Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-j8rrnavgkm
Target 2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
SHA256 d3ec9fec4f73dcd82270934c04376a288db43763d4b142f0bf0b0a7cbad08900
Tags
discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d3ec9fec4f73dcd82270934c04376a288db43763d4b142f0bf0b0a7cbad08900

Threat Level: Known bad

The file 2024-10-16_e0a8441493e12806acc53cce247292e8_virlock was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence ransomware spyware stealer trojan

Modifies visibility of file extensions in Explorer

UAC bypass

Renames multiple (81) files with added filename extension

Renames multiple (64) files with added filename extension

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Program crash

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Modifies registry key

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:20

Reported

2024-10-16 08:23

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (64) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\ProgramData\AUIQcMkA\AKEIoQMo.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\NCowUoEg.exe = "C:\\Users\\Admin\\aEcAUIgI\\NCowUoEg.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AKEIoQMo.exe = "C:\\ProgramData\\AUIQcMkA\\AKEIoQMo.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\NCowUoEg.exe = "C:\\Users\\Admin\\aEcAUIgI\\NCowUoEg.exe" C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AKEIoQMo.exe = "C:\\ProgramData\\AUIQcMkA\\AKEIoQMo.exe" C:\ProgramData\AUIQcMkA\AKEIoQMo.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A
N/A N/A C:\Users\Admin\aEcAUIgI\NCowUoEg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2324 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\aEcAUIgI\NCowUoEg.exe
PID 2324 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\aEcAUIgI\NCowUoEg.exe
PID 2324 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\aEcAUIgI\NCowUoEg.exe
PID 2324 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\aEcAUIgI\NCowUoEg.exe
PID 2324 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\AUIQcMkA\AKEIoQMo.exe
PID 2324 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\AUIQcMkA\AKEIoQMo.exe
PID 2324 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\AUIQcMkA\AKEIoQMo.exe
PID 2324 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\AUIQcMkA\AKEIoQMo.exe
PID 2324 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2996 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2996 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2996 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2324 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2324 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2892 wrote to memory of 2344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2892 wrote to memory of 2344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2892 wrote to memory of 2344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2892 wrote to memory of 2344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2632 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2632 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2632 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2632 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2236 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2236 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2236 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2236 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2236 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2468 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2468 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2468 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2468 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

C:\Users\Admin\aEcAUIgI\NCowUoEg.exe

"C:\Users\Admin\aEcAUIgI\NCowUoEg.exe"

C:\ProgramData\AUIQcMkA\AKEIoQMo.exe

"C:\ProgramData\AUIQcMkA\AKEIoQMo.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mWowEkYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecMkwEMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AoEwkswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gGUsUwYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\buwkgwEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rogAocUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zUEssIwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PIwMoQsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGAgYMMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WiAosMgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\igwggkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qUwUwMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywIMEUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FkgMMQEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWkoUcUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FkcUswQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQMYkQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mesoscUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wccsUEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KiwAEkwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QAoYIUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rsQYgssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCQgAgUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYUYIwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkIwcssI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dqwAkEsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmcsAQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IooEYYos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kIkMYYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\scAQIAQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAMokogU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dawIQwAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TCgwwgQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmAIokgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ymEIwIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yscQEUsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkwYIEsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mekokQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pWcAEMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUkQYows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hQEIQwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMAIAYYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JiQcwIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MEAkEMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiAUksIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uIAYkUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WKwoQwgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAEsgsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RewcEYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAEMUIcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGwYogwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pooQooMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qKQwUAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUUoUUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IgIowoUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KeMYAgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GCQswYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsAosMIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hUMYsQUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWYQEQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TygcMIwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\smkkYAwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwcUgkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OYsMQAQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gKEIYoYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cKoAgIkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bowUocAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSUEAoYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JSgAIYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DSUAkIEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gOoAssgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kMoAQgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EyUcYkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UwUEQoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BcMcQQIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUUYMAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMQQEEcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcAQkcss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\skcgIsMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOgAIcYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\keEkwEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QmQwQEoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SsEckwcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tMYkAoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeMUEMsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZSowEUQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuMIkwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IUgYEogU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KGkEEoEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aOIkUMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qEYoAsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tuEcIMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiEYYUUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\veAgwgsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nagsgUww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGgEkMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiAQwMUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMoMoUkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGwccwEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TMwkYkgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TcgYcoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tWooEQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywsMcEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\myIwkAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\asMwsIMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QYQIAQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dcsscQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DooQoQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XYIQUcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSEUEYso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MGcIgcYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WacIgUQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QaIcwgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkoYgsgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwMYogYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\laUIYUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HikIoYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HwUAYYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiUggkIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EcIsQsAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aeAQosMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qAwEIswk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUAwgAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZgEEcEwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vmIoIQos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWosEIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NSMoEgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TGQAMkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UyAgsAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwAIIEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMQkwEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kYgcsIcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\puMQwsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOQwYYAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YCUUEMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\egkAcEgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 216.58.212.238:80 google.com tcp
BO 200.87.164.69:9999 tcp
GB 216.58.212.238:80 google.com tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/2324-0-0x0000000000400000-0x0000000000433000-memory.dmp

\Users\Admin\aEcAUIgI\NCowUoEg.exe

MD5 f46e0efffa487c4a79001327aea01ad4
SHA1 1c5c6033a36912bbafa7c3bb9510a5756dc81524
SHA256 84f4ef485cf68ac13d4bbe1bcc5290071563c1da4f4406bea88dbab5d3cd8a84
SHA512 3dfc5e6cb4596662b0f4f463f70a92796e1cbaf0374056333ac7e99f2930e6e777d292bd830172e72b4123bd0f8b7005f2c9ecfb991a3e530c1641e6a0c9eddb

memory/2324-4-0x0000000001CC0000-0x0000000001CF1000-memory.dmp

C:\ProgramData\AUIQcMkA\AKEIoQMo.exe

MD5 16b18b32a50fc74c017874bc63727b2f
SHA1 dcb3f74b43a8c25cb1f2805436f6ce13fb5d64a0
SHA256 f37ba2b40919d55acebd02104a37331ff851b63ca525ff1fb309319217404687
SHA512 a12322fe969ee7a762219d2ba0ea406db3e81942837e8aa4b962fd7c9930810803c9adc5ef170388ce7cf40fa21cdc71b32c41ed0a3a2cbff7091231c969548a

memory/2324-21-0x0000000000560000-0x000000000058E000-memory.dmp

memory/2324-20-0x0000000000560000-0x000000000058E000-memory.dmp

memory/936-15-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CokMEUco.bat

MD5 298a3a75f014501496e96d5eac1582ef
SHA1 a7b5e83ada24f2b748296f4393712abb2a556102
SHA256 c1a7341cba69bdabe75628a53b770cad52afeac1c7aa1220c002e9385041c313
SHA512 bf3f356cfdbd6c5377ac4812bc5a95b71500659c9ed91677afd928913c7ffd20758cf5589d347c64a6511562571cd7e53ef9622f0dd00cea8c6ca91d091f72cf

memory/2236-33-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2996-32-0x0000000000120000-0x0000000000153000-memory.dmp

memory/2996-31-0x0000000000120000-0x0000000000153000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mWowEkYY.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/2324-42-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

MD5 38523dacb7a20f049d5de61fc1cf87d5
SHA1 310f1c826385f858572a6c747688d897b851024e
SHA256 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191
SHA512 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1

C:\Users\Admin\AppData\Local\Temp\iiYAYEoA.bat

MD5 ab6fccd822bd465d8b75aa96f5e4689c
SHA1 6fecf5ac17bd1540db8bf9eb227af15d8d721897
SHA256 6271f6b00125036bf3071a6ed83e6932228489d40b68ea333d14bda0680e6c0c
SHA512 bed9241c07831aacf0102a5f3392d6f4122b37dfcbfbb976834c64e7bb52cf71f2f717623d430f0cb9d99087ed32ce6739798b2ccda898ab5b02d6d45da23aa5

memory/2632-56-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2236-66-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yEwgIoEM.bat

MD5 464c86c0f9c8a0b490bf9f3bf32424b4
SHA1 26642edaa0bf8315886db83d69cb5388c239c9b5
SHA256 5a31c5e952b1f5d84960db6095add53353ea2c4fa5d08d65fc059b10feb85242
SHA512 0be80ee51d1f8cf4ff7e987cd5866b41d0ae4f7d0e21072747bdce87415d936f4ed49f5da29b2e3a53c558d795b994b2df735ee3720b615d9bf2d7a25b10353e

memory/1096-81-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1796-80-0x0000000000510000-0x0000000000543000-memory.dmp

memory/1796-79-0x0000000000510000-0x0000000000543000-memory.dmp

memory/2968-90-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SgckMYwA.bat

MD5 c9abe72fda4b7fb2b9693ac7ce0604dc
SHA1 5044da90939365f85414fccd564b88ee5b3b2d1f
SHA256 55762ce8c238c78ce69012c70686d8df349122f427d6f73134babd041e68658a
SHA512 fbaf9bfdc716d2dcfe5ca576f1f11227080d05b00c23388bd7bc7c99af78d21c19e7dbacabdb838f3838084f1092a0e10e032cc2641ad1f259cda13c222e33cc

memory/1944-105-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2420-104-0x0000000000270000-0x00000000002A3000-memory.dmp

memory/2420-103-0x0000000000270000-0x00000000002A3000-memory.dmp

memory/1096-114-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bOMscMUo.bat

MD5 eedff60a23918f6fe618fd10e4af6591
SHA1 7770e37f29eed1dbf5fba50745a23a6301d1324e
SHA256 d7d7705261a636ac98185b45f6a64839c471eca0472e8ece53149ae88614b7bb
SHA512 0faff1990ae1d2b14c471ef0907839a3a081562c15362be1ac65cd7c35ff92f7a5f49ad2a47c65fda8c2848bb1b43fdef441e2e20b9cfeb8eed4f7b052aca557

memory/1944-135-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PQosoMYs.bat

MD5 d7ac144f46725ec78dd9556c68099114
SHA1 05f024eb897c1af004cfd1b04a205ac493c0da2a
SHA256 ba5df8e0922ac8423a0546f66ae2379f6038538955879907c934e72383e2d269
SHA512 099a5d3420427e4209adf3b2a844c4aaa81a547200c3db64e6c9b25de1266bf0b886dad2c7d592880f57df51a15f80f06b6ae6a54138ca0a1c64edb56184729b

memory/3064-157-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bMEcgwoY.bat

MD5 19c6adba5a4e339fba73c716fb13ebc8
SHA1 bda8be1b858e54b47de6cd4aac21f10901e720a7
SHA256 846bc7cfca468cbd1e3d033549f2da6f3d507744ea8f8ad4c340846bbeabacec
SHA512 517dd9decc5eeacdb27e11f055575725fedbbee1c962b1ca0851c1aac4a3a9e1c9015a77de4caaf05b118dc096a31e046c3a91fd67070745df1b4312ac2a77c1

memory/2780-171-0x0000000000120000-0x0000000000153000-memory.dmp

memory/2944-180-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\VQgoAMIM.bat

MD5 5ac6252da39983a6e63098be8fcf8744
SHA1 184b8e0f42103f16327026fa3b899bab9e580848
SHA256 5494b4630fa1494f02ca4fcb69225a3b46b01303fdfb5d4ab0253a1fe5992067
SHA512 d51c9ae654493d3a91a8daa4eb552f8b3c1caf5a14e158e362d0705ccc02a94c71e5bdad13522569c12e51910f9a73509b9d68fba54c455e4c9c538a247148a9

memory/2472-193-0x0000000000120000-0x0000000000153000-memory.dmp

memory/1664-194-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2736-203-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tCcMQgAs.bat

MD5 78c4826f70bc6f741a8c24a0c746e5b7
SHA1 4532c93ead289999172a24e6db6200baf531ce2a
SHA256 fde608742903afd61989b7400bf7dffbad697d15bcd1c7af96c36aa4c48e97ad
SHA512 3877b0247a3b27a74a4d82ba5ce8cb756766b160e97db549fadd3e01be8983db7ea323b037f4f6f0ef79636ef98fd5c8dea11fb1db089ed0426cbadbcd437359

memory/2032-216-0x00000000001B0000-0x00000000001E3000-memory.dmp

memory/2608-217-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1664-226-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gawIkccs.bat

MD5 9a0ff4cd14e94ef2fa188bae801df2c1
SHA1 273afa4aead5cd3df57028f90512ab19bdb6689e
SHA256 8783c45c8b61ca844476827a3979dcfcaa29faea0cbbe4d441a49d922752d5c4
SHA512 905b11a6ee14badafea0aff507132f0a6851a962635566f297853a980088df91f05b2cfeb766453619d7efa77b8f19750ae85bd54455c925256ebc584419d3ff

memory/1636-241-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1032-240-0x0000000000120000-0x0000000000153000-memory.dmp

memory/1032-239-0x0000000000120000-0x0000000000153000-memory.dmp

memory/2608-250-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scEwYIcs.bat

MD5 4f8bb220d0e156e9f89df014642f85ae
SHA1 72434d6b86ce83690fd5ec78a6b246a191485472
SHA256 871c33bc489e8c67829f9d3507e2dc26f61376a379edf83bc366c89616d8dca4
SHA512 ca985069c96f17b33ef0b01b21daf33e97dc23f0ae7f4656fb33fe7b98925ca9765f745e15bf2e1a3c28fc4dcf41b2244b90d3a91c01852a22eaebd458ab1249

memory/2128-264-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1636-274-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ScgAMcMM.bat

MD5 46bffe59633e132f9ad6330a9823ee33
SHA1 ccbf5b6d7dd5080be1ac00cf31093706fe227d35
SHA256 5a88b3574cc2768838e638f97d3b936f6440af2877d679b68f0de83fb369bb48
SHA512 b93a8960c5f706149874bd6eb53e147a7fb6e1085014f61dbd07ab487a521ec9b692598e6c4ef6bf39262a6e026db421fbac949b024c8f922e4b8ab90c4399a1

memory/2784-289-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2692-288-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2692-287-0x0000000000400000-0x0000000000433000-memory.dmp

memory/580-298-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QmEMYEMk.bat

MD5 20c02a62c7ee3f349fd27bcb9ad0fa9a
SHA1 e965e23627e05fcdd7d12a76cc79b12bd57d6f0c
SHA256 67715f0917a43d51b749f535ce8c936c5a27ad7fd5ec3fc6dc35e1ab52acf27a
SHA512 dc864191a0ec5ba42bd618582bd366505bf0b675f8159ebafd79b81b0f4c25da6a5f9b6a0de1a1fbac5907dc7b2293528b4a784590b16c99f20d50a65c3e6b29

memory/2568-311-0x00000000001A0000-0x00000000001D3000-memory.dmp

memory/796-312-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2784-321-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ROwUgoog.bat

MD5 96fcb1f7c87e5f8b5d6812ec5ca8477f
SHA1 992f2c3393985c0bb6d3c289647cbb531e67c443
SHA256 ae0c08c53747ccca1d1034145f7379ae70927a355039a63eacc132c8bd598e89
SHA512 3feaa93e5488687f037f32d9af2e0a382a87691c7b4158a19d634e4cd08a110876fa09a094313dd16f45a01d8ce204027e283c6c2416873d3157225346197c1c

memory/2992-334-0x0000000000400000-0x0000000000433000-memory.dmp

memory/796-343-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DsUwQMkw.bat

MD5 f39e4c271c14a18937d05bf17c68abbc
SHA1 90dedd91d8a0b0809ba2ee32a8cd42ef4c09a840
SHA256 75b539face13486ef604163393095c654ed7e362a2aed6e9adca2edc6b35d361
SHA512 55b7202d0e1b3afeac9d39191b11b1c60144c52207255f54fe3ea235fb3bc900e7c3ff70bc44c47ed2747e8dc81a9591ed72a9bcc28c415044d99f4dcd432e6f

memory/2796-356-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1600-358-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2796-357-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2992-367-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JWgwAUUw.bat

MD5 1d1b58bd879e73df73d7b7dbb52de079
SHA1 d8c81c9e64f7283fb780afcde937dd8e3d8ff12a
SHA256 1513e0d96b0e2728c228e187349158952e4ab2d8e718652f8fee1975994e11cf
SHA512 7b895e979a2f92fb7ce6997a91dc545451f6873c35f7e356b16f101672370cd9feaa7bdce5aa86c99f9657381cfa940bd06513a8107f66b80617aa5a5fedce03

memory/400-382-0x0000000000410000-0x0000000000443000-memory.dmp

memory/1600-391-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fQwkUYkk.bat

MD5 04353e501ed2f1a8256bfcfe3453a1f6
SHA1 2704d16dd6cb583590f27da6c12f3990d5b872c4
SHA256 0d2f1b07621bf34dcf37a0e7bd273e6ce7f5eef92c590bc190d3fa8541be6053
SHA512 de84885cdd3b9f285aa1fbdfc3a0c0f0b0d008f90f291cdc6c72b9a8978db108cb12393f1db72b7c6719f285b77ad722eb4ae8105f58449975402e847408edea

memory/1772-412-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wwcsQkYA.bat

MD5 562ddd486d07055a47fae718c5ddd62c
SHA1 cbafbffdac9c29ba6320212cd8340396d02e835a
SHA256 bae92e0ea4dc78536510b6e0b48502bd8de965235cfbafde0a6e9915e572399d
SHA512 a4967b69bb0b25030285e3b7b7cdf9811360ae1a6b1cda4c94ceec96cea4b4062cfa3481cf7d1418a17456342725f41250f5c12ae68daf174def452ba7b5b3a2

memory/2792-425-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2124-434-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\miMMgEMY.bat

MD5 b95fdbc9f76d0478a4d3a5411a595871
SHA1 4084046230cb9e3aa90679a6e67135b81d41046e
SHA256 490ea080c5f8fda58165db46e8bc6776ed887f68c08dd3087ef4a75685dce01c
SHA512 33d0a8e01ff730fcd418c99876c6c6201a7e57e5461af9aa222c5ba92ce7e03a3184362052632e12db848d4925cedbb1c3e7ad22af2ccb828fbb4d7a55ba07e7

memory/2852-447-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2584-456-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YaIkkUoc.bat

MD5 abb315bea2c7f1983eae31a6061abf15
SHA1 abad4bda9155d2f14b26ae5d22d7f3ee6b4a5bbc
SHA256 762e0788f1c384bb118b35f12193c2281643793c50c2326eeedbb6915dd1fc74
SHA512 1da7ab61b794466fa3feeaa5506edaee5bb4e6a392f6820ca8668bf8a17123c5b45d5decfec850797cfb72fbe55ed9a29ef84fd112f56ea42b30b26f17679c72

memory/2852-479-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AswUkIYE.bat

MD5 f7374117e18f0c7b80b38afceb05167f
SHA1 e8cd4c8bb95b1af04b1508e117a274e9808a36a7
SHA256 fc3c5eb74c88edca4f08a75c4d29207f8c616b3ef1508c090cd7313ec6a7c25b
SHA512 7ff4aa2e0a0ebf540e61e891d3ffb5913421fa78e11af09b6ca39244eeaf80ac4dc09bbb80f5716076d66b74bf3c1913db30fda766805b24f566e88eedab6e56

memory/1984-490-0x0000000000160000-0x0000000000193000-memory.dmp

memory/1940-499-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\imsMkIMo.bat

MD5 f133c61d1f39d21705ef0e399f0f1d6d
SHA1 855224a04a03fa3fa2b796bc91c4980e03c069d1
SHA256 47281f3a300b6cdd9f14de32690b06781513d2a7a943bdf73bf30360fcf53482
SHA512 8ebdb1a67e4c6f40c71c7772fb26dc7e4d4514cc6d02088649404333b69d4a62b95c79b14c8eb45e1ea7e20a359103998f1f418076305c46d66f50396a94a39b

memory/2276-509-0x0000000000580000-0x00000000005B3000-memory.dmp

memory/2032-518-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fmcAkYkg.bat

MD5 4b72f720cb2b2044f65fa97087c6fb4d
SHA1 f9eb63a66dd465269b0a0ccdc1d52931e697eee7
SHA256 1cb1e060620cee502a26f5f5daf85b5efc2314d4b7961ab1cb5776057902e38f
SHA512 48034c3adc057c037aeb0f5de94170006a4bb72dc80c2495761f9c7bd31d5feac56ffd16f8116a0cec19d6c89dbc78b3a710fcce17b61b8d39a1dc801840bcd4

memory/2324-528-0x0000000000540000-0x0000000000573000-memory.dmp

memory/1032-537-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HawAEsUE.bat

MD5 d6754801ca2208d942ddf60105dd39c5
SHA1 66ecabb7c056d40908090e9f280329f56d3455c4
SHA256 bcff00c6d52e64cdc0140a7e319d897f65c30254738f1db36c8b29c683f79c4b
SHA512 9862694d20b2843df0ed595463b675826cb1ffe4a0ed4d0fa0e64ee0afa861b22b211bb84a15ad3312f4081f120be174da66fbf371773b2174abcf7bd7202358

memory/2104-549-0x0000000000130000-0x0000000000163000-memory.dmp

memory/2284-551-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2104-550-0x0000000000130000-0x0000000000163000-memory.dmp

memory/2716-560-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RKYYsQUM.bat

MD5 985f48754bf050b4c6a00638a9dfed2e
SHA1 80e249b50e1525c41896aff7f5d26cf214727d44
SHA256 05da3bdd1dd89240e46a5784aac22d1e8e39b314613cdf7cdc44ce2d731d3caf
SHA512 71734b88f159606df2aaee08912546b5e8d646b9cb5e808f68f44310b603e5facf1e8841c6ac3605ada16aa0bea1d6c15fe1ddcfd20d951180d5b5052cdcf72f

memory/2640-571-0x00000000002E0000-0x0000000000313000-memory.dmp

memory/2640-570-0x00000000002E0000-0x0000000000313000-memory.dmp

memory/2284-580-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PEwkMwYY.bat

MD5 95e243b3464f8015ae49d3ebf1480287
SHA1 2350bf41404023669e840f0aedeff5616d4ebe91
SHA256 95f557a32abcd5a39c2cab38b79cfeff4d83d9781c2fdc49187784dbaa5ab385
SHA512 89d004fd583b8c9406902b1cb78f63dc497c77d9dc9080ae792acb502e3b1c9f6e778e33c1d6d8d16650969b2b9dacd6d67218e70c9fa5cfc6139d0946443107

memory/1504-590-0x0000000002260000-0x0000000002293000-memory.dmp

memory/1320-591-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2580-600-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\UIMcoMcA.bat

MD5 f5a867e23d3dfa3683c5c7f08e1498d7
SHA1 8f187e1294971f67257a128b1f3f6782fa5be4c7
SHA256 28eac1e1c4897d9bfa9cd27af8ddcfff62d218bd9ca9af4a405c9fbe0ebc2ce7
SHA512 81cf017262d4405165e82cc976d9e54031e97d91f4dfdb4eae3a015ec3f5bb146a24216805782badf036c0b0012efdf7c63bca7e949ff853d0844582552c8400

memory/536-612-0x0000000000400000-0x0000000000433000-memory.dmp

memory/916-611-0x00000000001E0000-0x0000000000213000-memory.dmp

memory/916-610-0x00000000001E0000-0x0000000000213000-memory.dmp

memory/1320-621-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WYcQQAsw.bat

MD5 3b7647a9c518f60d5a7956af45b7c994
SHA1 000b6ca785d416f8ab00696289e779dda841cefe
SHA256 2173890bf43eca04ab9a7207ec66585a81c6a1da6a0d8346fad593ec9809363c
SHA512 da058cbd610da96d7d06725ace3f176dbbe8b0d5b4f8512e29440fd6c464dfb2106cb9b87e77714877352b8fb7acaa19fde2c139de7050624a054ea0e9526b19

memory/1580-632-0x0000000000300000-0x0000000000333000-memory.dmp

memory/536-641-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MioYsYEE.bat

MD5 86ba6fe0473eb7b728872d0546b6a4b4
SHA1 1ec0fe8bc1a482acf07c68501d107d2751b5e61c
SHA256 89c33abb836165f270046fa514ca45af692ecc64ae0dfdc4b0522da6515f2714
SHA512 ad622918187fb8146ac929ef1bd0433b776619923248967e130336c23f75f55598ad2a1f81074b46bb2b985f9b3ecdf4181b0e8f14256c2a865926d33ad5ba4a

memory/616-655-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2724-654-0x0000000000170000-0x00000000001A3000-memory.dmp

memory/936-653-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2724-652-0x0000000000170000-0x00000000001A3000-memory.dmp

memory/964-664-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SmcgEgcQ.bat

MD5 dd1a5a077aa9e79d43be406000963052
SHA1 994b476a8cef4c3011cd3425e56188c7a4b3a83d
SHA256 b8d2eecce68185dcef7409df039b514f6919879f746a24b70a4f299928eac788
SHA512 988cf408267d393c282f98a2ade0434d9c01b464ef2b3f9f55abf0e88d14540cc5fcb056a7937941f1da6987ac00cafa19deaae65869de7643d115db62d6a041

memory/2692-674-0x0000000002230000-0x0000000002263000-memory.dmp

memory/616-683-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RmwUEsIU.bat

MD5 10fe95a800ab102a09a8321fae33797d
SHA1 9885ef1b119cbc6e21f27f122218448aa2b4c745
SHA256 898fe408cf55948c349ee6ec18313f373c08c72d608e5a4adc0198b8a8334f3c
SHA512 240670a677e82e23247fedde82540ba90e06b0b4e8e6e2a7321ba8de7f4e411da88ff37d2cc9e64636ce12952ad088dd005717f000225111ec68817d81b75aec

memory/1512-693-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1664-694-0x00000000002A0000-0x00000000002D3000-memory.dmp

memory/2568-695-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2600-704-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pmAMIQgU.bat

MD5 7e8e6f7cb79d1265e47517eaca56ede3
SHA1 93fc6ebc270b00ea907fbf2bccd877f16a157ce0
SHA256 3ef5b441acaf90318b930837ec50104523ce9c9b378980c940b315323370700a
SHA512 db6434a6f7997db4e22bef7a1015334046f3c70bd10dd6eb1b534491bd611f35631ae8f2ee35c39b1286b364239d9e8df891c04b5519aa58d161455e275b769c

memory/1892-716-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1864-715-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2568-725-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\UsIS.exe

MD5 6a7836ab49143abf956a32bcccf4b8b9
SHA1 52cde0d54fd81a2c9f6f65a26abb98adfa2a87d0
SHA256 3c2c3afc94eaf4ebe4178b0822f695ab33fd8074c9825c40cd4e39e2818f0bbd
SHA512 4da545abbd796f4ab1f4d086277c27aebaa60514345378cc8fae95a305f1cbfafb438d35529a3e2360103f36ae3bb73d61bbf4918f8d33330ef55023e65f1820

C:\Users\Admin\AppData\Local\Temp\tqcYkUUc.bat

MD5 4eb76cbaef5510a7b34972e7a12f2587
SHA1 a564602ef7c0d2d5c5ca06839a9367874b8deebe
SHA256 0a4e8b46a9ff8e7ac72faad1e6b7bf2c79493681c631cb6d338f8e2451503c78
SHA512 c256186329fbd582d95f772ea960ff48e41a15325ec481c938b5c3e9552f6572bdc081f47d071c07ba2a1088d5fb1e0d1265b18cd648959df0d80c2206d3e8fe

memory/1984-751-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3064-750-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1892-760-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\hWMUkgEw.bat

MD5 b4874c664c4ad65e2b910ed1bd4ba986
SHA1 161cf5375b2d6ec29c5616a4414b9a1b8d9fca49
SHA256 1b9687b0069680a45ec4aea1c3e1667e93e8c695f91d46dabc3883c288d5ea43
SHA512 ac4417afa602ae58162df29018968d0b64c414c636a8a5cfb7d7138e369e8deae993bd7f6e35ed36206377ec2491a6f0d1968e715a025d76daf87f1cf43166ef

memory/2068-770-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tqkcMsoA.bat

MD5 f2b8b0c2c64358436285aa9893f04617
SHA1 d858da513409dc2f873ea29a8a68c7aa1e746197
SHA256 c3051ce74b1f3517deacc881b98af060c7583b0fcf45aab5ed1c9f49f4f362ee
SHA512 98ca7a13490ecc62a307b0320dc5600e661da9e98d61cce80ba623362bdee18b1f0621a79d60a0362a903508570e9fd715f3769c6ec419b8ef273463fc28bbea

C:\Users\Admin\AppData\Local\Temp\GsEIAcMQ.bat

MD5 866c8ae2018373770d92c8b36e078cee
SHA1 7c124a5ec7d027f75c5f95f27050d660ff73c16e
SHA256 44af86fca59ea0ca409d9308af475c4f8dc36e0b3dd6acb80e043b00affd4dda
SHA512 133e2fbf0fa69a6be9fdf370861cef2164bf32dc65569daf0ae2f163bc2b7af07000dab03b52bdbdee747090652265668467422458b719274fa1b7f2ea54dfa4

C:\Users\Admin\AppData\Local\Temp\wIwwUcAw.bat

MD5 fe6a7915998637118b9e58b390bf7b91
SHA1 04c6770d4f9d60756f2a573476b958b053d08453
SHA256 3294c06641ec0608c07918421c0edc94c482b040b4e0237105cd572886543e10
SHA512 7c62ac1404cc36742322ccd1a0ea9490519636c3e206b12faea629507d1a6c527e5bea6d9da0b87374657ced4ebf4c247206ea24fcdcb327caa50d1b37ee6b9a

C:\Users\Admin\AppData\Local\Temp\gWEMkYoo.bat

MD5 82d8a89da99161117d3263a98179505e
SHA1 5a7bd47970c5af79c5b6ceeaf0b8d153b89ad538
SHA256 0466ed38a17b22ab4674cb7831ef688bc506d9bdad5937f4598d13322cb50308
SHA512 8cd1a65678c00d2fd0cb4b2105767b77501e5ed6847efb7fddfe1b3d784a377efedfcb5332be5c53b7c7ef6a07e4b331aff8da7bfc0d0548f64062872ae0c9a6

C:\Users\Admin\AppData\Local\Temp\KGsIIAwc.bat

MD5 94a99d10e65676ea99dfb727122e4e94
SHA1 36d2985ea0b936ccbd81acda86ded171f74b00f8
SHA256 579f4d4404332a2159ec53824cf8ec4b91474a4e0a87592cfd1625fde1de457d
SHA512 1d6bda4360c637945017e1b53aa42e62daf9edb5c9fb67d784d9ef52e664bc9aef9ad6d5c3d8bbfaa56da2979d5c8e23c9a4059a4ab2709aea99e6c0d7ebb513

C:\Users\Admin\AppData\Local\Temp\XqEgQoYQ.bat

MD5 7eb98c4c497ab512d7c9941a3f7fbce2
SHA1 3dacd6d392cb30ef6a13a415c619c0148e6edfb5
SHA256 d3585815105aafafc3b4ddfe997c8cba39883a683109fba963bf2d0c5a6bad76
SHA512 18faeb06fe7c796bf4f76c78a7d4e4ed4d03e46226ba56591fce9e8f3fdaedd0255f60e9009b3d52b0b65b1b503138e406522ea76bdea5ccf43b7c4b55f1e4ec

C:\Users\Admin\AppData\Local\Temp\vOEAEkcs.bat

MD5 5f78d648f05fb3f0d5f5fe351daf0e38
SHA1 5ebf005bd0f8d11209c63844dc70c0df90c3523d
SHA256 dbccc169645daadf47674acab6e4e88007d46b0acc4bf1b78c2724eca52d0235
SHA512 281cda3815b391514b6d339851f36c2673184a7eaf6c4dea3690bfdc06f2715971f150bc2dcb2472daada4f55cc339f58e75538b5c0f5f45f9ed7554f3048fb4

C:\Users\Admin\AppData\Local\Temp\TmUUgggc.bat

MD5 cb76d377c73c7883a5eab8814366fecf
SHA1 da8a1aa152ef35d577134eb7bd5bb38ca4152fe2
SHA256 6c03b9b4ab81434d2b365e2c4d651d825f925649f3a9f347c64cfd2fd474973f
SHA512 15a195ee140fe851684797508e12feb97ab76288082e5d069ea4cc84f625e582af66d11ce41e664fa763e9dc089c3f6c9e4164c14204c856c8050a0034c7df51

C:\Users\Admin\AppData\Local\Temp\dAYAEkUc.bat

MD5 9b7cb39be251b998e90d5c9fc9886fb8
SHA1 a9e7db04a53fb5f66844a9ab879648d7d8568317
SHA256 47b1ce557a5a0c26c665766dfe0a0b015094711f9aab9694a3553b9dd3485709
SHA512 c05db338be7b65b9c58eb65f19a80c9c4b84388e716943c073fc509c47797bd33f0de15408195b2be95a2f11114a498430578e9e4130e1862624aee6d4db4d3f

C:\Users\Admin\AppData\Local\Temp\XoEcUYgc.bat

MD5 e703cc107dce933c25dffb277b4a8195
SHA1 97f91e294cec5c525d767184d99e55e2269c6548
SHA256 5b448812780681ea84bdb95e476b608b2c5c657c9c63c327d5af1611fcda784a
SHA512 5a556c46dc7f5b6acec9c630302ad8f426efa979c63f98ffdb8542383089327f637933c468ce4fa9e3a0d405060a8f44aa61218b4e72fc3c43d7b1a34442782b

C:\Users\Admin\AppData\Local\Temp\UKAIAAIU.bat

MD5 f6bd9c6e91a452ae49858f25aa355d49
SHA1 ccf3403e15c644890a22de1c24da7b0377c39d32
SHA256 70fec5e2a3af250052f55e2b58cab72ca8a3e1de02e091e6343c2a7fc8f256d9
SHA512 134654f1de073d23b04cda12f6ab87744cb96bac2687c036fc50af4cb9d9df0a457970cc79b56e2028527dfc38a28f4f5f19bb98f939e88cfd075ae0a9666a65

C:\Users\Admin\AppData\Local\Temp\sMIkEQsw.bat

MD5 602d22606a8e4c4db7feac5e40e88071
SHA1 62e38ea998aed07b13f0a2248daf75e731dcc873
SHA256 6877243fcb1bec6cf2e4d0cb1f6a4eff67fb214b33bd2639c4e5f70f4be70b31
SHA512 8ee363d213ad1290793df6ca5474856e230356a2cfeba4ba30a302f08c6cc5939f01d2fe4ecb712cc9fdb3246993125c0958e89343ac1638264693782b8af9cf

C:\Users\Admin\AppData\Local\Temp\ocgYoIwE.bat

MD5 2fa4c7907d73173a9e77afec4f75e4b3
SHA1 2698306104bed5626db5d62c698947dacb7d6bbe
SHA256 8924cd24110d861cbdf4830bf5215afac0a03e357eab726a666992d4f71cec05
SHA512 a75b35f14975fc9e52745ceea28ed71de5b51aa2f7946d82814035862fa667829faac12af226d418f0e3593b8f229b911b1737393408a7672f699e714ea113d6

C:\Users\Admin\AppData\Local\Temp\kOMccAAA.bat

MD5 7b84072fbda90e924d2802ac0a099b22
SHA1 a5c16bdb2f07c312a6ec80a2f6c05b6728c8138a
SHA256 856288a1b046e76c25b13abb0b2bb813f5eb945563570b0a41d54474c4be63e8
SHA512 bc889359e6ec0e91e2e9f5ed661fc45abeeaba5281d08f25302c446cfdae072434e9c9cbe0aa372dba4174f7f0b72596a201063b2c79f0380a92a913e36fc52b

C:\Users\Admin\AppData\Local\Temp\xScEgYkk.bat

MD5 83c7294a90df8e7ba910ad6bad01068a
SHA1 1e63f90691ba45c25f4d0e9b70d38661bbf740b3
SHA256 364f7363fff1fe4500f1781c3e27cfd6453f49b8c87882a716b5c000048dc511
SHA512 53dac6d6e56e8898c924fc6aa2b801a35550888666e6ef9fad8f96c9cdf8bbb7682a408cab5b9c5c418195f2c262a84621cde6110b8fa62e911d9e4121d9023d

C:\Users\Admin\AppData\Local\Temp\bcUoMoMU.bat

MD5 f0c0c463ea858bb122966658add0bbbc
SHA1 0e199bc9d09c27ea8fe95ee84ea29dcda1477936
SHA256 b3d2880b0c10f5ecc79170c1de5613e0e3518ae8f26c8a253f0f6e56329d5e00
SHA512 770db910b26f3c3cfbd263390982ef9abbd6818dd30c87f469ffc225f72a3ab4bbebf5552a65084ee7ae76c4fc0cc97ee1ae293e432a3270cd0787087b1e6d4e

C:\Users\Admin\AppData\Local\Temp\ZIgMAYUM.bat

MD5 09bf2f7536e86179aa24503a0ad0a0bf
SHA1 5e6c99d945481ed268fd749911aa8444f94ae271
SHA256 4022c9e05719b67dceaaa58ef2258dac43852cb452183f26ce552f15b88d4d7a
SHA512 79fa44d51cc0ca661eb9cc72a021adecae29ebdba3f67e2bfac1ae7e5e4af8d846be9919f4e1c7c73a5b0c6b453fadabf20221cf92f95bf08b78e1f81731bb66

C:\Users\Admin\AppData\Local\Temp\VGEsIgAU.bat

MD5 d08b396eafc29f163911159294c1c098
SHA1 eaa39ce69549ebe9beec7afa8070f84139300ce2
SHA256 3acfda94c25b6476dd0d5367ec5a1606eed78035a889e67846d8c81a8e0ca6bb
SHA512 13bddb1c7ca20b127f635c8e6bd1c8d8b74061d3f05498afb3495d71b0f1460b239231285da076ad54ebb9e293034981e707c03c2e7f702fae6aa11ada8ef6ba

C:\Users\Admin\AppData\Local\Temp\YAAkcsgg.bat

MD5 6810af9f44145ec071b34d22b1976cba
SHA1 e44f86f6953ec1d7896543286f59a57591ba370a
SHA256 3e2876484b0c4b024964081d5601971deb4d49a98d084e8517059e3e03035917
SHA512 2743a1ad847668fcfe02587f09bf4c01f0e45d2918e66f4158233dcd97d108f1f5e41178f311e668bbc7eb8370552988d849131a4588d889fc8d079da381273c

C:\Users\Admin\AppData\Local\Temp\gYIwggIw.bat

MD5 bf2477dcd8ff52eff492fc4e0eed3558
SHA1 69e262cd963db5bd1f496d3d7733e0186190f35e
SHA256 7ae59730bfb6217a34681a8f0cd9e09ca7b997b7ac7aa7b7a345d241b245b391
SHA512 2780a711b2289625307b3cbfc81f07c8191e6e5a74626f79468edb2ea00a597a86a78b3042ab59ad79d1aac6568cf5643c253b7dfe8071ce12554ee7e0bcdb05

C:\Users\Admin\AppData\Local\Temp\gcgEgQwk.bat

MD5 22a8f42f1f30cbbeb5c820df9f23dd60
SHA1 0d4813359cd7dd5a49cc7e587db782f78547aeea
SHA256 a930844eb2027975566fccd568d76f9243fa2a4085a84a2554241bdf0439cbf5
SHA512 bb0fbf153cf57dd9693f875ed2dde1099bc0338f2cdf7c9c523760bad95a18f66081186f9f1d3e45fbbf1c2d8aa446fc37ad6d6897872437d654afe88d57780c

C:\Users\Admin\AppData\Local\Temp\icQC.exe

MD5 3d25007ebd0d3a4485629cd75e461921
SHA1 08c60d46247f8d4cef684393486915f0035b1bac
SHA256 288052f62711e51aaf4b717eb2dc313dc883923b4a37ed51568e28ba94d4a6c9
SHA512 d7196f59b5d13e0197424eeafa0a2fbd47a20bd8dfaa084c3d56c32e7fd0cc8c62890f12faf3fdb6a19884d999b4f085ad76844d64fa815749b340c83898c7e7

C:\Users\Admin\AppData\Local\Temp\mIIA.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\yIwC.exe

MD5 8003ccc9040066163a91523996a32579
SHA1 b2626c5d39baa706341dacd44c87e6efbfeb4386
SHA256 3019afc47b5da9a4794e0d87caba7b2d90c26bf815c4257a6da3cddc1a374bad
SHA512 d0bef67c8ceebf9b283ea7433a89a2b443fb02a90857f3258be55620b3bd8e3a5e4586a8134452d88f9258bf019d08c0fa3a56a92470909e4b4187c3b045a953

C:\Users\Admin\AppData\Local\Temp\UQkY.exe

MD5 45c70d869b3d6ef83ce73370bb7dc161
SHA1 674c50517948afa8c9f95efac51515c1316fc4a1
SHA256 12648ffccfe7ca18043d35cfe03e418f1ff34fd3efa2bea5c01df566d8ca60fb
SHA512 3c531b5c2336a70c0e89340a163fe7f0cb88b50112f2514bddfc36eaa0c649fe2f60604438532555cb573a5325f3a683f791c3a4100331a3c20492f8673aef12

C:\Users\Admin\AppData\Local\Temp\AsokMYYk.bat

MD5 dff50a59e14c8e85d319babb0bf23e0f
SHA1 a3da1ce7dbe7b62e52043b599fb201c840298904
SHA256 7eb6f8cc8d79a52b5126641a5b6be39578964c13ff70ac2f237c235c158a0cff
SHA512 a9d03291e5a9274835741881cc6a2149d4fa90aac81d6bf9f41f371e757350a94f4f66a4d95067d27dcf3385c496a6c3856d8707fe7e052366fa89068ba4d786

C:\Users\Admin\AppData\Local\Temp\msYO.exe

MD5 8881af5cc3e36a2a3f090c547eeb773f
SHA1 9377d875a6e0b31aaf47944882c6f95114470318
SHA256 980233fbaaf6aeef6974ce1e795ffdae09a8cd8c3fddb1dd3e19e652a971312c
SHA512 c219d30661e5676f95cf4ce94eea85b2b397b524ca2c6534779ad5460d5bdf38636318271511d249e7eb9516728e1fe9fbb00e6e510a088ac011a475a35fef9c

C:\Users\Admin\AppData\Local\Temp\mAAAccUw.bat

MD5 aaab95028d8b38ea0f3748cb66aeb523
SHA1 5ae2a4097456997fe53c06965e90e17e188c22e7
SHA256 eb37366b934266163c9fa93eef7057a12822b67312b3569a8a91201dcec36277
SHA512 18697b10868d8d262f208ae7314115cc3cdd9a9d119e7be2ef9b6c4bc228e16631b4385a4045fe00a23c9592b9b474107589234e4a1860ae3bb5c5dade7d17f0

C:\Users\Admin\AppData\Local\Temp\UYok.exe

MD5 8c73dc546610568b05821815b3ee9c28
SHA1 80b46cb6767a600cbb244929028b423951ded840
SHA256 a9464d50c841ccdd9470da7fe37a186beeba57a053eba35cb7864e6aea456231
SHA512 ca7d2cf27c825eb0cfbe5f9fd41097064662a2769aa049558e5a713431b762fd4121f7ca69e30a836c7596967e146df1190e1cecaee97e813070fb752ce30fdc

C:\Users\Admin\AppData\Local\Temp\QoMg.exe

MD5 11d3f4bc90750c7fd3bb82cd0a26498b
SHA1 3b60460bccb0e25f949bd64490e3a19748a95e31
SHA256 71e566c3c93629eeb7582435726201f5102afd7ec9fccbd6c29e7802a873b24a
SHA512 985cd77a4d548ba6a48c25cd9b81ef383777dc83082ac80deaf889997a29e7a2191e123edd37a169eb7d1d4401727db1dce5353787453798150ab2529d451ac3

C:\Users\Admin\AppData\Local\Temp\KIoO.exe

MD5 8228a6248e4ea81d80166fdb15ec84cf
SHA1 094ef6e13fb29028f53e00d497941072aae64d97
SHA256 913fb4f66f27639ce7289b6c59cfe38253b775c941d0ca2b10befa1dd4d1c6d9
SHA512 4268a878ec49f0053a3f6db8806960748c9e27dde25dd74a621c73ac6935413adfd6003941b9d890984ec5debbbec1110bf304b5df9743f450a8bd243d71f624

C:\Users\Admin\AppData\Local\Temp\qIsU.exe

MD5 da31b6ca0a31751a57594450d9b01bc2
SHA1 b223b6627a7605f24ab74ce79d27335ff3d9568f
SHA256 92d7e03e942537492344d731d733959b72f74832847ffa5f8f1a670246750e5f
SHA512 1c8859f8ec3b7480cdd527dbd3b845f98549545a8cb3df8d1a220d64e1316bc9d6be1cfa345c75e3482b72e069520de1268766e21a251e52f38110a0b4143600

C:\Users\Admin\AppData\Local\Temp\sUku.exe

MD5 140ed0714a5f484088da6520779bf60e
SHA1 4c75511c37e68b48cb1029a4ec37f6207f745f98
SHA256 e713a885ea7469ad982707b1d33a2c96788465b8238f8015a73bc41ec8c21f2d
SHA512 fa91e40a95b74451266dec2a9da415ac9be3efd9c7ad2d28ebbc8b278021b0a8fe8b224a179c2d345dd7931ce7f9b25e3a201a7ee3e392e9568e29ee32223e40

C:\Users\Admin\AppData\Local\Temp\UcsQ.exe

MD5 ad8e6aa954af61deb00897d21e0c40e5
SHA1 cea43ae54ec93dda8a901315193c186d5afb4edf
SHA256 88326b10b0a9f30ea1294b3d999e46c7595e85f77749defa5ec3b074d856fefc
SHA512 fe5282a4098245c4236163d48e13881f3967d91f06d76ce79b32a705b8254360056a356f2b1a478409b5d221b88f1d318f81f9bbd1c100fde25d98d2229e4009

C:\Users\Admin\AppData\Local\Temp\qkku.exe

MD5 710275134eabd213bdf6d1abe511098c
SHA1 98491fa4443800dc14b2f6379a7a6c10eb6bd8e5
SHA256 98bab31f7943d18f39470132cff52d8500a6439a50c632d7a11676f4da549efc
SHA512 cd90ae20649d88fd2d082499d0aa6c2e8a0cdf184255516eb055a60ce0238fbd8629aba7dfb771d0ffe8b18efd92dfc039ba0c94a3472278e980dc6918a8741d

C:\Users\Admin\AppData\Local\Temp\UEwy.exe

MD5 3c7f8ae6e1f5b1707fc4f392d06ad7f9
SHA1 515f4ad6756bcd9bdac5264e08de050b5f491be2
SHA256 25c655b4c1ab71c6982acb9f2a23114bb639ec3ec33fdea0358d70d1ef7e9f6a
SHA512 019f732e2e6e32decfac9959becce2e48a92507e9231d23f64f06f32e28426e52477da2d92b53ab9b04ed46f979a05af709c0911ed17daa766984535ce6d2d70

C:\Users\Admin\AppData\Local\Temp\XSoIAcwQ.bat

MD5 2ab5b2c6f57f90065e51e360c5928ccd
SHA1 22cb516c7e1efed24ea1c616003cdf2b1075c90e
SHA256 e025e12b327b99ed8c44b213aeb05c39207eaae4a3a979838f2a5182416bce76
SHA512 dbf07e6cdaa697f4812e496ba79eb5ee2750d8f3affc649621019402bf8158a05a7d36232c989988dfc9864bc3eac66aace60f8a7c8b14b059f5e45e2dad67b8

C:\Users\Admin\AppData\Local\Temp\iEQI.exe

MD5 f372ce6068d802c5294f21e50d84f0b6
SHA1 1249c0b9654946386a195ea2fbc08a234029c626
SHA256 b7be19a3952ea1b5ea4e3c21a94d485f672793638a0a88e7520bdea2bdc5b5f9
SHA512 07989e095fdd2ca9143ca3ad84987c9030e5757ad372b7ba8f6d59a70c11a097001299875c3fca06354bf8f377d68cfe522731e28a7d47cb6c7f18956b3271c3

C:\Users\Admin\AppData\Local\Temp\cAkK.exe

MD5 4beb9c6bf76ee0d8edf35ac0279d325a
SHA1 11aa18b2236b6c554360d8912e7b3884c5bce21c
SHA256 7066aa2b6d5f3a6a8032941d150e0a8f098866b3198470b59442e39bf295012d
SHA512 36a8722eef9d3742f74464e1280efac1fe07ce8dee0a67f333b96c3b80f3fa521d4c7f9919a3ecece117a61c6d796e282d84c85c963ebcf9f53660df02c9a2f5

memory/1996-1464-0x0000000077310000-0x000000007740A000-memory.dmp

memory/1996-1463-0x00000000771F0000-0x000000007730F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\assq.exe

MD5 bd04b59e2ced7f7ee3b0b45e5de7b959
SHA1 8ad92eb9fb4ed9519a0af0f28da18847efec9a27
SHA256 855ca897f80382009c43fecc7d4cbccaaa045cc0a857e38e53d69ad1b5c2e3f7
SHA512 6061395a8daf14ba60a2bbe6a510834a8c2a5e35a775e88236776e6b16a8a089846a14dcfa33fb11d96f7bcb0c3b961562897dcb63ce99e699a10ecccbcb21df

C:\Users\Admin\AppData\Local\Temp\osUm.exe

MD5 ddf2db3b374d51ff0e881523046edd73
SHA1 9acc5f3467952740cdf30813df5c47658c8fc10d
SHA256 40d74ce7caca80d25de2660a745bbad368da546a097504b6057eaee895cd6480
SHA512 813334717a62c11e0b77e057afdcacea456c5acb8853f29797d369edcc199fc4c5dba97672360b3f24d84c8c8e4352957ffbe4b7e7e5054cf9e61c769f7c4c45

C:\Users\Admin\AppData\Local\Temp\BAcEQMwo.bat

MD5 08dc86b6ddb8db4c020ec277f8cbc0ab
SHA1 9810d066f5c382921a0468157f3ec95753724483
SHA256 aa162418f694b3eada526483f8b8ca7079abd576748e9d564b4275645252009e
SHA512 2d7ba00bd2c8b62cf17c5f1df6428250b7a865ac42fe6f1725e37cb7fa482fc2f27336d45144396896bcb8c86668bc5636775b06c2d3aaa7164af06904b3c791

C:\Users\Admin\AppData\Local\Temp\QEws.exe

MD5 87abd85b8e35f89c91493b121d1259c6
SHA1 3ed4e39229593b37c56573b7127804aca40b1486
SHA256 703377eec3747a96897c31dd14c16a2f65a2a6967cb142bb4f738dd7117733e4
SHA512 61b770cdc7f5fb70f5001e36f6429a2028181fe23e5185bdae1af3d65eb12dbfc497a92be7522110a69bdbf433603d2a90a84bfe9ce3d3a5d3d9c6d2c102d9d5

C:\Users\Admin\AppData\Local\Temp\oIcU.exe

MD5 c3989a975c1c0e79a3f930af43e5e50a
SHA1 3e97b1c513c66a5bc09cb721296b6f9eb9a79d48
SHA256 32d481818264f1dd627523051b9fe1cfbdfba55045f9f6a6aa2b6b6b609e75d7
SHA512 d050ec0efa8b5f7a641865b8b8ab9ae902146fa8604ae12516a25b99c1d9c01be28872f93500a586f85ce5fe1828999917e3863380f59e0986a7071b827336f7

C:\Users\Admin\AppData\Local\Temp\SIQu.exe

MD5 e17db4e8589be45ee00a5d84f2a2b919
SHA1 7566952cd73ba9ee0567643af27ef0a36bc1ae87
SHA256 f3f5b6ba21a9f5568819d65674171b3bf28ee425dceb3744422b53f3691eec5b
SHA512 17e4d4a960b87df83a72a120661ff096b501b537023aa08c6c32866306eb4a10064d72bfeffbdb27f390193a15fde7a7d7422247dffa98f3e5a26166067fa247

C:\Users\Admin\AppData\Local\Temp\OgMu.exe

MD5 b501e5e5b695914be6a5097fc464532c
SHA1 e6594e461be66825a933ae827d5c87406eb66da0
SHA256 8404b609b9c0df377ece12ea9e8544d09aebd838b9615dc0811375dd568accb6
SHA512 994f62ed63117aec4f5b401bb39708636cfaf219305c4eefc8758e2b5bac7f97daef6b0dd834166682f39f5cb6b599f839be601378d963e70050565532c2ea97

C:\Users\Admin\AppData\Local\Temp\yccg.exe

MD5 1d116ad37ce0cfaf250462ee667c18bc
SHA1 26d8ce7d649e7fd2ea9a05f49db0b98d1b16b3da
SHA256 e422bd6648ea78054b0318dd48aacce8cc8426b8398a1e0167b015156b01b989
SHA512 27de4bbe68a77fd8c57a2a944ad05569c7c68d3f4a18c52f7e535ece01fd5c3ab0da1822df27907132ababcd5101d4adf795538d4756270127c370d41e49124a

C:\Users\Admin\AppData\Local\Temp\WwEA.exe

MD5 b5ed533a995f6441d125292e5d6cf32c
SHA1 2d930d5546ce505f25b7ff8f7946aee39912b329
SHA256 e89e1b5bd52f0c9e89004abd1399c2938d6fa214b194aaaa58269fc06972d468
SHA512 02bb53e116bde60d8626aabd48984d8070483d6a2598a7129fb0903b8157666fd3f2cf4d0a7f8263383abb278d37a916ee61871a3bee157140c2b9510eb6896e

C:\Users\Admin\AppData\Local\Temp\JgswsIAw.bat

MD5 08ff173f64c7d0234523c7d1be9ba7f5
SHA1 e4f4dac39182c53935bd192a4cadeef81b1f2ea4
SHA256 8a4975c8b26493812e032f43d678ab83ec17d4a5df90c9cdb314488b903b97e3
SHA512 3634031d0b7511493097efc8aa763a45c819383459c622943847a880590879463080f812b0b9a72577e6f93afcffeaffe29686813172e911143aa3632c1dd8b1

C:\Users\Admin\AppData\Local\Temp\asAC.exe

MD5 84c1e92a004162d6af73e6d5c530a330
SHA1 845a27c062b526c23b68f7b90cf0ceac3f5a6a7a
SHA256 72fb09bf4b670a620090c22aaa1ebf2fe954f843f8b90d645a7309be6d433137
SHA512 9e5b0adb24ba975456f134735d36336aaeb2809c3c54bee80a12839f664865d624545960b072791b644614c35dbf56af47132142e5455c0ecc3da8474d9c8671

C:\Users\Admin\AppData\Local\Temp\WQEu.exe

MD5 134a1fb941590c7201e682299091049d
SHA1 ebb50902fdf010487926440458e0d7e410aae7a3
SHA256 53e2797f9760a4c090665b7e204649f02db652b7d05d67b3343f4effef43af14
SHA512 5a2227ea0cdc2a78e8f7c1eaaa2e86a58abebcd79ef1420fc19442aba2b988377b9a9a479d7c43c027f894454d9d26aeec62ecafa5031ebc800be88acfc47f59

C:\Users\Admin\AppData\Local\Temp\cooC.exe

MD5 52f6abc6b19cb5d5646168066b8f5d20
SHA1 4d2b258eeb6c42524b69d628ad8a75cfca11b09b
SHA256 6b7d564b576aafbabe361b25538f80dcf9ee6093206474301218409b131cd161
SHA512 2e6263557590afeaf879871f103abcae231b987990f5e5b9ae7ccbe94e3cf1b35a4a2379d076f2f2640fe371c6ed12f277019bd060aa961173db792ff0fe0dfa

C:\Users\Admin\AppData\Local\Temp\MIkO.exe

MD5 2f4cdad83213e790389bf72fc6904e0f
SHA1 ac52a4f85be7a610063d88fc2dd32d1c978a2bff
SHA256 3e1ccb5d29168faec693287105c699e25baa4bbee4119dd9b77c81791c984dab
SHA512 cfa0b07baba66f4a4de715351780ae35d9026ae9e9723bba6cfd786c26373cbb17a45d3c2d6bf545ff0e80a85381d250277c2a6c5b6c096d051410ab27e04a0f

C:\Users\Admin\AppData\Local\Temp\eIsI.exe

MD5 ee168c6bc8092b7bc9824b01f62b9d7c
SHA1 dd9d1b95e7de0b386a7fc01292cb68104af08451
SHA256 6a09a740ee86ad106a3335f8ea485c1457badcb0978f809b2aee4d2b5c7043f7
SHA512 7f5332dec47a8c0dc1c820240d3be8951d052a9bf16c956a25859b20c33a6b801d5bb1b08f6fb4fb5cf81400b56fd44cb5edb7f2a302832bac8ab907b52b66d3

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe

MD5 43829b0483c9dc9c3d98238fe1f12909
SHA1 297987c80cc096c234a45d52b82686d55295701c
SHA256 9696385a2db883e8b0d80cbac66951abe0bd4a0e50f09649b8669cd5532871ec
SHA512 d2882e5a8c051b4f84e8276ee03f5329e7a0e00099e34fd2ae864cd5883f3d4d8c99d17888112f92b1ee3e5adffc36f3dc40ddf9d786ce904c3435655028cd32

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe

MD5 cc112989f9cdd88ded695dec92088731
SHA1 b8e82358ca9c6ba99ed2340580eef62ab525678e
SHA256 3b7de04e266ee7e657ab1e39dc9bbe747db1f38d849b12443751b146db64bf7c
SHA512 9eef65dffa0a3d090e59abae4394fe9d6f885fce4666ba59e93a0508f30726d6c50a75ab74896d14273a2d51727a39003434f246858b99d4d9df70b19b8476fc

C:\Users\Admin\AppData\Local\Temp\DIcYwIQQ.bat

MD5 8cd102f9218e2869e3e44bed4b6d114b
SHA1 114f8c013035065321331f53c47c3623ec73e428
SHA256 32be4552df6c65037365b4bdea81fe2007a9ea60e0b34f1bdfac0e8a49820d0d
SHA512 6be74f040cd569370e4e615e1ffc0b5008a0bf21f7c8dddd7de13ebad56cbdbb19b45f9ad17295384342363b57ec0741a1a13680295073c93916a4104a7a8bf7

C:\Users\Admin\AppData\Local\Temp\WIgu.exe

MD5 80488f09c5b3ef6e99da65ffa233fb11
SHA1 ae76ab506f01f0022a942537879b45a42470639e
SHA256 541e3e11432368dd306f3e64aace92ef0a422e0e9324bccf4e404696bbb6fd8d
SHA512 b624cadf6fb2f35df8add042bc6f1af3648bd133ff8d486246c7d60ddb4f088680b8e058abb03aa2c62c0e9f0031aa62162802bec9b33e9126ca76af33e5a6ef

C:\Users\Admin\AppData\Local\Temp\AYYG.exe

MD5 0fb557ca2c47298c08102520980d7750
SHA1 f926db0e2b7f9db5fbd52ff45eb65a00af208efd
SHA256 5e8fc64f7e62b961eaf339cfd1696b970f9166b64d06b6d6974de9b3e516a595
SHA512 6826f0422d551fcb1e241e297f3e894f71bf7ca24e76ce2b3c6b02cf934e641eeb5800babb76aa7bb01fb3f1121005b14167a8b1d111ac099512b1c8b47a9d0a

C:\Users\Admin\AppData\Local\Temp\IUEa.exe

MD5 84710b5e038a42ab730d0cad2409ed4a
SHA1 f6b5a18e782bf71e564176cf7e1a7d91c5f645f9
SHA256 dd84adbf582edcfd43436fcc6fa2f4855388df699e39435d595324990ad80403
SHA512 f3d67066df0a3548a8a86570f3aadd6e3893ac4261a20be20f07af6eec74e317b43154c691c9bedc951d5621c18ab5c5b8e302f56cb0157df3b28fd039263a4c

C:\Users\Admin\AppData\Local\Temp\QUAc.exe

MD5 10eb6cfc6c10b1558a4ad4e55b23fb63
SHA1 b28fb1342ba2e118bfe01abcf22aeebf5a1cf87c
SHA256 18dc3d3f99e9cc884ec345e9a1fbec6931e77e357c50f3a446b7221c771ab9c7
SHA512 b74265f2b1aecb79a37d9cb82fa83860ab6481895b04ba5e25dc9fca7eb5f3ef1c39f218d80abda0a90ada83530deb37e82d4e0eca9e7dc5bed0d016c767534e

C:\Users\Admin\AppData\Local\Temp\ucUS.exe

MD5 f35366b7ee6f7b923ff857a3dcceb8cd
SHA1 4f1c47fbf076b03b2fde1cd3cb614f95e547f3e0
SHA256 7e43935e6860be8594f2fa8f8984f36b0eabad02505e7045b29d7850d3e9b774
SHA512 338342f3356de89f4e8fa568b7e4dc56944ad75920170c473bb4886835be4fead620b4f6802d9bd3e6452d93dd6448173c3e33188d9dc2c61ed06fae1fb4a505

C:\Users\Admin\AppData\Local\Temp\HuQUwswU.bat

MD5 5a7833b2d3d15de33cdc112418cae261
SHA1 d272d51d0811a5b52bc72fa4d44bcd3c63fb6bab
SHA256 eec4e1fff81ef2962bc01e9e2747b11a3a03ecdbfd8b2116c6686b7fd553b99b
SHA512 7fd66bb3a841ba4aa059d605e90e1959a936798b9775a8073f23f00c5992aad9a31a786fb1dd7528be597f5f56964b502311c54fbdcd92ce86033eff17875ade

C:\Users\Admin\AppData\Local\Temp\ysQw.exe

MD5 599b997c3b4ce7d16edcfd90e1100e53
SHA1 7dbefe6d1ebec282364702f6b58cb0e3810e60e6
SHA256 86a6fdc8cd8a1280b7d3d24aee4aa9409f829e5c8807f9ab5b65a48cebc4f172
SHA512 e60575e77973d09bac3a411c0b321767050ae95786a25432788a2aee8e60b5c97aa5d0a36d459d9385106f3e80fd33bfb14d6d0799e4147abc77f81e11e16bb3

C:\Users\Admin\AppData\Local\Temp\gYIK.exe

MD5 a6eb9a983128e16c5ce49819315c5aa7
SHA1 2c8832a1f620189c1b868b30e9cc01a771f4c2d3
SHA256 69ecb2b71b9120ca0091070acea071e7a9c573085c7182e794f2840da711ca03
SHA512 594b8cadcf2b086570e4e2904e8cfadf84b41e7e64b96bd521b283151576a7ac93dfb0b83bc3173654c6924c18f1681bfb6fbf157b7e9f9e86096f28085c67bc

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe

MD5 8b6b2b2538d3b6fd6816f05a4ceedb49
SHA1 7e6648dc32d384bc6be5fdb57fe08524c1c2d93d
SHA256 1f3e4b3e61257bf68c82221d5f51870d506e9f9f6ccba2d35696faa149fafe63
SHA512 fef86427b9bf9e791a36ee8e6e379574f56c95919b53d21b0c9b5d6f17979946887b39e947b15b5c1507ba38f10e32f3f716ee046a0a8c7ca843b9b652352a55

C:\Users\Admin\AppData\Local\Temp\qUke.exe

MD5 8ae18fe9e69a5036157576cfbc4bd07f
SHA1 882b7a936853792e78245ad900c9d47233eca7e4
SHA256 e0bf8847256a77a61eed41d864179af5f1947ecaa912d38452f0f018b4070cf6
SHA512 3a509da4e27a5aa24108edda4527deb75069fde90c12ccd1a96555bd110b71a76ccb1ea039c7aebf236bf2be4de034e0714ff48062c668f0dd9ee29ae7f14c03

C:\Users\Admin\AppData\Local\Temp\sgwq.exe

MD5 cb95abedfd8724293019fe3fffbfda10
SHA1 53e2c8864072067331d454b4a13e33659c433716
SHA256 3edf489673a2d860c48fd213ebaf572ca4a6a590be7d93ab899dc178874678fe
SHA512 0b545c72fb901582a0773e610f39ae382a159ee839f47177cfbba0487326a0e596b064d4b6320ab545f4b037c257df3b16dd91cde83e04319557de44c473efb9

C:\Users\Admin\AppData\Local\Temp\gEYo.exe

MD5 4d2f411f4d848b1e537fd257e2e45bd1
SHA1 edb8c847be1657e574205925d04df304a3505a92
SHA256 08be96ad196365792c223fa933d97e8b78b48b7a9dc31c93898324b067ff20e6
SHA512 b62f73609ffd0ce4a98f7869bd0a274a4f8715e0d92a9c16dc63214331131d790be2aa6849435973d9858afe2293517c665a6d3f9c5625c75477759d2ac4e1ef

C:\Users\Admin\AppData\Local\Temp\Osou.exe

MD5 fce86edf5b0bb649f66ee4f4130a42ba
SHA1 ef8cdf49a4c302fa72ebff6af924fa6c3619aea1
SHA256 e23f25497061bec56645e76796845f38d8422fec982b4f60d494ef725980d592
SHA512 e0bfe951827b08c850fb1a650279cb5cb5ee86dae2d1de285e9f85b46b2b5adda2e68b4b3be6134bb55486406eb3156d43b5fd9f2c44b122a6d0ea8f7ef0cbd8

C:\Users\Admin\AppData\Local\Temp\wcMswIwo.bat

MD5 50d6897384f4dc5c74d50347c482da34
SHA1 ca2b524ab00768d09ab03bdbc855b08e95a90c99
SHA256 20373e48cc6b4c03dac46f6263b2ab266a46e652f35df09e991ef93ce0628290
SHA512 5c7ee6d393277564409f67d735bf83d82574893ce25139473b0c31e2718f15429ed2fb07d216d84a135c6df91d15c80af5a914219c49e15c74d08e13a18a35c5

C:\Users\Admin\AppData\Local\Temp\WUkS.exe

MD5 0c9ca593624ccc85393d7cd2ee42c59c
SHA1 7706f586bafd2e664b8aa4146847674702a44944
SHA256 ba03dd21bb5077bcce540db6a444850b522905cdb7ef0563525ab952b53776df
SHA512 289b62dd95f5426d2d212fc3b7c23494ec93dea08472ed3da847c78954fc2c91fd1ab281a2c327e3ad9474ad3bc400e5416d67d311b0f663d842594a7cc2bdf3

C:\Users\Admin\AppData\Local\Temp\Msoy.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\qwkO.exe

MD5 f75a51d9704e0c664ae0af128a598792
SHA1 97ec5c9dcd9e0cf0a607b7ccb95b86b4f3c2ba23
SHA256 ee0c134a20c7c06b9ed9fd21cdb93537f31cd9cba184ec0e8f56df95cc95a1b5
SHA512 ba10daaae4b6cf7b9102691b42d8a157d87be2691727d3dba51461a2ab5229bbd6baa38a35036ad4f64d30e6dd617ff84fa7076f23bb3dc9dcf0c74beb5c7079

C:\Users\Admin\AppData\Local\Temp\gcQk.exe

MD5 c77011fc57935dc5ece54db4f974fca0
SHA1 fa1a08f3a587bbe1590df2d9a3cd1d69d70b8068
SHA256 d03cab7d41003480908042dbbebc9d981b85296c2a1fe9dc7a789fb9aa441f66
SHA512 d6a2a223b627332d030b538c7dd040ac8827c84f42bdbe82944aad48607ea2abb4c9f2f2b5266ec4e52a49ee2d9ef54639e707fe38611092bb5c238c4a03f54d

C:\Users\Admin\AppData\Local\Temp\WEwI.exe

MD5 aa16a99af33b08397e765c08f1dcfa6f
SHA1 2df49be12bf5082b8802c14c109cbccce4fc0363
SHA256 f1276544ea916727cb36c40de25e3c9ebaba214ed3961511acd30f892a4b821c
SHA512 3660f64411892769b0b6105610cec369eb9475f95d176ee14344c797d50f72d159dd0f5b92373b8236296c2b485a851df8a650e51d75b5644b6dce3402adc813

C:\Users\Admin\AppData\Local\Temp\CucYkAQA.bat

MD5 6ac9fd512f6f26dabd46c410f8de8377
SHA1 12736634a0eaf88c12a75db84493cabb353a3dee
SHA256 2f9b2fdc39ec370d7c355496b8ae22722690da1cc7512053e4532a1405cb6958
SHA512 0b83142eddd9e772eee0e216f0f58f1f93b69d8b6073a6c8644dcbfbe2e5b1d46f01081d40c7aee82b543d1d31ac47a07a3dfb9a94bc331e3bfe757fd57029df

C:\Users\Admin\AppData\Local\Temp\WMYK.exe

MD5 0b05c7bb6d361555e770f1e1c6f8156d
SHA1 d0030d7c556f9fe631ce0ce60f547e03bb6c5a74
SHA256 b6b2a1ae4ee336830c279c271201058955eb4f61def896054c51ba2696a5a65d
SHA512 fefccffdfa4841af06df5016d6496fe078f3989611a6549e5d9dbcb4f9e449939bb75138f3e20af541ac2c6c18ad15221bb5d594a6570e820305a1a9762d1da3

C:\Users\Admin\AppData\Local\Temp\USswkYUI.bat

MD5 730524c74b424a5abbcd1a8fbc5fec3e
SHA1 60a30e2b7f93e7f6419bb84ef6cbf87b46ff31e1
SHA256 700ad1e486e2167e1e1f0116570a6c63d26934699c9e8ab4c3d3a4944a9bb0b3
SHA512 7440005c5ce7977be22ccf43133746edf42422a8815c00d6d25192f58e77c1097fcad20d15340ccbc360382fa7ef0843bea12b8535705763e91ba1dc15551628

C:\Users\Admin\AppData\Local\Temp\kecQIoUo.bat

MD5 d996b9d0999bc86f86b23e75b043c96f
SHA1 f2d2d4ac9bc20b3992a0e787d121b18318f2bd56
SHA256 c0fdbebe9b56c70b7ecb00814761eccca791d93b818df34ae85d11228420df37
SHA512 e26bc0fe66d46597871edbe6736e2d5c9bd5e4a662119c3c601bb2d5b3bb5df156ef1bfc3c4806b47ee317e4cec544e1d320ea16b72261d4000c20d0d209ac35

C:\Users\Admin\AppData\Local\Temp\NEowskEU.bat

MD5 4dc27dbec157ba131954556f49dd3117
SHA1 4ddd6c6299265c78132412025d79352b3a287d0c
SHA256 f5a83d8250a46d13eb921218a146d06f1d2edab95cfb3fdfb79d477a8d5a0c20
SHA512 766bf9704c342dd653861645f37274590c7f3c52cf2f0cc61f4724a6c9dbf763d05d5bb3ca060a42cc42639d7ffc15dcbcb9f71bc1cc29afb27a2e373c8cbabf

C:\Users\Admin\AppData\Local\Temp\voIoYAII.bat

MD5 46ea84b747601a73dff67371af1dc363
SHA1 c94a7309d862a6f08cf26a281999df4dff7cb62e
SHA256 f8b5f53d96819abdde68e4c58eb0c0239a556a805f5247af2aa07c90dcc3a482
SHA512 ed530257aa8eda6cfdcd00fae6c51f1a6c616b3518639aa3a96c9a1a0543830001f13329544e877153b5b27c539f5612fea14c32b7fe1d9b095ce5d7c70473b8

C:\Users\Admin\AppData\Local\Temp\XKAUgIsc.bat

MD5 4516fe646939db2836c94efc7f9a2820
SHA1 3594c52f5d500e2835966ae9822a011c38f8aba2
SHA256 80909efe5cde4550e9d026b5d56a5c05dd27df16890fec9442bb4b425e1be08c
SHA512 bc35768a26e325c36848f5b8a52fe1688057945f3608e8bcedd2bec2b75573a4fb6d63bb9160dfc6cdfe3e216202efaa55064e8093bd3e74d03403c10a6c68b7

C:\Users\Admin\AppData\Local\Temp\rwkAAIok.bat

MD5 ad710e37681d3d660600f26648aaebbc
SHA1 478fdc83640e8b027f64fbb8a1b50cfcb6732d70
SHA256 32f2d79cf6577d2df9ca4241e8b74eeb9d5b4abf8ea3c7043f21cf893d077d05
SHA512 1a0131e360dbac7ccf298fb2bef8e881ab71d60e29ab3fe71083d981a262600ebac90a35f977c29218be2293ec1a677a365fc98a4ac1b57066ede881e1ae489e

C:\Users\Admin\AppData\Local\Temp\GOIMAAQM.bat

MD5 0943b267d99ef1c1662d6daccf7f962a
SHA1 c992d46b7f31ce492fbc34e450a0f91b5998f96c
SHA256 5f0aeed8c9308f9ed5442d0962fe70957a52d4d17fbab9491a39ed38a8c7d553
SHA512 01b9fe4532cbd7e48fb14e0f5952609d71181e41e2a1a0ea5dc3ee948e6da26ebf40d714b347b4d998d720f2a3d18d8f9cf70bd27c937072639f3fdd4db4bdfb

C:\Users\Admin\AppData\Local\Temp\miUwcYkU.bat

MD5 323b7d6839ce121a469c039f4b2cdabe
SHA1 56b12e3ebc83d4fc95aa23e8fe9eb42ba056a915
SHA256 fe0ac3e1da9d3abf3f42f0f0ce5c650965bd1de8b69f49f517bde9b50b0c93eb
SHA512 0e3502cee93d2439fc43b71a8dab1dc77fb5c0839d3e28ae4465319b81062b80cf48703252e49eedd3911205c79e7543846feb1560753119e758211c57b6f43e

C:\Users\Admin\AppData\Local\Temp\kYYwAcAg.bat

MD5 4185d2e759928d751a5fc49dcc021dac
SHA1 8cb198a9b071e6c3de8eb3f3160fce4de1acb6c8
SHA256 4429c1f994fbc0f19ade29c9a73f4b38b0dd0ff35ea9c62cc94ab6a1400f2fb2
SHA512 a64116701f6d8a477349c4fda3cdbed4c58847a2502dd4c30140709fb11b473cf4f1fb5c7f6c4ccbef7ce413dd9a6b534e04f5ade3f1f17421752bc20ea3882b

C:\Users\Admin\AppData\Local\Temp\IkQwAYwg.bat

MD5 b2f08c15f84f772ac586d66c9f834240
SHA1 2b650508e52f04ddcca86066337e2a6d31b3387c
SHA256 671e69c03f1df562227f1e7434ef3c641b1ef6f455e61579fc16aa16cff10afe
SHA512 a56e34f22ba7269f6f5f7872590d653309cd1427f55738ca1c2e19891acdbd4c52fc5ea375cce41431c523d00305aab1eb3a6ac6d169b4a773e2cf2b56d69435

C:\Users\Admin\AppData\Local\Temp\jyAAoYoA.bat

MD5 99601da94872bdfad2c71bb70393293c
SHA1 1779f1ad75e034459056646fd285568d8d7cf2d6
SHA256 5150958e6dbbf999e063114961321df92e08a905320055d59e6bc9149d341bb9
SHA512 187fea2749464523494fcfe874ddb8f65ada5b39135e406e52add4a044d48ea2104e89a0b420525cf12c92f22e5556c9ac86bee4e2c355d0b52867666f5e76b5

C:\Users\Admin\AppData\Local\Temp\TogcQQsU.bat

MD5 b3cb2bee9297343455eba0bb7e7ec689
SHA1 feac0c7833f60084d5c5154f06e7158a40b2eca1
SHA256 66c9b0e3ad0db49892e16f2ef29064fb8af2c76adb0229c34f69e5e2bba7cfe9
SHA512 7ecda37f84df961f80a11af97fefae7883eda73a00ee31285fde631091b2f9910698a68c48cd6ccdc59bdedfe207eef69d117a8da214381f61ba130b89ac5076

C:\Users\Admin\AppData\Local\Temp\fkYEEkco.bat

MD5 8bbf360baab782aef520a8e2b3719a8e
SHA1 94d3d78af9f1fd57d6fff60983b0cc640c094e33
SHA256 6a5ae384478d44425b875b11058ea53baddc2ab0a309bf375dd8246a7bfc5b0a
SHA512 477fa1299d614148c0ff811b4c98adbfc5f6dc78b2c104625180c79ae95b4888cbb0c45fd4e26c0c132cc8cd56eb5101ddce845dc491f80c3b8aac2df2c9067c

C:\Users\Admin\AppData\Local\Temp\eAUA.exe

MD5 0d3748137cb77760fc98a0be2ffb9679
SHA1 8b5809fccc2118610a66dd2c572bbe995cd15fac
SHA256 4cb970aae244e9aad1473a29cd341685b36582d5bdeceab9b02f8968f97a3635
SHA512 58f311371bf421d6360e3378b59bc9d85236a50306eb6d85d02f7d73a821fb930033bf1dacf5bce47806edf320d20fa538bafbb59010ed65a75c916e3a338d1f

C:\Users\Admin\AppData\Local\Temp\eEoq.exe

MD5 04d066020aaa755d3f57295076fadd37
SHA1 34994c4abb21498d12ca20aa815e4c68f22cddcd
SHA256 f692b5af0cb9266346533c31da6c04d7ff8ede41bf526bef622dd78e7b040505
SHA512 0d45717527a140df63c1bb1c62c5003dbdf963a5d7e511ac1a41f749fbfe9cc4d325e4c3734b7706ec68a38f55c1861e35e7406f5838460c262b22cf3bb0ce46

C:\Users\Admin\AppData\Local\Temp\kssE.exe

MD5 8cc0cc51cfb539dfc3525ceee06a4476
SHA1 16019c8263dc008b48cbe179f794a7a0e4292e26
SHA256 e274a2610be9a3baafcfb2658f362b156d6d92b23065b28acc406b3ebea9f656
SHA512 e6f3ffe51b4c75248c6cdfef12f748b105ae05c8369352ebf9376ac532f557f06aba6b9b5dc941cca31a78dce4e661e8bddfd3c53d4509fe303c3899f0a22875

C:\Users\Admin\AppData\Local\Temp\mkMW.exe

MD5 883716f2a4fa19c3f734777a8d25f91c
SHA1 216b22531daf380827849bc5b58949b1268df903
SHA256 5dc1f6122bf368265290d0fca3c24ee6af562f0a144c3dbc3dac18bf136b33b8
SHA512 4c1bf1e4e32787cafb76049150ef61c2efc14c98acc88f5cc408eed498ef29eb289a9836c4059c7802fd9a6c55a1ab0d4b2edf371abc1a8e38c18fab4cbdb7ca

C:\Users\Admin\AppData\Local\Temp\Qswa.exe

MD5 30f181e10891a142bfc2e08dd802b78b
SHA1 8e9d36de4806a873ec29323aefad1e363e9d59b9
SHA256 325aafe7df9d5996d4ff504738b38d38aa59e1ba5b7261395d6c8005b18b6679
SHA512 ad371741e39a98e0fc8696e6ee7d28b08dcce9a1914dad976fe8091ef310e97d91941f46b5aaf8c8f4e8589a98e1c78224dc619ca18bc2c80d7293d4430f88e1

C:\Users\Admin\AppData\Local\Temp\fwggkMcI.bat

MD5 ecf8e3aeef3c5127f8fdc30d0ec42982
SHA1 c3122a28923755673676770471de32a501d33140
SHA256 06079153db68f33b11a7fcba8e7a1f96107f62c0eb38ca5383a4ee14a86d4106
SHA512 d0fded7fdea58132929d6dec900e237efbde736bfe30edc461f394ad9f03474da538acff87c75a1168f55b002efa33d1802537044db65d4296cfd3ffef7b631a

C:\Users\Admin\AppData\Local\Temp\owgI.exe

MD5 e7077da1e16375f14058aa5d6bd2beda
SHA1 61c427c624ed6e267b4978826b7cbef38273ec71
SHA256 567d3db5937b3ecc87c230127c095a0c4565beb9ab1e55abb6482753f455007d
SHA512 9b3d913d67ddd1ca5679dc795cc35744c93754b07b41c40d2efd6f74bdae8ad156627125d051b5b1fc5a292ba19cb1244aaafa3e6c15754f18ee358b025280f8

C:\Users\Admin\AppData\Local\Temp\IEsS.exe

MD5 8a3d8f0b88fc1e7d9a2c2b51229a1a84
SHA1 b5d02dcf55c7b2689b7f8489db7083fc8f6af6c3
SHA256 0bc167466c118382906ddf251e2336427b9befb657a5a50498af0d8b1d41a23d
SHA512 ce882febe4fc331fd57a0e53aaa298c094ed62df3f515679b676ad07fa298c0a9f824d6043cb564be72a21424775dc32257718b9dbf038303244222abb56bd14

C:\Users\Admin\AppData\Local\Temp\AUII.exe

MD5 f768f12188f3c11e6d61a36fd9dabeeb
SHA1 55536608704b740040c554d0d848a20db52f9472
SHA256 791b64d7a074e1948910f2a82131b2330e1dd7f3e9a8ac08057f88fa48c8110a
SHA512 fe6f7d31ac30a8addb9c6d976f8306c4ac41e5d447e8de7aeef1310b2c548d986c03eb6c2189cf7eed6d1c653a48a46584ab82162026b10bbb54ceb597c801dd

C:\Users\Admin\AppData\Local\Temp\Mcgk.exe

MD5 c45ef3aa30b6956f336194947eeba60a
SHA1 b56d0137d4b3faa6da1aedaaf36aa82b2ccbd54b
SHA256 abfcc59128026288d132ee22717eeacd8882c959d3ecb13ded63efca07f36b95
SHA512 0718aabf0d81449c2df6fe6c68c7bf8104c4fabe3728f81053987eac3d53c4a5786dfa8754e362fdc3e88e2430049111da77556f735dd7a8825029343f5856d6

C:\Users\Admin\AppData\Local\Temp\MYYo.exe

MD5 2232aec98e43ac3e42d3302ec85d79f1
SHA1 46d41c1d2acf9f7561153b2cad6734f3c80cc899
SHA256 fa799cf2a1693d6fdf196b08c770b7b233bec1e1e60e0bdbe1afd0fdd8c53a17
SHA512 d269c01ab13a5c1995df3124a936df738e9404eb9a6b02152bf5b0cb788aba5b33722cd208d224cc0fa413c4fb2e9a31e7173e54b61e5c0612d6a20ee315fcae

C:\Users\Admin\AppData\Local\Temp\woQK.exe

MD5 bbcaf60fccf908785d6a4b186317b3f5
SHA1 fb24c7d358aed82134296af293ad8f7cb31ae341
SHA256 52510bf252d3a7fb24ba97575adb918d61dd58feb82c6af1bdf3773cfedd398c
SHA512 5ac1a730aad821e2b8fd9958b725d9294f4f109d01ee46b832f185896b5c09942325c441eb5c8fdddd8be960f66d15e6c8214ef0b7a437f8e713395bef156c8d

C:\Users\Admin\AppData\Local\Temp\DOQMwMgc.bat

MD5 0b4cbeaa13eefed7ca45d846ec77fd3f
SHA1 ec9f954163399d23fdd753d96e547b53429f1097
SHA256 7161ed603fb9ebdc080b2df0fb084de694c9f21f23ccf01ec767b646a167abcc
SHA512 0130aaf6ed36bf48e46cfb775b0601fa27e849c8ff61913a165b05c7b22ee3970219101c682bcd202fed3c67dc240601db6ff36a0e465bbc53852704b7dcd0e5

C:\Users\Admin\AppData\Local\Temp\qUom.exe

MD5 962036f3d8b3e73205ed1b626bea2fce
SHA1 24f222c771657ece273d8cef2e6e9b1328b3f973
SHA256 5aba612d046210e1fabab12222de6babf4fe455ead033641faa39d157b6d629d
SHA512 7d2b3c244af10d16819992c0f7e183f1c3ad2ec216712fa233cf6409af5e5ebc943aa1002cd97ab14b4245986f3b596edf2e39664462c5d42b899432711b9ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe

MD5 d7d1e96371fbe40e4a6b1c417c0495c5
SHA1 7e25b49693afe0d63f71fc0dbab4e6e006c2d2f6
SHA256 2d298403a0e49fdb2bf99bd465c113c2f801cc85c979abab5135e9def65452ed
SHA512 07ded9107da5cba7dcd02d8ce7fd543815f5d0c7ca87a2935603022177eecd959292b7b0b371f65fa82dcadc48010ceb5b33e95930e039b2ce258865d5949233

C:\Users\Admin\AppData\Local\Temp\WYwE.exe

MD5 02631764d63a6674ba82fcd7b2d51a1a
SHA1 c9ed85490e72d32027e3445fcf9a8e9131e5e1f8
SHA256 0f35ce509d5b63a569aa5ff6fff2aa20e120f54afdd59563460bb7fae11bb982
SHA512 898491404777db8409acc8acb2211327d4a7337d677f802eba6f45d9114d32de41fa2de56d07f80cc8efd62ca84dad404175d73024e831b9229af9a6b53b5249

C:\Users\Admin\AppData\Local\Temp\GEkk.exe

MD5 6c81353843dbd5658e88db4cc478f96f
SHA1 28101ece491e2681262ed28d22b478872e02d3ac
SHA256 1b2b0f7db2e50ae9d77c094d70dafd12ea79c6109b7d6674929877c461f55b82
SHA512 169029e7ac9e013ca54570167589ade04715166a34d1757e11b718ebaa1bd377fbea30bde5ba3beab2a73fc070b7c7f29a32cd690d12cb83235db96d3152ec10

C:\Users\Admin\AppData\Local\Temp\yuwQcogc.bat

MD5 e61ca284a6c4ffc012cf248eb910dcf4
SHA1 472f772ef87b0bc58450ddc74dba4d151ac6d883
SHA256 e3dfadc1c9aa56b061fded5e05e0a2fbd590b1d3a1bb9bdebeb8acfe94a75165
SHA512 5636f862a3c79782de03600a48d54b25c1b9fa9af6db15833ab10a9a9a3c2fdf28e0e89b0234e8163357a0335531a4cb4ac519dbc9eca753c633b0271c9aa1af

C:\Users\Admin\AppData\Local\Temp\MYgU.exe

MD5 67ed8ce520b7fa4d6a744fdf9ac230fb
SHA1 1861fc940ebdbe204f535df156a68f9c8ae4b8fb
SHA256 d390cb0f23ecc6bcfce8438be28cba6c9817d33d6650c843ead38a11a3d58527
SHA512 1d75d6f3029945368c6b81926545061b7bc97d4a6a8783ca68f2eed763c9aa2eecd6fe5df8e4a334866a4015d71b649d3366dba2ba072954c7c91bcbf6efe15d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\128.png.exe

MD5 0f0b35f228959b9745660f25183f8f1c
SHA1 51d4963e47e7dfc6276727286072e76471f1f484
SHA256 a293061f7968f5e5ad381c922cd77811c05053aaad86c66cbf5f3792509836e1
SHA512 13984f9f068b671e72361c7028e7450396c486c90a1a6c1d5207bc2c81e3ecb148a5fe8d5194cc8cb07bd56a988fba3ec949566f4c4c972fc0f6899c08fa0f3b

C:\Users\Admin\AppData\Local\Temp\GEAm.exe

MD5 c701b7a72733a88ca4777985b0795134
SHA1 40cc4ce916d705efa1894ec3bdffc27861745ff2
SHA256 48ec45369c914c53b37c9603688050092ce3a76f4b5a4a9e88abf4be57c72135
SHA512 1be3cb1f01f25b35753afbdc57f97d1514e51f605364b41fbb728261c0d707c062e6b3fbdf424bed1d105f23e92ae2958c9138de5dae174e5b9d59286b698811

C:\Users\Admin\AppData\Local\Temp\UysgwQgI.bat

MD5 0c512ae4bd1fd71d8a7ab719bb3283e3
SHA1 7900561f51c228737a8ed57ad19010a8c04e0ba4
SHA256 4465997f341cd4001a569b40a65908a2cc9f27b30c5e9f6a994fe6ac91707e88
SHA512 0c641da16b09e7ac847bd6d756115fa434d526e6365f57e7ab7a847408c419c1845b3b037a3efd9e97222d06ac20bce8abfbad37def681db48dc6f7f0085ab88

C:\Users\Admin\AppData\Local\Temp\sMUA.exe

MD5 de5fbd5453692ffd7d2bfdeacca96a4e
SHA1 43a5717335a541b1b21d3e9e8e9687297d5ef740
SHA256 25fd6078690f20b6681a778ca0c932a124dcf8042202abfcea52cb35971ac667
SHA512 0454d6b4ff20ad25d9c3be5b7b543ea8f5fc7ddafd483435d73f06ae08bf68847f735ad92bdd7ca76ca3149524a2eba7abc257e27b0eb23ba268aea7570a4508

C:\Users\Admin\AppData\Local\Temp\QwoY.exe

MD5 3d76bf204beeaea93bedcfaeda11fc82
SHA1 72b232a677276ee63423463e83e71e4555c4e229
SHA256 ac58605e4929738804254564f831b2d1140d8399ff797fe06aa0bb9ef507f98a
SHA512 0f43d2f84d096ba9bd618a178901d72fcc6ff1b61c72a0067ccc2be55070e474cdaa1512f24f36f44de46973f799286649fb60cb050f9f15ada122fa3a6b64b4

C:\Users\Admin\AppData\Local\Temp\YsgI.exe

MD5 07d429452ceaf1346c52b087b41a66ec
SHA1 e4cf06abc40533ccb0fdd2736e2f65654386d7b9
SHA256 82e4385f4b23ab09848e49a90e19cfedfa6e5379c4317411c1b7854f69919f12
SHA512 9257c60839b005217ad912d040adb3362c7444413b29c0cc3d225019c8bb3491c88a91d0e5fa5d7cc800574fd78df4bbf474dface131b9e78763adadbacd8eff

C:\Users\Admin\AppData\Local\Temp\IgQE.exe

MD5 a3ec8da6e496bb97d67075aad68a8abb
SHA1 aad45a51ccca02c3aa117c1e6dbedcbc58b6d101
SHA256 682b9f40fd401a7a50399b8a22d29b257646830e1aba0af4f42248e50b7d54ad
SHA512 934161e72f5a55d20604a05f29699c77c55fcebc911c96451aaa003604f658473c22a42ca3523be0180c7d882d86ddc5ae2b56ddd834c83ab934be7f311cddbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe

MD5 b11e75693f8bd598f384d2ece593eb25
SHA1 84ced7e4ab917300c583653216e923659e444a94
SHA256 809069802354236002a0d644bd1be5b6abb71c481ae477cbd76b5ed67c835f50
SHA512 9b72f6624dc8a5f67147fabbd71a50b0ec4913c567179c84da193ca52e38f2a8c26b47565c238afb7078b3ead1068c732b3ab44b192ea8a3730a588651062a15

C:\Users\Admin\AppData\Local\Temp\aucQgcog.bat

MD5 d2cd33279d10f9aeee9c15559482b5de
SHA1 4c8203573ccea89117629222e4d9ce08f7347bbe
SHA256 a5a05b9c834dbf4dfae82be755a661a874145a87a3e1486034328ead2c33eacd
SHA512 d771d663ed0a1f6dfb2bd18ff56aa7704c82277803e91cef874a646c4ea234383ac77f4ced18eeec99d29e39e8df0a0e94ffab0487aadef6ad1457cc4c255209

C:\Users\Admin\AppData\Local\Temp\oEMu.exe

MD5 27fccda626de1e784d705610180f0c67
SHA1 75e641781722145a5d861d23ea5d83702c445e32
SHA256 ee644cbfa13bde306334e4d8dfe40dc16d63678b05a5d2a12e21b4663f1848d6
SHA512 7ff54b89ea8fe7adb64775d9a7de3b195fa7d936512d834c6825225998470d7a65de70401fca8515048ab0fe086aade14f5691d5c88ed3653a821fca18e6a43c

C:\Users\Admin\AppData\Local\Temp\skAU.exe

MD5 cde5990b1249aa5abcd8a10aa6ce74ad
SHA1 b64945ff121063f590b85bfd614db79ef9763df4
SHA256 29b0dabbe68e1af916001e093b5a2016517eacaf84b58e5c74f56a4ccde6e0dd
SHA512 4aec08a4659f858767a36575f20ab18eb8b18e91966b02ce280044df8477287bbc4cbcc7cbd7cf6c626e8948d1e22a93574fa4e2d8a32351ea3a2c14cef4a057

C:\Users\Admin\AppData\Local\Temp\CwIUwAkw.bat

MD5 f31c7b19d0a38a9e93c9092fa0f4692b
SHA1 3a62c2333a9a660efbbf8ab1b698496279e4de52
SHA256 e5199da097c3b6de02c77f35aec4f75a48f4fd689f0c1570bf82c01c9c12722b
SHA512 7bc942ec9ebdf896a1c0965e09f1aae91c61332a8412dcf598aae4e23ce1b16d61d0795f95f5d05130f4e6e21e1c98b12b02baa1dc13e1c8ea45a5e61d6892d6

C:\Users\Admin\AppData\Local\Temp\scgq.exe

MD5 661847fd4a53a1661c85962079c0333c
SHA1 f7157ed09f7b08c36a3442d7de0c9c5954f5dcf5
SHA256 6f9d98c8f9bed909216e8cdd853c5fe311170165e34e8297de56384b5218fdaa
SHA512 6f7d4642ea7088f56a68b76bb5637f563fbf802102f40a017fc3394043d57286100a5ad0824adaf4ca13e9eb219e13a10c369386c6e201e93aed3dfabb306789

C:\Users\Admin\AppData\Local\Temp\OgEI.exe

MD5 8976f51fb9bfb7232adb9d7683910495
SHA1 3b06d95da770c55a507f09a9fe52777ae492098a
SHA256 be0d395358db3a584755e5d94cbba007503e036bee6227c0d80d41d345057c4b
SHA512 1ec35599eb60595c235b77c1bb5f54abce9ae3a8378bc8cfb730ad358124d39faec2f16ff05646e4329dae532e919c960b4898d03992f16b40ed88924bdee6a6

C:\Users\Admin\AppData\Local\Temp\xaMIMYUw.bat

MD5 5e770e5c6bc16e893b3adb7fb593bf3c
SHA1 6e61c9e576ca65ea3910d8df3375c851c71d31cf
SHA256 f36ca5e442c7e4998e6e9521ea0cd6cea23f500aa4ec055a248cc0f24d25426c
SHA512 42c769cb7bd36e524a2fb426362e9196b3d8d34721497cc62baf83e97f173c8572f53b772a0beb779221cc20553f4954a080c9d952a521044a024004bf8219b2

C:\Users\Admin\AppData\Local\Temp\kgQm.exe

MD5 ad70b342516f5a3c31fa870c3dfe9c2b
SHA1 9f19eedda954478979f717a0405cb4f45aa005ac
SHA256 f878fe01e932ac855a1ba001304b693569a6386ada9a4974d4a60e324b7a421c
SHA512 8bcc2b43892cae5ec922fa38fd395399f5fdeadb6e5aed0f0a1ff7c710c53f1e135dbb73f34b4bce088cb7093302628c6549f41187af28b5f556b4d7a2817d0d

C:\Users\Admin\AppData\Local\Temp\xmUoUkcc.bat

MD5 f500376087fe20753d489bd3a19da2f4
SHA1 13fab47ae597bcd45c5249d3e9cecf420e958aa5
SHA256 27735eb517eb19a942117e20a5e4469b9ebfcca9d6f0544036f230ab4ada53a0
SHA512 fddbadec8343b632aff197438e0cc5c780a449546198d85124d1d85b78fcc28d3558ecde0353d2d1929871f53071a2c0ee4fddcb76f6c11268875ea672a49fd0

C:\Users\Admin\AppData\Local\Temp\aQMy.exe

MD5 30cd8941a16817b37f1aa7228023145b
SHA1 05ff46d6b2f43cb1237eead4a75e14fc054b1720
SHA256 0775562ade207abce168644b41d69435c0a1be724a86b0271960c3466eb17969
SHA512 d3f06d108f46c06523e522919afa841371639e081777844b83756161a14cef830b28bd13c6cdb161f0b3237ef02aae6a597177b7cc4c4f6d9595e9aa7cc11ba9

C:\Users\Admin\AppData\Local\Temp\QAoU.exe

MD5 04c97caf340a6ddf1264658dccf25948
SHA1 4deea40f9789a6dfcd8cca4d39848e71725851eb
SHA256 bacaa864c289c9e0828ddd4081a3649ad110d6d81eba4801310b561422ce23c7
SHA512 6e98ec9977e42a8a9c413012c0dd0bd1b694a7a41982a99e0d96c4ae672dd20fdaf12ce9e236c18e0343646984fe680e026e4ec2d5467de5bfd446acab6332f2

C:\Users\Admin\AppData\Local\Temp\YYUw.exe

MD5 bc8ac12c4021c0c768fdde662777b1bf
SHA1 7c05f4774db7d27ba12ee509993ecc3aabec2a41
SHA256 c46a32485d556badc0f8966f14cf6cac9db556e826b228fed973a1d61983500d
SHA512 3b0d7f1204785c45f68be1291bce3f3247d213e5491d8d58aa53a98a274874194f215e6cbbf4dc819757d29e03a7047d06feb9e1edebc332555d9e4d0ac06521

C:\Users\Admin\AppData\Local\Temp\WUEO.exe

MD5 2cc675a2debc37af9142a6da93114367
SHA1 3eab0a45a604ef4d52a6ac6c271691209847dd78
SHA256 d7fdcd3123fc7a74076ecba001887b02abbb794644dcfce8a7a660a26eef048e
SHA512 73f5d24cef54e11a9c949e0ff61bc7a6a9f1d3fcc6203d90c2ad42c3eeeb97978624656e0b9c1837c7aa1798b045112fef31269367f3f7388f53f299593a53dd

C:\Users\Admin\AppData\Local\Temp\QskC.exe

MD5 f0a24632e31e1c319c7b548e5a04bf5e
SHA1 89e5a7a2c69205edbfd51b394bdd1eca48613bc2
SHA256 5302a1dbeeccfb8ca99dc123fb202dba8e1e68d5aa5fed6869b49843654a80da
SHA512 891f0866cf40cfd1ed5a974c412ae28be225cf2529db00fa641c7d30795129aa0c95115ba63ebeb6007bf392fda82fff829b109abdfbe781f1af5a15e8a37a99

C:\Users\Admin\AppData\Local\Temp\IYQM.exe

MD5 06c83e6622d8cdef7e0a1d0ef3173956
SHA1 d440cd1319140b81d4736e7e6d9d926f359059e6
SHA256 badc9cfd8f5157d4faba4e3e76ebfc2f8cd78c9f5fce4b87723832524f821cf8
SHA512 4f50983fffbbdf7b4c6ad8ce66cc4eb09c8dec690777294fbe3a8ee87ca67af41015a3e1d706e1cff938d6c6d40f23296a518f38c77b497b879544cdc53118eb

C:\Users\Admin\AppData\Local\Temp\uEIk.exe

MD5 cbd56b3bd72c0d933fb0a6900e7b5d5e
SHA1 b248320ab75d5621099ef0006547e8c14e037409
SHA256 3d2706ed4e8f6fe798d3485831f7f95b756161ead35bfb986ec6eb62d317c714
SHA512 5d18d961b6b4a985e9a54b366156b2cd0751844a031b163bb8ba8918a0a9ced957848a06d5ea8af614f82be41999595ace24c8d955c76642f6572d282069cb81

C:\Users\Admin\AppData\Local\Temp\KwEa.exe

MD5 2ad1eca9d5430dc9911e00263082a235
SHA1 3d1ce1dde1328891dabe90cfe4f92f10f999f974
SHA256 a064bae909ebb94b88805d87a742bd8fbbb6986d3c9bac0e3e9e6fd267073d51
SHA512 84310e46d2c015ab1d2130646b4506619d707c8314b282b33df5d43afd53021d16f4a271414bd6d93b3b377a16d9c462475558cd3ddc60a149c41c883b899779

C:\Users\Admin\AppData\Local\Temp\SMEk.exe

MD5 63f7c62ae8a250799942ebfc39e98188
SHA1 bd72063ec852b6f9b3d42da1b2f250e5794b92a4
SHA256 20c510d38f9dde50359c7f41c174f9b4545f251955bf40b243bfaf1eda8d15f6
SHA512 17229adc7f511961529e33f9e539de75a4c1ec49130b1b7d0bfaed220975e4e63f3050a6fbd285c765ce76922dc252397573fc19f4ca514f73b58c8397ddf878

C:\Users\Admin\AppData\Local\Temp\ZuEQsokE.bat

MD5 93ca85a9e2cb09220dbbbfff0c64a3c6
SHA1 734db0a7ac79ade52850360f96f5e1e892c74091
SHA256 b0063496d7dd00dc20fc2384b9c9a5c6c8fadb7fd0614a700a6154a107a2b56a
SHA512 79a6e4e5cdaccba39ba3e708e2d97fdd375d897e4b789aa949d5956312129e678c36ae1d07fd3717f89b5e4cbdcfe67acccda9873d909fa2614dd3e7db9b3dbf

C:\Users\Admin\AppData\Local\Temp\SkUO.exe

MD5 a2faa90f1473f826c65f5a201c4335bf
SHA1 d09b2f64c61c8b1c8b0755c3b0d501724c28e989
SHA256 84964c4ca970c45b98b912afe7db32c298ac13fc995b8d02e366b8dd649dd73c
SHA512 fec4af3e41d9f782ddb718f42af246b6cb1932f3eae45e50685f4038292eb2cce2add89423540f43d0997daa86c0f0245972ce60cb7181b62b6eb601034b4b0d

C:\Users\Admin\AppData\Local\Temp\yMMw.ico

MD5 e1ef4ce9101a2d621605c1804fa500f0
SHA1 0cef22e54d5a2a576dd684c456ede63193dcb1dc
SHA256 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0
SHA512 f7d40862fd6bf9ee96564cf71e952e03ef1a22f47576d62791a56bdbfbff21a21914bfa2d2cae3ca02e96cd67bf05cade3a9c67139d8ceed5788253b40a10b32

C:\Users\Admin\AppData\Local\Temp\mQoA.exe

MD5 9ccdb68c7090115281e3199c7562a950
SHA1 0dca07d9b38a437489dc76e7947e8554f8f937ca
SHA256 cf2898ab310597cc51470485c5669863f0febd79261c1e5da239793e48812b5e
SHA512 6b9734785e99bd1f79a42260820be56f10e77652d24e0d181f615a3138d302a497f02989adce2e2e64655b84a093b16ed65c1d600b150644b34f6eaeddb9ca27

C:\Users\Admin\AppData\Local\Temp\Kcge.exe

MD5 3d4fa11850421d0224426e585d0825af
SHA1 569f263f2b0ba5c386db016a2fb58700a57c6dd2
SHA256 1353a488caa88ea12024ecfef4d4170f2a95e729749513923868202b354ea380
SHA512 387bda9f962daf140f18378e2e64386c8635dd2c0a8ed781866085c8e529cdfa731fd5d9a9295b255145e8d04260576c0449c4d52922eb164fe1487fb5f528b9

C:\Users\Admin\AppData\Local\Temp\AwEw.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\eoUE.exe

MD5 c5b39e14417486808b47af9842fb980b
SHA1 d9200369b43a035c7875e443c6ba0c25ca2d0c7a
SHA256 b1aabfc5e479be59cc81e17b96f9c8b590c22ff43d15feda7f3d1806a445139a
SHA512 a243f2f956edc0dd2b98cf57f8d3a40c80f37c5148d2ee3ce209e46ad2898ab66252efc586a22d59eb13eb32245aa1946feb5ca75e4d3c410ae5f24ffe35ffbb

C:\Users\Admin\Music\TestWatch.pdf.exe

MD5 ce8a3823a140a42a1a195bc87a389cb3
SHA1 71834fa427264f09566d5eebe096177adf76ab3c
SHA256 8e3dba1085aa04315483b0fe0d8a3dd83deb6e1b3105b9584c5d6cffd1c514b0
SHA512 f1fb0382b2fde939613307ec4c99779a81ebd3aea58ddce139234f1bf0ac500cbb407f061796eec22174db48d4d11028e70310b7ca0d80aa0f1f75b1291fca76

C:\Users\Admin\AppData\Local\Temp\yIcC.exe

MD5 fdde89702342f739c3552bc313550c2f
SHA1 3d3372a44f0cfd8443ef9de7c09234a84738e040
SHA256 9e0040a48a2a3d1cd99f3dde01b9fc638a50aba133b7fb6f32f58b2cf141e2ee
SHA512 b3e1de043632cc8c44d7ab2062a58e2e96533bfb75cb4f36247a54f4f0a36228d15a8f69b66d803db2021dc4fddb6c273ff4e230d847308cf7baf9f4ad5c8b35

C:\Users\Admin\AppData\Local\Temp\JEQAEcwM.bat

MD5 2c81baa94990829ac166d42cfc09fa2f
SHA1 6f418e0e2a6dc195ac989637b20a566eacfac15c
SHA256 6a605c639fa595568d5f4ca53bb1d3bd101c25aa19004b706c7cc07cac31a0b2
SHA512 fbe0b0d794c99a640df1cb4e46afa64fa70974736f8099dbbae99a217217bf8e568ebd5c97d66eb998ba80c3e9c35803827804b9fc1b7ec7ee8cbac3b44247c7

C:\Users\Admin\AppData\Local\Temp\MksA.exe

MD5 9943dc22560c548692bf0365b9bf3047
SHA1 ae6d0cf6e78e4ae9581acc199b149c4363190a04
SHA256 3c411ecdea552a670ba3c0485322f8008700daa9720525fb0b43d16495ed6777
SHA512 8f5f263c4f45befc9782ff481c851e71b77e9e355922e61a4a6a321141e9df436c82edbdcaf7d3c43f3687227693a09b02dfff59af02682003b92546778096b7

C:\Users\Admin\AppData\Local\Temp\GsoY.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\Pictures\PushOut.jpg.exe

MD5 cde461272c1e562349765cc9877e9f97
SHA1 3d8a15eb8c3d47387deb73bcdbea9220b3503222
SHA256 8b1822c6d37e699f1b5663be920227d9a660654ddda06cc754ebc93be7192b9b
SHA512 6fa8a7ab2f9d9c2937aad568534a40610de14e750bcce5173e16de7f02c5aefad0f0cf7c6113625d3c4c74e7f03e7730a794df5b3db25a5f8a670aa7aa97bfd3

C:\Users\Admin\AppData\Local\Temp\YIkE.ico

MD5 5647ff3b5b2783a651f5b591c0405149
SHA1 4af7969d82a8e97cf4e358fa791730892efe952b
SHA256 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db
SHA512 cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

C:\Users\Admin\AppData\Local\Temp\qEIK.exe

MD5 09be2a44aca60f94feb5d2b4f69173e1
SHA1 2fd03d98975bd5c11b35d4261ef523c665a67f31
SHA256 d686abb42f624f71a0d00fa73bfa943d334a6417b0819ec35a62f75179382389
SHA512 77c95a02b1904bef66b6e861f2adfc7415e925db7fdfd214c426110f99433908738b3d0cf5e8386c8a6a1e352120795cc2290ff7791058213bc121fefa29bd3f

C:\Users\Admin\AppData\Local\Temp\okUI.exe

MD5 b1a3d74ee126484df6f93267902c87d3
SHA1 4b9e608a33c4bbe7a5168b662ea15150c456949f
SHA256 bf30084275d375b64b40e4f4c69232c1edc65ba72e4d6045a44fa55fc154099b
SHA512 ec4ed46e72756108c3f520b1c1139f48a45f213e606ac3daf40483fe314643a78923569d3aa4019ba6a0aa32cbd6f04f0de0fd37f03493c96f5981237014612e

C:\Users\Admin\AppData\Local\Temp\EYIm.exe

MD5 d1e2f0ecb978c7cd8fc30184acc7ab6d
SHA1 0f9edc204441970af9a62030b371beba49801ef1
SHA256 43facd38a03da7192f8936053a90f7695c29aaaad18b2d1ad8fbcc90ffbd0a3b
SHA512 6ed80983c55037efabaa775302608dfcba486c4806331452800d7dbe6f1c74dcbde18ae07cdb238a379163ea2d32d414510d05b6659642a86059d96ecabff3b0

C:\Users\Admin\AppData\Local\Temp\MsgcQcoc.bat

MD5 33eec06c3919de5187743c34daa015cc
SHA1 46f84ba4a3d076e0dbfa3f3047ce1db93e6653c5
SHA256 a6bc6c661c52454d29cb46821cba122037913321b7803a52c5ed59f0e5cc657e
SHA512 823e780fc49819959fafaf5d4ecc70d5934a27ea31af8806181d25e8bb76f99138d3f98052f0cb3b8e9e48bf39feefe3fe4a1baa0a427eaa2d2f980d886ea699

C:\Users\Admin\AppData\Local\Temp\YMoy.exe

MD5 28dbbbc58b4af0e93faa43b3c6bc8887
SHA1 edba7f95d4cf3f5207f6e76d1977bc7ef4b8aaff
SHA256 525bd5cd9e99dd97f1d4c9f3be7087684b4cb71dc3229a8d3c098bd6079f0df8
SHA512 49c7d0d6ce52e509054a04dc1dfa1a0bc92cc0a2df87ba5a3f0112b8f418fb8be7dea1d0dc3286d96b2684aa5b0575078abf9b8e300e7a09e2b35988511581b4

C:\Users\Admin\AppData\Local\Temp\isAK.exe

MD5 ccb6635e3102fda2be4d766c8d4d8838
SHA1 bd1486db4f66e1d04e8b2942d007ea1a3ad4e636
SHA256 a24475d4ca924ff7b2735612b7a46bddc8f9a5a0385044a999b029c7b2e9d93e
SHA512 9227c569c45caf8eaed447e7cbf1d40eccb2281ef8e6d7b948c9975d9faeee9ab409b2efc62e701142db6e4d56fe213a74c1575ade265ee871f9bf8a820d8875

C:\Users\Admin\AppData\Local\Temp\IMUO.exe

MD5 93badb100d5f0458873dc62c0da217ab
SHA1 2362fb6ac8264cb515678852211ebc748f9f2fa1
SHA256 afdf443df0e86df9461969aa2fad26243e41a318cf22dfabb5c0566314764125
SHA512 c81d9fc9d7eb2ded61ac034d0a562b1937f93b71fa6b0a89ddc9b82c658b603cc5a1fdc6cda187dec4452ab67b2a8ff39b4b20d803ea8df92e221aa2d17bd611

C:\Users\Admin\AppData\Local\Temp\sYsY.exe

MD5 3b0f3a3644d5a5c357d954fcad1722d2
SHA1 ef9db5f9f0bb6dad863a8ef08614840f826255ef
SHA256 db91d74561f0a2ffcd326231c592bfc9597bea3a1f277eaac3c0803c15d8ca94
SHA512 ed6d0da07586abf0d8367bcc99c93f2236eb53896769ac9f18086e89fa80c5bb9695be8970c3e600d7bc7860fd6905f81b2c1e9f675f3c541d570f9c15d85a3a

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe

MD5 3818c359abfbce75467c5eb05d0121fa
SHA1 4d9b0a061aeb607763a210d8cd9eae868b9997a4
SHA256 93ba2adfdcaca353614e4ce00dd1c6e4a3c3063f0a2f7a21b3f3e478046325c3
SHA512 61aa331938ed79e52c83a6a324eddb090e3009bc64f893bb93d90cfc0cf21cc0ac1c4d2a92b1a1f451d7389403cc26b25a6a278bf1f090e18f5ea2f3569bd04f

C:\Users\Admin\AppData\Local\Temp\wOEcgUcI.bat

MD5 93b27b2ae7ad8325573ebcc7eea3526b
SHA1 01f7efa799da35e1f50f44a7eb2f979534c30c08
SHA256 4cca94e751959159500b977e27648fbd3c05a63b1f6618fbcfce78e4237f6e79
SHA512 861666a0f31f61030d733cd8f8aa4dc0d9457d3893b9d36cd7ce4840e935bad9c566de3d9c0377eaff6158c96dea068b31bce92d19e62bd8928b13a18f09eb22

C:\Users\Admin\AppData\Local\Temp\gMwC.exe

MD5 a89a16f0cabc9e4708c27fcd61e44bae
SHA1 63673c5cc3e28ae4916413181a03b7c3c188201d
SHA256 e85d28d559450fd10e9c0aaa8d928022ba0fe78b81126313686aa008fbb5eae7
SHA512 5c1c5848c4fe728c5eec364e6a7fd87973dd737d7789ff087b20dbfee3e58f7579f3241e89352c965b92ff8c704bd87ce886843c41951f0f087b4ab6dfe6049b

C:\Users\Admin\AppData\Local\Temp\UYkG.exe

MD5 67b22b12de293a0d4cbe0c2b34a6d678
SHA1 8e5989f7cfe5eaf422c4bd1c0b04cc05a4896c5e
SHA256 84da3dc67dff96a20bc64c2ed0e010c2e4cc077c14c0bede9e422cd2de8c98bd
SHA512 6506beb1785d470476226c8d8bd8026c6533c5993af0a7ea4098b17802a5951e46d3a8171bc9d6877a8eb7cdae35756e72e54f9dcf970e9266285056694ccd9d

C:\Users\Admin\AppData\Local\Temp\eIYi.exe

MD5 12281201783fa52bc94f69ba4a1d8fb7
SHA1 5fbff8d06300b328c64a329f334462ab8bf62a16
SHA256 cb5b270118e4e56c72e5b959972a40e89fb7a63d1784bc41b0730830683f5498
SHA512 04d186178cede9441add70299793fc9ea44e922f61d9091e3b0ead3b7afd842ff8115bae88c530fac2d770039797d8ee09624173942fd1776f4a19f5ebb8812d

C:\Users\Admin\AppData\Local\Temp\KaYEogsw.bat

MD5 18439f29f1b0cef22e3b07ea56f9a864
SHA1 bff1141b8dadc61a4bd8dc16d01f393cfe6ab7e4
SHA256 35d7889fc86b9cb952390091461501b7ad0846723fc6524479e8bf0e871e79a7
SHA512 9799f3ece9409d270caced3f7a806904269b7f2a3adaea9d64bd2e59002ff476468d7022dc7050a376ac52bb976bcac5e6ba876371ea793e2a0f7543f32cc30e

C:\Users\Admin\AppData\Local\Temp\ScAo.exe

MD5 256f57b17bcfc1368391d45729041b83
SHA1 d3159ab6a46d4fadf2a5513e079745359fda5519
SHA256 2203391dabb770a3a7dbc38899959538535c4caf7c95c8de3d2784d12125673e
SHA512 f9606b5009d1d625252e45ef3385a307125aea3111f981e0693004e12081f1735ab3d6d9b33e5f3fbace36862c49e24702d675b5ac169205eb75ee248fd0aed2

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe

MD5 228e2b5994817a018cf826afff253ed9
SHA1 e1b43baeae35a116e7c14a15191d11fe8ccd40d0
SHA256 4a0aff16e391711fba767d9c11a83ea61ab5e18fc7d1d8668e39b8b0cb788d3c
SHA512 d208701b88aedea297c0e775fffd2f086efc4c0379c3aa8b74f02c6c618d9b12ea6bd3af45e57803cbb118438dd3a33cc3959270396952693058a7768e000f1a

C:\Users\Admin\AppData\Local\Temp\wokY.exe

MD5 95249c527f735e8d35ca7b0adad5e48a
SHA1 a880b556499bacffe05456b8564876afff704d7c
SHA256 2bf1eaf418045d0ba94811609b1334a2c80063c05856d17c024361d38eed29d7
SHA512 c01dff75bc00d3ab70c0a78e91de56ef2dd399ed2931d47956414064310bd4f34531cc12560a8871f9817ed41a74d97f442f9e83eb8d9f6bc22ddfcccaaa8418

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe

MD5 7ca51efaf05b0c003890fb7e7d3d093d
SHA1 f9207a76648138815f84f6084ebe5b79d8cda628
SHA256 7e849f4a1b2418871d6f5ccee63a5c5e54afbca72fd501231d248a543a3bef65
SHA512 00028946057b40f7ad7ff3fd40874deafee51ce720ce5beac4c1b9413f1f4538484e95c0743ee0e26bb3b7c68f4b7d764b813b304daf60bf1074c47b840121a1

C:\Users\Admin\AppData\Local\Temp\agAAIIkI.bat

MD5 93a0cfb7fa392e349efaf71726b77a76
SHA1 ff80bf7efb9cbbc4eeceb19d2af03e0812e67627
SHA256 09b77833393d24f5d808e2c8a3ab3102195515bdb167c241b6520b2475da9bb2
SHA512 4bf58f793e891af830a057232b8951148c46fd3f94264ba6dda331e80b80981bdf2e3e9b35b405c9c84ae34faa5fe212a2ca72bf415bc2a4cecb0012076dda99

C:\Users\Admin\AppData\Local\Temp\usge.exe

MD5 d8d4d9410bf463d1639288a50e633970
SHA1 b9410ec1504916ce1b67663db8236fe3c85862be
SHA256 e6b2a8abfdd16410e29f4823040a4f49c16d99168fce966e87004576efc37372
SHA512 7d9685b01e85670533cd35ea53be9741c38160928bbfffcae73e3e53a6816dc841369bff89b453bbe008e42da38d6924cabdabf95c82a0244833b5de8f19e02a

C:\Users\Admin\AppData\Local\Temp\yAQY.exe

MD5 03288831766c7fc69667d51151e7ea29
SHA1 358b70eabaa808f772c23d123daab5a6b70d668c
SHA256 fdff16247fb04089eb5a486f0c86dfc0b8ccb1377682c7c6c059d9688f94bb94
SHA512 91a7a843ac12fd2c98effd5f4096b3fa6c118dc08ae6c27afa07a7ee25c53697325fefa45506371d0679d1aab75787ba18d156179cd354198c2bd7f8094aa528

C:\Users\Admin\AppData\Local\Temp\qswU.exe

MD5 d493024336952a4c03214844aa61b45a
SHA1 ba88b5d29ada4222f97807a6575004fbdf5b156b
SHA256 f2ceca57ad7053f27e8a7e30ad17f0c2d9b55b7e5404ccf0313e1bc699287e4a
SHA512 0361b0c7b9a4bcd97638175d8075952b55014727802a16cf543c33558ec9ec5b80cb03b483ef244a2f00f4ffbc79155a13c0484fed84ac1b8f320cc6c2a6776a

C:\Users\Admin\AppData\Local\Temp\iEMS.exe

MD5 089cd6d1f8f01700b0bdb008574e57b3
SHA1 c49f174cf3f006224b5a6457ca8758a74780fba5
SHA256 fe637ce9eb23c7757ce00056585892fb927904cf56053c1adc87453750f41e38
SHA512 b21199b302a49f02d6780e858bd5720852d6120b53264344e067c04ef99b9a4d3a19a1917008cec72ae1db1ec56a550c789c7fa7a8260e79e0a96291c08dc018

C:\Users\Admin\AppData\Local\Temp\hSEEoYQg.bat

MD5 4bd34f2889ce472421ca470527868651
SHA1 f72b25f4f66b3186741466011f17ad8fba3eb964
SHA256 1a68fc5efa9a9f00c5bf5a4564bc61ecfa00ae7a3af2d2a2cf73fc6127d2c4d5
SHA512 7f1147ca25cfa56d8df5d75a124234f03d66614b602e872a68c17ea6d21c0d3489345eb6f8f3d1722e41060c42409cd134fbf931e9a6c4035ffa2a5b7c8cdcf6

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe

MD5 8138ca8341bd0af9518dc8773573ff3d
SHA1 6dffa50e2f7fc50f39f6d5a8c8b93316027218b7
SHA256 fd16c2b3428ca764ac50752b37b1ef4a02342ce17ce6c884aaf159c4dcad92f2
SHA512 737cbfe1f55753498c4f96aed28823779086fe8648d59715eeea4dfbb2cf22126c21332da9469434ccaa25898b1b06a10b99542c84920bcec992d3c0b488a8e1

C:\Users\Admin\AppData\Local\Temp\ekog.exe

MD5 2bb8e751894e98c4dab5c44b067526aa
SHA1 59dd0a52baef2ee0ff41583df4e144eab5aeb184
SHA256 d2e3afd9f5ddad1c8156547ddaf545d122e4a52e5519b5d7ddacef40c77054bf
SHA512 6d27f09fabc34dffc78c937dd444e9b13ca67127331e3f94d92252cd26abf6436e383a4a3c0430dc124367c1178b64d4bedb8fe374ab8473e18edfdd2570bb22

C:\Users\Admin\AppData\Local\Temp\NAAssAgs.bat

MD5 3beff8489583fab204c484908ed389d7
SHA1 829292dff7b7b34c0cdc7b0e73839af4caf64829
SHA256 926a137756a43c94c69a239718a0c0eec363033e03e2920cc5170e25efc52c9b
SHA512 6158cc9b7dff2f62b25e348641f031383c1fb0e8678dd95ddb55a65f77b6a74202c4028d30d83ad4b31539f7ded5a554abaa14d41f7fc74944f59eb8421315f9

C:\Users\Admin\AppData\Local\Temp\EcUu.exe

MD5 3c3385323314617c1f2c9251e1903aaf
SHA1 94189e4b15fe5f070da0daec698c4a41008e949c
SHA256 575573fbca29424ef39897bf72a2a278836833285fffabd831caf497d42fdfc8
SHA512 31150d648ba405b9cc87ce50bf56d90494e3d9e2d4649938267a7a993b13b4511f83ff8af9cdc20519cddf9488b64ebcc9cc605d18ddb2e9be7f4b49d20457ea

C:\Users\Admin\AppData\Local\Temp\KgUe.exe

MD5 1787472c67fb9e7657f08565355d7b0e
SHA1 a35693202a4122b07aa4a7107f72fd91f43ed0f0
SHA256 b87a782c9709f59495906a91766fbaff294cdccf1a1c841505872f73c26f0926
SHA512 f7d933491126940ead6a8d152f8a1145fb5ce0e82f4366b6cd4db923241e8c8bdd99317de2e58c9b9def284e8385d623859ceb10f46ac62eb53866e9b168b637

C:\Users\Admin\AppData\Local\Temp\mYYU.exe

MD5 a63149df94d24a7fb40df86c54093d76
SHA1 43777768b437c443765ff20e70b71bf7a0a80df7
SHA256 41719fbeddceaa18ee41449706a8d6d3ed10545524a76e379680d37020bc4c6a
SHA512 c12b58bc8a08fae1e3c41c857bbdd9162b2da9cce2574ff416478ab5ce0f4e1bd5fd0ac5612014b155db98ad7889ec34578ccff560be5fa9f530531a7dd77fea

C:\Users\Admin\AppData\Local\Temp\DYMIUEwc.bat

MD5 29683ef507889785fc04fdf191ac4d36
SHA1 e1ce07817331b21a03d461b6505d2f9a2349f19a
SHA256 d2aedf34226c6d5f5c875f8c18f025c34d0b76a4f83876c459e0a0ac4fa1c56b
SHA512 246ece676849f97e8323059dd05b4629779d75ed184975351180bc3a16b4fc96938119a692f518aa8a35a97e96936b5e453b276a82efb0aab3e92f7c8ec56a1e

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe

MD5 76063c045b421841a581968ad4bf6b72
SHA1 9a7987063ec52fe9e8be492a611d7bcab3828ee3
SHA256 64bf910182bc39c1a96701c109c517439f4443dadcbd28da78b6572222b7c8cd
SHA512 10d8ca9d701fbd17ff3ffbac4b5d8efabc62c8b45bd7d17a780f66d9ff29abd6bff7a66b734bb7b59bfca6949904b645f66bd7ab2f518ecd1516f3673aee9bed

C:\Users\Admin\AppData\Local\Temp\GEwy.exe

MD5 1a64b1e4314b573ff8bacdb6b6b2fe7e
SHA1 a6f06f1dea8a6dc4f8602daaa4cc56c7d74f8782
SHA256 56381ccde92362bfba20e9c516470645a29b8d504bb7098d522a48831c2aa9be
SHA512 7ec76d3443fcb2be73761620a12cc390d79b29a72a3ac8af36e97c7e356d0ce0d339c087de28e79d87ca030ce6b2f3092486e67f75c737ad8e0a1c46e4291b4d

C:\Users\Admin\AppData\Local\Temp\YwEi.exe

MD5 e222839f659d323c8dc5989b38ff533b
SHA1 2b401558113f986cfab575a70370d827b25e5636
SHA256 7a9780cffa89e0730efcfed98425eeb8ca32a30ebca57d00c67557824736076b
SHA512 25eb1b720dc48b4b6164bfce340b140241b575726d6ed944535440eab8bf3319db531e7a178f24aa33cec323afbcb0dc50a137914a35c285c9f87e9b28c8abf3

C:\Users\Admin\AppData\Local\Temp\GIYy.exe

MD5 bdbbdc6f59cdb7cb6f6f61f43d77d65b
SHA1 21bcf03d56691897c7cc3c7abcb1070a2eb36521
SHA256 68540597f1e865cb4820d8bb44e5ad976bb042db7c484ade6f34410a8f132f1f
SHA512 399d96bcaaaabc9ca30e69bde81811848cc8792f3d7aacf057bb5f097d6ce0ef46d9e46c9b704d17d835573c8bccceb75fa8bcef4ee3b42ecf9af6954208c792

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe

MD5 264ac1892845ba0d4bc670c9874e8d3a
SHA1 bcb9b7b5a6117144e4a1cfe03bb9693dcb572131
SHA256 3e487cc4d7244a080408a7c5121be5f4f40fa9a93290d3b61b4c653367f43a8c
SHA512 19f2035d6899615a3b75d9124c42d91ab3060a4ba9ea36e0f5921814edafc197c46ae78b101438e3ac6ea732f1fb9a721b06146e9981a52774fdacc55caf52a9

C:\Users\Admin\AppData\Local\Temp\besEssEI.bat

MD5 d0b17d113e1c8fea400dc30fdc9820e5
SHA1 9911e4f9a2c0ea443c4950e27ebb78cbbe20a9b6
SHA256 32b7597e309577efbb58de45f1a1c0cb6cea47a25b7738836830f0ac813f683b
SHA512 594a126fd69e6b0b62eda5a02ea4c20c5a7dc427447a732bde22edcb1f2fe80980007a4b1f91e5cee9b0230e8d9354ecae74975b83c6c5e1b4fd9deb8d47ec6a

C:\Users\Admin\AppData\Local\Temp\ukkU.exe

MD5 b46da850ce0cb3d0af8d78051089e984
SHA1 c2b233b16c998d95ce7cc21a9ec20837174bd32b
SHA256 1d604fb090bab7e2e09c22f40db311c36bd4ec5e08d4963e8ee25e88e99ee1fd
SHA512 154b094df1b3bdf85234907293d5603a277328f72b4fca6a1085bef1fcd6a424cc48608c9a013865ea87723eeb98eb55a62b3bc1a2fb45afa23ee9b6712e0641

C:\Users\Admin\AppData\Local\Temp\AcYq.exe

MD5 87a2f164a886e8498a59aa97fa16bc3b
SHA1 b001e752d9c4395cd9b7ac3bd5a867246593c628
SHA256 11ab2758156932a3038c15b48ca42abf7135c36fb2958f4dcda08ee1bf6a3f6a
SHA512 aca0069067304d558c5a5ee16b088370c7f54f7136348f1e9d586d4b7d3760c2e63bc6db14618d1946601908988f0e169f8a45def817dfba9e008ff13dd331ce

C:\Users\Admin\AppData\Local\Temp\sAQU.exe

MD5 c98e597eab00aa8d956046a092b06c91
SHA1 4f07f6d535b8fa43c6dad925f92ca14e9a618852
SHA256 25b0b75ad0abecba2c5fea8e716e9504b2d6e368a482432aa46a36d023faf0f1
SHA512 9795bc46adda74cb9f1aaa1489a323c20756f0823ead6623ec34e375ab0257f4771db56dcbcef6a00b7afa71ec30a8f99f593e00842f09eb85d6cf8ac18a5c59

C:\Users\Admin\AppData\Local\Temp\ROIMwEIE.bat

MD5 31c575338afdab6025592ceee36c2e77
SHA1 9a33b7b08c28d0b0e2a3d10321a574df47caa74b
SHA256 1dd0cdc8ad62e8911682db35edc9ac3b37a07c3fd5655df839ebd4200fbc9d8d
SHA512 03eee463df0f5a014cb79e07f64997c5563e8831a66159b21be1ef9d662b77204512cd5c130ed7e34f422fc71845f32fa520d6bfbf13a024fefdf74477c42839

C:\Users\Admin\AppData\Local\Temp\KEQk.exe

MD5 3f0299c5c8bda5bd658c0687acbac7e4
SHA1 4d2ff31ad7b874269e2378c059e572ccd92bb240
SHA256 9fa716a6b1a1e0576a2c5df27f1a7206acd9059881130653c682648153177b42
SHA512 b3a75d12a49cadedb824f7f126730c27e2935e6a44853250e8952c7b7b02104b4a8d1117dc7c961540b9bab5a2d872459a33ac67232de32942181d1c33c16d25

C:\Users\Admin\AppData\Local\Temp\iwEo.exe

MD5 1a7a882126aee57a27b5d350b0ec1542
SHA1 061c76055b9293e1850e39a871ab5d6a423cecde
SHA256 e487fc6413b2ac7301765605d1385816a3f3e21eb2788bb3d477bc9efdb50cdb
SHA512 62ebf8c7adae14647725e0ca736340a672077dc81082d31dcbad24b382c549c619153ebe5297c201cad7f4555e6a8f1e7a65a5318984882a8f36fa2916006fb4

C:\Users\Admin\AppData\Local\Temp\eQoY.exe

MD5 d75587d368950fce13e1339cabacef7b
SHA1 08a441e04385ba1bf65989d957f9b3dfa1004f0d
SHA256 8d68e1c98b664565baa4af15fbf6c6554a93fefb8378c98ac3b77357edb7774e
SHA512 59f22255f2c7f0624a86b5cafd36c679578d6e0cbd4037dc64156c0d97e2706053ac164eda1a49bf9b83056ee58712a54613ca4dc1c982c2cb979945a2f66dc2

C:\Users\Admin\AppData\Local\Temp\IgYQYcwY.bat

MD5 ea4626ffbd61030baa99b3ffc23d0d9e
SHA1 f987a30472eff80743e884f5338d116bdfd0deed
SHA256 3c90070299aec128e8fee98ae2e2f78572d93d048df385c6be89a74b94f1064f
SHA512 0546be2e135a3cc995d93b173d8ed4aadbc706d45937d2ef22b370745c0cc93f906e5abb9ef4ee3ce35cd9409730bbdd7534569e59f18af1f7f7aeff3c4ea8d2

C:\Users\Admin\AppData\Local\Temp\AwQs.exe

MD5 9f67836f41e4db9839ebf7e178c3b7ae
SHA1 0cbbd8065968adcad808f0cef753dcd76e9aa1d0
SHA256 81223ffc281b678229252b4de296dba058d8bec3d777be5052b7cea8019733df
SHA512 a4f306442707e8d172b01bf2f1fcfbf624a79814aa9b74c70b0a25c33cf372eb49ab3b1dd3b45bf4b6cdb2dd29caed9e9ea76f79e30ac78162c23906959c119d

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe

MD5 7b014010caa9270d5de920be333382b3
SHA1 154fc64b65ad947257c1d2284451b0aa739f9502
SHA256 9ee6dfb40ccfe1ed1e64f50e495bd4509b980a6acb4260a1caa5f01b00076828
SHA512 7a3cf329f3352b7040882259f9c36344eea80d6680673d72f3cbd93dc17a2732c8859890a43df41419281a4209c06395bc4257458638d512e26838001a6aded8

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe

MD5 6333acdfdad08d6fa9a0f6f4e5c09c1f
SHA1 6d44ebf7cfcac5f7a6b1539ec717fe32edaa4640
SHA256 51408f62b29b6ed065ffd98f5ad8f1c8447acf0b8602395f0a9c756c62150f10
SHA512 f9f72362ecaa603de995afd8f590810436f8ec96be1c52ac188c7fe03f0acab0a3a27fc42bf4aadf660ee801b5c63de33e092089f2051148a4d6bd656349c89e

C:\Users\Admin\AppData\Local\Temp\ekwg.exe

MD5 091b985cdabd9960cceea9f212540fea
SHA1 1aa80ab959f34264cf3d7d123b22196b719400cb
SHA256 99043324dd1a7dba97c31868c514b311cdb66cb9775f1f47e0499e39c9182422
SHA512 17dc8dc8cd00c77360515686985aedc0ddf4e890c6a668945c426253a0ab259acaa51ac5d6e941ed4f79ea5b7c2d703dc033d56fe14fff25dd1242e6dbd8f330

C:\Users\Admin\AppData\Local\Temp\uaYgkQIA.bat

MD5 927b0bdb903aa2dcbe88c83af04fc3b6
SHA1 dde8db6512b1c0b21ed230382ea6fc7e028bfaac
SHA256 e22787c31420fcdae056f87625761d6cc0b503deee5269ca2f5e1ad5e01e1f93
SHA512 ae39d4e6c4c0d021d6435a6f5177c023e93ccf169aa1be5e8b54dfa56d72bacfcace6154d5f0efe23d2355a91cd1ef7edaf569831c91b2dc749eefaba38d911c

C:\Users\Admin\AppData\Local\Temp\QkUe.exe

MD5 8af1fa766c505b693eb4e4012c828edf
SHA1 a3e7e686379757af543134cbee06e76642bf2fb5
SHA256 2a44a05d54eb506ef2e35bb3551c7d13731cc4827e373b740f356a1c6bee767f
SHA512 eded368f275d1e763528ad2825e30f072fd940f81dafacc1b8f71056005e91b8bbb4b1677db285178e9f171a0d6fb4e72197a5f2ce8ef7723e9dd31fedc3fb21

C:\Users\Admin\AppData\Local\Temp\koYk.exe

MD5 3353e6253de193d5f7e33e1286e91b3f
SHA1 d0274993bb278d9945b99c0016d9b4fb81df5fb5
SHA256 a4e9ef694abde289ba1ecc5124de81b0301fcda55fa80044eeb93591f19711db
SHA512 2f50694b522834a8cf37bb360986b264a729c0308f539c6701530871b164238243be53a4eee8326d8f0a7ef2f84dd263da734602dc48b3ca446efe29fa9f6971

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe

MD5 742e8a1dc4fb49e7cb0063671fd23318
SHA1 1923d197bc01bfb98f4e370139b4f7f534ebdf31
SHA256 24e2c2855296c36f0cf5c535798960c9834f532927d75346632a3a0ebb05f489
SHA512 d0e5c0ddb0714757478b0c1266387eedd9c0ed2f58fa1b83c8a416fd30879d0d3521430d915b4b359680abf8af3e2ab0ac13cd65070be4a0f32e8a44f6292705

C:\Users\Admin\AppData\Local\Temp\OQAe.exe

MD5 1c661d49672e93fa0b5eefbc31b87ff3
SHA1 d97fb82f1bbdfc367e2489d56552d32f5451b1ae
SHA256 566030846f1b2e860c8278f8a3276138736dfd80b55d3e096402dc39684937f5
SHA512 491592d342da3e959a76a9842d8d5622357d016d23a8db450435e7b4555feacef5533013af9ea171f10fe6daee6911878a685ed2cb536d499ae19af89dc2d539

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe

MD5 b07f60c34ae7c83714fecbcf6d96d25b
SHA1 329754776e123251050e04ce9affdc936533ff8a
SHA256 27b44af7bbf8e6a92e0060e2c3f34fa10754afb090d473c5f7df2e3e1b2ef52d
SHA512 9b82084ef19b3f792849a7b7f1e80d1c4aa78b70a82a692b30a7e2c5a5cd2b49a740fb5feb4d2ddbed259b11a6475c2f14a3438356b7a3de97cd09d1c8950b71

C:\Users\Admin\AppData\Local\Temp\MOcooQYU.bat

MD5 6eb3bd280d5b33567da3cc8e1eb92990
SHA1 f86fea8a855f15bb182b0bed895504c108dfc502
SHA256 c0303ff92d58fd33ee112a704b2040083dbc57e155ab142a03ceef9d871c5983
SHA512 c9d6988365a14ce83dff03b791b52e736dd30caad0a10c37ce2918b47a404da0e7309e79a2d6dd4f69e052934eb59c368c7e9160f4b991a61c9082596ce66fb8

C:\Users\Admin\AppData\Local\Temp\eYkY.exe

MD5 c8ed017474770d59ec9337bf32b7d540
SHA1 4066c598ff402b62d93a40b27d26849e2841763b
SHA256 41ed052bd22505847c005ce55772ed6844e98b8e13e4e30f89f8af06c18201a1
SHA512 c34b9ccf500617b9035d87f9beb492f6c79bb9cbc39196d229808951b7fdeb66d61c37c8395535543570f92dd090ba031db6a28507982e5758c544f6183fc13b

C:\Users\Admin\AppData\Local\Temp\cwoc.exe

MD5 fdd7c402fb32f0d5e0439d2de7e6b837
SHA1 a97a520c93a6e5cc74d9c16f7445d7d51a42e8bf
SHA256 8e9c0cf8a1d24470cb0d5b081dde2febcff29a2dcb47c5682e0981cf7fbd5286
SHA512 cc83258ce60f0cefb6f0cec572477ed1a1fb0aaff22b21548787ee19a8a57927d35e496eafa931799707b33edd69c84d2b339680a12d7b31a01dc52cf1f4b261

C:\Users\Admin\AppData\Local\Temp\kkki.exe

MD5 68be3185620dae717becbbe8da19d923
SHA1 5a1efd0a13c118b064ffbfdc3331049e9bc2c6ba
SHA256 78331244d2f2c49ea2c8edacf891ac1a460a2e26d84d0cfd0c35f4159919cdbc
SHA512 59ba383ca4229c0dfffd24113a17415084e8265666ac82a52b6069f69d5eeada6b7949977fe0b8a1867ce9ad1dcfb64643305a7266c7ce8e0bf7ea285b7dfed2

C:\Users\Admin\AppData\Local\Temp\dsQsMEYs.bat

MD5 dcd1c41de5cf2f3f3e481692db0be2f4
SHA1 120abd752159d26d2be2322a3aa149d40a9a5920
SHA256 52e31a1137acd22cf56b3861e9976911cad1edea6a4b20a85b9cd6a72e9f1e26
SHA512 3e4c3ccfe5249310bf98e2219ae6b7794d123bae73d0db750f926f1c841aa68fa5bb18380a01a453a1ee3e192ffdff9b9c6463087137c77507c822e8fc077b36

C:\Users\Admin\AppData\Local\Temp\XMUwkQQc.bat

MD5 f2674f3ed27e2268520c36c261b9dca5
SHA1 709a01a3c823a66bc4e7f5c9ad075009ce27e82d
SHA256 88c6e6dec70acdd00197accf45b3981b2828a8e0a276047d060df5b0627195e4
SHA512 cd40f24df7126a630402a22c0c9441d0d28efb4c51e16da540cee564df3f28f2ab5381f623cbd633975b0a1ad081b044cd7176c877dfe8bb0cbb5acb233fcf25

C:\Users\Admin\AppData\Local\Temp\KMUO.exe

MD5 84c89f257e9096b85fd569f8871af4fc
SHA1 168673b28cd91b81b14e0f840e5a7ab5173b5308
SHA256 a6a533248fb597ff3b09ca2c2af59fc9647029627298d50ee5218fcf559a2e25
SHA512 27227c06e9bf1c40a1b4e8787e53fea5e0e5ef12a2cf9da77dcf2c4b3ab85093e155cd3c040b40a4a11bee7238b46381d133da670bcd504011a79e70e3bb70f2

C:\Users\Admin\AppData\Local\Temp\tsEwkIcw.bat

MD5 e22bf10cfd09762729443eeb90f3dc5a
SHA1 ff8083bf0bdd3280d6709e17e9a256248847d6e1
SHA256 facb51e73ff58143ee4d105096c47db1e9e74c193b7c76fb65d7be299568ddd2
SHA512 522462b6aab651d0f684da56ec151bb7f6b1ae7a5b78dfbd53a0d32957e39b7e52c21eee606c30992e5a764ce5a19f0fd0843b2b16426fb0ce5df31d258a00e7

C:\Users\Admin\AppData\Local\Temp\sYMO.exe

MD5 009ad4663bbab7259465618759888b74
SHA1 b210c94695f6714d7e4ee0f6efdd2f6e5e2f356b
SHA256 f62c4b1900bbfe48ef5e5f272b82c50cf76a353270d41993d5a0d4b1b75c5f24
SHA512 066c0c7b5f621e623d054e1771b99dfaeac1d6f746f0fedf11d31ac7460fac10e96135a1fe51e8d19cd59750a85e61177f87e7ccaec8ebf707781eebe8e6a749

C:\Users\Admin\AppData\Local\Temp\Cgwq.exe

MD5 296651813aa206636a09e518a2f9cb94
SHA1 dc1fb71b23358ad1d23f36c8cf253157ca90813c
SHA256 ccf0fee27224cc3d8b7816b06746b9e9efe33c67e51d445bf04057b2eea2ca9e
SHA512 ee96769116291dbfe6d7ed56b76555e48a7a38df424c6ab139222cac6f8437073dcfe9cdfe72e63d4c9e31516b5fdbf20ff23d47f0bc0f344fd758dc4891d3a2

C:\Users\Admin\AppData\Local\Temp\aggc.exe

MD5 746f9d978cba6f8ac291b93506455e20
SHA1 3d38c35e3341174f49ab52151c76953b22caa827
SHA256 fd0a3a3809d9d9a41efef1819977eb588ff17f29a8baeacec9972e4dd210468c
SHA512 19db38d0049f76fd8987f0ef177418e3445ec823e4e66f6851a5431f29fab9d710d6ddddef0c8bc39a33e8392c18e49da7631edcbc6351235541b5fb135c6eb3

C:\Users\Admin\AppData\Local\Temp\YAAC.exe

MD5 7ff78edae9f1decf0ff63040125e1d25
SHA1 a639ff7a274c3509c3d4e8bdf1d16fae7cc76e4b
SHA256 d1f7b6d63d67b7f715ad1c033d148d85ae39ccc5234090c4f2d45b7cf21b09de
SHA512 9a56898711e87342c559452909bfcfdb8c65d2662d1bfd19d959f2aa66e1635bc23effeb8c69c7bf4f00a0b138151bda6c08ed4ddfeded12d9533c65b0e67d7e

C:\Users\Admin\AppData\Local\Temp\QQYa.exe

MD5 b968c9512d39ea4f4c8972b60702fb4e
SHA1 c4d0e643d58efe9face5d6459ce4f76bd66609bd
SHA256 c408a1ac9a0701f184d6d9c1e52653b4a9e05a7d0a773020df12097d22c46956
SHA512 47dc3184ccf14b47a1464a14e27079c4166225e6ab940b1268c393aa68aaddfa2246e9db806047cc84baddae4ad8272d58c035b3c284ba533f80cc11868f20b5

C:\Users\Admin\AppData\Local\Temp\eQEq.exe

MD5 94c7c6cd1fab5a7a5a6e8335edd53114
SHA1 596d0352fece8ccb6c4198233e75ceb8a7e9ea8e
SHA256 ba42c26e7412e605e534d1dd90f1bb860144c70aae451126157c0e52a878a066
SHA512 9da5a0c9b3102f9f66c58fb72817baf8451938d009837fd5fd5daf7cdb244164ac400d7e77263fe6807303e5dc9367defe92fad0e97321003d5af432ddea7bc8

C:\Users\Admin\AppData\Local\Temp\WIkS.exe

MD5 6a5681e4dba7458b4f68e6f2178dca3a
SHA1 e29fc68d4cbd578e369da185d4d3278e47f501a1
SHA256 6f9cbecb94ef913c0a8ccafbc20a15d4e29b62132d581b3a55fc37967f2d8519
SHA512 916f262dfb69c84186b88a763da3561246db9375a606144c65be2605e07c297fe22f3aea3d17327ffced0b7f7d1bf8210986d22f45795f95b23f1495a0c4b500

C:\Users\Admin\AppData\Local\Temp\UIQk.exe

MD5 b8c46801dca3fc4bfa58f9dffe40f711
SHA1 68b42f6bf3c60f12e3de7c72b1748df3b58015d6
SHA256 7bfc5dd35bcd872effa104fa6c82b4679b852ff6cb46ea49a49cfbd04c5260b0
SHA512 a24fb18dd02e7ab95c296bf0f3f1dcf1eb4a73f3f0ab1177b5460244255e4b5435912809be6dba74edaa1794e998fc8637e796afd0a68cf3afa3664b9a0046b7

C:\Users\Admin\AppData\Local\Temp\SYkc.exe

MD5 46aef26a65b4e4669b3ea77d69a544a2
SHA1 090b4e79471bbf4d51ea0b6bc611b3209b1e54f5
SHA256 b3dace2573fcac97d6699e4acc1b52208fde4c71573b971571f1e7a98eef9db3
SHA512 3ebed3c3a3e3d5e26eba687ea187414aef4a49b73f3f66338bbe28670cb8e61ba37090a4458caf27ed50b787309fc66b549f26e5a208700a5fb0328e97898a1b

C:\Users\Admin\AppData\Local\Temp\gwQs.exe

MD5 55413946d799e7d0cf22e9aee7f8225f
SHA1 a5cc974040d25d9507fc6daf7fd2332d80d9bbf8
SHA256 bba433f530bf650ae748f0f4b9010de862ec2fbaf2f0692f07137279505f71c1
SHA512 5ec8e351b2070672bc800d9ab73615d502675b45fdb3c1e3de8260cf407ce06b36002cb849b4877569599867423b07013ec92e49ac3108a0a0e7b886a37eb367

C:\Users\Admin\AppData\Local\Temp\ViUUcwsM.bat

MD5 ed03b7f861106075a3035d620b69eb9f
SHA1 ca3b47f86925b277dfabdc18c8502e2f2893a142
SHA256 f109177524d8fd1ee5d3efac2a306d998a2c198dd3d68a22df005e83e14f6624
SHA512 1b56b4db2669899a0aaa8f19b73bafa99a2c01f69002cc10cfe264d6261c2e16e4d60d42fbd27322557123e589b8df4beebfb2116973582864ea818b097c139e

C:\Users\Admin\AppData\Local\Temp\eQkcUQIA.bat

MD5 0cb8fe10f79222d13a7a57c56ed432ca
SHA1 834c5c5e3fff0ee9841673abf07bd211a7a64d0b
SHA256 95c9ee7c8561e91c7900231b4b7ad823a953703978208488b906b6c5206d950f
SHA512 93b3707accee8bc4312db467f6e90d4011f55619a3f3dafcde11991bce7c226427a00e64024b4c23e65cde7459c810cec2619f142d919fa93872e3efd0cfc394

C:\Users\Admin\AppData\Local\Temp\iCYYkIAk.bat

MD5 e0cbef22d5cd63155d5802f470261169
SHA1 a1a19a193898a405d1af9042c7be14335099c1fa
SHA256 bd0538a3c418b855005d30f0a12f661504ef58916b4a841cba567865e866ae4c
SHA512 0a32286eb57dc5e03f3216bee7fa421e10e018d492b413576406b75f22b6ce5c60f68b82c42241804a5d6dad7c4e5b3eb07e452f2018f7fd61dc18938d4a438a

C:\Users\Admin\AppData\Local\Temp\kugowwkw.bat

MD5 dbc0c47d3fcc72a428c86fbda1466a55
SHA1 c86e2ee94cca04c1d045c6661e04dec971e0755f
SHA256 65df7ec53f1c99eceb15829c9f594339c43e175a1a73752b357ab20b1a0f8369
SHA512 705e5a4ac04b7b92217094315e0ed427e2b713447c52e4505aaf513818cd0f25ea14c164b7ad766a770178fd90b84152a5bb1edb5a3dec2ac621b929e1e92912

C:\Users\Admin\AppData\Local\Temp\bSsAMsso.bat

MD5 44f81f233bb56b2242be05fa11f92436
SHA1 e7be5a0f4a330eef719fc6b17ddf35f36047b526
SHA256 2664f62390886047e8ec7ad6d29c27f8b4f60e859ea251aefe5187a5d42e1f06
SHA512 15676b825cb542a67c93240543a39bbf0e95ae590a0422cada4f3c001919c78cddd14c8bda6569da1b53b39ad1b30bf8c6efd6152bbc5b49cbca204e29d41dc1

memory/1996-4378-0x00000000771F0000-0x000000007730F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jeogcwsk.bat

MD5 f47a58886feadf08cb5cc2118a7cf881
SHA1 80f1230adc091f777e86dd57317dc6543d2292f7
SHA256 74e03a7a26353066a927bfd62db182cc1c8a51eee01bb9e3be47592108b441f2
SHA512 3149947b25cecee1b3e60c7c2b20e7ae7fa148075309b52932c475e504c44791776abf351474230c5f2402cc6a321427fae04ce684ea0c21263e22f0f6100d63

C:\Users\Admin\AppData\Local\Temp\bsAcIwwE.bat

MD5 9e702c579ba3565ce3ac5fec6a37dae9
SHA1 2893073728fbeaa1d7d052a65e30f2d0d0104f92
SHA256 c2e80ba939b91996b3303d16493cad71637cfbeb26a00079d02ceb13472d0fdf
SHA512 24e6bd13656e5bc5cd3b10becc75c3c27d5ede3f3f8a2be53aa2d4a008171cec974f9f1c76ba76df13e162f8226aa39593e3fe9bd56de7c97cb5218a9a439da2

C:\Users\Admin\AppData\Local\Temp\jcYMEwcU.bat

MD5 a742974889ce6eaf92aaea4d6f7b2637
SHA1 9be4e3f797fdb6f808d39c1ef3c62386152317bb
SHA256 a2db63c00cefd4d18d8d004e360645e2a01bcaa13ebdad3bd93451ea92f50265
SHA512 7b89536ac9e4ffe029e33b64c56d2fa1fc82436102ebc7ee642a52e3f6a36becfdd2976b98704d4c17805ca4862d076cc21c82c211a661b948b1bd46f9200f39

C:\Users\Admin\AppData\Local\Temp\coYQMcog.bat

MD5 2196179301f915f1046b357de427368a
SHA1 f0aa80d468954d4ce487303b2416feceef414204
SHA256 182c109f9cbdeebeedd6fb026d2d78646292aa6b3eb253dd0e74677d98f3ce01
SHA512 dea3d708be54a52346efec718a4df925ba1c74c7f2047aa189c5214a78a7cf0177a222bb1eeb3ccb5b0289d3699be62f4035ae300c8ff01e793b7a9dc799eb1d

C:\Users\Admin\AppData\Local\Temp\UiYMIMIw.bat

MD5 f1e45cf98f886f80b51cc5ed1ea7ee12
SHA1 283de2a965f80ff45f50dba86b9bad4647a07c8f
SHA256 52e55ac54d96513d12780eed30f546d2b506c020d081ee5ebfec0cdfd469b456
SHA512 32efb0f957f0eef35277b54f220fa17dadbfbc18fc486f580cb82698ce92d6fce518f415e2becc0f284b6f34d56597549c62b1c060ebafcc4d6a9a7db6e91b60

C:\Users\Admin\AppData\Local\Temp\sCwUAcAQ.bat

MD5 f7567b096dcbe1ee30911432c0d0a467
SHA1 db39d453a0d169e7c82f852c0eaa08e9bfa4debb
SHA256 ebb141a1be380df8a6337feb20e9221c005ec0f6839f54137bb0b10c70c8bed8
SHA512 fc257c7241cc2a6c29ba9ffe02103733207f199978e4ee7797af5eec2dcaff66b2564301fc0152562babc90e3c9bf87ccf06efad1c092d08a4f88a8e93ddb345

C:\Users\Admin\AppData\Local\Temp\cCUcwEAk.bat

MD5 58bb93e22f1a3d9d294b0dfc21b4d0ae
SHA1 a49e0ec6dc61536e413b043d548b1a3c0c3830a0
SHA256 38d77cff54227af20e4b5a6ddb39f646aff7d9ad0c248c9c20eb1673b364f3b1
SHA512 7100ee28685453ebf4a9d88f37314175d21b2983d8467cbf17cdf9990546e04c0f34391b94182774b214e9c54d9d17d80f6a538214c2fffaf1f5bb7d0c21d040

C:\Users\Admin\AppData\Local\Temp\OWcIsEwI.bat

MD5 0abe3287f90e69429af350ab7fce8133
SHA1 201b98c8da768cf5db723ea3f5a354959cc5e4f7
SHA256 2279df70e3e45b20cae17afd210fe0d1f159458422ecd19b1a37b92417cd6091
SHA512 0ca523ce58810ed9bd86fdeaf1a8d8dd557e15c456be56cae00e29a704177d84171c65bb10c13fec2f46c1033c690c7fbe0678e0afda28d47304b448033860e5

C:\Users\Admin\AppData\Local\Temp\noYgYEIc.bat

MD5 6a03352f464fb2d5cfe4ae25631ecacb
SHA1 ef1ef4c4f757bb78c9d57eef737fcdd268fba558
SHA256 683d3b32746ed961950ce7e34d23e02f2951f65a8465945d8f30c2c78e8e9044
SHA512 6363610ca49fbc8f2512dfbcbd2b74877be7bef44f69409242502ce2f86def6a43613cd2af154e3fcce0ea856a38cdfe148c339ad8b02b2c3ce94a2d09145e16

C:\Users\Admin\AppData\Local\Temp\bUswkQQo.bat

MD5 120139dfeba5524055c1080cfe1563ce
SHA1 b6a9b5d8da354dd9b3179aa66dba0b772779d1db
SHA256 866780642a508aa29a385646b0f69e9a36d807766176225f22b8178b96b885d3
SHA512 1ff9e7377170778d6fbee623d5014082738d5680f89372528ad68d5db8ba5c59a4120a6df3ebdb8e3adfe97bb6e41aa9b71c2b5767985977d0e029afeec27040

C:\Users\Admin\AppData\Local\Temp\LeowIwMo.bat

MD5 551b3d800d0928331edac9626d971cec
SHA1 2d92ef7d50076fb12a0b2cad739d9630c6ed30a6
SHA256 72f5f64d0a825e47f992671abd1d76d3966807d3ed35c31647c1c2d204d58cbf
SHA512 fa7703519a22de56ca2e862abdba61f5530a1209904f682d834df807db836a0e7031f6a122c72f194a8c707e6f188e85340c1ea93510207bb6333d2deca2d5ba

C:\Users\Admin\AppData\Local\Temp\HKgsgYMQ.bat

MD5 84b756b84f31dcefbda332ede2abd208
SHA1 f45aba0b5a13e6021a6b4f26ea851a086afbba8b
SHA256 27237d81044ad56487931a4b786b5be536b4c45375bc0fdee517015ce364d637
SHA512 7e1f2fe9c32b4c57f05ec12f4e61ee673ddc07bc20a560f6373f9887f3b5ced7fe68555d39ccc36fc1e69894ce81fdc6862bd7b5520de8bf951e654c10a84426

C:\Users\Admin\AppData\Local\Temp\CkIcMEYY.bat

MD5 75ef858af32eb95bf4e20269de87d808
SHA1 3d8d8d0445f0e537b53efdcae284776c2567a56a
SHA256 176c689bde825d1ed258dffea81ff80f85211036a70b8718f4407c99e51f4635
SHA512 ffe0c70762fa39ace4fc426bc85d93714b6daaec899165ddf33c53fed989151a120974f429861fcd9e52965fba17dda4f7676b48965029e8276890be7a572a40

C:\Users\Admin\AppData\Local\Temp\CowwEwoI.bat

MD5 176ce2b35ca59f645989bf1c22ebe0f3
SHA1 c53f98771ac030f7a5fcd8112571a83511e5026e
SHA256 cd458e95338a8b804008d97d74273c6836c489124e55a2ae7659263a1575b11b
SHA512 0d3f91843d8b3341b1f117c7d9e744bbc33a437db5a6739c52140d3f25a3257f21f4506528b62e1d299fa9ff1270f414d985a9664d0aeb0ad1efbc8a9586d31b

C:\Users\Admin\AppData\Local\Temp\uucYcMUw.bat

MD5 a05e391840b46106ffec0263eaac1890
SHA1 98a289497a810b23adfed637710f49fb6a4efba4
SHA256 945134a0a94431bf92d76ced5588765f80649c446b5e5a32f660bd7a5ce2ca36
SHA512 e8cdc820e48d648318cdb84875a6076037f6b9df787b384104a9d1c0f91dc99955186404ed08d14f9e164725ed9ae2bc0990e924d2b5d7bfed9563d3542ae478

C:\Users\Admin\AppData\Local\Temp\OgkMQogs.bat

MD5 9fa433ead31ac1df78cea5b208c9e2f3
SHA1 243ab511d8c92ec719aebb284eb045023fcf0e3b
SHA256 55dd17d8f6fef871f38e8e40ab92a90aaa9c585fd2c06290dc9bb1239de83ab4
SHA512 22ecec743038fc4a93b893a09c0d03dd21ac02882b6b7dfaed9a0b3a362f3e4148e2cd1e780d08df62bc49dd827b2a9c822339a5a1429764fc319f3ee0f5792c

C:\Users\Admin\AppData\Local\Temp\qSwQkEsw.bat

MD5 1539712b383de6add369e57b71355a5a
SHA1 c8199177c397192f62b9c02472fe23c26844d2e4
SHA256 e8c73066f7df11e5f380a14c225765b06a0496cbe1a8c348e2f060f8f634e2dc
SHA512 3ca4d3bced21bb2d89c85f533d381ceab60dbac843472103e2afc78803b36bef47f2400eaf9513ed0ad3847fc4467375b1c635c9047645810f64f5afcafddd3a

C:\Users\Admin\AppData\Local\Temp\vWMsUgsI.bat

MD5 df470fbf392ccc60e33729e96754ed61
SHA1 1a3a83d9e9c0c98ab1a395d876ef9c6ed0514b2d
SHA256 df645a3399690b3f4ae6e9e26004bd9cb47ac8a35faa3eff444129ec9a7e368f
SHA512 03da2c936a405994f29016d978aa1a5a7d379a6f285d3b27d4ccbfc61b89cbe934e0db2045be4d8dcb91ab595181380b4952837ad6554fb91fc989131afc0ceb

C:\Users\Admin\AppData\Local\Temp\fOYEossE.bat

MD5 65aecfbbc6f817e7c926845dc090c1d8
SHA1 90a69023a7e38cf499c29dc7680e8a4c3b95c2a7
SHA256 0b6044bf39137ed12e833e5bc492220a48b35d09f21afd72279958ffa4cea717
SHA512 27c1f4d17dc41a5c6971c93d657e179185125a9e86cfcbe205497ffe9aaa9cd2b064d1cee55784fec788e1dbcf823ab0fb5d02729a74aa0871f260de50498c3a

C:\Users\Admin\AppData\Local\Temp\JOkIgogM.bat

MD5 0d450c9d93f077c05569fae1f3f4b97a
SHA1 f367712dab05c889d91aa997e07306ddef80830f
SHA256 89e934c24b0d9c6b374b977742d105b2efb1a720bc7a5dfb201407a93535e8d7
SHA512 e4ed510f1d5e49d54235169e2d9311e33127a7b3f6a9eec6bba48d4eb1c13150a34c4730f702cc2debb8331df5bb09e9339911562e6b93e26cd63c9b29542581

C:\Users\Admin\AppData\Local\Temp\LEMMwwgs.bat

MD5 9e9131ae724db93eb26317637f00172b
SHA1 c04d71dbd04159fa21ad8dca801f81fd5905e7a8
SHA256 724f10acdf6866bac847d6660eeaa098b737805ddc6e983690d7c5b95c961437
SHA512 2d9a0723ccc29373d7da1d6aad767349ed90c77ca83f96bc0b8a1a5bea46fac673f01158f304ea50bd9c14713ff79a63c914b35511f5f6e9699046789fd98af7

C:\Users\Admin\AppData\Local\Temp\sOQkgYUo.bat

MD5 5d3be08ff7e40a77457516c11028fa22
SHA1 7860cd71fdcbc7e4bff542dd0c31d0da13f27382
SHA256 168072d7a8197ec2bac117af33b8c2ac5cfd7150da94ea69e61743833d5c10ac
SHA512 547b7d849332bc3c51d00aecdad3e02255553f5a38ab329b0f7ca99c8d527dd3904682024879c6852b507f2b6a687f2f980a164db48a717144bfee2596d7992a

C:\Users\Admin\AppData\Local\Temp\ekoQwYIY.bat

MD5 5ab09caa0b8b7e40c7a9e58204ee8f6e
SHA1 a844e6e43fb7e8adc9b3b0fed34bc22a8e3a6d9b
SHA256 f144c0b23ef231f5750e1060d8339c441ed75d0bb8225175eb7c861db923b2dd
SHA512 7a60b2f6cee2a062612f7adf8189659af601f3fdb0beb576aefb08f073cc0e2d29cb9b9dfd94dd5c4a98ac6e8eee80f94455310ced71a75ec8bc701b18ca2207

C:\Users\Admin\AppData\Local\Temp\qMowQIAo.bat

MD5 9fe5d3bcc29e24262336b1521e2e2b41
SHA1 95b51dfce0ae7ed378f106caf6f52c8c20a182a5
SHA256 b5cd38eb4d1d20f741d3d5d1e0e69777ee97ffac81c32a9f4b4e248e56bf05f3
SHA512 1fc3a1a4ba62971b0f9d9c14814e31642eb089ebbf3d56e76635e478226a4871b35585189d2558a2ecc194744fe5f136ecd2d2270a636f2ea4c3988f49f6e109

C:\Users\Admin\AppData\Local\Temp\WQsMYkoE.bat

MD5 0f0b3c8aca20b5ebb68eca88a6f8a8bb
SHA1 07fd29c78453498cf290efc4f8c57acc8dad4adc
SHA256 2a58959e5265ecf03fff1a4f2fde603188dd63fc658f3881950a446a7b737fc3
SHA512 e8d501fc3952cd41c653b255d4173cdbe4ab1908cc6e78c1d9f69eab1ed1e85abeb184469fa1535b3c43e4227e8cb9bc1e850f17c2f997c94d089cde0e36308e

C:\Users\Admin\AppData\Local\Temp\LsEoIogA.bat

MD5 f715e13db66601cbfc012cb22cf31760
SHA1 9ca5f2ee4f0a31b195a295fd2eeb0ba72d79258a
SHA256 c48d01ec3aa4999f8eee98d566d3a413525dab131279f0d372d56a01d9d478a6
SHA512 6a2653c59227723f2ea279e384164f4190794e4f9e9d78f0387c4994cae3f1b101a50b1c7130c9eef1a5027073a847560c23d2dbb6b6a2711f74ee90131f58e7

C:\Users\Admin\AppData\Local\Temp\jUEgssgQ.bat

MD5 5ced9e293c7ac12c2b901e640ebc3daa
SHA1 be0f0b93871708ee5fa13d1a7ab8892bb5d84c6f
SHA256 709e26c69a8a427f93fc013b84f4f456ce0f07353dc2a284a5294714139b2923
SHA512 7af2d939e768b31219050445685ddac5f298ee060d55f56c51e51a96c30f48e214c40b78c13d58085dcb9d332c30acecd83ae12ec811168c99a07a0b3acb5a66

C:\Users\Admin\AppData\Local\Temp\XEswEkss.bat

MD5 24c25299a8fe2788ead18732b71be7c5
SHA1 74ec900461888eefcc0a5b107a20a18866e8c247
SHA256 c188e6a7efaf2951cdf2e2eaf2525e2d13219fbe5afb5d7ede79d4a19c587664
SHA512 95dbb6d8980eac60918a77d2c1e3f6f4a6a593a27bf2ee5f1e4579bd7f4a1659600a987b5ce8fc607701658558d8d09668e6dce03bcf164e73edf065ab545369

C:\Users\Admin\AppData\Local\Temp\SGkAcgUM.bat

MD5 314bcc0712400a19b96811b3644166f7
SHA1 3c45d5e1ad19ce589d52841933552a3c4518998d
SHA256 a110493aecc39c58e3482d7c5e7d0e277131415aff33d15d87be74fcd37cdc9d
SHA512 7cf4ef4cf5cdf474fc73be9f28eb0a4b1d99cd7f227d9493f4cf586162df296814a331b77ed5987f2ffb9ab0f04b3a43d34101cd5da0ae61386c89bebc71b65d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:20

Reported

2024-10-16 08:23

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (81) files with added filename extension

ransomware

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\ProgramData\IqkUcgsA\eUsggAwo.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DgYQsoQo.exe = "C:\\Users\\Admin\\HYcAQAYU\\DgYQsoQo.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eUsggAwo.exe = "C:\\ProgramData\\IqkUcgsA\\eUsggAwo.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eUsggAwo.exe = "C:\\ProgramData\\IqkUcgsA\\eUsggAwo.exe" C:\ProgramData\IqkUcgsA\eUsggAwo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DgYQsoQo.exe = "C:\\Users\\Admin\\HYcAQAYU\\DgYQsoQo.exe" C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EqIcsAoM.exe = "C:\\Users\\Admin\\sGkYkgcw\\EqIcsAoM.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lawQAkkM.exe = "C:\\ProgramData\\XOYIggoU\\lawQAkkM.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\IqkUcgsA\eUsggAwo.exe N/A
File opened for modification C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\IqkUcgsA\eUsggAwo.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A
N/A N/A C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1896 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe
PID 1896 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe
PID 1896 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe
PID 1896 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\IqkUcgsA\eUsggAwo.exe
PID 1896 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\IqkUcgsA\eUsggAwo.exe
PID 1896 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\ProgramData\IqkUcgsA\eUsggAwo.exe
PID 1896 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1896 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4144 wrote to memory of 4372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 4144 wrote to memory of 4372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 4144 wrote to memory of 4372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1076 wrote to memory of 4296 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1076 wrote to memory of 4296 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1076 wrote to memory of 4296 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4372 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4372 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4372 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4372 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2312 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2312 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 2312 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
PID 1884 wrote to memory of 4640 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1884 wrote to memory of 4640 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1884 wrote to memory of 4640 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1368 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1368 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1368 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1368 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 1368 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1368 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 1368 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4964 wrote to memory of 1376 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"

C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe

"C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe"

C:\ProgramData\IqkUcgsA\eUsggAwo.exe

"C:\ProgramData\IqkUcgsA\eUsggAwo.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wgsEMIUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQwMUIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vCUwEoUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYAoEEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAwkIwUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SiYoAsIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OasgEMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UKkMcsEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEAwUYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZKEcUEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmUYMQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUMcQUEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQQUkYco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqwAMQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWUgooUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAAckssM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FIIkYYkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyUQQQYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AiIkwkQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SWAEAsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\seYQogMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgAgwYIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEIEEIsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rUUYQAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hGYEUoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WsAQMIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IsYsEwUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmokgoYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hOYIAoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmYYsoMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\buooEgcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIgEAUMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EyEYQcYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QMIIEsAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIUcsAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RyUYEQos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fWcEoUEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mekwswcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\swIYooog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOocgogI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XessQYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luIYQkoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FmkIIkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fCQgQwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uIMwcwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe

"C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe"

C:\ProgramData\XOYIggoU\lawQAkkM.exe

"C:\ProgramData\XOYIggoU\lawQAkkM.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4028 -ip 4028

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4540 -ip 4540

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YeYAUoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 224

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqYcssUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEwMcEII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMsMosMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyssYYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEEMEAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KgcgUUEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAsQoMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wggAEogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\saYUAoow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYEYwwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKowgYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zmMgwoMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSQwsIkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mqoAgYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkQMQMEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmQMooko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VEccokgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGIsYYoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LwcwUEAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAgYUsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AUkIYsYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eWcggswc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmAAUwoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reQUYwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSEAoQwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dOkMoUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mOMcMIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SYYcokkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KwcsMkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAIEEMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZIYAEsYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOskIoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWQsQEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LOAsMwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kqIIkksI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gMUIssEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EQMsgEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RQMwgwEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSIcwscA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\niUgwIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIcYMEMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MykkYAwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCUMAsIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mukIcckM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCkYYMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYQMwIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zIoMIcYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\esQAoEcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uyQwEoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOwEEIkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsMcQIYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\puwgooYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PasEgkcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAcAYAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEcMwQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OWAsgkss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ieggcoAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hesMgEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hugoAgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DokocAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkQIgckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUMsAIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cugkAQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmMgMkUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwQkgoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsQwQggc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dCgwgQIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GeQcsMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIwQEEAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EAwkIAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiEAQwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyAEAIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pkUYosck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vMEocoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cMQEQwEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oQgsoYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eCYAMIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KKgsgcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYogcsEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VIMgIoAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jaQUQMYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAAAcIMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YisoAkgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iqwkgwAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QkEIwwIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:80 google.com tcp
BO 200.87.164.69:9999 tcp
GB 172.217.169.14:80 google.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1896-0-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe

MD5 fb1d384c5c1c524ae6b71c529d77ecec
SHA1 9dc0b988672236204df2d91222a4275c32c2fe97
SHA256 ac0cdf11be70254f2d8349f6c39e66a25d43afa9b96345501de2309c0bba1d65
SHA512 dc94eab12e535fdfb13a72972c602f220bcb63400033c862bdfa5c5913bd73bf71d25a9839bd85f2d3a37de91db71c48203b9d493b44f7127e038439dbfa0c35

memory/1760-15-0x0000000000400000-0x0000000000433000-memory.dmp

C:\ProgramData\IqkUcgsA\eUsggAwo.exe

MD5 ef85057657cbff21d492447ed47c978b
SHA1 6d923ea60641a27b72ff164c24bb73f4459cf9e6
SHA256 8027471858aa85b23c38847bf468cfd7b7d85cb522d58cf741eec0ef28e491e0
SHA512 ec1d83c0a88af4c80bbdba38dce019bdca08f42c1b9d7451da4a6da8a09fb0b7fe39a8c5266e8ae52cdce16a89e5fb8cb367db045d90aa3b2eadae63531ee4a8

memory/972-7-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1896-19-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4372-20-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wgsEMIUc.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

MD5 38523dacb7a20f049d5de61fc1cf87d5
SHA1 310f1c826385f858572a6c747688d897b851024e
SHA256 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191
SHA512 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1

memory/4372-33-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1368-34-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1368-45-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1376-56-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1312-69-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2572-80-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4044-91-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1476-92-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1476-105-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3648-116-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2216-127-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4792-139-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4716-151-0x0000000000400000-0x0000000000433000-memory.dmp

memory/344-159-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2684-163-0x0000000000400000-0x0000000000433000-memory.dmp

memory/344-174-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1436-187-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2764-198-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3068-209-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\HYcAQAYU\DgYQsoQo.inf

MD5 ae6971ec39344afc1bfee7a62ea22a23
SHA1 00309a95aad564ca120b2c10f0517dc7c33b9703
SHA256 ac884ed4a8c2c5b5be170c18f31478563f26ef7ca390ada477e4819751bc8d66
SHA512 02ebed060289d1dad59cf316d3e0736f712f20b17b2165359eb5db91a8da4b48c4b4790934432d38554586f411453a9cffd256a6699b29914ed22e8a45a86e6f

C:\ProgramData\IqkUcgsA\eUsggAwo.inf

MD5 1c8ce23a765f3304c1fec690e80e34f8
SHA1 dea9fdea31ee2f573031d6a6e4ff9b0c30a05e5c
SHA256 e3c7807688f863e47eceafccdb8d20b128c038156fa2586acba5ca19d67fea1d
SHA512 fbe470c00de1a6c335290a89c079c135a8471211a43dff39709d7300bf971764ba7cb8c37410b4720c2fe16f61a7ce59b579642311532077bb323482cfb0b4fe

memory/296-224-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2904-235-0x0000000000400000-0x0000000000433000-memory.dmp

memory/552-246-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4368-256-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3904-265-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4648-273-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3032-281-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2972-291-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2148-300-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4544-299-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4544-308-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4604-318-0x0000000000400000-0x0000000000433000-memory.dmp

memory/644-326-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4368-334-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4776-344-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3884-345-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3884-353-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2508-361-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3096-371-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4036-379-0x0000000000400000-0x0000000000433000-memory.dmp

memory/476-387-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2780-388-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2780-398-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5100-406-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2572-414-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3440-416-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3440-425-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4508-426-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4508-434-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4740-442-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4896-451-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5032-460-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4248-468-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4028-470-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4540-471-0x0000000000400000-0x0000000000430000-memory.dmp

memory/636-472-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3280-482-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4540-483-0x0000000000400000-0x0000000000430000-memory.dmp

memory/4028-484-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4024-492-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4508-500-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2720-508-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2332-509-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2720-519-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2148-527-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1932-535-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4796-544-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4556-553-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4956-554-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4956-562-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4124-570-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2512-580-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4540-588-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4640-596-0x0000000000400000-0x0000000000433000-memory.dmp

memory/484-604-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1992-614-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4896-622-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2488-630-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4596-631-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4596-641-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3128-643-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3128-650-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3648-658-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gAwG.exe

MD5 e9b89abc0913167894f59ee831097746
SHA1 1d6f0a72cb7181cf1acaa45dc0ef3171c511b9be
SHA256 22f636d356409b325182345d02cb1f3813527c500de0037b839559f8c6f5ed97
SHA512 104c3642227bb0c050923880ca9248fb08bf644534918ccad47418778cf8ea051ffea0c4c7fca0c16792c80cdef9c39c4fe028460bc2377cd750fc9e724471aa

memory/760-683-0x0000000000400000-0x0000000000433000-memory.dmp

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 ece062ca34cbeae1ce3b6b19d6822f07
SHA1 c098417aa68eef96e57545c8765715e34a2bc149
SHA256 5b364abbb7dd95494e7d2007d8770fdafcdef2d012675c80cbd298399611ddaf
SHA512 f71bc647ee2c1cc0568b58afd61d3caa4f11d91591379d3ab1e97f5afaaeb4510480f37cb0209f406fb139f30ffb118eca8e4bce1dcb90e8e154fe2ae309ebc7

C:\Users\Admin\AppData\Local\Temp\WEoC.exe

MD5 d9415c355d2c0b5a842f28776ab2a3bf
SHA1 1120cd040d42f16e7ea6d41c53140ef0833e84d5
SHA256 3323a2d7145dc8c6fc6c1d2000a1d4c32292533402f9ff71b6fc1ba90a181ffc
SHA512 2ad04b4b51c1e96bd1faabe012f8dabe62989bede99ef10f226da5e6c390f14701615be8b23b078cd0a396f05bdd65bb0a27ae6681c9b4ffefde5095b37fc5c2

C:\Users\Admin\AppData\Local\Temp\Osoq.exe

MD5 6f53b3c91cd78f39d970b7ef70151ae2
SHA1 6975634c06a1edfd3cb3930ce0101c72fb8d9c71
SHA256 c5ce88930a40f78bc39b6628c9b4af7bad0db3ddc94f79b5c60f56514329840a
SHA512 40a759b2577dea00d5e9deb1ae3566b33884e0d356506c95d353d0a8629e9d8feade8f70d91f1a6e5bc91679a8429cb191013b2c161af716cdc9dadfbce745ab

C:\Users\Admin\AppData\Local\Temp\mIEc.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

memory/3484-719-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cUUA.exe

MD5 0fcc3c764ceb49794edcd3de0f9cec9d
SHA1 238eb57445d666452da350aad3b8792f330fc854
SHA256 afdeb144664d97fbe5ce3af1e9a86f25afcadf8e6bc4e42344238d73f6dffc23
SHA512 164df2731596f3b8f8ddf5273832186ec291f46458b717a9594ab451421894132255eb900e5c68743158efa8c88b60fed92b2f1dcc8db9d9dda40d389cb0e467

C:\Users\Admin\AppData\Local\Temp\QsQw.exe

MD5 c532d5abf2aa2bc733ec95d986fc94c0
SHA1 527d1600db79437e5a84beee335101dbd726fd3c
SHA256 0d135e6f20fde8c44a9201cee917b0f3da892f062a1d8a6927cf0841a4245339
SHA512 f535b026f2a8a2e5c517b0331937cec547f6a6d652b8c1ab0a18fd72c839c3116d835b462ca0ebc263d3c0d9b42282a6c38d64d99575462acc5ea7f6154cb0e3

C:\Users\Admin\AppData\Local\Temp\yEoW.exe

MD5 4e83b501d597b443cc5f2a88d4ef8e03
SHA1 685ab4d73f7366ed17cb08765a2ee949bcb67416
SHA256 fcaa8558f44d19090fe3bd8c913fca249737777f44ef134e7017b67aa45b22f3
SHA512 ce643b54d2d249ee16b5601487ff60ad837936bb598148f9f8f0dcf617aa1f8e7f04f1eb43280adccb2c0cd487c4ac390107cc92cc05dc70a0e66735ab08b137

C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe

MD5 5cdb49cbccd1d3d6f7e0bc6dacdd31ae
SHA1 50a88e36ad205ea1ba1eff97c2dc7fe748942528
SHA256 86c0e6a8ddc79e05395ca2a9b13c16a53cab56c35a2b72829543da145f9e2bca
SHA512 51b39636ea62c7189cc0b059fa127eba68a43508e174c0ee4063779d27dbf9992bb3857904b38d91f0814037d12cee386de2d9665034c43b13d3be2c8ec6b134

C:\Users\Admin\AppData\Local\Temp\gssG.exe

MD5 5a867c60c0a1d0664c2c34010084de2f
SHA1 6f09ffaf29fa6b1337224e4b98dc0ba16f41a1b2
SHA256 e168692baf8e7e1634462ecec9539df6ca48331c7a7af00bc6bc3b0fc222ae2f
SHA512 9a172f834a0400acc68d2a0b239bebe1f5205b9879cbedc88e7556016d564bb88830f09ea59103b4516292646e4cfa1eb704857d4f436998b254b111b1d2765a

memory/344-811-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uYMS.exe

MD5 6a0a3bbc3c699e3af39efb72f578adf5
SHA1 f240aa7540f8885930c7f6ad393e5c1761fa1096
SHA256 fb2e12d5f859489d84cb2e094972f0802076b17c9a062f057ce6f936feb2cd4b
SHA512 f70703ad6c37292bd95f7e2cb111791ba4bfde4b71edcac95d54f0cfa975c6958796e30889adf604143f2479d9e18465809ad3b6d0f1595a969294c24816b2d9

C:\Users\Admin\AppData\Local\Temp\AAkA.exe

MD5 7014537b41ef838df0557bafb304542c
SHA1 4a8fba44da06e9d707ea73cdf9ecc4de4cef003a
SHA256 5044b6cba6f55f62eee9eec84a1f9826c41f0868cb854e40819a31d47c2280a3
SHA512 73e068afaba936179b63e2aca27d34512e88da9b7714b575091f5ad149d9b73c3f6d54dbbcca671aced5ac2aed8fb6e446e3a42052c5b86be9b50217bc852c05

C:\Users\Admin\AppData\Local\Temp\KIoM.exe

MD5 05bb2845c813127ebd6ee689a6412d10
SHA1 a067dcd46d60c9f4512e3e1b794a0d15607feab2
SHA256 69b585ed38db09acbaffadb053397e831a882b962211a1d916f0dd62f3c1955b
SHA512 75f147e97ce9b59a996e05c7215b8c49882f46777e10ca72687231858ef4ae61ee058b0e09632a57a8dc1a1bec4cc76fea4f60079b5b7dab6891ed71b864a6dc

memory/2216-863-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WYcY.exe

MD5 87026311dc1a571a2f6f6260cd3143a3
SHA1 f3188a1b1f32abead396e4157d41d2b9bd1c92aa
SHA256 e5ac5dae856492d285383424914700235719afb851391c81f6283605ca365b67
SHA512 6b770308fc98cabca01f05744b01bb9eda7a7cfd2db704f6378bb7fb1a4c5c97e006a1b72a09895ba072ac3bd70cb386fd9cb673deb1c957f424983ccad02d1c

C:\Users\Admin\AppData\Local\Temp\aMUs.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\eoki.exe

MD5 f73d41ca2042fe261680d5fb284b270f
SHA1 2c08b2cc69d1bed7e7a48d08dc2cf71874ec455a
SHA256 a65bcb33f7cf6737286cc1309242ad8a7944f6077e9f6ffe067bed0de95c50a3
SHA512 954c119eff561a72317633103d82f1ff91fdcaacf6986aa7ec9c8b8d7e9f9825101e865562edc899d8a34e3b0a7055dd3e061f617e74c98634f92396d6c5de3d

C:\Users\Admin\AppData\Local\Temp\kEoo.exe

MD5 87a137f740132486c7b23204ca4b3134
SHA1 b166e495144c1aa5f22ddf3db8f4a37a1eafc2d1
SHA256 f51b8496f99e88296872be8a96e927da31ced7809b8e2ee56980c9cc92bdb254
SHA512 21025062d038876d94cf3f2c8934a8700321ac3671c826cf844af09c9e17def4ba0aed5bb540f4b6a98fc2e0c438aeeb3cb0911036c029def4e7e53761186255

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

MD5 dd606cc903484ae5ecef13c19c2c419c
SHA1 6df619b51c2a64f0d7e172a8f7f47fcd37ad4a41
SHA256 44f1f276322a0e2a1635198f3a19b92bfe17ff3e14aa615e7b5aeaa4e42a8370
SHA512 c2cd68c169d3e7b4b532a7095f52463e2d6ba1bdd05ae692c0297a75d66b6a23e9c045b32de8892729b72663bffd1b0e0ebb71c567921fe2a22d5262e593b5c6

memory/2580-927-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Kkwy.exe

MD5 61520dfe0df495b4fbaa9aeb8ee8e0ed
SHA1 5855239cdf76cbac31e9b921fc332840ef83ff4f
SHA256 b93644ce24ac01f200023aacbb39deae5999a7281168afa82cc94a6ee32f5e23
SHA512 3ec5e5369880f0ca128e51eb739a4f0b78b7d10cf705545d62685749d81feb53d68d6d61bb6f3d9ff3ed8ed96b578c8399a6a1cf5d45fd1b18ded40dc9f24337

memory/1992-942-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CYEW.exe

MD5 28362a73b99c4008b2fbd7539cbcdadd
SHA1 bb617180a0ae7bca61ddad00384adea80bc14660
SHA256 97b43e493e029b45ab56d8973559682f760a03390a4a70997c6b2f59c848dd10
SHA512 19ecb646ce170da94ad8e84d5a5bb927297b8ef31d4aa607c06da5ade2d3f20123f1e3c0fb1786eb82478618cbef95ff2accdd0def10ac6e4ea98d6dd3f6223b

C:\Users\Admin\AppData\Local\Temp\sAsy.exe

MD5 3b920a298a0806fcddc3a6b3e8aee118
SHA1 0894cb674e47e4f701dda9385fe8db30547c0a4e
SHA256 dee31bfd3f59f97c061cb574eb010abb100dfe6fca5fd5fa78bbf1aadef71558
SHA512 2d12572f66cc4cd20adb3aed125b45ee497fc01aa74e15f29a21f8b23b760a894f323707024ce7a1d4cdc40e5effc303a30f867ac35d156502f0b7a3b63e5773

C:\Users\Admin\AppData\Local\Temp\GUIa.exe

MD5 f1ecbdbc6fa1c9511b6f17a3c085372c
SHA1 8a3e70a94a7a91fdcfd1259671b89c18440228d4
SHA256 1b3f6f1df9a7fb690c23afcb34f8b8d3ef4a850536a06d1381dcf80fde068e91
SHA512 e3e75be1306e92ef2f56b4b9143c1d3014aa0f6b10bfffc553d08ba2805774a23e2332e570ebe2e0b0bf2c4c814e28c218744bb13f9213bda1975abb9fd93bcb

memory/2568-1006-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1992-1007-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\aEMw.exe

MD5 d9a796b114b0613f8199b92ac3c9ef0b
SHA1 e42e9f032592038e282ed2a05166ecc1c3d6dc0e
SHA256 b917002f16a5ae88e3f2486b028462319888de05886f892645c53df958f00f9a
SHA512 684b6e447646daabd2b8d2d5cde1af4dbde90d28802df5f580ae4183b85fe224168069fc84116ffe451f2e0ccf1c0ec44647c08866be8e22365f4604bf41db40

memory/2568-1016-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QsQc.exe

MD5 08c488984cc10246e11e6026d8e96497
SHA1 8c6a9df035ba30f61f2ac425a20875bff45ce81b
SHA256 992b2b9de5cc5f374b5f2a7d377f2cb3e75546db093ddf212c2efff91bc3349b
SHA512 e6a0c3457baa3022746249034ccd76a42ea72e5ed134c66fd8f6e7c3acdea8ded50dcb583ae89dc144510c6f70f5164cb5b927f49eb7b868b9d76b63719a429e

C:\Users\Admin\AppData\Local\Temp\OkYw.exe

MD5 4a45741b63bdbecd84208afed6da713b
SHA1 ced151a3ae105b3fa2df75f10932cefd2b448fee
SHA256 dc7ea6bc1c0ab83cbaf0c326d31fe2fa239300a2f240061a9f7c0bbc6adbb1e1
SHA512 7af6c1372ab45eee6158b787d59a7b61edd3ec29b84c7ac7ec711f59d88afd80f5f87fd75376428c91bd5acf61870effc17f9a952730ba08c9121f9e4bd8ad8a

C:\Users\Admin\AppData\Local\Temp\iwYi.exe

MD5 77cd767a9ad7e513e920255d5eea900d
SHA1 3ee27105757ebd46e2dc7a6be04e5ec03b8230cc
SHA256 bc093ef06cc9180442df13ba5abb81a3a608f3d5e02cef1d91dfe0de4798fb18
SHA512 dde320cf303e04761e8bdca64aacb60072bf79faa2727eac9f83eacc37f065e0c1e0ccda2b846fe69d731806129b38e29756b248815bc902ae78e767bf94609e

C:\Users\Admin\AppData\Local\Temp\IMQE.exe

MD5 77bb60cab5a9daff0efe846fc9b432cb
SHA1 913e4d4b88d6c9326388f5ff802f67ecffbc34a0
SHA256 0e199aefbe103e9e092cb42f89e2dd4c6f7c662347eaf5d0a6ed547db079b955
SHA512 fdb2120aa4a2a3c46b5737ae4a2945d895d22e55127f020071bc6eb1848fc121b5ee45c68ee25c4eb50fa93b6e2ad4772f0bd08aa29952b7f043f9029099494e

C:\Users\Admin\AppData\Local\Temp\CIUc.exe

MD5 cbaf2d24a5e84d4d99a1823b3425e576
SHA1 570b8f751ef816508fe224482b131a3d0c6e56db
SHA256 f1addca24e33c85037bf7a4b8a1bf357bf3e0fc59d0d76c4e5ab778af2a08042
SHA512 1b838661e75c731f14da42a2aac7075b130ff58fff523059136f99cb1cc86ad7465461dca57f3cc921935252407ecd23ed652fe9ce9518b95264dced85486291

C:\Users\Admin\AppData\Local\Temp\WMUc.exe

MD5 b06863cc7092cf02f5a1847b5862595f
SHA1 a6377babb939216c72b3c918a029f4d037ba3f1e
SHA256 34455ccdef1844d4c047616478217f18e2beb13f766282098bafcac6b5636d88
SHA512 48b54c04e3a8144b29ade9a7cdb40fcf46732cb95add6778eacd8ecd3ca791a49d398846699ccb810f2630bf2be4fcb5971b80377a099a7ecf11dbccc0488fa2

C:\Users\Admin\AppData\Local\Temp\iQgA.exe

MD5 d483982ea1a354099e1071b4f53157f1
SHA1 4d4677ea35eb00bfae353025244d08ed5e92f44f
SHA256 4b72a28ffeb33e136cd9a8d2378dc91e7f934ebd09a56f4efa709133dd34eeb4
SHA512 fae6d515306523845eea90c1ff427f631bc6dd1c1fb8ea0102c8dfbbf00946701d150278e2f0ff6024646ac3a8add6e5be860630a9010dbd7801f3c3e6c84776

C:\Users\Admin\AppData\Local\Temp\WAca.exe

MD5 5417a2cd785ad37eb093189462d072cc
SHA1 995c56bc0553ceb2b5682eaab1deafc134401e09
SHA256 91dc6c22f01d39c6ee23187e2df2c664bfd72fb0bda2b56f60a1bb0895962bc0
SHA512 fa5990a693b440cf0e3d4c46457431387b8ae66694d5105a053b24f9dfac1329dea67f4474e2c481794963bc4cca3ef1ad17dcb62710d26b1c0e6918865063be

C:\Users\Admin\AppData\Local\Temp\Mgou.exe

MD5 a45e30998356d6a49e4b69d19fb00d5f
SHA1 e894ded2d09c86eb87a8409a9632777cf227c5a2
SHA256 535e2fc5c011b26d46185c0296e3f0673a635df096631054a68eba482854dce8
SHA512 dabcbbe107507c8146c0eef7d73f039221ce8f538ae56d6f6e3dd1101d1992c641a1c44c4170ad1fac84d04e9cf384e4f1ca527ea14b3bbc13bce4877357aeac

C:\Users\Admin\AppData\Local\Temp\MskQ.exe

MD5 72bed11afa875cda284ab4878b2f237d
SHA1 723b56c8c7cf6efa0fcb9e1b7543d684891e22e7
SHA256 e19f2721023554826f409dbb5082bf7ae9b6977a92673ca55b8116fa9db344e1
SHA512 a9868707374cb8ae8fbb59537e5ec249732be6a1d9d3da6fc1dc710a5d12b2d4bc44a8776cabf2ec20fe67b7fa6d071016f638b49130a5b0a911c49071f4c495

C:\Users\Admin\AppData\Local\Temp\KMco.exe

MD5 ed05611eed2b9c5655babfe83d88e902
SHA1 ae87a08387d58be44c2747af7312a9a0f53c42b0
SHA256 d281d0b3dbc47eb7ed40dfbcb047e2ad5202cea9d5e9b1709533999ea06793fb
SHA512 c5f80fa01e6c0e21b0f4a307428f1dc3b3e54c8459778d1c039a0b616ab99c81f9811f7856595abd33b95a0b151811cce12c8730bda74ad60cbbeae31a16eda1

C:\Users\Admin\AppData\Local\Temp\csIe.exe

MD5 fffb0ebdee857758b9ffc265e7077f57
SHA1 8428106008576d083ea86f5f1e82b6ebdb4560bd
SHA256 bbe89e34caabf1472ade9acc632359523a013e5d9b719c77c3f2c255426f0739
SHA512 ae9774776fbaf596cfa5b2df5ae52d123dca7621f24fdde06df4dfbd118db146c3e844ad12000ae3f56683d3b35907f55ec38d96e4139c11ba654a4c09fa02db

C:\Users\Admin\AppData\Local\Temp\CEIw.exe

MD5 7b7e27027391f3e75bf0a0d1273cd2a9
SHA1 2634ea09b60e0b8bcd6bcbf4ce8689d0d41cc04d
SHA256 244c8337c277676d11a33c2c2f8710ea41098c6de018276e1fc4c6767a3ab442
SHA512 0c6131ccfa9ef830a929b001282a9bab1106959e2355d2aa01bdb5ce32c9fd0b58507799710081bffec9fde3d5de110e4a7cb38a36958da772961652f9067ae2

C:\Users\Admin\AppData\Local\Temp\ywQe.exe

MD5 670a4af38e260c6e99a5c48518ff5429
SHA1 c7c0d8353d176fe99d357d5ef5f1ad8713bfa5ed
SHA256 29e5b81d0a877d54b3e39c1da2225628a18fbae5fb6cb3409937c450e9b6da4c
SHA512 77455a6a9230be26fe6d25153f8ca715ba097eab8c4c62e32913e96dfce94b5831ca58162993183daac36c7cd5ab6eed995ac0c34926f3095f7419d8bff9bf30

C:\Users\Admin\AppData\Local\Temp\UsoA.exe

MD5 a69e605a398a13593340d061c4b3b0a6
SHA1 6c3f39d0c8415256911961299c840ffa400eb510
SHA256 85992b1eb573ef8496ec0998ab7fe1908940e9d2ff0ebade462137c2761f352e
SHA512 ca0f2ff450752b953e93fedae6c57549a4cbe82ce874cde3c01cd8fc9c6155aaa469b47f9362ed9dcd5b1bced47ea5d0bb3757306d5f1270ba6f8a9aca23fd96

C:\Users\Admin\AppData\Local\Temp\mUAA.exe

MD5 7ac7f540ae0bd49304c372552968f45b
SHA1 5ee32ebc8b15676bbb6d5878259916caa1986564
SHA256 5c29f783ff7f60660be875e0e93d12f9cdba8b21d88300df9a2d60ee9fcd364e
SHA512 5456886d631468d3c7e4e77bad65414ef9c7b572d42c418a7eb98e26fa7d387b38552e76ae7cf089635603025656e7ea80620fce636cd7ff4763e3c632ed2526

C:\Users\Admin\AppData\Local\Temp\YYks.exe

MD5 ad798f1108a655a876cb8392fe48fc83
SHA1 49e8da77ecc8ce5fd4bdaee378d7c58c66807ae7
SHA256 884eb1e67b331862451c4e02f49747bf39acd0f5327203f8ddf1761c8ecc38a9
SHA512 f45e4f587f2c474ae0142b1e0ada123569ff6ec123f24704410836be0b69ed09bb405593e638a2bd9da239482fdcda71c95d88aa869fc10835fc975efee54ca7

C:\Users\Admin\AppData\Local\Temp\ykww.exe

MD5 7e77e3e0889c65f6b7ccb0924d976e0a
SHA1 74cbc5b027e8ab22a4e9e9cfc8d4b56365aff22f
SHA256 a11fe50c4fdb4066bfd48a42db79ce7e029a9b30dc1714035ba95f2b8119a15f
SHA512 f00ee27b41b3b2b494f573ec09569ca57c28fdb32e02ac9a9490e5946123e1b0896a499c8fcb68a7d9fd730451c0fbdd66bfcb4751d51276163954ee092af5b2

C:\Users\Admin\AppData\Local\Temp\Ugwg.exe

MD5 d1445cff38a6875fbcb9f960639aa94b
SHA1 0847bad938c71d14a89458d370a25fa6bcac865a
SHA256 7ef745cd288e154300183f57d34a371fcb444ca8f3d550d928d7214a68b6bb0d
SHA512 bfa6bdeac60256909312c7e143bb220ba5a2722124c0dcff7504d8599f701acd6eacb92d58a5c112b9e791a6c096d0a22f6e16c6648656f8461c60710e6c572c

C:\Users\Admin\AppData\Local\Temp\wQkQ.exe

MD5 2187e36214c8cf67d6ec7ece6a89c617
SHA1 7f0277ecbc1453c5adce932361d9229e4f33b31a
SHA256 8508b00eb9c61d878b21995db2176802a82f93c3180856564648c652ec392b1b
SHA512 a71f612a330f26085231a667ccfa81f549a89c722ab9919d80e8e04ea10778a1a93ec43c1cb3da70a0b2512bbcc8bf0427a6b2e6477b06395493f41633092cf1

C:\Users\Admin\AppData\Local\Temp\QkAI.exe

MD5 e7750bba042771eb0256f258dab73870
SHA1 2f283f150b1635fca7a73f06982b4672057e93b8
SHA256 788b760f7aef3e2828f66c86617e58076236863f0fe3fe2aeb0454211c89f803
SHA512 0f827455e20b35b1382f910ef526cffcbe424d5db1c0b3b1a69fdb10eff17763c3d673fb310ada93cbdff4d4beb3a0ffcc881803f300f5cd8cb339a1081b8e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exe

MD5 65d44da1a1870df80f3d62a8ff0ac2da
SHA1 d7c50519043c8261b667e7cfd2cf751ab07d5bf3
SHA256 fe88e43d0f5d4051cf558d68eace3642d4602f1acb84ba8d54c32d61499fba3f
SHA512 6272f0b7379fd9618b2886f473f68ad106c6e01060f8531b598921ccc7780092381456f4eb1aac8a52fcce585a2ac781841604fb1c4af61d12ffbf591e960d8b

C:\Users\Admin\AppData\Local\Temp\Mgks.exe

MD5 15d084645ddfc3edba04e4c1c973aed7
SHA1 02b6de78cd481d6142a38f7c429f70b8414ac96c
SHA256 17479bebc19e8b08fe0f2252c0176317ef25a31832414ad56a230f51131da6af
SHA512 bce1def99d04c8110cff9f165d55ceb5d03fd7bac8f1f2e9f105724092348267b784a0c7577a2d3a1ef22e92996a27396260016677d0af4fa0d0e04ccab1382c

C:\Users\Admin\AppData\Local\Temp\MIkW.exe

MD5 68d93ebefda497868a742a93112f81ba
SHA1 8bd4e952541f3c5da7635995ec0bdb62961076de
SHA256 559455df13994b33129436069be862ffc7a5792509dfb2c4b7bd4db360e9d49b
SHA512 50383f0004b374cdd13cb9b2829c22948726e101274a6c6203f18a6d7c535935c43379471f2e4c4e2610091ce5eb9bbf74ff8838c9f3fbb245cb67ac166887b0

C:\Users\Admin\AppData\Local\Temp\wEkI.exe

MD5 a4e68241c4dde09998adb12c2cf17f3c
SHA1 2bc44fdd47bdfbe249348791c4efd7f2205d32e1
SHA256 5574a9b2056801d5d2f77106c69df4403f447c0d3d6e6d8e2787a979a05768f6
SHA512 b5049ceafd686cae18bdd3fce7ff953f504b5ece3fe1ee3867cd1b6700ae3b1435dd342dc5260e9dfbf84b128f9183b247dfb62e534308c3e35ca814bbf3ce75

C:\Users\Admin\AppData\Local\Temp\sAQk.exe

MD5 023a7a6db004632871f358c0084bc036
SHA1 c19d0efdf9e7c9a2a218e67872dd5c2a43069797
SHA256 b89a9a7190a515d69a74ccc2ed5555230e086a7391d422ceecfb19f0ceba95ac
SHA512 ccd7db5bd18797df5b574a655ca944ac5d9c0e37907976ad14d4c7e527f9262c760de6ab02e85b977f110ab71d24f86b8c55adacad39ea93a04b8eebcb38c629

C:\Users\Admin\AppData\Local\Temp\OUwq.exe

MD5 1045b01e8d881118e562aea8f2ac3564
SHA1 ec2df10c2c749ca731a5e64153f705931f8df119
SHA256 c18e6ef03dfa07f4b57ee83c69519a98cd2fa451872a301c8157defb6969fe69
SHA512 5db89551084992c06c3f3f483542d5ad84a07baab26f9fcc8305343ccc83767c9e3fa7db8ff7d1667a262c78df54392ae35b8f64d75e93a7eb526c7585d0cc5c

C:\Users\Admin\AppData\Local\Temp\EcsE.exe

MD5 3203619516b8d14d45633da1e37b94bb
SHA1 53e850a6ab616b678429947b54edb5f7c6aa7c8f
SHA256 1b553a0a804955bd523da08659a9e199b828a6eafa00a606f146653f9b2629e5
SHA512 11e86fb3632e8ec2df2c20ebabbed46d644bfc4ba7a923a8a4d625ed49a1e61b17048d5c0f1ffa79490a6fc0bf820acac13542ef3aa7d38a588dbf8b1b7c1c25

C:\Users\Admin\AppData\Local\Temp\aUcC.exe

MD5 12c3f54780dd5a43d987fb219ee8eab0
SHA1 60258e3157b130eed430e3577f5a9cbf66b18946
SHA256 76012006ccd042f45da749a9d7ee5c057de78d14cc69bdd28e8aaf087d2f37a0
SHA512 060b0bfb4264ae034fc5ca90a7dc8d872f4af73e0bb7920840c3b8f72993740b11478a7da56f4f45aba2c8f29bee0cf011580480dd19beca0a1697bf3a842a84

C:\Users\Admin\AppData\Local\Temp\IEgg.exe

MD5 529b4bcc5a8a67947480de5e3edb631c
SHA1 e3eb83c6be651edd700181f8295a2170783856ae
SHA256 d84249eb2afdb831afecb9857948cbca5b9647b95a7fdd533cfeb9029830985a
SHA512 38b62b45f3c67834a3a4293da3adbc291b49021d8054488e2ae7df55531d6f2fcd243d870a1ebaa2d73d1c1805cdf5b5f9f8219f62d015f1603f51ee432f23b9

C:\Users\Admin\AppData\Local\Temp\SEkW.exe

MD5 dafc3de8446597239f359ab8b8165a43
SHA1 d775b8fac1b0f655396089ddef16b9952cd1092f
SHA256 063fbc5d859bc9eb7489da778f0e8931c3b1a7debd79a3e83894e8b295bdc0db
SHA512 a815681ac74886c741efec7fa3e8b31b9d12d0f70802bd2dd5adee32aa22644b8cf7672c19a0aa1808bd6ff8c8182e29a4c99eb68ed5b77bf81086499902df50

C:\Users\Admin\AppData\Local\Temp\mYsY.exe

MD5 8472d3d2f7ff5c49557cc1161d3032d9
SHA1 dd2d8a2a01618d55da22725d40b1e78bee42aa3d
SHA256 2ea71c0b054b56cec648637900f1e4ddf1246d7bf9eb74e9f937b425a3aaaebe
SHA512 5cd719673852fb5e7c937687bece8eb7e89ecf011674696383af352f90c2019dbd56b3e4665426feef1a70f3ffde49a33982482fbbb16f92ee11d193e28e08a2

C:\Users\Admin\AppData\Local\Temp\esYI.exe

MD5 8ec15cb98505e7692331af462edba8e3
SHA1 731a737af192c6e34fec1482c7208d134056441e
SHA256 4b7b502efcc80ac70cd02a91a85b984600d9caa78d0a0cc81aec4c802f9347ba
SHA512 65f833737d82a639d2ff5fbcfcc2a0fe653d5faf2f914399b738dcdff771c5af5969b7f428a7c83234636866a7495f2cc5dac8105e7de17534c1178c4e0106f8

C:\Users\Admin\AppData\Local\Temp\mAUm.exe

MD5 1d33e08287de3cda873b8f1467115bdc
SHA1 72503700283d50e6244a447f167694ca02b479b5
SHA256 8a4753d3b43f007fbd684f155199d4442f549fd36cb08e50c73ef77b7ac18ee4
SHA512 ef201d2a8e9853cde9f16bd4606e9206f3b68b9b48b426e270527e837292ed620233df9560f1dc8b800021052ec0a0dc41b684431d881f9f66e03a4da22168a3

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exe

MD5 01bce54c8a35488015faa8486dfa395e
SHA1 42f90f6f0836a067341d2ae7527db797d95a2389
SHA256 61bdedeeb2061f2fee28ffb1fee3b8e020439b8cab033d796c2afb45880e000a
SHA512 5672fd98aa3791537d38bc107a553a89f52b2407a0912358b301eb014bce45c532d9e934a94b33d22158e83bd5a49ef0aff1aa6811683013308be8c8f140cd32

C:\Users\Admin\AppData\Local\Temp\aIcs.exe

MD5 b6c99a2724bd94e57437824591ffb8c3
SHA1 3e800d56b2d4af6fd05e895678d129bdeb3de726
SHA256 7b8d7b597579733b24ef1404254d013f03efce819476377dc859ce03267ca2ee
SHA512 20a414ac4d0198e3dd04fe64f28c64d7bd3b960b0c1be04e01e231c2d32551c57a9c46482b44e5a6bd87bc89b1ca014536d45437669d9b1d3d4b2b0e8916c2eb

C:\Users\Admin\AppData\Local\Temp\mwsA.exe

MD5 c1607ae635886ac0572dee2d0ee31467
SHA1 ada99de1b47fd7b70b32ad3b1b7f6ec82b4cf3b2
SHA256 4c813590815d2b362891b5e328407b0c9a329b72bf587b716cee281bee230281
SHA512 701a42f69ae7680f19255bb7323b60db29e71a9ef597ba1173b122588c6080db253206509e783d68b25c02751e83e9afdfbe6045823fef30bd5f6437d27c3bcc

C:\Users\Admin\AppData\Local\Temp\OIAY.exe

MD5 ee193dc93719a4852876b286f22b6978
SHA1 15e70c66567e5a11d0c3792fd3fd0c23abeef09e
SHA256 3c6f2d8d3cfce7d9bfa53a247f61a36edd4dde25041b06d5c48c02516875788d
SHA512 216fd66d184854615e8f621678eb2087c6def06afe1ad49692c0a11b2ea6c4b7cc220199a1c0983ff84c3d0e41cc26fb922643f28e9551ca900eea4f542fee26

C:\Users\Admin\AppData\Local\Temp\aQgc.exe

MD5 a4d7453e97360b4afd16328a467d3838
SHA1 4a0cebd1ab3eb676f0262847ce892ba0a1593c02
SHA256 acc77ccf240ad056d02074fe61d2a83852f88de473e542436f1015f7aaea610b
SHA512 7477c1f35f1307ac1e4bc53a17b77385968b5818b871f571b788d9c81a1082d98ea806fc1b7ba968b9f24202a6e96e5f10bd432b92b63551b8e8500844c46608

C:\Users\Admin\AppData\Local\Temp\WUAW.exe

MD5 bb16422b66d10138ae61001999dc9fcf
SHA1 9f212bfbc4a292564f5c98adc10f372ee82b338a
SHA256 5f06e461160072f775a4bc622bffefc07b50726fae591ecbfe0e76fa0f21f373
SHA512 8bab59106b9f75bfb9cbfa435aa070de694aec9b72c6c34be0ae3ed17ef9c2f7e3320970ce5a9e9fcf71dbf5d44823aef04f594b7078cb07e9a95f0cb3758c8e

C:\Users\Admin\AppData\Local\Temp\eEUk.exe

MD5 4973388f6e6eabb8895e2072412c3ab7
SHA1 8d6657e0b289d907a81f56440d72de63fa8aea3a
SHA256 82ff037545c2730da75d915832b67db52c3684e35ae471e47240a7405f7eab24
SHA512 28cdd8bbb9eb2a27a95d112c590c94df8806d3e2deb8e3d7d179902f9b910751a225cf43ee4c2a7ae1961359e4b43833ecc8209d40a58b96fd689e9c9d49e175

C:\Users\Admin\AppData\Local\Temp\YkEY.exe

MD5 a4c936b2774fb9a1836c48943ff78d5e
SHA1 ebab3045dc45e6d72ace920582bbc3e0946de0af
SHA256 bd5fea87fe5185b5a6cbcfec92438da64869905e8f70178464cb97d2f1600079
SHA512 9788661fd0a0ceea10afb82f9eaafc442d28220d03044fdd322ade5e51349e6b851611f5a1895b3981622adc079adafd0744ca53c0c801352540145c5c247be4

C:\Users\Admin\AppData\Local\Temp\qkco.exe

MD5 26ecb65ebde7ceeb05b0f72913e9fe97
SHA1 74184d87d0c47c1ffb8ff5423586bfeea9ee87a8
SHA256 ba0784d06c4be7c5202139d6fab6188122432fcb717fe5eed52dce075add7696
SHA512 9e392b4a439d6c2218c2f2bac9ece62aad2b0d932d91df0de76b3df1f8277b238f647ae94cd94caaca87c129ee7714618e6913cd16f9f1427531e626c4c929f2

C:\Users\Admin\AppData\Local\Temp\Qwgs.exe

MD5 6a98b7e26d420d26694a1cbaf1b9c0be
SHA1 2714cc4a99d53555254589b50f41f44deb32f482
SHA256 5b6096168c45fad6fbb970b6ddb51de31914d8c66d5b7cb178d750fe3fb6d5a9
SHA512 d0cca75c0b5402709f7d84ac00ede375fea5058d85fbd0ce98d07a1d8a77138120994d5b9421f6b085c13df9cfa1b47bda19187bb46448fc227d661adb2f313f

C:\Users\Admin\AppData\Local\Temp\AIUe.exe

MD5 3b5127d6175258e2cb133d5a87d00460
SHA1 06c96c7eea4ea914eec7d22e9595e22ffdb0373d
SHA256 6b83f2696712459dbf3efa96d457d29fffe5ee46fd782aca95139d8d8eef7e04
SHA512 6627f473b0327d682c2dea83421c97b00ba2cde8f0e2ac15c2ac35cb9986cb77665ec49838f9574b4725bc78691f4641e6420d00f611bb895a3a732f054b04ef

C:\Users\Admin\AppData\Local\Temp\kIIg.exe

MD5 825599132f2419a21dd1c03b6029a888
SHA1 5c118b1376829c4e9fc6c3612d6ad67a1052bbff
SHA256 84f24b571417000c3048a9d68d9c0af5fa93f34175eb0bddf7afcbd183a24964
SHA512 9a6ef8b09e9c22feaad12b95f9143498207736a3b9eae186ecc88f22440afb4076c96376a77c0c2654f64293bec15df8044deacc1490a76d94e83503a561f3a0

C:\Users\Admin\AppData\Local\Temp\ioEs.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe

MD5 594014df62004707e172f5b3f2e37f50
SHA1 c90d2009ec7bb355a3228d45c28d77e5f40e4a3a
SHA256 9bd3084b8f19bbf80c939911e7c8f885f55c3392eca6a76263629e11f0217261
SHA512 9577bf1f2163b0c780628daec56bed9ee4566b0bcd04f4327965223334a700104ed7bc821d6337dbad0bef554c30f6e1c4b23eb3f19207aff81e8840d79f651c

C:\Users\Admin\AppData\Local\Temp\AEcw.exe

MD5 e643217169eef70fac8844c9b55d1d7b
SHA1 533c300454a555978c49c9e72f01ed89c17c34f2
SHA256 f88a7d84005e633636c980a381f8d096521842eb814e3bd5d469593feafd563d
SHA512 c000398a62cedcb052bbc0ee1d6a185e603c8097a2a5222f4e4e892efef4fdb79b49fa3db3fa65f8a2a1f114b360e34aeac9f80f33474f15d03907e04e058756

C:\Users\Admin\AppData\Local\Temp\cwEQ.exe

MD5 9549a72684dbc2e5c3eb2de7b25f147b
SHA1 268cc9260c15f875c703f2be1d9521174156b5ba
SHA256 b4f10aa454814cb5c120641a168baa455a59395faac36422faf68a8b71a3436b
SHA512 74150996c6b784eb9db91452bb75639a0c9c721e7fac71e5f107d4e3404d3d07f3a138d0f1dfd55ba16c1cd7a971781ba4a93be7b383ae24b8127ae4945714ff

C:\Users\Admin\AppData\Local\Temp\iIEc.exe

MD5 d884e0f997fce4b56354fd830943990b
SHA1 1251732ead8d2807bddc59ef581e9684f57dfbe2
SHA256 700716dee8e2b80695ec3693e3327bec8d6a51d9935f8128a86bd34ab3fce619
SHA512 21d16c8f111df4698fd628a9e1ba081dd05a48f5a7d8c56e2d25ec2a3123ce25e4dbcad13fca725331d0a3a20dc1ab0ed954ae31fb6adc041a7dbbdd2ffc8a99

C:\Users\Admin\AppData\Local\Temp\CsIA.exe

MD5 40c8f1aba4aff7bfaf4c433b128110db
SHA1 4a846bf657ef4e52c92aa9ee3a353c2327c1d1d1
SHA256 5269f67b6e51b1bb1a676f77ecdc2d3728f335e2d8936cc4b5e51ad9564d6d6c
SHA512 66f23e7b7503790eb9047fbf49be9c11da4a48a8360f2910c4cdce702a631494b547295806ad1a7572656c492782df5dd75a8921fa734b605251b8f27c258850

C:\Users\Admin\AppData\Local\Temp\OAAW.exe

MD5 c62da7f44803ffdc7d2a7990e41f697a
SHA1 042fc00c2e9d99cb3c1a18bb838f5ea4a544006c
SHA256 1401ceb886b00ccc2ee6061a69ffa46a793e53b8aa55423bae87ff7d91e1505d
SHA512 230e1eacb6f5a222b364a1a3512d867c6bb7e172a6a6825a09bb92b153f4fb5820dabc154e16abfe48c2e8bde7b7e925a8a31064f38f70eb35b149ab744c698f

C:\Users\Admin\AppData\Local\Temp\mUQS.exe

MD5 fe13cbf36056e28cba8db04a9d50a0a7
SHA1 7f96677fd80a3f29e24409d4c64321f3c7f92854
SHA256 8e354b30be15b7adf74ad2cc3327f987bd633aaa0c8266bb353bdef618712190
SHA512 1300eef6dfe86d580207a8524b28afe5adfe8c2041f3688213e0df9f1437a4412bc186cb97bbf81bcaf6f79e0279d294b25a559750e11014454a9155e6a12d34

C:\Users\Admin\AppData\Local\Temp\uwgO.exe

MD5 06e62c59722cd2649004a6494536b300
SHA1 a11471d8f9d15d72ee3ce9782723fa1be1515467
SHA256 f2f48ada097681c608e5492c52a0ace88fba825d91b88f1e6049da90cf23f318
SHA512 a8ae883722f1a09b96a781e4c916eea9674d47a4d5af68398535fb6a6188f14897228ec65943a3a12267e7e87677c695b622bb70b4a17bbb3f4ae3c6938eb0a1

C:\Users\Admin\AppData\Local\Temp\GUka.exe

MD5 7071b6806f1082204f32588add11d3ea
SHA1 bd0767a9e9c2517dbca6324841a69685b151ba17
SHA256 0a2c7f85821c898ad595400178d63a3b276c7217d88e016689a668b185d6c478
SHA512 bdd504edf663f443e9c4f953d89c6ee4fe3e9a07d79e630ca5fd1415efaa46f6fd22f9cebee88df5850584c12e2230342c9a7446ca4d7d400cd053b4897601ba

C:\Users\Admin\AppData\Local\Temp\MIMQ.exe

MD5 fe60581c7073dd624c2e7e66fdc38f9e
SHA1 35f4e02d7bc258cfdfe33d018376083edb35828a
SHA256 b93785dc0a7ca3c2de06166d21c55eb586ed0003eb69db7d70379be2b14121ab
SHA512 7fd67f6ab6355aa3453e95dc9b1d968fc14b766335ee7c4239c3668bc264aca6077f38e95c9aa183ed86fe50239fa31174fd9b1d7bb764c89f8c098438b8cac3

C:\Users\Admin\AppData\Local\Temp\aYMu.exe

MD5 36aedae5bc4992b92848c2b7b386b5c2
SHA1 394d8601d833215ea86cce3b479a695ec0d298a6
SHA256 48652f770e7c29c8487a585a6ee30681e4f861de64c89b94c832a4ffa6e36a1c
SHA512 963364d6680d8694ee8388e928db836025c5286c4b15c450a575c6ef03712cbb40bacdd8e5395a4e4a6bd03f590d9fd8e65a4e99bf7b79c36a78d4c73cf4140e

C:\Users\Admin\AppData\Local\Temp\aQQs.exe

MD5 3e1d04aa66542f4b5970ca824e42eb86
SHA1 8b88525455e585e85b55eebc9839a5271b7bfe65
SHA256 212a1b96705846df2faf04b7c3c15fff559afa749c642109ece87eb2d17afdab
SHA512 063e5e93f6b821baae52735643224ec37cc00a63e491115860b23b33ae3555ec39ce3514b771ce8b95f71a9ca9e5825377b77749e69d8430971e8cedc499cda6

C:\Users\Admin\AppData\Local\Temp\GAga.exe

MD5 a25ad02cb04c075db2a552c50c285d73
SHA1 1692f5ff9cc44ebe1f2e584e0c3d31b9563b805d
SHA256 9277e309e960368f1ae699551dd10a5341918e304e4b1e50009ab69b793aaae1
SHA512 edf8665cbd20dd630f0039e1d1f6aed34a5dae809aa9f1f3681eaa5d2650a65d81ba59a37651a5002846fca4e37284adb4950b05b5c6929668d4142a02a0d4f3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe

MD5 118e244ef754a0279f22d0ebb75c6c52
SHA1 efd6380b33e06be9bd0c42e2cfd413618898066e
SHA256 fd6616768a5f9a7e5fce4c246e183b1cdb5d74e6d29512627a8c3e6146bce0ac
SHA512 76159b673ee66db817b5ca510050ca9751a6d5683fe42a8ad6d64c158bab81c2c3f4f0bb941d0654548584a5f48aeeb06bd241d6d8fba3a4c1b6e03da941e70a

C:\Users\Admin\AppData\Local\Temp\Wwgk.exe

MD5 ea3bccafb4d73a38bf62c1ab668cb077
SHA1 a6101f3cb438fe9c4e4ed9459119065f38b67fd4
SHA256 56fb074d4109e5333507cf62aa4bcc76126f91e46d70539b88317e4e17a1eaf5
SHA512 d6650c16cfaac5babc9d33f680ee4fa87b7b63ffff0e2bae3d6ee96a35ee0973814bcdf2d7250fdd21e5840b844e766f4bd87f4dfe01e5b78d0d8b9eb746d369

C:\Users\Admin\AppData\Local\Temp\UoEg.exe

MD5 2237e1eb682c0ea564ec3add57676431
SHA1 1c23053e7dd19b38fb415209d3ad4624a0ec3334
SHA256 1503b2070f138b943cda8d79b360093c373b5415d6bd21f71277f3be1d29d968
SHA512 501edab53001a4a14d4f8e5b3448ddd59343d39471a4dd94908c326f7a914664bdbb492ea4938a6e59fbfdfed62020762a19d35f5cbb40b0c0f9567c12b1eedd

C:\Users\Admin\AppData\Local\Temp\eowy.exe

MD5 1ed8ccdfbb5dc6c211a9004ce06ca5a3
SHA1 9cd6e9001abdf2506bc5432f6fe686027295a6b5
SHA256 c9c6642472d114af285a8fbe5ec57c09521a2b61f15551485ebbf649fe0ac500
SHA512 052893b029ad12e62c9a6118586aff820e77f9b46960660294a5165476728cfd067345c687642c4621e15d2449ba19b6429e24e28aa45e82ccc64c61a2902d73

C:\Users\Admin\AppData\Local\Temp\Qwki.exe

MD5 a8a066ed06a6a6288e8ef6ecaeaf9578
SHA1 ac44cdee99250ef23443443a142b713c736c10cb
SHA256 2fddd48b11d92644cd6c3acc45c260b4a31a6ad71096800b1ad831563521894a
SHA512 98f993e8aab5c73eb1fefe3aab4fd72f253e29ba7bae87425f929fc46d6a249f71cfec3cd824bada46668c290aa2bf7f91644e47bc98111746972e1bcfe39b65

C:\Users\Admin\AppData\Local\Temp\WoYG.exe

MD5 8e8dc012e037e726e887e9aeb32897d0
SHA1 b6b9433214ad70fd8c109f85685e4adf7d54bdce
SHA256 36031bcbc737e814176fc3143da6d8b9c1b7d70ffddb30fdab3a96650850d05a
SHA512 b26071c7ce79e61f1e6e2846d3a4b4d7556b07dbd7c4344bf6f442f4b444b3147128ad92728429e1e70c6285755535614f141dc610c5e176b593843e9edabe25

C:\Users\Admin\AppData\Local\Temp\qAMm.exe

MD5 cdfcba68554de04da3b7fa9722e56a37
SHA1 fffa35fd08f88f59b9b6943f18b7e19a7bfd78fd
SHA256 e551caceeea9e19efd0d5bd31c2d4dc48e91437fab4eaf5ba51b25d89a3f0f76
SHA512 3b7c408850c66193db79a67aa9f5147dda224a496f1387e7138c9e1b6cfb23afbedb8fc042b0e5271510bbc3433b75255a235e66c7692a1f697089ac7fbc382c

C:\Users\Admin\AppData\Local\Temp\MYAO.exe

MD5 4484b9f6c136edd01d93fb35799aea3b
SHA1 8cce3abb48578321ba5668fd5b13c7c87533570f
SHA256 4b80106b873a71df99abd19ed60f80cb57e56583476644611ceafaeeff625898
SHA512 8441a695999297c2910ec7c8743efef35299d7a3b8ffe425b4baa54d5034cb2cc2c6350555afbe0a9390f97ba9bf184fcbb04a3a85505a0dc911653e87743ec4

C:\Users\Admin\AppData\Local\Temp\gYca.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\UAws.exe

MD5 2ca8547bfb6d61f4b3c93bbe67ca900d
SHA1 85f4515329c151465d70ca24a6b1df8ce808eea9
SHA256 7fe83f2bb2b9952f7e959b1b85efe7ff4aa6399f7d1e61cbe73540eee5f89e52
SHA512 4c44576f99b035d1faadd302ef7e9e8762e1407d050cc1223c69099a3729f5d4975bd06a1f3f9bbf5b6aba3a6b9993949b9272d13fc845475897351a83a2722d

C:\Users\Admin\AppData\Local\Temp\uYAy.exe

MD5 6d281a3e77d02e50f70726ad1dcf69e3
SHA1 8c05a0de17958e513bf673183471804fc3d55463
SHA256 2323419193b34927f61a275eeb7e48469bddff3594912df688ab58d38971f268
SHA512 cc03acb5ba6482e77171272d978c5b7d8f12a8f3f556cbdee7550feca6f915a452b46a0ecf08ec65ef33861503f8193fb550db43d69bf770fa01bd1ded061892

C:\Users\Admin\AppData\Local\Temp\UMEg.exe

MD5 5052a3557b79af32c4681d1c911075ad
SHA1 8019ca61c362668b0b0c584015869747b4502f0e
SHA256 edf686fc5c3047185100d6704f13d097139371faf4dfc7323f14698e404837e8
SHA512 17499ef8913a6c65468b1e6c08ea76db4fc1dda4ec3076fc282cf0b9c05550ffba897c5d0227ee3c1fef4bbd79902b2191fb42cd496de987aef9da42123accb9

C:\Users\Admin\AppData\Local\Temp\mYwE.exe

MD5 df090b90e892d2ea95cae824a5099be9
SHA1 e0b888ae618f72080e4291c2b40f2099cced24a1
SHA256 38188b18e2a8d4126241db3f88cc692a793e3cbfe9f60741bab165c0ef12cebb
SHA512 e1bd9d5dca1dc620a07f1d0431eb2232d101641aff8d9e6692d91820c2bb9fdd99b127f3154728a3192a1fec503f4b7da3fa79591696dfbdad02d440bb92b1c1

C:\Users\Admin\AppData\Local\Temp\QMco.exe

MD5 1afe1ad86a92b337e9934a9eee724ee1
SHA1 f7b9c98c070c7ea318963bfd6c96f4d874547dcf
SHA256 8641a32a2ce80b641355b54b13480878d86b0398544a588ed9b1f1498f0db650
SHA512 821b2ea18819f1227f23d496b0d898beaa84208c87f379719425046a910faa1b2b8d4dd4cebad139eae2ddb0986039c8c54e7956d2ccc4c69a8a95e19e177e66

C:\Users\Admin\AppData\Local\Temp\iYoq.exe

MD5 94ecdd4dcb274148ce732e26fdf12a08
SHA1 6cc904ed350ba7836464f49eb6c509399a683c74
SHA256 64b276cd59666b6bdd823475e002de522412421665815dfcc50cd8f044d60641
SHA512 5c5dd996949887dd719ef905eb041ac7dc2b19c47d10cc546a8943be1112c9cb07db84c95ff200d381b63359daf25891ccdd3862274035e9fbcdcb35b4e22072

C:\Users\Admin\AppData\Local\Temp\GYMA.exe

MD5 9cbc1f8813e91a068813d015895cd14b
SHA1 d9b32dbe7178f599d1acb0ac6666db01bfa44752
SHA256 777b723be048dd01d963a9005563ca87752829bf1d480129c58d9b1dafaf12fc
SHA512 60399c6d8107cdf4cd86e0b66d1de8fd83e1fecee27963dfd93544aeeedb8f19d0d01b9803741888a3b92543682d18b121d8b34cc61c8c1f49453d5fff466653

C:\Users\Admin\AppData\Local\Temp\OEAW.exe

MD5 377ac3c84cfd5514715010a385a9fdbd
SHA1 b0676e3719de8aa429d7fa2e6c1cc4f9f644010c
SHA256 b9f80c86878462526c9f250f4d6c69e634e346c39e26e95babff5bffcf37492c
SHA512 3eef811b21e3da5d22859b16dc407582d3eb428ef043f969452d66a808a9444ff5492cf33dbda89588a8ce9d3a190eeecb7378b07df5ef49dbb9930d022f7207

C:\Users\Admin\Pictures\My Wallpaper.jpg.exe

MD5 20172b960273c7e3cf100ffda73fa851
SHA1 16cf85d25ac1a7f9da5224c72ef7e1d44acbab1f
SHA256 fe53ca2b27108cfaca780212c86bb66b981c8b3d880e448922967470e54c3fbe
SHA512 0de0cf0ee1a24f46dcaf44fda96b74a960e0bc47e8bb418a853ca4c264994dc9097d49d9efae186febd991ceb77058eed163074e274e974babc5a4a5b4b4d804

C:\Users\Admin\Pictures\RemoveUse.jpg.exe

MD5 df9b841042c16029574e45e609bcfbb8
SHA1 43f7c794f5bb2137d56ffe148c84422b0d44e194
SHA256 40a92b2ce91be20e3578933360ecf212135983b7bcf451bb7f51d17693734ecf
SHA512 8f000c19d27e944073a758042b4bfd45e6bb7a0361d56f095563b9b12f4f8af29358aafd08ec006bd6bf5f480b682e74430f7883373012155c030121e5c4f5bc

C:\Users\Admin\AppData\Local\Temp\mEcC.exe

MD5 0cf4b79698ccf39ec19a763b0575bb24
SHA1 dcc12181960debb5761bee25f1846433816d2bdf
SHA256 83955a87d2889804c3da2313c110f21ae02f12eb785838ee3ce6302d7cd1fcc7
SHA512 8269c0e25de402c994413b227ef06fdc1c311ef177b16da885be6d8963c34b02c2ac89b8e3d7df15c8c102887242497887e422b0ab18037d576a6e05b5530b2c

C:\Users\Admin\AppData\Local\Temp\GAAw.exe

MD5 bb890dbd17f296b7737ddc6820ea7584
SHA1 f99d6d6fd9bfb0aca9313dbd13bffe0ea9363870
SHA256 8a7b705e37f87ef4c248dd465b1c59a5c036bed97d7e403dda35d3b1f7f21811
SHA512 6ce94d780909d6d9ecd4b2b422bc82e9a552431c9b8cba52058b36f561de401c8cb33e42b8efc522185c2647c19714c1bacd596d65c11f6c3ce5e137a20478f6

C:\Users\Admin\AppData\Local\Temp\sIse.ico

MD5 7ebb1c3b3f5ee39434e36aeb4c07ee8b
SHA1 7b4e7562e3a12b37862e0d5ecf94581ec130658f
SHA256 be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742
SHA512 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6

C:\Users\Admin\AppData\Local\Temp\MkQM.exe

MD5 14afbb87f4ea11a406fc3e469ae7ed66
SHA1 967bb01555beeeb446ad1ae9d775cda4cb0e97c1
SHA256 5f1de4ffabb1df0766439dbd4e738e8ad8a1768510edd13c6f40e41025e1cc52
SHA512 f3481ea0528ba6e227a2267f4a280d10d32758e28ce19ceb598cd375fd2a92c1a99bf09d0e31a2d1c65630573dc7745ae81607980a0b1739349d5eca4f787fb2

C:\Users\Admin\AppData\Local\Temp\AwMg.exe

MD5 f1810b4c7e9354245ce4757186373c01
SHA1 ab5946017e5deeffb1d924e9e5819b0ae32d8fbf
SHA256 3ee65c4b0c576661ac2c2c7ec4a2393f66a64a04f5419a10380a69646b3a1153
SHA512 b825d14d15d7a8e0f53f371bfc3bf9c026e9b365a0f343780834dbb9a6dbf8bdb58d1313b621aba761d74b973d15d0b020402e7ee79a8634925227c5f1959f67

C:\Users\Admin\AppData\Local\Temp\wIAM.exe

MD5 7b41a1d764ffb3c8547ad6024d853da5
SHA1 50642ef023f214d5ae08b52bb024fdcad86565d2
SHA256 6c981409be67c7cf8a0c892ea95c53064c53c469fbf0ee7be2bf7dc1cd262165
SHA512 fdcafdde6e39f86c1207ecaed365ba1054172588a7d087c74f6254add025be22053fc0bd0a12366f97921a0c3832504a3750dd8020a6aa9b21cb75371c15e716

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe

MD5 f4b901ba76c074fef1ceea56581737ca
SHA1 f4867855ec972eb4e1fb041eda7c5e9b46c3b514
SHA256 0fecf638512d16ec269749c305ddb08a982d180f15e645467a33ba46b536a4ce
SHA512 566af741403e3513fddd969f17cba5c6735e063833621468e8f20496f4e8c5bee5b74179edfa7b6f630f1a8e1131041bd9f355a1c03342d08171c9727b9c9c09

C:\Users\Admin\AppData\Local\Temp\AgcC.exe

MD5 193c2ba16a937fd605c5743cc04ab66f
SHA1 b6189b1880dccce488b566a3c6c87e8a5c774eb7
SHA256 e7c988b2cc064b8968babe235ac9c7f30a2a8301383d3e319ffa5dab88a4857b
SHA512 de4f210027dd18ae86398b0ebed0676ecbd578b5dc943a84b28cbb7fcc266c26e01576ea4805f7ff7bdd73868e95c5b830c0184fd1a72f507cf8b105d63b951f

C:\Users\Admin\AppData\Local\Temp\WAsW.exe

MD5 d6aca5453a339012a7ef601f728bf4f4
SHA1 f3cbb8a3b01ce5c10889cd66f5dd848bd1e9e87b
SHA256 524a0e2725e6c3cf8e9a8eaf6f138925f68a7e56fea467a55feb9062494db579
SHA512 4406ae1c6efc8f06988a9f68006096ca340fccbdff94ec5d55574d790d2a0aec18daec3ae2332895ce80e252bf74bcd16b0d634866e611073aa20201132c244d

C:\Users\Admin\AppData\Local\Temp\IsMi.exe

MD5 d25ecd65cfcbbd2b1043a7500a9e409c
SHA1 bc23cb632a07a025945a0fa7aa3905fdd92effe4
SHA256 e4fdc192efb6b3aac9a145c17a1d4c5db785b294e9423810526de9bcd433abc8
SHA512 a5d965aa2cdfb517154381649c2d7843e88bb428dfb7d1913146fd1d5997c1091aaff75810dc2c612c3b10af1ae558f402fe5ad183d78dd2da85941cfb80d1d1