40cd
SHA1 b802085b6f142fe7e39a627b36465f70fa0808d6
SHA256 98811fd2ade9912bfff915dcce803a949838d1936607bb0b9082cf09f4dd6f30
SHA512 7ec2e3112ae4000b0138a6682746b62925808d832db87c7fed7597dd4df43f9cea22f2f4fbc8a53bc46734f1c2fc17d91f38fcb5e22682cca3004df4494c73df

C:\Users\Admin\AppData\Local\Temp\TiIYkkog.bat

MD5 3114b6b2f5c941f5e5fac0ff18372e0e
SHA1 efabbeda0922477e1bdb107c067cd29838fd88de
SHA256 4fceb8b90990fa779693e63d961176441d20579c8691478ebc85eb22ea58f978
SHA512 03868089635072af9577c5f8cea3434be7c693bb8fa0c6e40b6a1d2ecdca2235798fc8fdb516748c9f2a5e2931e37525442a7b85475afdbb2c7342d18716f782

C:\Users\Admin\AppData\Local\Temp\VcIcYEMk.bat

MD5 dc30f3871924ff690bcc3aee7233e50e
SHA1 66db52399320110f7ed95792ac9f778ec931af72
SHA256 855f519c500c2b944552b799419608c06d792feab2d4ef859aa6e629f830c910
SHA512 46acbd92ad77b4db0bc3013e3e523b91d395745e1520156388029ad8a0beac82c548931b4e1c3efa87a18649508e6e53d68f63625552812918e8fddd77d48eff

C:\Users\Admin\AppData\Local\Temp\qWcAgogI.bat

MD5 4599d9aca0336fd64cfcb573586a86d2
SHA1 efdf6116e18798fa342c14964cb353dd6ff9ab19
SHA256 494a1d487edd943ffbbd5964745d5690166880d0de10791184c00d3fed51f7a1
SHA512 948738cb9743f00a9c8d8e86b635706db24a30d93dab9dd1048f8eea4c67465a19d07894761b3721c27052fc70213c22f129cd701066eb271aea23b5e0314905

C:\Users\Admin\AppData\Local\Temp\mOwUoEkA.bat

MD5 8a627684bf43d48ad6d0be0697dd6a1e
SHA1 a3c75ea1aaefbddd3d5c0397042af7a181473f1a
SHA256 02d9ecc2d9d59fe083408b13f64c39880910540946dd567053ff97d3970b6583
SHA512 c41d1c1556972e391d0bfe42c89b63c0ae9aedc466e1c6755974c1f9607c7c97ec6c59cf4d0196b1e0d7230437d48b0abfee071139d146b71c034e7d371480e8

C:\Users\Admin\AppData\Local\Temp\ioggUcYg.bat

MD5 230ff6c45875cc445339b73a54efd554
SHA1 8e78ae6445583f4f7c47cf77f7562c54398dd78f
SHA256 b8cdfadc42b2c179412674128a10f366069fefaec6ebbb56f98d55f63711b91e
SHA512 6552264122747e9354e384496786a459fcf1033c4d0c3e369aef6a1cb857f913553a26b9e14279f1bea1b48a474d749506e991b2fe0a70fc13fef44dece39445

C:\Users\Admin\AppData\Local\Temp\ysEIwckI.bat

MD5 ea8fb26093cdb93936ee37f516d89045
SHA1 3a09a93b6a6839dcfecf99714cdef51e8064bdfb
SHA256 e332fb635d515c0e035fdd81b8f186ab27868a4bd210f45d9f2f4a131a9d3720
SHA512 bc1ae4cdd4057ed01c3a986931fd6d5a34630d4f3a45ae84fb7f6aacad484f3e4b4d835ac1102a98d9a21f0fa7682808e397ce40842d12f6b01d9bde1c6356f8

C:\Users\Admin\AppData\Local\Temp\aswEQIco.bat

MD5 b532eb15c2511459175d5516e9ecdb21
SHA1 50ad8256f22d6e3146a3f5fa307fb678c32bd9fe
SHA256 fd9a99813514e915356328921a3101bfff205ccbe369a3b8620ecdc5f3f07428
SHA512 40d58c2b61d84d6ba5ea75a7b320fe3cea657124d5dad063851414bda2f4e9bfa2d341d097c2e18b1779f7fc4cde610d38802e3f05e41d75958797118613acc3

C:\Users\Admin\AppData\Local\Temp\BUwEUEsg.bat

MD5 b7db07ce33f891ddaaef173530ff1bb7
SHA1 3771ae6f35a273efeaf003d99184b315a50c15f1
SHA256 52ccb88464c028ed6f692a5a0227d88a805d1333a02e6a145f48740149b77749
SHA512 77df1e6b13d34b290315d29cb4ba3107c7af69412663d2a140607962286905e6ddd08796f53b2824ad0878bed408e25b685fe8bb7a04c9e783fc35172af63013

C:\Users\Admin\AppData\Local\Temp\sYQq.exe

MD5 b23f41369af65bf21ab36a99b9d57ce6
SHA1 21528ec8991dd25d6b0781ad605c33d34c69358c
SHA256 9227fb672898c8102f98db5ca1eaf30dbacc4b15cd551c590b5982ee52d90454
SHA512 be91d62fc704f488b4e8b29e609c86ab20997d6a8ee456d2ab2ed2cf544fcefd1bc7bc16d9ef676bfd08a2c975a4c899bb36086979e619601dbd1e6d4234c675

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe

MD5 94b55c74393d9bd88ca0794bfb80366e
SHA1 6c34181d83d96a0edc36efd57b5e95ac8db6adb0
SHA256 17cb0b3806633caeba5becb8d8bfde599a27b5a54abaf2c62a8f4f13861f93d7
SHA512 76033a96deaf0abb0fee88509cb62528428f0404e2278211f4c601bf3c1d8268a6681967d6aa1d6b94343957116ad788d13698806bd952fcba47464fb1a3a59b

C:\Users\Admin\AppData\Local\Temp\Mswg.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\IIUs.exe

MD5 fe6ff265fb5ddbe45a0a4e1538fbcd4f
SHA1 c5231ae55765fd69fb7178b157b750d66645b0c7
SHA256 2ff10e3cb1204b41e2936eaf535d3206d4189c094bdaff531817c5a24e8a12ec
SHA512 e41646d48d7edcfed3623835c078af02e24aadefa1318a376b4fd360c928221539f778f60c7f2d58870cd4b24f5cf73d21f5041d540a10c82356427b4ea0f46d

C:\Users\Admin\AppData\Local\Temp\wcwc.exe

MD5 9d76c4d786e38f3a7212d1c59213f2cd
SHA1 fd9e3faa0061c593966d9225f193ca28353765d8
SHA256 8892a82f1fa6d715fb806a952d4e2029f86873fc3c96b82d1d2b1b3908ec2e65
SHA512 58791e367e0489045ff98cb88ed8e8ab0834c1223d2912157484deb945a7868cfedc8e11b292bc92c5fe7bf1cd6245f10bdd13a734d20636bb6ffe220ed3653a

C:\Users\Admin\AppData\Local\Temp\fgEsMIIo.bat

MD5 64ae85f939553c7a9fa7f039bfb7fb97
SHA1 978afe076cfb6decc029b7f41371f800b1d69a8d
SHA256 207cc9ad74a272d6507e9707abb00bd3633109fae4e83bec29588c0420a7c362
SHA512 ceac6202d8e401324013c85bb1eaa4b323a89d15ef4498cecdc8625db2a9ca6d8f2701ae20624c8b7d4d87b03bbef5f82f8de1bf706566632fee75bd47dc5fac

C:\Users\Admin\AppData\Local\Temp\CkMS.exe

MD5 d632da323cd4b520261985cd5d2a4569
SHA1 d779169003fe6e2b7555fed895dde7cb883ab2a0
SHA256 2c67f3059c9e0ce2c36cc1767dabbbe02beb1179bcdcd84f7092a8e05ab15a0d
SHA512 e53b1e650a712b37b1195e1cc951432c1c519b52d82c704ce064c79fb0bfa05df1f9523bcc624b5214ce198af5969658a4ef06a9f25ddb7e7055a3ac926d89a6

C:\Users\Admin\AppData\Local\Temp\cwEO.exe

MD5 c5a1e5b9bac720565b8605547f1e6e18
SHA1 0f6f300a1130021ef4a5dedb4234f567fe98ad4c
SHA256 fa6907e5c2db9184e2256021613f6e32d951709612acba23a8a74228a01aa858
SHA512 345b6d6d74b4d1357b231927bb54a68c121b51c071f316dc1dc274de11a25d6bd872a05a6a0099b3fb2e95b6bce0fb4c86f40d6c86e89298dccdf5a62089494f

C:\Users\Admin\AppData\Local\Temp\mgEu.exe

MD5 9a64eebcdb7102560573790c81a89a3d
SHA1 6b7a657abbcb703781e23ab3e8298f71601b7c60
SHA256 43082f159d64152f5c9e2201397521d5fccc3f6eb873bf5bc8a4d80b11ee1d70
SHA512 b1eb018a04724b8adac2c8908f32bd614d0ac6e6baf41b5aef17aa8992db2f1ec2a4bf245c5d98a541ab118281ff5a5837f47fc157e0ebc6e5e19e7888e86722

C:\Users\Admin\AppData\Local\Temp\sAok.exe

MD5 2bf913a9cda61107eed1004a76cb439f
SHA1 8654f08ef3c2e220685193713c361a7108263f4d
SHA256 a4911e55c6ee37a555b056d7d41b5e7a808083e7110c72f9612fa587a5dd3434
SHA512 2c49e959065d65804f19311d6e8aece6f64560a6ddc445b3d97a63f1d6bf3af65a3dfbdda6396426b40b0a1e52f9df7dda5f7d38441c0aa7f6c5ccc5ffde4118

C:\Users\Admin\AppData\Local\Temp\xCIcogko.bat

MD5 067375fd2420428a65523607989067a6
SHA1 a3938177a10146319a398547f741e1c807d1c0c8
SHA256 0544a602ef6c6ee6ca04a085f8a69b089b87b3f1b7ec0f4f699d66029242535b
SHA512 7a6eb66012579414d219c5bdd5ac278c078de909966324d908d5b2435e8d28d4a569b540959ca89fb946ede08778f1679df0fddd3d3bf6847905dbdc0adc0f87

C:\Users\Admin\AppData\Local\Temp\IQck.exe

MD5 57c1c1b33567f13626a08b7648792e53
SHA1 c44c161b2bcc712e9ee2d00ba806eb294091b6a0
SHA256 93b76b571391fe1a97e55e0d37dd8e60e5bb8a4136263637960cb23dc0384097
SHA512 c34a4eff1ade806a4cf0fe679f2bf725d91eeeac0fc53cd65a29840b1f1c3e24e8805d2c7ef26e0ac2bd65cf25bae58bc5daf06752261011a86aa326bda0954c

C:\Users\Admin\AppData\Local\Temp\cMos.exe

MD5 cc7242ff7748e1df8ff289329bc47df2
SHA1 963c9dcac8f871e3cb327285018453897b25bd9c
SHA256 134820dbcfeca4193049a61d8adee0f2b907a18ac9870d1be6cb634e3bc5cfd0
SHA512 03fdcff40d48a086b528521b09f0444434b52f1505e783cee960dd9d6ac7eacbbb231b096a7778e72387722b415126bdf8aa77a68a914a927c01fcc47187c78c

C:\Users\Admin\AppData\Local\Temp\uwcU.exe

MD5 e9948ba6a416ef51b21cec50912684ae
SHA1 e004a2cb0486f027bf7dd9616eaf5463e92e027b
SHA256 4b5c77b338c7a7126603bcf393752228c06592186f961eb246c97922de9aaa9c
SHA512 1704eb4b9ab5d0f47433a8f8b076bb732f6b8123b1de7916f2565e2c10bae47a05f1134a11827222ca6747ee74e366224953ea43ac07ee1ef269ef0313b9fc05

C:\Users\Admin\AppData\Local\Temp\ecYc.exe

MD5 bde98f4baddae88fac54fc0129a30175
SHA1 4a6dbca598995c4c80208440c294dc42b0ee9eb2
SHA256 1404c0565795c0dc0136f3f40634bbaeeb35bdfa87964dc20bf69c18b71e1a03
SHA512 152210ec055d26beac67cbeef5b2cc19dec4ac8b6f37b60d81c100ba59a41f13d4021f109733271720031a77c5074d9adf0671c18a9ffcda161ddd2145c30064

C:\Users\Admin\AppData\Local\Temp\Akgk.exe

MD5 797cae0b941d5b2f748ed1aed0a5fd8d
SHA1 62060ba3e9a5ba451d8dff381602d68a9e7ebddd
SHA256 24829fd39ebf16c027ded511fae51ecb870d928b562d84102eff927e7ff6c698
SHA512 14397a01181bcabdc0703fc1c078d9535649a8bdae5e1d8aec426246051156d2da9c48fd0a0d273cf02867a2292cb1b16f6359af4a768424b9abfde11d3ac6c0

C:\Users\Admin\AppData\Local\Temp\Awoi.exe

MD5 0562d9355c1ae1a531b0b156d801ee8f
SHA1 7c7c377e52263743daf230d43f72e75058ec41a1
SHA256 9308aac1f33bf8d25eb444386943b435bfa7a87d458dfd5a10b201c73f11592c
SHA512 20d13d917552d5b32a4f552d24069782ab8b09de3c6f0b429e433ad0de88d1bb6f9d368908d07be96c96c63f3f1949edc873726e2c7524e8ba7452ddcc36d0dc

C:\Users\Admin\AppData\Local\Temp\CcAc.exe

MD5 d3bc48ddbb91d4720b23614f809d212b
SHA1 2ebec644288825754ba48eba496514568af72c27
SHA256 d16043d4b8d1cb411c38cb0f520c810c7cf86e24c8233d923d5c4fb2c795a0e5
SHA512 f19cf4dafa0cf449a528a70e31ba59918c69e289083046ed41654519c30a05c454db4aa260572cb83c6003a71670939da91c3a0acf17e3ecc650152f11d89b78

C:\Users\Admin\AppData\Local\Temp\YwgS.exe

MD5 9d2978350af6514780a768206148f701
SHA1 7bd0281717a363bb53b480af5bd9201d1d5c2353
SHA256 c8d6d0aa1232536b18642ca41a2bdc071a578d6499cc2619e4bc4f6c7b185c54
SHA512 21d78b02c974787f09f452bd11b65194cc5f40184b332a0b9e1b88714cdf52a3beb5dbc17f31aefd6d1f04694b70d3bae0eb0df33ea7bba4723dabba0490a24a

C:\Users\Admin\AppData\Local\Temp\nQwIwokc.bat

MD5 968cc69103795c045a26b7415a2f4ea4
SHA1 161cc097a965f5e3bcfa8818cdd7f9e1f949b959
SHA256 1a14fc8afd33e6d00ef995ba5828fa9bdeb766825771d02e7d83c535a35a1031
SHA512 d8be237172a19a52ad61e3d8d88ba52e6829bfc59963f6114b0da7e7273efa9f4d64ba61747dabed49ef91329165758b23a0c9bd63521a1b1640963d5c473815

C:\Users\Admin\AppData\Local\Temp\kcUc.exe

MD5 ba5b1c89344875b322d1b6f67a4f3d13
SHA1 7c1b947e6347a9d02f35484ee637293a2018fae8
SHA256 d2c3b8a56131371ff2a30c839a42645d7035f161a57bf351d44c92734816de97
SHA512 0ad3d1828b7463ef8b5ee08ed0d90174af3e7f23280f30e74c6b118b6ef19c04ed358e4c028092dfed923d587f1e4cdf1a73efeaa762db4c7102ee1adaa05d56

C:\Users\Admin\AppData\Local\Temp\KQYK.exe

MD5 36a970b74a9e9dd614c1b7699f01849f
SHA1 ca1b61039d5feb3985b7d2b293895bd82acc2dfc
SHA256 86a848b9ea0c0e63aeb2fd6b736a5969bee356d9fc919aaf48373aac5db7068d
SHA512 c1e87063378ecf985b1e3420f769c3c2da46111200f99508c8757258efb70570cab57b228826c92e59ca63a99c6a6d9bcbe476223922d6b33a821797f02d50a8

C:\Users\Admin\AppData\Local\Temp\sQYY.exe

MD5 48ba4297e8e28646952de6861621a936
SHA1 2032f54d0845e80f2449bf991b34f365ce9afd02
SHA256 6babe51c2c58f707d2823990cd5544b98440f5f9590ae63837bf827c7250b4bb
SHA512 773553c8bd5e98b5e2c8703135f53a342d4205e64038382a157105f7eba2130fedb4ab61719ae879c6c8765281fcfdaa23ff5ce70486fce82ccb8c1a2a17e3cc

C:\Users\Admin\AppData\Local\Temp\uQUU.exe

MD5 3b5f66f2af1b1c6b737debbdcbe25e6f
SHA1 f6d97a1a34c35b028162fa74beaa27a045ea0de3
SHA256 162161e4bab064cc0449c19d40ac75220a6ed11174dd6ee7ea164c1e28323b75
SHA512 55ff6a0c8394435bde7f4793c1cd32c411f84e915fe31d8793f18fcc0872604aac79e1347bb90493a9ebcdb909e0c7b833bbaf6a66c7ec0436fe60895baeb5a6

C:\Users\Admin\AppData\Local\Temp\SYEs.exe

MD5 e5347927bf306325cf534a5913b91079
SHA1 85b9479471b3a0555203b809e43f217b8b7d8a24
SHA256 f18df413d3cb090fb7c185eafc44386942017358d4c6f5e4375d7c0ab8fd577e
SHA512 3703e352d464a79c03e90eba1e62640c68fb430a4014f0cabf170e9e4d6bfe5c8a55cbcb51868c6bf7064a410b67213127ef062fbd577f6c2e982f97483ee2c9

C:\Users\Admin\AppData\Local\Temp\aUcG.exe

MD5 539e68141a9ac921ee66cff9915a0432
SHA1 58185bd0c890db3a4586d806f5414c1d4596a764
SHA256 b3524b1b248e82dc2d8847607297830ce77edc0af35bc525b0302ec5371cc2af
SHA512 e5131fd4afa2afcec69c2196c43431aa0ec14d36553ecc747ebbbe17aedf721869125c1cb7a1930d8e3faee170a0f66ae43d56f83d545d6200599168fd3585c6

C:\Users\Admin\AppData\Local\Temp\uQwYUoUc.bat

MD5 7bac8c811418d8d7ece354a1d408ea85
SHA1 fa2fee925a6f1ace760ecb3804687ea90b53e2a7
SHA256 dbce1e63f1ea517124203b025d2eb29f88c8cd558a7e2ef3cfcc110c4159a18d
SHA512 b70ccd42fb645c89e379e1ea3afb3ce09840252adcfb607c3827a49fd672c2361822bc1c77cd33c2051e96dec820adbf7409cd1e3e28ebfda56ee63020ea4a54

C:\Users\Admin\AppData\Local\Temp\uoMI.exe

MD5 f4b9ccf0f3cb47d879c6dbc30117d68a
SHA1 f95ff7cc6bf1e71dfe337bf782de2d1f0c2cb3bb
SHA256 2777753a052bbf89b3ab0bfb6f022b1b1d11d8874aafd18280fcbee47545e13a
SHA512 110d1ef4394f3aca05b059a8d242bbc1855bba8594c4117d1b344eeb1e61788451c9f3903dc9569c3647ae3a0f4412fb69842204921d476a07c79a8e8b69807f

C:\Users\Admin\AppData\Local\Temp\OIMS.exe

MD5 5ed85f73e9ea20fc37acdba039e64719
SHA1 1f95d7aa626db6a31560becc07751f6d53105c38
SHA256 da92677ab584b73129d4998769cee602085787c6be62c68ba514119f10d944bf
SHA512 87a0f1e7aa01b554c213f44f78ff443fa561ee7c09620225ad658cd074a6fa34416de10482fdff877c99d8b7b86a9859c45bc37de1adf1931e6887b88aff3a86

C:\Users\Admin\AppData\Local\Temp\wsIS.exe

MD5 e101117d541c354afa7ec5d361b2b17c
SHA1 7d212b18e0724b5a02fa018d7f428877e7c0275a
SHA256 3e04e6e01eeb0bced2c70d2b06eb67bc4c1548a314f637d5575fcd70a257bea6
SHA512 c203ee21e5e6a4caefc2b80d5b488eab58b2f524146834d1168ee64be68bad34f0b70bb1ef8fb0ad400b6e64e1ecd8f0c899dcb014eac17e683893ce95646f4b

C:\Users\Admin\AppData\Local\Temp\sMMk.exe

MD5 3412618c45df534472165139799f49e3
SHA1 643f5a1c6e015ce06ae296bb76530ce4887311ce
SHA256 55e2e596476bee132520a8870ca24dafefb09ddf855d108ee3b07d3d42d874c4
SHA512 d1da9ad141090b3806e524960492741238b3ba1d7d95bf381d05b2b2918a193d7f79c437d383c4aafeb4601da95fa9ffcd9757f7f3c1cb333a480bc19f365b44

C:\Users\Admin\AppData\Local\Temp\MoIg.exe

MD5 e7c9c20061297328c39eee038e8039e5
SHA1 e875d627ea6f263a5b109fc0ba6bc1cbc6794e0f
SHA256 b16d41ea991c886f5ba8f0d5dad450c569dab360391369f4736aa2241c8f60ee
SHA512 ccfc05d8edd172c1983b98012b6f73fcceb5052ac4578e76d2bb864e3d06e8c88064ba9e245bf94b06dfb11b84f62998d8b4c28526c1d21a1b2e29fac2d5bf3b

C:\Users\Admin\AppData\Local\Temp\CoYU.exe

MD5 67fe041ff0c6e389db61b393f556e66d
SHA1 910920ebcc3a616d9eb8cd084f120d9120a785bd
SHA256 690d8062b1fb738fc05b6a0c76e666d9d017e57ff92e59e9253f800721ed38e0
SHA512 42dfac33dab857d5b200b91f528f75e752f296f0be890e4fa5eb20167bbe1fa206a4ae5b06f26adeb9ba54c01b9934a563876c1d2f4ad27b67e6fbc07d919130

C:\Users\Admin\AppData\Local\Temp\kCMYYoYo.bat

MD5 1ba69dded4d2becdb008028fd0aac629
SHA1 af0eba5f6293995e0231f1ccfbd6d2fbc56f2847
SHA256 b75f425dab0d69dca8074ec0528dd428b6c3778a53d4ddf791b088070360e3cf
SHA512 b9d3e7b7d9957a2e5eec2e0ce7a3edb9adc0c201f05335d482077a701070973c683f98fd21738fbee740f5ae70846359a60d066d3504224fb811687fb11cd5de

C:\Users\Admin\AppData\Local\Temp\iwAs.exe

MD5 33b44bba5112dc660a01ff8141e8bfca
SHA1 8334702833b067ef82ede514c88de35287014bc7
SHA256 1e179eb3ad877ab66389a3dee45055bfe43150c46492231f8b08c8b22cc6b533
SHA512 dfec153c509f73bfbd61f82f4e4c73112433f6cd523c17091ecfaf42c62b80cbfaccec0be9a1ed52157f18075f22f029442d4424b275471ce3872650f436055e

C:\Users\Admin\AppData\Local\Temp\KcAc.exe

MD5 1c97d09a208bf055229bbe5d96885d2a
SHA1 efe77d13f2f8384c5a928dd847a34e4d7e75e5de
SHA256 b0d4dde722f4cb286dbeb082e531252374538f45eaa3732f9b3601170e5aaac6
SHA512 24b557f8dacf491c0304ee2973ace45928b290511305d737415ab6341500739e6ab1b249d5abe7135dc6bebdc4d93442ab836a8263832dd4b74ed363f3917560

C:\Users\Admin\AppData\Local\Temp\skwY.exe

MD5 981f7502a7d26c4e9d5236bf88deb066
SHA1 c566785dae51f923b7960580d4abff6bc0818dc5
SHA256 481b36e8948a2f17e076bc36c717a747e1b8427f1a0beb69fde4999ec05bd019
SHA512 4ef909959a83ddcae4c6454d298b8290234b861f1caa2e45763f3a4ef3a805d3ea6c15648a8bf8fb08ffcc8b0e9b0825602b377b00537f7a573b86b4706ee9c3

C:\Users\Admin\AppData\Local\Temp\OMsK.exe

MD5 939eff71affe1073a0badeb54822e517
SHA1 e3bc005f85e0eaaa7e560fc138f91b8d01990af2
SHA256 296a1759ec322c8cbf371da3d860f39053f357e31e8435bdf7430667bf05598f
SHA512 97ab585666166a5b79172f731eb69656ad119e7ced330a9a5afe79c66e50f4b1dc98c57e70c14f70421607e15d39d107b5c69a285eaa5a53701b23f3fdf4739a

C:\Users\Admin\AppData\Local\Temp\AMEg.exe

MD5 1a43317b43c65e4f8e6987f1500b0169
SHA1 ef85c19412a3df7a16ba5b2edf4ac3bab835b5bd
SHA256 7111eb85b3411c24f05b8563e349f7f3dc7905609e458c6535a368d11845445e
SHA512 38a7df340ba31c08960920672afcd10d4ef62c719fcd70179f848045553b4829f66853c4a0794938e7e8a369ac42071c38db9973479c446c67ccad3a1b6d9def

C:\Users\Admin\AppData\Local\Temp\Msky.exe

MD5 a72b9700c8ad59ae16283977c92308c2
SHA1 034b6808a6c0a2436c5bbf968aea16e27fdc293c
SHA256 0031461e6d551ca5037e7ace6b48ffcc0f9039d0fb233f28fdf48c98d52af935
SHA512 e80ea88fa46be5a7364ee2da4e12ea8aa19a55561fc7efed53456422511b88c949eb1e2df1db643ed155c8b0ee55312a079d3fee636e7d5909c2f6d0645362ec

C:\Users\Admin\AppData\Local\Temp\CwQEsgsc.bat

MD5 50c4ae4dd2ed13d8a81634c2ff875737
SHA1 bb43a57dafbf34be8696fbdc8a807f33a7b2f7df
SHA256 e69a693e8715ba3b9f12d1a135e16755b2e839892940570bc9fd2e37c56cd48c
SHA512 68ee8be3304a42f675e55958c78345fbb0eb7aa091fc6c881ae9f9f9416d64c267113ec51091956e635bc0c6867cc35f28b767c946bce3a168264faff722a983

C:\Users\Admin\AppData\Local\Temp\OEgK.exe

MD5 1b93a86ddc18bae2105c6574e031835d
SHA1 abed64e4a429dcce20c9e3a4ead095147b923a81
SHA256 a4112b4e3a10819fe827f66f728857d6d8cdf2ee07979e07fe649ca0aad96c4c
SHA512 bdeb904d429c7a6fc24d16b0f617c4404c955f72772ee28818af6691f6455cdcc640f3694733665875c93af97b1dfea1f25cea04e6aa8d043f84df921763f333

C:\Users\Admin\AppData\Local\Temp\MAcC.exe

MD5 2c0d7d630bf9ce6367c89967a77025d2
SHA1 232ab260779b3d408c7da8e85b4d81a534e559af
SHA256 4bf3b4112a527da0b81a7bb9a3365dc0a82bf8b35e351e9ef304ef6f30dd2d0f
SHA512 2d090786d62ec7300a52d9bd6d2094982d52b297a4e88db470b602d37b373e68480817fed4ca5f324ba8b981d032f28394c0896a25ebd6e6269088f12d8c2662

C:\Users\Admin\AppData\Local\Temp\YcAE.exe

MD5 529a5ac3ba4c770a5fded2388f3cd390
SHA1 a5a8363314eb9226fa9525c2d0e4017e8076bb8d
SHA256 4d9efc9cd6a5ab9a5386adc84441b310f9d77e769acd7a9f2615107abd814cd5
SHA512 4aecc4b479b323831143bdc01a22ea883167c17b175895717e5ee89a80397eb1e4a2c1abd4aece55e269a31cb4588858d4f883f23b872d5a405608012d674ae8

C:\Users\Admin\AppData\Local\Temp\akwa.exe

MD5 361d0fccd8665a5bab2649fd34adf476
SHA1 7368f9f5fe7fcb57fde4041bd9f5e7173d01abac
SHA256 794cbaf613b45ad49f5bf0232e035060063b0c3467964ebda279858f230e2fbc
SHA512 b902ac73791d8ad0e74276725c0712b2cb5a896a40601840b3276c1dc1d09f0036c5adf0d0d1a878a946e6902b8675e49e9a014f3e2deedc84dc5b155d816301

C:\Users\Admin\AppData\Local\Temp\EMkA.exe

MD5 3187895a83dd209ef723a80d93c874c3
SHA1 941a693bd7318cb6b9bac718d59cf4d48d7a5018
SHA256 ee15878b215eef06474087a457701a594c528f2bec5b43cbc0dba9c0a4ec92bf
SHA512 6a20f77a5f960b45d0283f253153bb1cf9df641b13c2a28123ac121daf0aa29a1e6c97a20b511deb9495449a78245390e47723009c52da83d634708b9866b6d1

C:\Users\Admin\AppData\Local\Temp\mkcA.exe

MD5 488c5504a791c93e44129c8b5c65f513
SHA1 f5fc7de2890849b35251ff005c4f8100fdf5cd26
SHA256 be65853e280dd498343d58521e65eae36c71991927ab07d0e2260d2971c81bbe
SHA512 c92d6e9eeb3df1102909c2ddf746bd5dcb640ae926298970630abcfd7573705b9ccc806823490d9051f37a47f11e9a2b76dd6aa3ebffae1044fba0207036c5c8

C:\Users\Admin\AppData\Local\Temp\uoEMsIsM.bat

MD5 93e18673f0929d3be7e7a9d2a82bd06d
SHA1 c1f457bdd1d1ee966bd83140f98555918973a4a0
SHA256 2c85d75361293666f4408add653cec80608b8063c2fba7565437ec7cfe8b560b
SHA512 3080f4508ad7be8218d8f5f241c4f00e790310b1ca1dda795248e9c5a48d9d3b648cb15a43bf0b507ee71d95019ee6d6cf29b1d9587fbd3d8b013e5ca93fa250

C:\Users\Admin\AppData\Local\Temp\cMIQ.exe

MD5 b5588fda6b6b15ce6c99b483d0ad6c30
SHA1 f40891161b1ce5fe5e9f09a684098876345e8862
SHA256 59bec54a69bcedca7fc994d4ea5f62af44abcaa2b7bc237e66e24c51b5521498
SHA512 64e9325058439e2e5ef7e0d5bbc38634f18a6d75fadb7e1aa0ec0cff2181748591f554ff9f8a0e2c61bd437b8b30f85d83adc6b994b4b82fb95997d64907e542

C:\Users\Admin\AppData\Local\Temp\cEcO.exe

MD5 5dd0d11b520ebd34d45cf25aaf9a2a94
SHA1 de20163d0a442286b1cf4b91440cb3c8ccf41b12
SHA256 57110e876a0c52aed5bb8e7392c7ec5ba85e4debee3250385fbc88d690eca701
SHA512 288cc0ffcd59f9ab26afaa1598308f8d6bb7c903af8e8399e349c74811f366fbbc5847136148236ca500e75f2d0d7bc236dc458706d5ac27b3cb1b3e674a8fa4

C:\Users\Admin\AppData\Local\Temp\iscC.exe

MD5 a9e875723fe62fd85d671cb6e407e7e4
SHA1 774f30e182b1401754f7483c2c51669403ff6599
SHA256 3476d2587f48ff8ca2c8269daa2367f53c2c8d50562625fede73d8e87aa8b053
SHA512 5450d2d6ea05262d5d0f86c430d4916e3a712a6299cd11c6ab76438e8beda77aea48ece4a198a2f2ef5b8a23b738b10444c0eb3c95b4cec2c6da2bb22f0769c9

C:\Users\Admin\AppData\Local\Temp\acwA.exe

MD5 3a8eb35edcffa32191f77a10d415ab4c
SHA1 251b884c40c44cb027e7ff4bfebeed014e59dfec
SHA256 a7837d74d1ab3ada9da95d5ab37329a7667ef3cb02af0bb0720c7f0c5d8fd582
SHA512 9f9d1b923daabd427dd9d8399eb3b948ca7472afdcf470668055cf450dcf31a266d44b2efc4b86e206ad1c54be76114c38dc9773d6386487f1b03b4e39c7d26d

C:\Users\Admin\AppData\Local\Temp\iQQs.exe

MD5 78226a048e71412f7abba19ec8108ba8
SHA1 fbacb809f92f17aef86b6c4811a0c440cdead40e
SHA256 17cb9bb7574601e6292ead68d95e94d4cfbafc768ab4900a1c12a54a9ec32d61
SHA512 f1ecf6cb71d20b522b12058eae62703e7c170c5e2094364fae6a3d0837d99e96565d08ce43dd52fb07fd97d6d17cb5702fb03c87c5efb29665257a855be94ffa

C:\Users\Admin\AppData\Local\Temp\YwYO.exe

MD5 c332336045d54b397f88f954b9feab8b
SHA1 74b58342ff7722eaa3203896ff3990cdfc128739
SHA256 a1680e2aa64a9d5e3198aaa3ab4842770ee70c68cfc3b23cc6f447221fc67867
SHA512 7a87d7b264e5332a016a48fbc8e9a61e6ca9fe0a627d3beab6498b6cfddbbc17e1a3f4e7c3585cd530156ec486741b8e865cbd1e2438a897d74e69826361cf20

C:\Users\Admin\AppData\Local\Temp\IgUK.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\aYoM.exe

MD5 f01f0eeb89f2a0a42b361df94612de2f
SHA1 922f5e35a355b086cfa1f87695017a47f433025d
SHA256 8d8ab54c83636047a900da6c02649fa94121735cd45c098f6975b2d11ea99139
SHA512 0e2626992f1864fc17ce5eed96d914adb7d900620c080287381d34b5fb289547ec5e299d291afb3763ef0dbeb91f9fad932530733834e4f352a30930708360bc

C:\Users\Admin\AppData\Local\Temp\qsAG.exe

MD5 8fc3fc2c9657a7d90c5827e60b2dc015
SHA1 cec376bcb39607d03a5adce93da08009c0e96979
SHA256 40cd47c48755b8ad9f75c73c12eca95af87f12d9d54aa276e09deff2e18af0e8
SHA512 f9066096b543892c5d8eafa11c273cd076e23506ffc23fc3f4a58996338939a04c5d2768c9697d0ca2e8c76294e86ae7deb990debd6f4d63eda1bf728d3cfd97

C:\Users\Admin\AppData\Local\Temp\cYEe.exe

MD5 6997357ca23d2cc0c820af2db6706bc8
SHA1 a0cec0ad63efd58b97ff783b6b0d91bf8ddb7150
SHA256 a4d6d3e8f720880331934dd7a4f733d67fd0b6cda9ae3cf654407ccd7c8f1489
SHA512 6ccdcacbadfc143cb3c9d379fd6beec26c373164fa1d0fb76857f2c3fea448297f30cd02573eb7457fdb76cdbe97222c377c403e09df25f5032ed33c3a30c995

C:\Users\Admin\AppData\Local\Temp\LKwsgsoA.bat

MD5 a495dfd30f1bf1c74142b8447c90d0c1
SHA1 518fde376f04d01fe018c4a53201334ede82f419
SHA256 60d9f5befa3d234841615cd99604999bfa6682dc435ad3a7b07daba849fc1aa6
SHA512 4a3f6067e8f425e7d8dd7b24dc9b7fd46974d003b404e1a810758741c783f4d8f866f027632c2b3911dbc2fc2a97834e0d934ac1c6f490d3556c2a9843d29e77

C:\Users\Admin\AppData\Local\Temp\ZesgocIU.bat

MD5 7e939f2788fc44ed1f33519fdd43bd0a
SHA1 d34976f769cd7f88676435b109eeb5e897c13269
SHA256 da2a3b26dad8f54c4f2e8ee02924d2331f022f7981c7999b8d2f89aaf715cc8d
SHA512 b8d16d097528a503dc552a4dbf3b30f0dd300773d36fa702f79a24c20330f5cdd3cf89e7a5f3a98e7fb75d2af68df0a3c8355e5a87e59e63e51ef5b69d077c18

C:\Users\Admin\AppData\Local\Temp\zYIQEEoE.bat

MD5 48e64ad8a0de285b35099290724e3e85
SHA1 6c01f7a3692a54702b9e705ec918962807737e4b
SHA256 727019d788182a0d3b832ceea075a34cae451846ea90bf5450a060b6c20e3e3d
SHA512 52b869545c5601375e1eb51a20c88601631ae53923dd8bd5ca725c7076c38d23b12cb48175944e56188fb26d489c46edaa438beeef9faf3a690caab8f9f5dfe5

C:\Users\Admin\AppData\Local\Temp\xiQswcIU.bat

MD5 1e2805dc739811a795342d32ef55e4cb
SHA1 757229ddf5785160a150c4f774bb2f2cc89434e6
SHA256 bf513d6d787a803ac4030cec2620da283b90e9abcb7d07b4dcf121e9855093ab
SHA512 ad71a5148360e3d87d0de1614eb3814b70a6a1be05209d635f8331d2a7ebdeb06ffa474b8395f7a5600bee9afc36c6725b786ebf6ac2ac9bbe9c6450133fd6ed

C:\Users\Admin\AppData\Local\Temp\pgskYcwY.bat

MD5 0cdeeace9e406c7eceaef1c9b36c2552
SHA1 90160b41ee457abc49f523ee3a57f99aa4df6a7a
SHA256 241ab3d0635736319412e040eca74d6431e10a51b4cb8f9465bef5ccd3191d34
SHA512 85768c7480ca7e017b712fb6bbd5c0b0f3166a9a83c23d9e65e3ef3b54bba4c727a46fe1d90314a32e816fa3a758f3d92e278886dcad8e1836da3b2d94e15e07

C:\Users\Admin\AppData\Local\Temp\WCkwscEA.bat

MD5 97a68574f593ed64bb781df5e3b5869b
SHA1 a4f21c8e59b740c335826fa19bab41a0d816f4fc
SHA256 bec29a476816218762376e1bb9b83e2511bc9311d3450ce4786a4cc758a65fa1
SHA512 70db884d53c4cd0cbf3e21fbb58e517ab79e4633e68249057a3b65bca747140fe7bf244ffa293702a3e93afd8e8e406c6eba14b4f2dd506bab705f3195893607

C:\Users\Admin\AppData\Local\Temp\CSUkIook.bat

MD5 f84a72efc15d8f25ac8b1214b06eab66
SHA1 4258c6893555f502737c598c2e5f72f8bbe38f1a
SHA256 b81be383204a999b4f73aa21065b6c6134afdddf40ad7a0ef1c2c73257c751f2
SHA512 e770e05a7ef18649c898714bfd8e206c46a3ebe23a654611cfb04ba7cf9421ca30430db90890dbd268009226fea047df946d56dc9df605683b6051a51bf70c61

C:\Users\Admin\AppData\Local\Temp\OwgMIEsU.bat

MD5 126a9cfc342e2805d71c5e6082677390
SHA1 4e3cfa4575782b0259c747232484836979dd097c
SHA256 bdd404153479779071bb7e28a0fa960ddcfc7a00ff5d8b8fc55e13db0deb3c4d
SHA512 8784f750e66173b0e8065ab87ef3682fdc45ae873564146fae2a3297b4120cd4ff660e018300a7479fb88aa574c2ffd989252de7ea27a4331e0108ddd30c1679

C:\Users\Admin\AppData\Local\Temp\cQQgMYUg.bat

MD5 5376b37492c1a61a4d35f0e9a8ca2a49
SHA1 22ec0dce7ceaafcbba912e3fe51346f67f7224bc
SHA256 303cceb1a01726c6490edad635edf16f404d9fb31902ab36278937644b7ac7e3
SHA512 2b55ace190a6aa590fab52b93136a5b26dd74dc176b3d1692f399a38ed0a831b6f15dd8a4d8bedaf19ce154ec38db7badad69df55d5cf018e092345b587b30a5

C:\Users\Admin\AppData\Local\Temp\kkwYksgk.bat

MD5 c9f708f7e29c39683bc8e4ad531f56ea
SHA1 0ceba73bb4f3fc7f999782835c61399201a9b17d
SHA256 ac872cea9705983ecc031171950d5e1f90f9cabcc5b74890b5f3a7fe951995a0
SHA512 6cee3faae6a379f8e7024e6d47c548113b15dd5d242f0a8879929d99ee27509562aac88c56b23d28df3d33379451ff2e33507a541cb36d839f8c0101389f590a

C:\Users\Admin\AppData\Local\Temp\reIAMUkE.bat

MD5 efde0baca3931e36edabf16ede20074e
SHA1 2bb335db29448f6dad81b501eae7dbd02f62a7b8
SHA256 7ff39de7a9ed11c207cdd61a4e0a511d093174298b578927ddf914e9f1a0362a
SHA512 92d2c7c8eab20a9c4ac4ecff0b0b3e093d2d5e3f4470686ddd7f829f97ce5e042a627a7457305a4f459d3daef88d80bb765fcd8130c3b11e75036ecb79189f3b

C:\Users\Admin\AppData\Local\Temp\jqUEokUM.bat

MD5 9f7103c58e1220f3b2f08174e380c6df
SHA1 fbbe00fc42cbe2668fd13883b1a6b98d82a183e2
SHA256 b9cf4b4f744993fc5937425ebc966702f7cc0c27b6ff41b9ced24392052ae2c3
SHA512 7d143338ad75d5c089606bc85e18662a1a7df3543990fc24ae258b3cb7399cf1b930da70a8b32095f757bc18114c29cc4232371d01ca8bab577490a5824dbc17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png.exe

MD5 a221c3ff6acae6d5eb680fb8c14062df
SHA1 e7717ab467e72a85d400f5d5dafe5f0848f96720
SHA256 800ca505b4fbce6ec7e65730f265d950db7ad036f2e35d7ece8bcb5786d5cb9a
SHA512 72b660608bf79f3ca68af1c087a7abde8112fc6b9c5565d73aa92828c5d9941129ab7f121b564c87bbc251949f8f5ae74a459a98562e091b0e79d74044d5e097

C:\Users\Admin\AppData\Local\Temp\EAkQ.exe

MD5 d7b7e5b83986a7bb3e80c2654f0b11d7
SHA1 5af0f6bd5c89966b72504b34f32f6a47053d3505
SHA256 a61a544f67c1c7bfe7accfdd2443ec24453bdca60523988eaffef01e1ffd1c13
SHA512 f1ac489bc822d3d199065335201eaa64ddc3f4464d07d93af431dbd7cdd3a5dfc9ff4bf3759599844125f60d3b7c9afe8bd36bf500b7a47a6d05a2d57819a23e

C:\Users\Admin\AppData\Local\Temp\ggcM.exe

MD5 a75d4ea47dac3622b82947e6510fd39d
SHA1 6e7219c5e0b1ed85601763f8aadacb3692fd238d
SHA256 cbaff38375ea7209cb3cd4cd5b1f53e409f6c609083eee802cf7bbc119e893c2
SHA512 ade021df3d93c75f7396a3b3b6c36ae3df793e698e8495acd5e22c4dbb75f40e407a06fa7ab5f90413ed92a82862d13abbefd0ee3ac138ff202a2a0f6f57493a

C:\Users\Admin\AppData\Local\Temp\iQYi.exe

MD5 d983a52006b44098011dea0adbc1bc12
SHA1 aa393b7635b0eb6e24ca384a73f3b5ccb7b37dc6
SHA256 f536339df3742a63de62eaae55390672a3730fbdea260b23d5afbabc65bde7a5
SHA512 ac3e9df41d576727e0480c6a1d185773c4b977c28046e252fbab0249ed8feace37bc6e5ec9e1c1fe790ae66471f26a70b7b6e87302842cb787a2126ec28592e5

C:\Users\Admin\AppData\Local\Temp\YsUs.exe

MD5 d94d95f1eceab7581b6bb28ed767a804
SHA1 2ac09196443d4edd566d7450639a539bc479df4e
SHA256 448a83957c2f409b772effa539fb3e12df237dd9c63aac0a5fe1415672a90e41
SHA512 21d6c66cd8536dd89c17fd66cad9215b49a02a79d02d186dde38d29c7d4a87273a7866f0c47cf9ae22e9d02874f27cc322502c3c507410a463be2d96edc24faa

C:\Users\Admin\AppData\Local\Temp\zqYkUksg.bat

MD5 b235d934dc318f91468bd21373dfea7d
SHA1 4da73dfaad5e2df3f9e77c069a9fe74d7f5396ee
SHA256 4e0ad1f3b79151078bcb877de1f8d5833bcb0bd54074ccde5600d26e78a31934
SHA512 de79b64ef4d12cf37663d118657e86f0b65e634ea56fbe43fb4051396d44f357dccce805e742b687c325d6ba944486252c2770caf07ada3941d5a85051f9b7bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png.exe

MD5 66bd799193e404af28371314f9cad54f
SHA1 f43a0525771afaa4eca7dbfc3e4675f4d494fe32
SHA256 cb1795751b9b6bcb43b53582628ea066e36415bde66a41f96eefd1eca86844cc
SHA512 86a10b3de809f6f41633ea1f4f239752731f660045ed7d2f5b99ea34b3db3363e84efb3a71d10f6a3c508bf021c53786bf71d948de598e2cc4d64b8b5d56f2e9

C:\Users\Admin\AppData\Local\Temp\qkUM.exe

MD5 3c4d53460f322f91bbcc542e3d240ae1
SHA1 0e777d480cb4af7844278ab8fb04dfb2ba294cda
SHA256 db62783834e853142897705088e6e0c93674a0fa92fd2807837d3c13f0ed81d8
SHA512 6dc7509009723f539e10b438e5fefe5e58397ba6da789ef619b55cd68112368217f765b0b483a110d162367ee188009972d8b2bcfc081cc8d9c47ea3c67f2002

C:\Users\Admin\AppData\Local\Temp\QQwW.exe

MD5 58f980e2d5a45e57bd36180b3e402db0
SHA1 1a6c13d450e9164ab66490ba3279b7f48baea468
SHA256 1802ee7f19fabe585a264a608f1a7ffe8b78f06b2a015821015324e4cf209fd0
SHA512 2b02ef35b6b2323f4481ec6aaa065d964f17abd4352938dcc7aa1ea65021209490956514287bc4ca1dc4edda2ead2bf9870a525e961e46fc3ecb185e8683a084

C:\Users\Admin\AppData\Local\Temp\GAEA.exe

MD5 08e7c9c25c750267ef314ea433696f92
SHA1 122b8f8157bc964bfed7fbd8798f6f8f149ae8db
SHA256 5510573f4380a36f314b9935b1d651177c517a024783a99d2554692c50d17215
SHA512 3cbceb2fb76ed3e61e96d8fa4ababe944f5a38eea0e3e2e4cbbab004a08bbe8a885c222231ec0d6ef2fa09e90f66a7e2f379222a9fe2a1db2db2ce86af45bc97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe

MD5 01fb60b511e6cc932238240ae31cd51a
SHA1 1fd66a049d53ddbb298d4de60b9da1d21bfc281d
SHA256 2bcca449e8e46bfbfc322a3c1a2ca12a8923c209bbbd62b29e79b88be54450dd
SHA512 ade4bdd0256a69c4cc96ad7b54cb3ed201fd4eb6b7447f8a55738d15be506f009681253c3d83c94af0b5812c631f106479eb3d7e6b403d5ac95b87db5a755f4f

C:\Users\Admin\AppData\Local\Temp\dQoEQoQI.bat

MD5 181e121c9bf9a67b855fa85b15f21534
SHA1 1d29cb53bb70414023dd4a9c503fd17f52ae1b47
SHA256 b393069e7a55728b81798e1e13ecdc2858bff42c4fdcc33c0fa333250e2cd5cc
SHA512 a2361722f05a3c08f2a459ca44dbdcfeb6b1fe841dfc66b05526bafaf6f729e8ebc6f2d8b6febb327dd3ecdc94b38619adcf813ea1db3f057655b49602eaf559

C:\Users\Admin\AppData\Local\Temp\wkYA.exe

MD5 98165609e5945d71a1c23021449d89c9
SHA1 9081939da95bb037ca87a555b7bcb3e330c31ab6
SHA256 18d7445304f74c6cc0f68064ccd4c85130aacfa42336ced4362593151e6e7595
SHA512 7de0b9959024bb02ed18587d9749ee29cc7bcbad3347d8d2ca3566d2ff5fe1b58526b12b05345e0677f3d09e259810d489ad14587fec5562e48a489ecc9d9acf

C:\Users\Admin\AppData\Local\Temp\owwm.exe

MD5 da5b6e18822fdf1f6ea29b94c1ce6f56
SHA1 7026c6bd1c9d69da6e441291b8ddbe5871f8bdad
SHA256 6609ee5be820f532c94d7222e021ddd4813af97497cbc5de29b3cfe5c409edd7
SHA512 93f1becf1c68650b4ae3da9bf5c51897a7596a0b440101e77a90e8d72303d99931d04f5cdebeafded817f1045da8740d3ff2cbf6e1ef225ac101e7f2a09b654e

C:\Users\Admin\AppData\Local\Temp\cskG.exe

MD5 15b166c1e3207c680f7909fcb6feba96
SHA1 dfcce2ea84cc777ba9734cb89e4bc679142655a5
SHA256 94ad1919990160ba542475fc4c75ef69da9271c16b0a186c20d9017bbe2e5071
SHA512 58f781e621701440ae141dbab9294ac0d5d89ea2ce48f26b27eb6c63e441c8c14f2c7513ca94831015db9f990f0ed6cc3f0a71c9b62b1511c51c2c6b5e16fc25

C:\Users\Admin\AppData\Local\Temp\OQEy.exe

MD5 7618acfcf0c8378d697d6cfb8809eeb5
SHA1 6c021f37dc32afdec8c2fcebc2a71f42c635bab4
SHA256 1e772a588a38ce8a94f59fdeeed465758494f43b18bfb9514290dfa6eed649c6
SHA512 a2354a3df469d915679744108e2b5cc8f255b6d0c7a559b3afcc88f3d4951ce61f0d93f6ea6d97ead9d9b024310eca5e96ddd0b2a133f9cb1336f33b4b0b77c2

C:\Users\Admin\AppData\Local\Temp\gocs.exe

MD5 4191fe073acaa82559ff6e5781ca02f3
SHA1 c7d3190bdc9bfabccace2f42c5122ad5b544c2cc
SHA256 c30f6c9cbe1ad51a2e649e9b8f7414468da033598a942c08736131ad852540f3
SHA512 656a017b10a6e07eafe19482204ab89786c96ae7f997792ab02505ebe8c96256c9686c11d1d3736cd681b313c08920b4d8862a8d180017c9d1ec9a3c81479810

C:\Users\Admin\AppData\Local\Temp\EIkgYwUo.bat

MD5 2d1a7a2bfc54b5697f94db8111f0a6ee
SHA1 5830ce543b7bde27f4385a65c62fb2887cbb129b
SHA256 cad631cbc1d06fa08c706dfda49db19689ebc5e55f0ededf5fb6144ba227e67a
SHA512 60965f0a4a50f002d686093a8a005e2dcfb071ae69038558337d248bf5ad6902a1cb766076dd61a500aa02bf11efc781a4f60857aca1f59491e26473aa001020

C:\Users\Admin\AppData\Local\Temp\yMYA.exe

MD5 f3d2873e2d8d2cb2ba5fd25f2ea8d323
SHA1 10f9a42964046465662d65062d341f6a53406575
SHA256 4eec48706fa71917edc5aee797dd78114734c43fae0f2b12e4e2d76af88c768b
SHA512 ada7c69f30afc3feab1cd1917ce8c50d6a58a665673896ba0f6799d70ea2043b7a3eca4911586e7f95f1e7a9fdc84c04988a976c0192b1c6f42658f5f85b42f6

C:\Users\Admin\AppData\Local\Temp\SYoQ.exe

MD5 b537235e3d63fc23a832267f81bae6e5
SHA1 21254da2288613a50d587ded5c893b52e3e9ec2a
SHA256 93646c6ba642695981028b49047167bb42fc03896dc8e884193efb1314a3c557
SHA512 d7fe976dbb813a5b2d5bea04b1a818134a0a468510c5c738563b66006f12d09f17d9093dcf708aefe4146bf73c01380ee9e9d3e25b3308948412a9142293e339

C:\Users\Admin\AppData\Local\Temp\kAkM.exe

MD5 28fdabe3467300e82e5699154dc0ad9a
SHA1 ceb97b4c42159368630c651423f3e875ccd52fce
SHA256 9f338c9acb9cae23f7b1828ce12ec856d1f80dccde134628ca01b9a9dbb81733
SHA512 24fd3767f8b6065d01d5f949a1686998bec492b3c7ab3e5ca832a6d775683bb61e0d501c034f0f2434f705f1bcda9f742082feadc22dd0f6828fa3f3a06b83e8

C:\Users\Admin\AppData\Local\Temp\YAck.exe

MD5 862b74a1f6756efa829147b923018f79
SHA1 e557541164203fd801392aaa4604f6e1170f7162
SHA256 281a6e6ff161708eed046a7964bc0064d2ce23ca1b421b81167abff095db120e
SHA512 4c8e509439b9766a24f300a98600458496db60acb48ab2c7fd0e7621d5e13c3793775228efa9e5dcca3503ea92d6cd259e921055ac399b2ad57f41b81e974d25

C:\Users\Admin\AppData\Local\Temp\MsQgowII.bat

MD5 f752df78232e4696d0b7d4f129a210b9
SHA1 fbb511e2070ef90d0a116400c9ad1f30c91a7df7
SHA256 ac0b7dd8a9712ce3ff9e5762820727d98a5a72a37f4897e4ca4039de8a25cc59
SHA512 231225bd6777f509a75a827a7067784a662e0638a17d5077419a3ad3c7136f1bfdc3cb3a770fac4a76e0b3aef68605a34b6281a7c3e64fdfc97a9c076f000c45

C:\Users\Admin\AppData\Local\Temp\uAko.exe

MD5 620142353a238c67bed5b0d09352fd41
SHA1 2c23bbd3864c06068aca9cbc50ee56c1063f5be1
SHA256 99359917dc73f3686467876c9afcce5927b3bcbc4c3137c7f7fa9838397c3947
SHA512 46131ebce0cf167fa2b2aaa0f854b208683126404b3dee37d7e96e1c27cf0d25dc7acb70fc76678b7900bd97a51949393a3d723c7b136b2c2ed60565f2566dd5

C:\Users\Admin\AppData\Local\Temp\AsMi.exe

MD5 6437004cc7ed245617dc3fc2c1d311c8
SHA1 b12c7a6e874d7af35c6fc74f8dbfd38cab1a0499
SHA256 109058698b0fa8885bc85ef9a417b1a85b788e8f90637e24d6c31112870e5bb3
SHA512 27432337b49a61d57959cb2f93618e5591ea42d3c1d53f9f16c94cd91abac1d1570bfc11f430b7baeec83a8485d63451e1374bee7c64f17fe0a1f9d7548391a4

C:\Users\Admin\AppData\Local\Temp\kwkU.exe

MD5 ee53fa3def33cfdbe62f7c7a49bda1f0
SHA1 2cb2853d3555884d06d94b8dfb11d60333ec70e2
SHA256 9cf6abe60b36c863281a2ef6898ffb836c9790db03dae7346d10de8e30958956
SHA512 a22d4a93bd1132bdb463a664002fae0fd2f14cb54d75a70024bc16e38ef47130a9b24571ac8f6c11dcfc32930f4c18c2def278f1148fa2b12fd7ca436af43891

C:\Users\Admin\AppData\Local\Temp\mYkk.exe

MD5 52f6d8050244885669c8dba427c9f578
SHA1 7c610667ea897c71fbded5e84fbe4af05edec876
SHA256 b4b6b33301b950cd0c452d0083488fa27d3dbe5aecbb8cb531e569cf65f6e2c2
SHA512 52aa74daa7b99d885a7046769edd02da249020a62b103239b1f5bd22c99f7dc3e818823d61eec723464e44fee3917cc9f1a35ced7ff1e89da7ccf35d14ce7d3d

C:\Users\Admin\AppData\Local\Temp\mkEW.exe

MD5 c32efee1e2b189c10762a2cad823f4ab
SHA1 f31539935d69afb9d8b7a6982af993c0a5a27acf
SHA256 9bbfcba4ffa1a001f6393cc1028dbdedfa91c2b6e3ba5080aa8c89f48fc99d88
SHA512 426903d2f706b8d040119a615efd513fb1de1ee015438bd147216a2f415add530bc48c4386b46bee3a84eca394511e2bc7ee6150f5419df7bda1172a76163960

C:\Users\Admin\AppData\Local\Temp\Mgwk.exe

MD5 1ce00477c79282fff85514fb3c6e6b2f
SHA1 4ebbadff74a74d0e6175a7340c8341ea09cc94aa
SHA256 eb9d8d649d1643b077d774d24067934531aa62396a00b9d429c4c3a50a8b79c0
SHA512 e8d8994a64c9b7e24b0fcf684d96023cbd0c54e5a4cf8bac763f755ec78a8d53ebacb38ae9e38a4314ad00435df6fac0f6553b35bc33bea22121818232bb7558

C:\Users\Admin\AppData\Local\Temp\mgUgwUgU.bat

MD5 bb967e93659854e237a81bc2358304dd
SHA1 9855bc4ee15d8f9d37bce4ef13a8c1332fa145a3
SHA256 3ab385dfdae408d3a9af10b0ba6689a9e0b4e5eb4a4cce8cef0619dd55c99e12
SHA512 4b1520a61cc72ef085b1ac89f274bc1ef44c1704ba5eff6384378ae00cd54e329a7979cae02964ed048dead902da9de259b178d62366b26ab9dedc3c6e5f83b9

C:\Users\Admin\AppData\Local\Temp\wEgi.exe

MD5 87fcddae6234f90a6dd9c4b84f2a1eef
SHA1 5b82ccdc53fbdd6220dcdb95478d6c0b8cc69a68
SHA256 528a588ffa1fcd89d3477d74256d1918c8c9af5878c9f9872e7ec18a5b22a1dd
SHA512 8d501896e8dfe8d3ac43713f16b268ce8887231b34ef8a8413de4c2bc13cd776f9c5959659b6031ef746a0cd8323027b891ad2b514f669ea35cf65e890df60c8

C:\Users\Admin\AppData\Local\Temp\Aoki.exe

MD5 57271148d05c845280455be96605556d
SHA1 f57177140662c9d0a76421502f68d9ad716bd890
SHA256 226d3cfe5b4e36c184765c5db4c0bf532f9e0d6809596b74dc16574673a49905
SHA512 c47ae96a351cb5613917b7228e4d257b7475090c4de443bf95d463378ce4f41e4a4e1d8b86a0c2dbe306bba641cc4ff801b9759732638973996ff9f302ae89d7

C:\Users\Admin\AppData\Local\Temp\GyIMsscY.bat

MD5 9dd270f3028a2eecd0a71206f8be7ce3
SHA1 a956a0411f84dcf8bbabc8f19b8b555761e86c6b
SHA256 b5e8a2deae26ae7b4e2da1797b465b988460143199150858dadd975e6f66a6ca
SHA512 75490843134e1c53b7ebf0021daec731e0ef25587376b90eb4a638a18c6a075996c57ca0009fb2139bdfbe3de64006595e7a5ab7cf75630203b469a94e051796

C:\Users\Admin\AppData\Local\Temp\oUYI.exe

MD5 2376b35276092d7cdc52445465f9c118
SHA1 4d9150d9f0f6d4950000880a45eaf766cdda8511
SHA256 8302e212ff62bc213f489a6e523aa39c945fbdd1903420e03627bcc4695ca57c
SHA512 39935925dc45f217f0d01ade5b6e4926216d4752bb50a10a2c9a22e5476d9c375fb1290ea415f336efe4b8872f8db01347cec85f9068bb2f57b207808a8bcfa2

C:\Users\Admin\Desktop\ConfirmApprove.rar.exe

MD5 3ac5668e3c8c5531b481203ef7776c41
SHA1 4471961f7a0e0adc3c4e9a573b0a73e9b58248cf
SHA256 cda748955fe2baa2bf6346dde9a4187feeba191771f0035d9c807932736d4048
SHA512 8626c870293e75b3da42c5d45e8ef89bad447239632e889b01853f41b7945e8b8255c85e1b1107d50393e28a4aa6beb38aaa9c41e0d34c986dcaabb207979192

C:\Users\Admin\AppData\Local\Temp\viwIIcIo.bat

MD5 6a27ff049c1ad2340d0ccfe869584fec
SHA1 d01c669afd71bd6f09d45f5c1215352041970584
SHA256 cbf1e0f7d383837204dd1cf2a492a416f18f95546b9fe3159204da4a95ea7851
SHA512 240066b727367181043d21c80bb98c774af0484b4c9f5e81bbb7aee195741a6935cea379504b21a1a6c34bd8ac3c0934e43dcdd064878a79d85075b5806f9766

C:\Users\Admin\AppData\Local\Temp\MEcs.exe

MD5 7bc9067ab929ebc81458f479e172557f
SHA1 4101af2962c393e47e64ff6837122a87e2d7eddd
SHA256 0ce73a69ef90629534a359dcee854d0d4a02ecb882bc97aa5ebb3521b7f54157
SHA512 91669b048e8bffc67e1d55450e7c711b89077420974d41b679a1d67166880e66e224d217e8bff3b2fb511d55165dd116da25f848829811d8136f086cbb0b8730

C:\Users\Admin\AppData\Local\Temp\kgMw.exe

MD5 594437d4954843179617f3e0647a4fe2
SHA1 01661e81155cad400728a31b0dfd215a62326eb3
SHA256 cf0eb58279959003be69efa71a12dc053a554e8bac594e62f9c0bbd7232eff6f
SHA512 9f8c102642545dac1b6c8bc2066a2cd004f7a2782ab426dc7995668a8dbe1bb87a842ea2bf8b8a7f9e059ffe01e2a95a14e5d6b8fd1de6a3141290eb6b169e20

C:\Users\Admin\AppData\Local\Temp\IAUy.exe

MD5 0dad42dbd93b98e4f23686c794283e2d
SHA1 3f1b48d4eef0d0d7009806e937698c206f8b5d61
SHA256 8a7cc280b1d00057702b349cad85a91627a1365fbf73474404b3fe59e7e7374f
SHA512 eb9aac8dd51039595ccefb579722797ab26c632b6a8526d3566029be0af99a2e7fb4593fb09e54ac5f98023739044f66aa5ac8d34e2b897a03b49640004424f9

C:\Users\Admin\AppData\Local\Temp\okEy.exe

MD5 50941ccd420516b71fef927821980856
SHA1 9a15b7a2195939b73a804fca119f40ec63c25641
SHA256 5cc251e84536a4ee12c11213b8204f278f25890abda6f773b78c82d6bfbc131f
SHA512 e5f96722e03696b098ebf716b0c053a4d1abbe8221174b5f1815d48cabdbc85c1879b8f713f5db07c10fa4f5394308dda70963d747df933daf39605507984718

C:\Users\Admin\AppData\Local\Temp\eggk.exe

MD5 d12172b486de67282c30291750c4d1db
SHA1 af0384cc7a9884721a66d21e20f78afd27d8d6ea
SHA256 116468b27766455d86d576d55d6f7b01a183d2a81a0c0a2adbae4199147c2edc
SHA512 8c39384419b2a208c6b6bd9d07b9511d250d800587e83872243b7dfb421738fc6825db0b70b12e5508ae7daf2d40b3d0841d9ce2ed68fe59e6d1c34863b363a4

C:\Users\Admin\AppData\Local\Temp\qYwK.exe

MD5 08baada01ed4a6592bcee8e43fcc3761
SHA1 9bc4a253d1c8eecb8ab23ae22dbf5617d499ba09
SHA256 98d19148609eb99a8b1f7a8c6b07864578a09ad1af7696414baf0a70844ad7bb
SHA512 ddfd071160d34aa52abd5b93d27f580b00f704f6aa44e69337c2684b6a8f32dd8664e4d80459ded7ed71aa74884c279fba1e561228cc0f645b0e84fbb0b712d5

C:\Users\Admin\AppData\Local\Temp\YcAS.exe

MD5 d0e8caac756ad4be589a76400fde4ed7
SHA1 d19a49fc63749106b6033cbbdf9fbbcfc32839ff
SHA256 084a56934a436d7865e5bb03ab0db92a02e25518c639c30e6422d3c73cebe43a
SHA512 d290ce24a55e12aca0810ec804ff4afb9ddcfa54f6a63adada7247199530ed14cc7293545a772cc1be4540b76d2b5b621c1c1cc77646df3d41f83e6352de9e13

C:\Users\Admin\AppData\Local\Temp\Ruokcsck.bat

MD5 b396dc5969eb9fafcbf102f33f44c04d
SHA1 7e9a5a106089986d49d5850e803f4609845fa9ec
SHA256 b41b8c53d39ed1e64dc10fca0be603c507a40ce1ba6f0b4655075a0fa3bcb7e4
SHA512 8f074040bdaa1e8916ae18d436ec7edc1e00cc386f195d56342a4eb9946dfa835c4d3b4886667867ba153efd0f5a95d80fbb6e2221ad3f85b9350b5d906cbfe3

C:\Users\Admin\AppData\Local\Temp\ygUq.exe

MD5 625b2854c0d14395af58af873db27f37
SHA1 bb9a1564d10045876758937f3bee9cff65e5b90e
SHA256 99820609634e2fd2aadb70225b079c8bc6166bf7a83498087d3de2326beec8b9
SHA512 ab0c47c37b15d4cb005036d3af51b9e36d8a8c3dd46418c3b801320c4cbed6a2ee0ef53452d928b9aac8dd856a91de1f1665c14a0d5f6749b7346baf3aef2352

C:\Users\Admin\AppData\Local\Temp\kYoa.exe

MD5 73e7506ca8cca5fc38c2f9d6cc132cff
SHA1 e2ebf47a282da064ca698acc6d137c45830d68c2
SHA256 ebc67e84767db6dab230546860884b614bb119916ca50c2bfc2a646e4ab2a2e1
SHA512 2c126632a46734be4d02439789809330f36b956a111e985e895bd0f86382252500c56abdd528bb513ae9dc2e4bb4f5051ac3323847c0f41fa87b41181cb72543

C:\Users\Admin\AppData\Local\Temp\CYMO.exe

MD5 440ae18d80b8f7d465125f0f1c176610
SHA1 95482f4904dfc2c33392e598d1946fc0690968df
SHA256 f27a30f9fd7e41524112501e7d611c3d3ce80430efa7ba1b2178d7cc45694486
SHA512 ab1a04bc2fb45f4cfd2182fe2e2a1f9d8a94dc8538a444d059dd0b4ac5af6ec0a1c715e49de5203aac01f9446b432c2e3e534b75d6e93018112b3b27618a30d2

C:\Users\Admin\AppData\Local\Temp\aoYW.exe

MD5 de4e5e8c97570fa9126c0be0197826dd
SHA1 47c2d989e6c012436bba254ff1a61b4422a98344
SHA256 ac214292bc7dd9329ec48c90f1e30bde88ea9fae69ea856dc3fba422f110dd1c
SHA512 43d0d83f2873d2074f1f1d5fab569524b4afdb07f4e9f3b3e83fd443a20ee1c37fd7b9e5102bd86b6649b72e542dcfb0f157cd5e18889a09f5fde4478f23ea02

C:\Users\Admin\AppData\Local\Temp\SkUe.exe

MD5 336fd884f0bba108fa8e669c199b4f63
SHA1 9a3736134d31737e7f08b8e48ab4ee58aedc67c5
SHA256 611048f62d5f9b6d53cbdc943fdef5c7b512d89a246edbac1f711ef33d4be81e
SHA512 035ad295147d1c62755d73552a9527524a74c00a846057c23f1bf1bdf57ca3cf8cdc0fe2ac88fb600de202dee4935d1ac53f75e246938d72d0a6ee88e3888a87

C:\Users\Admin\AppData\Local\Temp\TUMwEUcw.bat

MD5 1db2c017ccafae3d4a2331e8bc3c55b4
SHA1 d3054d2641d2563620513c08d55ec6ec83ba921b
SHA256 7c13c5a5d27bcf0d358a6c869c39430f4219cb0bfac16132934132bf237dd342
SHA512 74539f1faf6e8cbb1f455add44d3c7d6b2bf083ea6919d3fcca2636d7704927456964ee36c74ffa7da3a6580aaa065d9180bc36fe9e9b774c29fcea431fa0819

C:\Users\Admin\AppData\Local\Temp\skcM.exe

MD5 e0fbb92b31bf489af6b279fc897ed222
SHA1 450c424e526fb2d19826cf5b30e87c8e613e2049
SHA256 cb84084e5f0f11cb671bde29ab83105a8975ce78fb95fde37a4e759b2a9c4db2
SHA512 b4de3e2811de580c7c5b812d11c43af63b7dc3cbeef5a41269057dbd6e9b19d2345fca166e04c4041549bd63147f8a8b6975034488f64e3c5a636fb8322fd920

C:\Users\Admin\AppData\Local\Temp\QsgS.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\EsQg.exe

MD5 9a698e30f4140e268b06359c5882a61f
SHA1 b9e691dd0c0622511f082bfb435f2769d3f90928
SHA256 2d931c41504ffa07385a9a7d4c9285de065fb00502a2a012e454c6f4c8a4bed2
SHA512 7b54e58aee526dbeaeed950f4b3ace0905ba9fbe0b100b28903ca3f0109c15d1e926680851f844b3b488f4e4892dfe9f5f4228d2b35d4ae8f75eb76a93464126

C:\Users\Admin\AppData\Local\Temp\wQUG.ico

MD5 5647ff3b5b2783a651f5b591c0405149
SHA1 4af7969d82a8e97cf4e358fa791730892efe952b
SHA256 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db
SHA512 cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

C:\Users\Admin\AppData\Local\Temp\cMAe.exe

MD5 88f19bc3e9a82fade0ea6acac622dce0
SHA1 c7ba37747f9d0829ff654e7c6b15df8c41b71d4c
SHA256 32521168ca609873e59d5c1940a81c1f49cef54ccde9e9e1beb6cc7a2877f47b
SHA512 fa73d80dc798a6f3b61a2e8f254619daf277f63de7a094570d086503825b721a830b946876af9a51ed7ff867f0240fd141474114f2992f08536e7e1686a6fcae

C:\Users\Admin\Pictures\UndoRestore.jpg.exe

MD5 1adfb4f3de4ca9fa19ae9d63fb6f1469
SHA1 e68a94190df83dda8d2a9faeda868f1a81fea00f
SHA256 63bb244cc537a588b72810aadcbeb6a0f908bd1e7f3d3efda37e95e170a2ffa2
SHA512 2dd29766f8daf59ee3e97f8ec8ff3f7b20361d27da5133b14aa509c8892da6a1129182ade87fe81ba7eb401898f604a154725540dbabd48dd7312e9690549cfa

C:\Users\Admin\AppData\Local\Temp\teUMsEEY.bat

MD5 fda8aaa445c1e0fea23cba3a55a6b8a9
SHA1 7f904c0534094b12d5c07ffe1689b7205f8f33ba
SHA256 d67f8e152285b27d5519f7ff300b4932c8e1782755aefd86f184a4d9d2510e8a
SHA512 868e05440f25d202faa3b1f4bb8d96058e95a6c4db692129bf255d791083b781c0713887c40f66e28915d5d89bc5a44f319e2fbdd7bb12802de6a188cfcacc23

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 8e747469e76cb962bd29c0fa6bcb1125
SHA1 abca065eae925c5728589018a5a911043d871e38
SHA256 b73f72940895008c7ef060f4e4dc5439dff6b3211ff8ec89b2795172b215a1fd
SHA512 c7420b379847e037efce8afa65bba405186e9e1895e086459ddfbd96eb39a1616e9962f2e84ab9987528f5bf93200907abfc8154baf1c002f4c7dfda47d82c52

C:\Users\Admin\AppData\Local\Temp\woou.exe

MD5 5bd495b02a564653d4cf20920b998a1b
SHA1 c85e2427b1a4f8e22dfe4ed72769034fb1c42c49
SHA256 1f8692142bd64cfd13f96cf12e756ace1ec8d475042563c8929e9a1ac293fd77
SHA512 7748e6714899c8bd193b2e5604e37aa2d0eea514fcb243766789c20fc1812a63a961f0fcf05db1ad4f842c5ce5faee2a40bdb6ceef9b6eb2352d4fd55c853028

C:\Users\Admin\AppData\Local\Temp\gyIoUQYU.bat

MD5 b47c61850ef4928f3f56bd09db0e5394
SHA1 4344d7923bfe372199c9a75fcd4aa0097ffba7dd
SHA256 d6d3c16b0c9c4bab175d94cab04c9880c89dc333ae394ba83cc4cab9a98b12d9
SHA512 6b4472fc5a174cbebba9708a79594e4e06b6856b074ef7a6ef6ec65ec7056d0ea710ae5805596cfa2b7f17aef75e7b4692e525866d0f1690b6b5074f6a79094f

C:\Users\Admin\AppData\Local\Temp\cogo.exe

MD5 4e95a8d73f3e8675ed7eef047d4af71c
SHA1 8ac774cbfff71512c086ac40457b7825eacac460
SHA256 3931da554abcf0e95f93f6bd17dc72eecce3083b54f5f48ef8a8b4bed898796a
SHA512 b8bf8d34045eaf79316af38e7618c5d587c6091f5598d4b2a5f3ed76e2c059036f250366fdf21b053288ddb7512dea75aa8b78009f9cd968e91323d6a992c630

C:\Users\Admin\AppData\Local\Temp\eYQC.exe

MD5 cab29d089d1917acf241a53831f675ee
SHA1 f9a1226274ca08b2efc692f84e22f5b4c1bf062e
SHA256 2aba7c851a954de5ae1cb90da0a3356d5833894eedaf56065a095d09db4564aa
SHA512 8bb885d2a6386cc8dae4008c7460be588ffb5d0b4cf41bed565c0f26be092fd99432b3be94ed90688397663937ab074c0c522d89a774a131e7f59d115e39e1ca

C:\Users\Admin\AppData\Local\Temp\wkcsIoQg.bat

MD5 c1fdb4825c9e42a14bbfeb234725dca5
SHA1 6b9dd1122a4bf3e2a9f5b9be9c04a16d7218d232
SHA256 6a7dcafe996d3107a8a5c2a4da59698c9064baf3a188616a5dc15323222573c2
SHA512 7c81d974238c85e10b4d8e79a4e76e5da55bac511d3fa351c0f49be6a9c0de6bab3e2e63634595c9882ed7142053b9ec90bbbe4ee3f05f2d207f1db725e702be

C:\Users\Admin\AppData\Local\Temp\ewQe.exe

MD5 6dd3d21cd32fe1c70fe8a22521c899fd
SHA1 4701307d2f1b0ee0d2668355ce8f2ae9e1e9d9b2
SHA256 d75acb01932f32ad7c6d77c9dca9efc2219afec1a5bbceff90c99edb21a1378d
SHA512 d3c61b62b8a436fcd1fc2ec28ff51bb570c12d7c33fe61da80dcc1922a11da3daa28dde0a5a6229e0a05adcd5cb16f6fa76789af131018ac8c0e55183dd3d27b

C:\Users\Admin\AppData\Local\Temp\kAAe.exe

MD5 44422fe868a143ac200461a9c327f5ed
SHA1 13473d201f3d4433c5e8d104a3adcde395ee8c23
SHA256 cfcf407c31dc3efa229f1bc6374407f77f4d05c928c1d49aa73dbb0897ce51ab
SHA512 81b7d5744f4366ffc0fc7f532f44851dd1dea2b319af40d46787021205781b194ee6b3e8b3f1dfe78b0cd34279afe2392ee119a359c276d2f74075969b295e68

C:\Users\Admin\AppData\Local\Temp\CYYa.exe

MD5 9bfe35a42436562cf0a5dde20651ea61
SHA1 52e12133282c570f66baa3be7fae0b055591a28f
SHA256 fb8b9ed741c3139731963edee706afce2f2f31b69798d3940c116627528e738a
SHA512 e24a98e5c0c9ca8b400d802d789049d031c0c442d3fc022fdda679d846c1ab6d66ae3ee28603962129073d1c97a23649c3862f5eb920a8decdaef8ef012bd11a

C:\Users\Admin\AppData\Local\Temp\igIYwkcc.bat

MD5 a492d6dfaf27296411e11b484d737da4
SHA1 59b9ea90499a98e0855a21cc57d4ad8413b140b4
SHA256 35bbb152fd91bb33c4fc02b4333c281927940c9b03560389217ad2c1294fa39d
SHA512 e05433c0009c79d81fbca00460cafe9ed51b01e8cf9e0c254a73dd0e1f6c4fd3f16cf1a53fdccc645e6b0abe6f21a7b9bea57fcc085d8aa9a67b573949b33680

C:\Users\Admin\AppData\Local\Temp\SgsS.exe

MD5 44815bfa9292c30d15609073c38c3533
SHA1 73be231466b4af9f7a0c88432fb012e92ffb57b7
SHA256 4044d36f7b4286876d9874ac30b27ff4427e76539a541a584f6e093703bb2b4e
SHA512 a1765e491cdaf1bdaf5d654067f2525181a028cdb6905b3c66a6ccb59930de4be0e1b4ddc14e1d9657bd411924094dc141add66dcf1378b21a7c0bdadc2ded38

C:\Users\Admin\AppData\Local\Temp\IAsG.exe

MD5 5eb7ae51b86e587bf1670444c5f3e65b
SHA1 bc6a230bbccb806b8dba8ba987aae17a7ac227aa
SHA256 1f2fcef0db66f31a371d308912c4ecec4b0c5cc6fb30558efbd0f5b9588c96f1
SHA512 31efa434e9539841ec4c3b19f9691ec60f6715ea7f53a18468bb06e75e8170dfad598a900f247ec14a42dc5b611b956b414a1bd93ffaa6ea864f66a9339d6e85

C:\Users\Admin\AppData\Local\Temp\OYMs.exe

MD5 a0a245f5cd90496441d1558f2f71b5c8
SHA1 3fefa87747b52d212cb3cdd4a66359ea583bb196
SHA256 db0c556ba272e63e05561b221b9c42968a3b32363a9323c432338bf46ae02073
SHA512 719af25ec87c364997851c811057b4cb172ae1e33e4cca0626908ea6c14577f2d82aeac741a2042bd968ffca27c925cfab9ccd4ff0d937b379a0a681eccff8d1

C:\Users\Admin\AppData\Local\Temp\soQk.exe

MD5 602bc3451088de575effa01377466624
SHA1 68165ed2814b3761dc13fcf4ad43c679969609bd
SHA256 9662a1252ca8c8c3b3954832e7560237e04b834faa59dd9cdad6161795e7fd6d
SHA512 f3b9e057efeefe11904ca8055e7742d568362d18f5c6fdb4c61066639326fa65a376c4b70934bae9623be3a6eabca1c257ffcbc662145d4425771492d4e2c25f

C:\Users\Admin\AppData\Local\Temp\UioQAsMc.bat

MD5 4120aea4d9a7776ee313318d0d66f21d
SHA1 0366ef83592c1176a9190e535e029afe0e11b944
SHA256 128d59a1f87b3fab4422f927d9a6cb2f07fbcb9f35ca8bf26d17929ce9052922
SHA512 bd3e765d16f147990a707e69b7185f89122dea226d9817b5960b7869a44b366cfbbaa9a4f0a86c2e5ac627eba3e3b8f10641a56b3af03ec7cf391354707b1ff4

C:\Users\Admin\AppData\Local\Temp\ywMs.exe

MD5 f01b537bbfc6e8b4b3b995b6448415d7
SHA1 bad838611932cc5fe0863de1bcb45b34a4192843
SHA256 956f3fddeabe902592787df4611813168c22e518f3349061d909db317915a061
SHA512 25376bf783dee687f1d848678e9d1bdd436ad45628a82862833412a1a1215706a6abf1a78575960641d31683fc7b2a76e5e02d110544cb71603e434bc4030be5

C:\Users\Admin\AppData\Local\Temp\SkAU.exe

MD5 92fce1d2207fb37234df2ab3669a5b0b
SHA1 6d1ace399b727ba2bc9cdf1e67fce46795236124
SHA256 aafdab12b8e7865027125b04ec56d1c2c35ea353f08e3e73e088b88a4c45fae5
SHA512 09a0e2f293e562e6cb7f7d79c60fe2fcd7e0c23ff92c80ab0c8e3cce79ad5c6be03a081fb21ecce6558354d5031ad2429d618b28ad9ef1dde7e9dae155718a25

C:\Users\Admin\AppData\Local\Temp\kEEg.exe

MD5 6344387589e1fbb68ac0df77ed4e017b
SHA1 61042405682d94fbd82551538119e1d334a21741
SHA256 42bbb8b1ebb4bd165767db3d98be501e2391f63b52c8407100dadd1d88d5e106
SHA512 d0a4f1aec49958a8c72847de687b051b2852667ab85a72d5a9c65905a69708cafaf90d1270a931e9b979a018ce6bbbda6e9c5f91bbf117aa95e9ec7ab82da834

C:\Users\Admin\AppData\Local\Temp\zOwcUgcg.bat

MD5 b1ee79d5a4d11afb9ecefd1e1f51bf8b
SHA1 35530c7dd4e15af579bab6f127f4f679abfd56a7
SHA256 1ed1e5ae36e1f225aa1762ec066ca28d6d3af4f9cdd196fb122928720dbe5f7b
SHA512 5a5b400b0a33402a8083102c2a6c7e9ad29d58d65ac2c427116656cf4b59db3f987414c328183e8d5cd6a2174b87c16bef89b0baf63bf5e2179650b19aa0222e

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe

MD5 b6d5a4b1b8c4cc07265f27757dc32994
SHA1 3a2668bcbaf9473827552794395f3cd43a3a7a2a
SHA256 3b990addff4440dbc7cc89be0a46afd9308f6fb329fe7f668e5c94056367b678
SHA512 90b32da25d4f6f788f509f5db6820546d61bf97ceb06e595e8ddc0285cbed0c778127f0bf7098ed0edfcd24dc6a631629dbeb9a39e4c6182a16f961da673cd14

C:\Users\Admin\AppData\Local\Temp\AwAY.exe

MD5 3a481d2ec20a38fee1bc03c0feafe071
SHA1 d7c88b7a805729d54a70184ce6643640c8b77fc9
SHA256 4a089bdf5deb1703d2b4acc055e0804244243912ef38ae6dcc55e3ca4e45a490
SHA512 6f9af06a30ac3007d873b42817ba061ce3740aba18ed0202de813bc14fb313f25d98ca6f32e74a48b681959179b2b1463396f197b3cc19f0fc5f91e63fb8023b

C:\Users\Admin\AppData\Local\Temp\QoAA.exe

MD5 e6ea3d5880089f409f24e5cf75cab7ec
SHA1 06256d28d30a03c79e7d110f61cb11c7d764c92d
SHA256 e9d508478da8d36d1278a65b1d9c34acfe755afbd372946fe1d0c2778b84b707
SHA512 9bf0df135e123e06fbb7691340343317711646fd9771e4e6848170ceb3172be085e4e928f5f93476b306fefb1da7523cba420d04ba6ffca1ba220f2b912d4c8e

C:\Users\Admin\AppData\Local\Temp\qEMQ.exe

MD5 21a8264371a64609c96c64920a211fbc
SHA1 5c0c21591788cc6795119faf5d8f06d23e29400e
SHA256 67fa56abbf9b9d9bd9456943ef712c5f5539156543c4116c5c0ea7fb4d24a777
SHA512 a30e7230b3edcfe26853cee0840e8b6a6a94a269cfbe61de1b43c1d01273e6ef7e7763d056a8ddc59fdb31094bd71a1eeefa99682419fe9b68a10d877221395b

C:\Users\Admin\AppData\Local\Temp\DuYMgEkI.bat

MD5 44300490f33a2c337836cad6ac69bf9b
SHA1 29e5bdba387c1d23ed4594a9c478a85b223373a5
SHA256 c6ae5317a36a57f1c6943138c3ee36e123b00d2e9c0e050881b5c118f3437c0d
SHA512 f1d0e7d3676b99a02283a4e866e4a21f2a40fdd3c36ac4060c5e768a2eefd83e02a387fdffad4a019058724e0981d74ffacd286f74449bf343709b79388b6719

C:\Users\Admin\AppData\Local\Temp\sgEk.exe

MD5 deef978c2fa8416b13f5ca754e2c7d1b
SHA1 b25caebca0e5ce3b994e5f24f7e9b035bd4e026f
SHA256 ed85a346b9318b851b02852a777fac2940e4f922686f03fdf31027f915879f3d
SHA512 5bfa83e955088dfd4cf014fd6233828e220de2a8bbc0ca101e60be8677d540b19cdd4bf8615aabe61a04fec31df94d9148c85466403f3064f3c16d1d1a41ecc1

C:\Users\Admin\AppData\Local\Temp\MwIM.exe

MD5 c016a8ce39fe22ef285068e48af16370
SHA1 86bf80cc3b315b49e24b8449d18f99db48af1aae
SHA256 159455488fc94592ca68c402ff36a14d8294d919b248c5a5770487aa3efe4367
SHA512 76448fbd5d336f8bededd31f9c23156a23cb162a9d87166b5c679f6fe1d6a27a8d39ff513e5babb04de0e39012d6e1396646c581aca3624f4a3d165a22f3395d

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe

MD5 1c9e72ef5fcd01555ef2710f4a406068
SHA1 66c57ba45334a8f2e4bcb898d82424d7ea7bc779
SHA256 f4369e7186bf6b876a9315dbdc7549331dedf0eab0010176e22428edc3ad18b3
SHA512 ab3a7dff9144f95a910961420f3e3f329badfc531efeb89242bb6e70b2c5911f7da8a9efa4377860470df38efa7a6d8a693349db88566aee752b6d0fd05e012c

C:\Users\Admin\AppData\Local\Temp\LswocksI.bat

MD5 1042af4effc12c50f83d24fdca6f02a4
SHA1 613ad6f55569a2422bfa90a13e0a394e05b2544d
SHA256 38e4553f7c37a2584e03400064728e0307a147272f58db65bf7b1baeb1aca87d
SHA512 d1a1304134ff599d7bbbd42eb8de7f0d0767432c6b8dd469b7482b17a3a0499c6bb12ddd09747b4245f142551f7d7681a39728787ada2b7f6046b30c91a35bdb

C:\Users\Admin\AppData\Local\Temp\iIsk.exe

MD5 1deafa6c271be9927edbdc30ed3833e9
SHA1 ceca76aa4567d56aadaa51eb176938815e6f927b
SHA256 b50495a29707f3bee0a74aa5d7fb68b86f9dbab3a27e95ccba878803abe10f5e
SHA512 044f066e3e683feca4a41e86e73fc1b9387901370cb0e1266a3665207c5c61435b9f507723825bc406f1f1bbf1ff2b3e58134484ee4a6b4154017f5b024fc88c

C:\Users\Admin\AppData\Local\Temp\OAsi.exe

MD5 677b49abaf98458f6e3aa5330b6ee765
SHA1 791d08922fdb99e601f39d6fdaef3d2f6dbab05c
SHA256 f9a9bc723e7e611d24ac5c607a545575f289b2418b383472d8e4885d068c7306
SHA512 e91028c0d3f2b7e30e87a9574667b56b702578c8315a94f017287481f416105b8965f9d90765fe6e189a8a2898b9a5b6b0e903809b53878e630a889491091ca8

C:\Users\Admin\AppData\Local\Temp\eEYq.exe

MD5 71da2b965cf69ccc7e9ce488650f0802
SHA1 73a7ab0dc6b51250e56db28bd76f1d4b457b1313
SHA256 13d1f5c467cbd30e275c1b959f59e11fc95a77b5507aa8a15075766779eed759
SHA512 77acfc415c451cc8b92a37ba2284a86618859a799ea3dad6ccf00fa8cb67981169bf65e312a7d0f2a58b0f6b3aa4fc6e71d09839eb77e1bdd22dfb7428333d5f

C:\Users\Admin\AppData\Local\Temp\AccY.exe

MD5 0893bf7fb763356b1f2b8c2e1d18b162
SHA1 3fb8e43fec4027904edc8cc25651543b5a2392d2
SHA256 6753d6d17a23fecc8ff23cdc6915d584bcc315556a8c7c0f46c585b2da4fdc71
SHA512 492443896cada12ea673599b42def18a2cc7b1350371fbdf449b33ef9737ac3d908a67bb1d8cd8be935a24922e25d7459e01824c4d4d1cab8a9647b4ffec29c7

C:\Users\Admin\AppData\Local\Temp\zAwgYoIc.bat

MD5 52ea8752d7cd38c90453913bfd5405ec
SHA1 5ff441eba092333e2ca461727887a4d2be126c4c
SHA256 85867167f844b40a425c9a70e7337921072f89cdb7f58b40c7d64526d9c96b0e
SHA512 27f00789040ecf9e23ea48ede47d6dd354632afb8694cb738529cfcc9dd8dc1eaf44209d75758d70b560de30cdd7db91abc20318ca4c63405e52d06fe165ac5b

C:\Users\Admin\AppData\Local\Temp\yoYG.exe

MD5 3af910083bf5d1011b0158651e75a54a
SHA1 e223c7520ecc35bbf62e4f382a145e38fd73d317
SHA256 c3ff94e7205adb752e82587fe0f9b9d7eb4cbea098a4fc85eb84b8453c6bafde
SHA512 99afa54967f9a31cd636dc5051f1b9a9277e8d7c56e6a94c64354a37d176351c4d85781fb8c89b06ba2d7ade778e5be6d5f64ac6d7fe06c85bb4dce8893e8f7a

C:\Users\Admin\AppData\Local\Temp\CgYA.exe

MD5 aa8287281eb8b408fb7a5019266bfd1a
SHA1 063f879ebdc02ad439007404283e7c6fc3b9713f
SHA256 b09c29dac37adf46c6c3ccc1458687fdf01e9d5c3e517a87a362c9aa835941b7
SHA512 3dcd1bc7eaf902d51f3fa9c917bd048c1edf2149493923ad894da4237e83c691886218e7e98c4cfaab10d0c4b8a7b8b2abf345ca08473cbaf94880821a3e63ec

C:\Users\Admin\AppData\Local\Temp\qwEc.exe

MD5 e304d03530c3784e660278555e14cedd
SHA1 9a0e768b5a75cc6063a898e50b1194aa909fb93b
SHA256 4737e6074d882f1aa672e3ceef369aa6f241507e71daaa6a984524448d6df849
SHA512 bdce6848a4fc8e30ca7493019ad60a5eaf5495acea2fef500527b718d5060dc5e388ada9309435f4bafe180bbdb9739bfa816bd20b14cc37d5df1bcb693dc50f

C:\Users\Admin\AppData\Local\Temp\iigcUscA.bat

MD5 9b200c78c603d0ff1e83a92afbc8da6c
SHA1 3e65f0ffd7312701a9aa465ea2a767b2d563ae95
SHA256 fc8d7e57b7b4e4b936c243a18b38a4b2d695eb6cf6692844e6ab8627b550dced
SHA512 c37a2c82c74e5ae9bb08a0d4d443b750ef0b87f35a6850f2484dd84b3fa5ac2a1ee62caff008d75312ac51d9ed2549698b922c0615b3d4ad3d70aa8648507a20

C:\Users\Admin\AppData\Local\Temp\oAAi.exe

MD5 10e348bd18c6e72921ae7e96ab650ea3
SHA1 eb60efe18c80727cdf8b0ef88eacaadabf7b315f
SHA256 910c5b3e7a6057116eb3583383c44a39ac982fe16734ec6ef6d38b0d64727461
SHA512 3247d0b788f98587262b6bac4633910bf28a5d63028d9df3289acff101b73725fdf3bca3889c3758aa73f00a0a68913dd23d42ab10b91f5c81b13fe7c34dd8d8

C:\Users\Admin\AppData\Local\Temp\aosy.exe

MD5 a33dc2c43d91ad9ecb7ca91c8dde67e1
SHA1 a65024fe3ffb5a4b582c324b0bff3c902158895b
SHA256 61061e99f7ea0531e9b0a560852997cda713092f07fbbdea2271447313e4be21
SHA512 78314ee9b52b6f5731e3227a65183cdad7f761c6c77ca3dc9bd308dbb757f284ca796a5595e05560b953493e310291e59d0a0bf26e50e46da49b1a30fb8ef1e3

C:\Users\Admin\AppData\Local\Temp\sAIQ.exe

MD5 f061039df9fcbcece231d87ef083c3ca
SHA1 d31376b08a25cdf7d636dff611c3b89fd9c69e62
SHA256 5774920ca8130370ea2c977302eb936adf1c1bd0ede838164ff5271cc6781956
SHA512 0269a8cfbf44950e2387b6eb8d92afad7336415ef1ee691b813a9e8b7d78e7ad6e5792f5bbd94a05d8960fcdc9bb4beaf1dc4266d610303564669a14de10cddd

C:\Users\Admin\AppData\Local\Temp\Mgog.exe

MD5 0af6f60f85231a13b671b04fdcd98da4
SHA1 1c760aec8e4e3d007ab84e9df743dfb32f90db75
SHA256 1fb5c8b42bdb4a4ade7ef51a9f921ea1c0c734c68b055976160728d2bf1611e6
SHA512 b82dc7b351c2850648762d0508fd6ce9cc546919a99d9fd40376f4634cb535bd8b899da7befa48d0371512875d76a28845c7de82a8df98c7dd1e729e92594650

C:\Users\Admin\AppData\Local\Temp\GasgUsEY.bat

MD5 fe3fadde8be8d4a53fd25c828b5897ca
SHA1 98c2f15a541bd69f52e2f5a4cfae3dea291080a3
SHA256 61fe20af43c953cef000e418126ed118b8f90f000f449f504422a8a065978bc8
SHA512 1015d9ffc0d91ee4a82a1498a01e51532168cf7f7d0ee749d1b742aa58a5b4a7c5ebd2a9be0ea06223546ac81884851fb5b2bd5c7d224598c781c87e9b45742b

C:\Users\Admin\AppData\Local\Temp\OMca.exe

MD5 0b59005270a2486d1e0d147b04549f60
SHA1 0a7ab3e04fdf8ee8c8f05d90068c1bc28e603876
SHA256 83bf1995482c5efba0da063ef2426b82cbda0a521afeef3195f90f7488cd61a8
SHA512 c3a0ca1c8d26b033ee4f04e7a50315619c0e707f5c81dfbb550dd0faf01b60191073fe49491e89d84a9f4c82e61164b45a19458f3d906806571cc54de6be8fc8

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe

MD5 56caa274aba771f44c123b84a82eed32
SHA1 2b3bfc319e7091ca31941fcaeffe1b3d770d69e6
SHA256 03da74c63e52ff76ee16c2a6d789bf669c457cb66ac869a8ec56e39c43a6c8e4
SHA512 3e099c091306fbede14e63a3436cdd5d4b5b1e3edd32a39a2d49eea8999445e267599eb52be90447a76e0b97bf2a18c122226ab0f502f47b557870de1a238744

C:\Users\Admin\AppData\Local\Temp\GwwcIQQw.bat

MD5 c72db898029a25324e082de0fd02c616
SHA1 8520c3573343bb177677bf1f8332879cb65de2fa
SHA256 1a5b2d74dc384a792698e5e930e8b671cfbcec9c933f4c08564ad2586d7731d6
SHA512 a180e23c7c3987aefc42f2797a566efed47a0a912c1b7ea7809acc52681d598461e02d2d3c867a9461617d37157294c463aae85b4e6b4eeb0a6c36a783d9bf3b

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe

MD5 fa4c163bed9cb495a6809eee7be53995
SHA1 b9519ac604e0691d4649b3f0df61848be4f0a659
SHA256 c39ef00285af044dd451a58debc03ba9765a603e73b785e1cec0f2b546a3a66e
SHA512 014cf84ffbdba7a824b6dc0e149582903b4cbc6c52bb20377a3c0e00a586588ce828c372559c83b81d729728d50d6ecdb7638668ea43238c9aa7c2546e15534e

C:\Users\Admin\AppData\Local\Temp\YAcQ.exe

MD5 4e67078eb03819f067113c191260bb48
SHA1 ada1ed6abd4414e2dd9c21cffc544f14bb99ae73
SHA256 f5c1a11e7749cbef0acd25c7df6b6ba304bcfce5e7600463c20fb24d365222cd
SHA512 7c5bf8b1ff205d92f4536e51dd6ee16fe981ebbcf9ff17d48043369ba139ad6d7077eb02591ed390cd913f74a82adbca66005aa57a453c079509625f1d8644aa

C:\Users\Admin\AppData\Local\Temp\OecYMwMg.bat

MD5 db58823962cc86be547ab73ba1915d83
SHA1 ce99e5700522dff12b5fbb57f2c2bc7584b41ce4
SHA256 e5c4362699ff8a312044c5419e63e7a0c517c5aa57d14fe220df4bfc223a7184
SHA512 b345f33e3e2880a83292cc5b9f0e65171e4b060284638de6a6912da09d3191e181fd684f6cd896bcc6fec4311014d5641dcc17a6da41ef0d4b8aae7103ba620f

C:\Users\Admin\AppData\Local\Temp\aUMw.exe

MD5 5c444214ad9aa87cfa63f9ed75858a13
SHA1 1c678fa47d8a471e4e33f4186b64ced8fe1e3e16
SHA256 11c21d309ec860f5df6c63724cf74c02ac1593ae37558bc7b3e91c92330a7ee1
SHA512 55c69195a78d403c222468d16b07a661861f8f8bee71ebedc6032748cc4c3013a1e0f75971162d0ea1318e7c301fe1a956f9fc0c549e361bb00a798a16634034

C:\Users\Admin\AppData\Local\Temp\wEEw.exe

MD5 45854b96ba35fd4b77d5c4f8485ba336
SHA1 646ab3bd8eca027e329b6110d80e7dd03aabe9ed
SHA256 fa4e2e82f6d8106093772c868251b5741e57b526372393ddb018f41984059bac
SHA512 93b0ecbd0a82c70e80564332df4300ff28a3d783c074c3b92fc2bff0539474152eeca34fb1dff845e2e91272d19c811a2dc6d4d23ee7b781a7d3ded6dba2d94e

C:\Users\Admin\AppData\Local\Temp\XIUogYYM.bat

MD5 611b7d7c8b26c3e6f6e8ab652e0b5569
SHA1 0d737f543e7bb33cca7d7337dc24ea7a3d8d0efd
SHA256 09564c15118df360ea32eeaee16bc40d306301ff132e86d8bd417b2bbd0d8f4a
SHA512 c6c17291b22e436d40088809ff167c51256c5ec2938da5f82606419352bfc4d05a7d0b1c750daaafb4bc5444e13e5ce4b0bf1a207e32967ee276b642b6d18d99

C:\Users\Admin\AppData\Local\Temp\EsQM.exe

MD5 287db629e54625a62ef11c700e15d4bb
SHA1 6d435076348bcef249906b5fe27cb55eae7d4cef
SHA256 a5a4fe6f2ee2751eda3cee571c2a1d3d0989bcbb733c93528700052b09825674
SHA512 f65c525af92531114147dfecc3388f7f7d317a4fa5880d4ebe408dae532b1b88c2773ef85d4e92554329cd5e6f4ff6bb5c1e0e8ac4b891b76d00caf085d8ff7c

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe

MD5 b38afa3894741d155540f080cd8868a7
SHA1 4d9cbc8027cc57e20a425b019a2c73bf4a786183
SHA256 4b7193fd31a6595358072fa21332fb20518812deb9cef75100fcfc161d0cf652
SHA512 6ddac70798f39f5616b3a0abcff78796b503b0ca5d2f0a73db12c76fcfc5431bb189df4d6c5ad52a9b203b8216e13eabae03a541dc2a79a4e33f8477809e3dfe

C:\Users\Admin\AppData\Local\Temp\NKAYUwAs.bat

MD5 9a8d8c432ba1f935e52c1c3ea5b5b9dd
SHA1 418a7f8af9cd8f7852d529653e5b54f5329b86fd
SHA256 21aabf39cdcf3775c30a151be0960402c73ecbcb94a6868c386fb23699fd983c
SHA512 1a81af0c8ebc6e2a6736e871690dd1915ac435a49677f9b5c7222c4922e521025c76f11b050eb786d4b00909cb2f5c370e2192ded66cc89f7a11584beb17f79e

C:\Users\Admin\AppData\Local\Temp\UowO.exe

MD5 9081214d598d590f79e230336fda12b4
SHA1 ae4af3dc18a05d7cee709aaf8d059be55b7107a3
SHA256 608079edd60905d039299a5ec625e35a111e4bd1e1a7987d24525cd90f56039a
SHA512 32edaefe5a53c2c085fefdbf6cca2847c6befa63daca9f25059c14ee2461f4669aa8d8ced059e698d354b1ba9a2bd226e7cd30143bc7c6a0ac3ac874a7d4a03d

C:\Users\Admin\AppData\Local\Temp\JAMEYIwY.bat

MD5 cb3bcc1cc4302ad90be1dee6d6d68552
SHA1 8f5e43022dafbd9c393527bbdc3db8bc8d1ea47f
SHA256 7e9fe82a9ddfb2192acc0d3190659c71047452c8fa2205131e7ebdcfbfff34c1
SHA512 7d5cea366247203a5980e3fc5c39521e673ae541b6c2f11af250b8828c934adc5187b2d0d4cb82ef14d2b7f0dde2a47a494c1985d8ab51b4804797236e98b754

C:\Users\Admin\AppData\Local\Temp\lYAAAAIY.bat

MD5 957fe6d4f4de1d8a477d8ae2f1adedbc
SHA1 49093274c088dd35ef3573af9d429cc94c7c5d32
SHA256 81d4b269972b62c599bb4ff49a62df868efc7e2db7100653fca87ea7db167854
SHA512 3b67d1c0cc2a22eb9974ffe86deb1b39b5838e6e5e44874971b52cc86be51d5f43a44bf43a0795eba93ccbd274373a6204e9804c6944e7ff0165bf94dec07d2d

C:\Users\Admin\AppData\Local\Temp\ikgU.exe

MD5 c55997c0aa51f3742c733d3403c19204
SHA1 f202ef85d79216b1d9b892ae1353ba7bdaca4b21
SHA256 9836c237a283345291211d5195d82e786b03f77da7fb1cfc101c7f1d06146db8
SHA512 6cebbcab6e94c2acfd9adb4483b5d1ae787ee24b5a4a2698a338a4a44e7b6c102dccff8ef630b5eafa1071aa17a286fd44bfd2ed79fb99d710b05c403dcb699c

C:\Users\Admin\AppData\Local\Temp\SMYq.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\CgQe.exe

MD5 c3de823faa669500534469488ae6a739
SHA1 2871c82eff0415d126bb3f0a92e900d6b1f5c0b1
SHA256 0a12b4a798aa0e65ad2a9c371902925f3a573d572968d5a2af3e7488cf94575a
SHA512 30e20b424fedbc75c699340e684829110bcdf1bcaf42b4b6ae5a8837296deb65329563f1cd4eb4b27967e5c52f44f784443c5abfba1701efe0b14b76069a3663

C:\Users\Admin\AppData\Local\Temp\KCEkgkog.bat

MD5 6e062f6d474852e36a4532d330386009
SHA1 667df7a21a2605fce0cefe03479440e30c6833b5
SHA256 d4fe35693afd9a83a500adf441c551967cc65ecb800f207d9550e3194b8f9626
SHA512 92fd405a92a4ddccb3306be28b32bd399887f7e49f43eeb7c0bd0040b1f290adb54820f2dc0e5ce6ca44fe7932da60176a3abeddf171f1977e9956f86a3c562c

C:\Users\Admin\AppData\Local\Temp\UkUe.exe

MD5 85a1239f7d71a2156880da7bd1823a17
SHA1 c6c767f7386a91d09ddf5ae0547e3ff5ea82d938
SHA256 195abe5caa0560c424ee37df9478bc6ab107e8cac3d3b38d05f89471a5b23b7f
SHA512 76b7a3ba6bdd23477e77332a736a72bd28f429f0bf4ab6c419f44665a85854f0c100d766304e5a7b507f8842bdf95ebe3a3c90e26f2a656ef5c25a8fcc77654a

C:\Users\Admin\AppData\Local\Temp\mIsu.exe

MD5 4bdeaabdbf0ee5f35c57c582e30b0b20
SHA1 e25fed6594db97505070aa5c511e164258d749cf
SHA256 52feb34325e5c40bdbb5c3e49da9c6556a95f9a56b4a4691381cef15e1ab25aa
SHA512 2d2d6666f831fba256ca0bef55df0b19548c6949262c76cffcb322a0aa6fe1a369c17c598e99086e1386e755a027e7e24d2e9f424293fdbdda42f8ed6980a9cb

C:\Users\Admin\AppData\Local\Temp\IIsU.exe

MD5 6bfc8f047480bd4a1653d9f54272bc6f
SHA1 df1ca40b4c69b1090f677a4f749f356513e6b670
SHA256 c032c53ce5cdae327672902f2afb3ccd00f7e6b4c1f0601eb83256cfb63e1ee4
SHA512 4cafdd01444defd5f65027befad7e8f68fe304a9017ec0dca71e38ed4e4b0e3f976fecdc216194524bf6f2833638f48752b5bbc370613632bf8648a5eaa2f715

C:\Users\Admin\AppData\Local\Temp\qswG.exe

MD5 3318d32c419b4496336d6a2df7622997
SHA1 5b23d8284c095f0d72480903916d3a85c2c362b3
SHA256 650530dbf72c9eba051f6d0463d4b4fabd083996d662997fd464c65a70d1c230
SHA512 d0349cdc079b0833b2a4bbf1978f7ccc390b80c70b5a2df99bdad52d28b3a9d0082e3c885314faa380ff20f93900688ddbe196a606b6368a8ea079c411bc0ee5

C:\Users\Admin\AppData\Local\Temp\kksM.exe

MD5 8587fe392a19f5d278e2ca0164d41191
SHA1 0aece8ac88fc37c72617ef9874fc1a2e90741046
SHA256 8a4b25adea8cf4e9d1c151bd6acbbde4ac9f0289ba42ee42ddd2fb9f13f8500c
SHA512 2906209fcdb777ad2a239f42791375933324608a55a1d4bbddc1d2132caf0e9c3eb6dc995b450d73de4833f9de4341914face111cc6fa1235f2aeeffdf1f7be5

C:\Users\Admin\AppData\Local\Temp\mYMm.exe

MD5 2b6d56483b63eae887ac5002f9f70a8a
SHA1 dab9c5e39ef1508ff113edc70a187caf0e41eb2b
SHA256 d06f15d2e54b3c7745a78165df9689e4311f9d48413c81d2ce30aa6c05c608f6
SHA512 eae2934c92c195249546de07962cba95c55952646466b673683303264f4ce5995b563516938d49ff1250dd742fc87a3510c7494b6957c56b2991a0d131c6c752

C:\Users\Admin\AppData\Local\Temp\EsEk.exe

MD5 fa9f24f86fa5413237677f77bf838d54
SHA1 07dc4dc9f0121b533d65392c044863b3be72714b
SHA256 46af30353983a2d38ea603e04ab946cbfd01f86662b95f43216290f63f68abe1
SHA512 232de692a8bc43617422d49a10347e36d1c04cf0c7ee146f50aadc27a0f5fa75677db98bf8adec7f37d692efa804a3f9c3763966f15f8fd315540e2bdb9c2219

C:\Users\Admin\AppData\Local\Temp\EcAU.exe

MD5 faefa22d02b03adfead5846aede51b11
SHA1 798b359949179ee43fab05de5480d18f7df0ae9b
SHA256 c04ee1616bdbd40e2bef4e066065418e25dd5cc94a28af91b044556f1452dc63
SHA512 2fe1c51b4964fc3ecbc4fe0bc18e78d1c362589e27b4cbe718eeb2aaf25c42e732755314cbf0cf5a19e68e6bbbe7dd73f833c0e10480bd4d1e814a1872d44d7b

C:\Users\Admin\AppData\Local\Temp\AOMMwQQc.bat

MD5 9a23ada12e82f72a8f35a12c514fbc3a
SHA1 cd2ed78b7e55a2bb775113d15112a2af02652092
SHA256 137cb73d0f19cc9aab565894043f1afae4c919d99082ee637a410b78e1adfbd5
SHA512 f01ca2d164d3d34d1f9d22ce8a1444af904530f62beaee4354ba0c1c16c4c4026a1bd9324996cf205a1d12c68471c04d96c1ae1b8cf90107b0a1dddb39863099

C:\Users\Admin\AppData\Local\Temp\WAMgsQwk.bat

MD5 43330b70bd3f8ad64e7172f3b5459d28
SHA1 0dc12e048cc3d4c494a5fce62c78d1ecb0270da0
SHA256 00352230f81fc02f80cc0963726d9827ccc61f1d1168b1ac6d98d208201a3cef
SHA512 a3db9b826368330731f5bd78d83021c1c323bab61d5db72ce4b677e736eda41396849f0d789123cc5a7a00dbbedcb7ce6277b3578e1b2eef247772e8c7e5bfbc

C:\Users\Admin\AppData\Local\Temp\SmwEUAYM.bat

MD5 5cb96ec436d398824cc55f19b4f47fc5
SHA1 c31b7bba256cf4809f4ff7be1615ddcc9cfab7ec
SHA256 aaba2ac73e9e1dbe5e25877900db3a56ee434634d1133d639faaa5843e024fc6
SHA512 bad0749a7f2a25e9e65dbdb6e22dd0626aca2dd0d8127141cc11a9dc01e8f6cb0955f48197ed21f64b5f7098e9800c769040eb463e113d3bc6d60fbed27dde55

C:\Users\Admin\AppData\Local\Temp\vkYMsgkI.bat

MD5 c0cb5112224c305480fc3023403dfab5
SHA1 61e663ef4dd97be0b450807f835898b1cd4348e5
SHA256 db420022cfde4a09d3c60cd20b598a40be7da24f803c0a9057315d5de5ef5494
SHA512 af210298d89a534de715b83cab34a8fdd69a2f1d8b2b7df922a36c3d523e0802c21d5ca7527b17dfba0dade32ca57bc60465c1b8dce50c01b431fcd136e995a4

C:\Users\Admin\AppData\Local\Temp\ZowMsUwI.bat

MD5 6a62fa5f099031e6ea5d303d90b12a5f
SHA1 21db0cfb69e53cb0833a2867bc9f0f7d5286323e
SHA256 d50e5cca27619de45ec13dd3f6d124d4e2f88c6a975b12e65c30e5600ad25ddb
SHA512 3115ac0a986baad284935d538b62f4f186c1cd23adc412b50df01ecf5b7e256530175a2eadcbae071b03d6fa86f57fe7023a1f42589a2e6ec0618071aea77a41

C:\Users\Admin\AppData\Local\Temp\ZuskoIYQ.bat

MD5 de5fbdff99bfec4f00766e96b7617859
SHA1 47f16654df3157961d9e9fb8048f904aeabf26a7
SHA256 06f956584dee01e4ded7abe455fb777e9916eb247fc6338c86e1278cb60bda4d
SHA512 9472969194cb0e4c610ff49122234453a7d28744704ee0fe8fdef60997f3bcd75d8d6f516185dd977bc0626bbea7343dd2f9ae81893d023a2ffcaebcb1c932e4

C:\Users\Admin\AppData\Local\Temp\WUQgoUEU.bat

MD5 c2b2246f521cc5b91099ac169e6c8538
SHA1 a9a576c392eeffda060e027facb508611a9e6d87
SHA256 c490b1da8b970436ecc2913fbe199b59346834a17f3a6c03f9aa63f97332ef89
SHA512 e8a8f21a887e958608f451f5cfd6453bc3f075bf09628e28c024f2a1a055482a0cce10b0d98a070141c27aee733895a612d587b729c63cf37ac74b62d8465416

C:\Users\Admin\AppData\Local\Temp\sMMYsAMs.bat

MD5 8152ab9f9b69776e0e122607c7c90ea9
SHA1 94fd312fa63af0aa4c164eaa71302da3b836d55e
SHA256 5856b41dfb4d3b93f978e6336325159b78dc18018d4e5071c2e1b7d6577e8f3e
SHA512 56faccfd805853e8119d133b13e43dc224c84fa3abce80ac34d440ab9a2047ec5b97067f468c59f7d5874e504d85bbf39cddf40c31450a8186b4ff8abafc372a

C:\Users\Admin\AppData\Local\Temp\iWoYcMwo.bat

MD5 3feee856313a5f7aaa5eae467998efd3
SHA1 02d39c9c85b01c6e47375d53950ddff4409ffd61
SHA256 d53c9cf7e4991c0f9a2da9d977461234c777236a53349feca7a8785fae7c0ce1
SHA512 f908a21aa45f92f7a441a73f9bc26fb00a96fd68e605553c2d57ab87572540891df610807a0626d8c25b4483af8c558e9ab7965a178178764f80fd06c3b97834

C:\Users\Admin\AppData\Local\Temp\qOQIgoUQ.bat

MD5 c0211433fe0f3edc95f4fc3d7ad8cebc
SHA1 db8d2d8fef577206922393cf62235310f6d956bf
SHA256 4fcf21005262029e4341c811ec254a102d6b812c8a00b7f1e80bc126f4a97cc6
SHA512 730d8f998609c5943793025e50c2ed60dce5ec4513a256ae78102e18f650131b16ae2d939ec92193dcc848af9fe41bc4f935b7cb03075b8427e9204bc9d650b4

C:\Users\Admin\AppData\Local\Temp\vSUAUkMU.bat

MD5 70290c518fd72735cc81c547a6da2995
SHA1 a5a12ad94e1ce54107a78f9c8608bd23e1df02f2
SHA256 abb6380b06b8a405f92b15f5be72a2d2130b657213b3393e80faf89d2711e3bf
SHA512 f3077ad90381594a5f2a552a85e660429dc0843726c4339ac43e06d4283d58a3ec9b7959edd874736e892fb0cd5e659f180a56b304239fbd6b5da054aaea2fd3

C:\Users\Admin\AppData\Local\Temp\vMkowgYc.bat

MD5 e11523c2e318a177a67209e7b3d93b50
SHA1 32928092570935d161c56bd2604aca88dadce684
SHA256 f277d76dd17ec0c323d54dd42b39f4d4a620ac54d51e540bf9156d0cd00711f5
SHA512 0cbf14a377931290ce1503356136cd69a2d298a5414ed81538089309f42f4571065d1884b9f744bed5262bff24a38b1c42f2703bfefc0e206ba9ab190bcd14e6

C:\Users\Admin\AppData\Local\Temp\rWIwMQIY.bat

MD5 89e77943ef17e23d67a8e45366ae8105
SHA1 a7426913a329e8f3ded526cd371bd39e8aa29c9b
SHA256 2f73967925fba608ed3b9ecb557ca9032186b0501295f74a6c751e280931fe02
SHA512 729b9beacb329136aa597e56190ead84bdadd1b9c933212a07a919d82ab92f638bddd0b5a141ef8552a46df2d80d3ee403a26ff417cdf750077ff18ae7f33996

C:\Users\Admin\AppData\Local\Temp\DyUIAksU.bat

MD5 1a4e063ec0aeee8732664d8d93f963d9
SHA1 7ab40afd1ef3ff4480b3bf286514aaae51647087
SHA256 231eff3c1e0c8cdef981010eb16015af569965ccb21ba9c7a3fe40b4263e2c42
SHA512 7ee1b3fa8fdcdd75c610cc28edbc067651d01d274137f5a48ff1a76aa5e5984cac7913cbd8ac3ac17e483ac0645eddb45018cbe93eb679e5187f2229e6932692

C:\Users\Admin\AppData\Local\Temp\BaYoYcMc.bat

MD5 ba0188432fb4c44eca69ba5b260a6576
SHA1 9d1948d968cd492e0e0d2fd3423dff531ed62c7d
SHA256 2e6db9d4b30894d865a736aea3cd9fa024ab6b47fec409bfe9e43d7feba54c15
SHA512 22a6c959d3683904a8d45b9ed22cc03f9058a38b3fe0b2140a37820156c3f7d80454590a89b18d70cb515308ae1a22727689fd75739bd3b5dfb7846e84b209c1

C:\Users\Admin\AppData\Local\Temp\KKEcscgo.bat

MD5 137b31480619fb8532d55a012c956dd2
SHA1 9a9196d7089883283b143e08d84f54f982e09d0e
SHA256 c10bbaf4854ea158ccf87bed626ccad2d01c518bbd268523934ee04b71e2c14e
SHA512 d88af25ed86585a9aa83a4a7951f2a5989f7e8d6b5fe21421a3d905ee542339dad295b79b04129ee7ec4fa659e6cb9a38312ec70b3f647c610ee40d1ce7efdbc

C:\Users\Admin\AppData\Local\Temp\ocsoUsAE.bat

MD5 da32c87d23fe6f6dd5f4b2e3843b43a1
SHA1 d0cb03e438d957cce8b9c563097665a8cc07a5ef
SHA256 28885e0726c4145e03b790c2d7621868e1f5ff729dedd2cbb5a90d553aaedb76
SHA512 1726ec973aa983b2b11e4bd2279395cda6584e8ae142134bfbbbf37717e623d03797e2ba9f67f6cff8f837c9f81cfe5029f9c9940b5c948c8d91b35cccc1c6e6

C:\Users\Admin\AppData\Local\Temp\UGYMAwgQ.bat

MD5 f4e7b838bd888d4035d4a74e28857810
SHA1 a5fd240ea5a6e8766c670dd2088b28154d7684d5
SHA256 ba0ce07830451c5b403795ea67bc425d474376f8ae636a8fcd0bb2c23fb2d9a2
SHA512 40ae83521c7f352a45e730def988ca9f8b73f03e3a3276359a17475b36926caeb02fefe3e04e48686ca9ca13a0cdd7e5bc68cbc5c0667abddece13c5075d336c

C:\Users\Admin\AppData\Local\Temp\IiAQgQMg.bat

MD5 1b91dd079bef0775cb450d537aa5cbe9
SHA1 bfb80b6add3a1aad74247e72ac223877fbadd4b9
SHA256 2679f936d149befdc439d3b5a1a82c22f1d9849b5adbe8c303846534183081ba
SHA512 04fc92aaa194ba02b1e4fa50833d4bfcc8d60c69e6aadd354411c52bdb897e265f440e0cb17e6d5448e60f55152229281ccf86504392822c8320535856b189dd

C:\Users\Admin\AppData\Local\Temp\NwskggkY.bat

MD5 cd351b1d7cd5e139dee189c05a5165e1
SHA1 b2ef199bb8790e7a0d37a6b352d7974144a85ea7
SHA256 e050667004f9c6e9ccc90534fc13041e5e83158c21d6b273f1107bfe85cfbcc2
SHA512 478d8a7bb2e1a20743f2bf9d84a9292eed0ec4d98367d039dab9971973af2a1e18e5f80e6c834b6ec23359d45262419b3dd87eb14fb4d6bee01f9bad1fc4d2a7

C:\Users\Admin\AppData\Local\Temp\ViwYMgkE.bat

MD5 332ed5124312dd2db6e80ab1e3b6830a
SHA1 8f2efb033d27211637f8c27b8ef2d811bacdab61
SHA256 49291b4f0aabe6fed00f06afde9506c2d45177bae75c04bef6d8d4580cfdda63
SHA512 07840e906b706050549b24287bb71a785d3619960b2be524ff60b3cd21a3b4da4506a1dbe8d053dbf6509cd718e288462184aa0dac166e9a516e87edb597107d

C:\Users\Admin\AppData\Local\Temp\TuwYkAgI.bat

MD5 01374698b726745b3a44a3bc4ee84fc6
SHA1 4e097b7a3566fd71a74a610c7b4e43991f4785eb
SHA256 6468ec585fe0085908aa4008b3363f5fb61f3aa793a46ddf9f865d05af0c1520
SHA512 44e6215cfbe7097aacb63ceba91df8a43c601e81c561fa2649381d51dceb39858d5f9dcc8f2e2dab14d1eba0a2c5d217b8701f13448a84160bc3c3cf0c156905