Malware Analysis Report

2024-10-24 18:19

Sample ID 241018-des5qsshld
Target 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
SHA256 7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700
Tags
discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700

Threat Level: Known bad

The file 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence ransomware spyware stealer trojan

Modifies visibility of file extensions in Explorer

UAC bypass

Renames multiple (81) files with added filename extension

Renames multiple (56) files with added filename extension

Blocklisted process makes network request

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies registry key

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 02:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 02:55

Reported

2024-10-18 02:58

Platform

win7-20240729-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (56) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\fyowAIAA\tOAIAYQc.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tOAIAYQc.exe = "C:\\Users\\Admin\\fyowAIAA\\tOAIAYQc.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uYwUQQAA.exe = "C:\\ProgramData\\oyswggAA\\uYwUQQAA.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uYwUQQAA.exe = "C:\\ProgramData\\oyswggAA\\uYwUQQAA.exe" C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tOAIAYQc.exe = "C:\\Users\\Admin\\fyowAIAA\\tOAIAYQc.exe" C:\Users\Admin\fyowAIAA\tOAIAYQc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A
N/A N/A C:\ProgramData\oyswggAA\uYwUQQAA.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2268 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\fyowAIAA\tOAIAYQc.exe
PID 2268 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\fyowAIAA\tOAIAYQc.exe
PID 2268 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\fyowAIAA\tOAIAYQc.exe
PID 2268 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\fyowAIAA\tOAIAYQc.exe
PID 2268 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\oyswggAA\uYwUQQAA.exe
PID 2268 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\oyswggAA\uYwUQQAA.exe
PID 2268 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\oyswggAA\uYwUQQAA.exe
PID 2268 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\oyswggAA\uYwUQQAA.exe
PID 2268 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2752 wrote to memory of 2772 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2752 wrote to memory of 2772 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2752 wrote to memory of 2772 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2752 wrote to memory of 2772 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2268 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2268 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2568 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2568 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2568 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2568 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2772 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2108 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2108 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2108 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2108 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 2772 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2772 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2788 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2788 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2788 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2788 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"

C:\Users\Admin\fyowAIAA\tOAIAYQc.exe

"C:\Users\Admin\fyowAIAA\tOAIAYQc.exe"

C:\ProgramData\oyswggAA\uYwUQQAA.exe

"C:\ProgramData\oyswggAA\uYwUQQAA.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWsMcAww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-13315968571552128007-7215335501571334825-2052042153326800993330292121996323171"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nGYIkkIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\auQIQwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1937557790-36256627515340598881718256302135036636968073605-517568702-1221489098"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qqwoQYkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGgEMkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\osQUUEsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XCQowEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TeEUYkwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAsQoUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\puYcUwkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nqYQgQoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuIUokEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQEwUoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1164309595837147745-191911827092898002220072454191039774584-1008797296-1041972372"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iIwwEsso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IwIMAYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "978822411-466304643-657663664-2073582666-353663782-4585826664204471982124275490"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NeYAsMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xokUwkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XMggggII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1221692331-1774122984-2017029345-8001596833602078501755346848-258239552458196073"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PKYQQMMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1555278077-1095475283619828847-902702717404867560-790986019-1838238939704947009"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAsocogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECAEsYko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "120404670-1814071865-1922109289-17869946591070571373-1485813475260270791428909296"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EeoUMIgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1494380145-473954315820961304-737375903653816429-3829383661042082973-755955531"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-333893563-1361551943-921227440-266211215-631452039-1163158537-1296177661-1706615435"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-8090172072086834852-168222037891801767-197654693020106484551564277081455097124"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KCAIMgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18592600822058435481786733416-1798739950-13329140851831827192-721510212-257116648"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "173671353-440145275-887801243492957481-1290177151107555078-152131284-1696617646"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sccYYIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bcoYsoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jKYMkgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "97096308716905722109562593571902510299-801105256-723583060-5560952421563807835"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-14131489011992868060-14138773011115040371760198033-2034885953172796631399594469"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-408542063231877311-333565254-883871096426976196-1644486555-5076484321474101583"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-19210768981622311520-41296434913990620713609378315690864841572802209496410836"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-99712963739738461141969566014046084561901631463-6892342311151871919-189824549"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pSkYYYYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1537486464-5364691211837370546394097313-1177086606174646261121357414861881485763"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1196976190-1123181138-688067595-1406704461-1646548929918584906-2012840748780557505"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xCcQMkYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "498009079-81040509313226979271529458532-1939443291-1223426689-15304614121204299723"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "9370891591132444715-826896-312572764-1589594162-1394868407-26095188-918913920"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSYkoEsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1871507619-2115642616-11035295011724422607-187638365-1509144733-1927404178-382162089"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "51404057014806308621503885532-908265081815203307-135131697957092809656783653"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "595341448-590657384-663221287-103289456173790040133420361498980185-1518219961"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ASgcQsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "807677981649728464-1625434387-2051216252726335139-629986814321827863126682771"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1912956807927716997-1824050397744734943-1135643942-359659496979914306-1443893041"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-11135889431882484880-1395228279-1142676271-12809818-19009763061326682019-500165485"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\asMgMIYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "11269291531565565601168270924313234229587258809-1771480850-566447199-2022087042"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAEQAAAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1988089026-2099332456992304673-12984826961974537464-1870203253-17899974061152104717"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWoAQEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkEkUgwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "19213811291131682202-788068314-1185699178616260909-1912211926-1790034575-2085133627"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zSQAAgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2139611446141310729816832846521698416618-5453099471775762424698050184921713846"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-581339098-193864229-648445986-93243846-2061320679-726832418-1481467148-1594643804"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoEMMYcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-317458226-127495986511876376441809716196-1736113197-18063429761558486282-1924896812"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iiQsoUIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "18604834352092491301-1084290631-200910589714716272181336213359-3175667481548066661"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "219631673222158712192591530418042380361251413602-2030694851-49661891263854708"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IIkEUUEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1108435765-860401123-1490556963553839894-468009525-1193312907-1808347404144560560"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2116860982-189440117-874929221729635570-20477018251652572852-63678078071617258"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOooQIsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2119057171-331093404-19678536581893935717-956002126829554494-84936314-1359693116"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LUoMoocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1549190467-2515297331916441648-16173700041499115986-758948118-11357053791885629117"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xaQogsoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1889461521-1228254210189044794-683805246972253921379948230-1191432881846633839"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1807311887259069520-125620169-1532575748561661899-14594228766931874081986566718"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-786303716-5506293141764975383170239596796902114010161348691285647923-423019741"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1825651441757485167-1032285404-662047179-518033633-953354369-1878296643-1030851886"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwEwQQUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "78201640647420882413219374403559871607963606591360993813-7321070351972601295"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqQoAogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iOQsEIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wiowswkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-988642192-12745694271644705139251399889841523807243123573-65264774-587695468"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1967893900-1038070808-133577766-1239416827-216951816-625661029-1217910015983740623"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-396396152946284841-1768522436797675622-6470567061783367616-11541934691984483096"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IsQgsooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-231573632-7175884461227955124-2077473652-160809590511741614231053451265706818163"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1526862243-8220607111585102439-1133621559-144358693-826768438-17599452141699613220"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QEAEAcEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGMsAoQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JoAIMUkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-56317250236573010024016599217231153921376643718-142859334218300514241568105181"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcgUUkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCIIgEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1898032159-57595607-1849837889-13716750271513935845531951387208148051011015251"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GoAwwMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18578758405808141111746666600561575841-2100914930-204482323-2023018855-847867345"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1076168226-70810768-512942793-532768290-19826858771022080419-420627051133485630"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1477291540-1150051248191334717-937364441531468328-960280215-345775250-543442664"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MYowEkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMkMQgQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1739415411-12285496112045996290-180354018419600501691579261232548294892-1714962870"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-20686332581662265606-1052020067746505542-777693943-430862523-15185522161163087223"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "68691048814771281931416157837-824442035-1128419622-6832633147351132361954015451"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqUkUAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-561253202985123821-816304883-2027584555-13163487711500364688-211460231-1665978008"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XksgoQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lkQQcEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1175806968-20386033268406664661228448713-1822449771-2104907598-1413819482-2008986815"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-108368450-1234958395-2122362488-183278245-11665628381910652799398676859947617219"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "366664331-10045191652655513551155123030-979375661785923331386054745-1620761334"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hIcEkIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "13780557342010586701-795305037504083619-330706050-2826157251964358541929493194"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "147729324597764303-1325367661819219537161033484316477071141177011248-863459591"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ueYUgoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "10860888251316528913287368744-1368290376-75551340217213939827886720811471907889"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cuMksAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-585642506-366287207548036703319756615-1594141700-12154188381060243448902648603"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "156153058420402303201669295292-1297751927-1524148201-640652744-155405830-1500518820"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SoYoEMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iUcgIgMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-143852542918204235421331687342-1251009337-1596704421-71081677813195065911564538183"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-547043361084124041-17405461-974705200-17628770997816106491563660647649266072"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dwAQIIYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1498349942540412059134574466527652153-160181519616295305378194812706931016"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JiMQsEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "18511110471528495442-200343576615801994911818995873-1227228634-1039609038-223686476"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lCkEgoEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "872376868592733480-1363081597191873078914766085632129253197-10152622681708383728"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcMEYgIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ACQgcEoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "546027868-1346177596129693434549279024522811792-1931929267-1433934706-1915242121"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-980581879-244093465-3278984893002030-478741620-902977251-27800858939077282"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MOkcckcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1383882123-520136263-385733277667846476721274699-683553444-1433756521-1313716001"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SQYgkwwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-707055037-1305749140-17303794901629172092-795071588-2102580136-294149220-393894238"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2143879400-57105589892743586618080231-502376510-273360541-2021482635-1971936552"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "4843912561655332682-17386968141940407532-171646837819562356131436656961-776148306"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FsQcwQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XwUwsMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1325843483-777417611619111585-236327183106802200416883615411930026814-1525778357"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15663994618706604722118816562-1714495971-8859680072020101773551419180-1401428566"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\locckUMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-83158880118278709182002590450-4853620571586408470-585531921-15118955781610238925"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fQAoQAQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OssAowgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iGQgMwwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2059430786900543802092179871-180964574713408221101334053331629876145-530363559"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGcMoAUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1562225368-568372487-1460043122-1920371300-12594292232039023383808709207-637857001"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "731309180-9839892731368415265816613532-1500172534-1231589652-802292805-141432836"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-11756902751054417701493626861-695030318-920373737-520127929-1854416898-417079389"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoYIIEkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "9938682427748405711868514095-1829650014334518748-2008213836-8944220301650903759"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGkQMIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "510717314-526137458-444879184304033020927544708241829818188004789-339712050"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgggIIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1723946812-149416088-4803881854069000111675290800-1797959496-11820753231810680599"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "443251190721789089938881430-116595978758552685414296789501533471204-84103764"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RSwkcoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PcgwwAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-11911294953651858441860654125107128360516518695310231896601541248143-1995343167"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-451317783-543423352-562502712-763204590102750128112467710724634589-314967316"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MSscggEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "759704237-1652840553-893258986-540136207-1136272526178168636808535021519755725"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sAkkkwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ukMsQksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1897745152-12633787711423969998-1425610941-29676541-1533021984-1039148118-396773870"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "681677434-20079742-1917428498-14539820651048751530307521539-12930688991080172608"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MyokUMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pwkYYIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1231332931165547338011824750565114146931216182238-198669244119037410781036321299"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10712704487142566063144420381066613997-697955690679402792-18806355861496511132"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMMAsIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15689342911551114434-1631889543656454228-16814166481658904030-1656538266130448416"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "4453298241039254090-1601990791-7317930141862232920-1285985688-4806846892062973372"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAIAkUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "793734590-15435993310327608711650838351-1816838751-810208363-19527986271033334287"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18560837082076873666-15054538142961375292426999761610460970-149660594-1294253351"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XoUsYEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-265357310-1837409270-613837931171059538-161085277265702096114519058591006502699"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tKsUkAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-17704526632097632917-1962866919196120241198642264720141022741740388496-133658135"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UiQssIMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiAMEAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1716934179-352212180-39697946847688396-992339064-16012138661671745127802760021"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Uocoowsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAgAsgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "153483097-804237805326643914-905989434156666041618718480001904005911-480060408"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15112596851160933360661864326-1753059092-368464575-2058551871167220851664113056"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LcwIsoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuoEUUsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "181687998320543442902081185772-1873853552-9756087371566111886-663582343-1543474907"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "17920947802063299626928523042559989961-1384781951123029495-5330947761157862314"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1904285433-3924795511579667114-21144877572061191734-875875025187292265532080212"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VisgIQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\suocsows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "16777936211830311775-1830973110-2000691251-3430906161231610801-18465245271630792842"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1285971215-487302636-17408644541728553731-291928386-1560443185812266348-180850503"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kIIMwAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2263634551605767677-1614769565-1909544869-625028291-1167151975-2039407389-1903745402"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "9217696342071157993506778505-13060735411071428621015247540-175898987-1361181904"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AesMoMIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1302970754-1458500694-529189103692972655-769298354-1060612179865894292-1750829068"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1043709199606872590438689214833413008793887976621403502-7489557712083131253"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1852068434-690606638526515450-925934414504865084-675933071-983646971858580695"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IwAIAEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "12740208711837121455-2987730562002362442-4921976819283107352090701496118016069"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-310940553651684368-12185490671231211464-613668278-1927958747-440369498353657925"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GuwEcwUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-669988152-2094789613878684742-18570748104964378811276436128-20593922931016851497"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYAEMoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-21283410171490351616-11092059011308925062112640509212976489341905940714458400241"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fSMgooAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-14210574411722691718-1498222007-220395673-135292854319027403331030424888-1509039341"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JosMgYkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1620755375-2815771411133013250-615404860-584318880-1669649221956598301-1637173785"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2126078817-1048680087-130245709561678447-14331983681800279071-1805447674-435475448"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1921766070-1748849459448316070-210494617639574185-51915043516665158422119849467"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NkkUgAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ieEAcowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-8814476971583273039-1636717070-399497222-10349100851295500611-166892065857412729"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1508732767-1916898141-277212986-44158233874909794213218642581877286448-1708246331"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-32874874715233221681816614294-1537586448642732776-1078865370-982179594870104471"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GoAwwEwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2110751274-1561308653-817787386-106262476-85608966513114510712213434142714921"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-13840538021780392604-997817795-685194001-710672019-2023418113-1614712166-1948278257"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eEYgYQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qsMEcwIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "18999429651950669536670298361-749825119-517314205158027264919967417701556816180"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "28739441720449135452086677851-869588718181672787675648773645821349-233257096"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1881527355-15403690271329457535-1296897700544394064417891498-1570658503-597175994"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1549666186-132264690191261437121190295721430334390176813178-12288620881338333595"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hUskkMMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1432133769-1025533601-579738751-2041025765-10285016831147413824-698981789-16134873"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jEIUsAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-5647513012044430998422413138-335954941-8473210805716534321142449691-486452126"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "569912881-11787813981549191033755545874179065744418479336-1892831351170547083"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rkYEsIUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1722922404-1900951650-21173908551788490603-417171453165697415728414338-85467086"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwAIYQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KOcokkko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10141629411167116332-1764387506924437665922043921975361671519296608-308632528"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-500694397-1181092398-1168579111637097504784924939-1880955318-671351977674479546"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1084448915-1881129488-2100005968106669340320389646881403369336-1531550852125812830"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "10510898-2022414458-1064621814649006101444847069-681825266-1382763012-687329502"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2083038862-194593003312084155441125855431944161659-202851322-258999149-1765659353"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKkoEEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "4131124121773218760-229045301-1029625703-1308563307-713469437-13362927413453605"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "145103255-787894563-866239352524971284-17873201481832154858-1222326718-2071870769"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1809452458-9356072561956307823-609138141164878727-624864960-315131428-1636258758"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EYwcIoUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1514688239-1493666144-132305534411022805521286909682-1598576270-2226060731074041793"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkYswsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-852206046-10555747451723527545-262959012-1147840111-584826039-1929930894-1756775261"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ByUMgEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2207413201601504773-243761165-422588879-8922752322112760340-1069248226-1667764935"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-281827216-15197001769961113768963750511127526244-206516894994733878991822932"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1676368331502187740-17150402181359303115-1049634392-4787964531983833060-148277458"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18899508141973139668-1183575714633699938-1379714086152475319-1118761148-2128610378"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqkAwkQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-89241121-5933569451767685290-82540742-699243833907238426-275861994-1430404344"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TKYAsMco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2082334299-37299690530971094-17637449469485467979237569071204643275-973887137"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGcUEcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "3407758089981084351962173787-1831634815-114887998-1595987222-882450470-214694329"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NakMkooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-861827654-1824621721-1856841067-873998369-2002663597-675411415-580040422232802971"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1996274635-1327822980-443074637103163320119888020951973089187-1795863709-924287720"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1096978398-16569130721198922694892155351256006291-8859849571857721052-750763650"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2060270619-1380337287-88883532920738328414486359017481838302075478828-649645678"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "14170299561545183127-20774996521309652047-21179037561235630408-16160791611402570659"

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 142.250.179.238:80 google.com tcp
GB 142.250.179.238:80 google.com tcp
BO 200.87.164.69:9999 tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\KQEwUoUo.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/324-311-0x0000000000400000-0x000000000043F000-memory.dmp

memory/584-302-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uUgIYcsk.bat

MD5 0806839e9273984d918e8a93a59887b3
SHA1 b68b719b991132b76f26f568eb42a826afdcbbbd
SHA256 4740c3b1d717f7c18b0696cc3f08283a3db0d51f75f279f86d4f98e6d116e514
SHA512 29c8a14e642268a03d0ff3206d4276a4316f76fa36d68ebfb85fa30b3d564ad86bebe82322531433053e8058dcc063cc73830b667d3f9b0a31cff42cb3407bc8

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

MD5 3d404187efd7b9fb9810d112bd8cc368
SHA1 4c18184896e46369b2af6de3d84c25f44d3f051e
SHA256 410fd53c9634965c2b56efbf7a774d79014c98a2cd1d767adc51636e97428c5d
SHA512 5c1ab1a5309e0d2ea3f08e0e01d1291cf964de682c06812061d46d7bf8db454d36532c58fa511873564db9cfa9d215a63e752d57acb5038581b3b9a55dd27390

memory/2092-289-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1968-280-0x0000000000160000-0x000000000019F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AuwAokQk.bat

MD5 535137d6c2416c7d74f7ddbc8aa79983
SHA1 d9c1931daddf81dcf1b526db2fa325d02a78471e
SHA256 4a36ede9693b9d68bddde0eaa0c407d3a1ec1b5523ad04f49f51f2e2b7c01752
SHA512 4b352dfccad8c887f2fefb7470001bc29b6e10fd90585c77ecec71248c6bee8b62e9319cb3db6202af76c4dfc0f8ce01ead6a2b984cbab8f28c3cbbf8b37c001

memory/2460-267-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1644-258-0x0000000000170000-0x00000000001AF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vKcUAQAo.bat

MD5 bd66d7ce9b7af4c146e3aa3b15c9e791
SHA1 783c1b8c7cc02a23896c6776ccbfeff3f0a5f43d
SHA256 fe6b3cc1c7fe550c8fb4a52f9736d08d0326eea4bfa43a9a2f211cd309b65748
SHA512 0a7d6e79a51e6f2ea59a1e2be787b901cededc34bb5d78c110ba942c0431261538a78af0897e4774ca2874cd5b153445bcba432d0c3f077c6baf7191698ff585

memory/380-243-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AIkMMAQI.bat

MD5 de0f4eaa5e7f3609a6b9f78584b94801
SHA1 c4e9d2fc1b6a7efcb999ac3d40b4a38b0e0f77c4
SHA256 1f8debba32e290faf9ce9c5f4b551e30d7495f72198a0cbbc5e1a95d7f31f5a7
SHA512 4d588003edd707c39cd1f75129724a52c02f8597e6ea132de1e39d22d0303bef6d66d2c49775f7e6280729277b74c630d4b47da436e29485e7e2d2a493e79155

memory/2780-234-0x0000000000140000-0x000000000017F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZecYEosU.bat

MD5 80b06bb919bced7accc694b67ca22172
SHA1 1e341d32c67de7d2100fedfb48f05cc2daf80af5
SHA256 97da8b647609d01f51e13c5174ec3391d15145a66c43b536d43b4f00cde2d780
SHA512 256bb7592b7138342252fdec32ad2445d1772255f5d3e2cd1f96a667372aa790d37623446eb272249047e58aa09d59cc789b0c55dd32f5ba879696e43896dc91

memory/2920-221-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1804-212-0x0000000000160000-0x000000000019F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bsMcUEMA.bat

MD5 71b81a698aa6a91da9ec294f19866f75
SHA1 a07086517fe9ccc6f2ac899bcac99e02e1a899ec
SHA256 90cf42b1e8c1bee3af9635a579cec5d7f1bff27db992c5bc54638454cbc2bdc0
SHA512 e27b9cc038628c63285a4d1ca874e1416c05405676e88c23943754f09cc5784de7fadb0054b1bb7787ffd7d2a74be2985795173c02e45aafa00d173a0fe18d1b

memory/2164-199-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2920-190-0x0000000000400000-0x000000000043F000-memory.dmp

memory/584-332-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DQAQIUUw.bat

MD5 6e072dc16589706cccb93efa8febdfcf
SHA1 b57ad2574410b794060b8753f9af88133098664c
SHA256 02a6e81976dd139a2985420a5d047a47b32bad9caf7b8a2a63141003ac5e634d
SHA512 329fae3cc416819f195436bc4b619d3c3c64256b21966b9cf2704e06dafdd4707af34d43f229be6359e1550d51718f714c04e4477b3439e9d9981232721377f9

memory/1864-177-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1892-168-0x0000000000260000-0x000000000029F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ciQUYYow.bat

MD5 a2c86ff2405b5b85058dee2554cb2cdc
SHA1 2dcb7a7114d62214be302a435af16a9b050d9a05
SHA256 23b28f27b5c58c733cde9b91d4d9b045c4949be228ff7e2a287a419604a61f82
SHA512 63fe8a99f6e810ac0317abd93e1b645186a4d1b9930ca741a65a4a71ae6cf42a5f32c8b197aa6be2c37eb48aa34bdaf1f56e3e44fa97c012a2fd781ac7fa6e36

memory/1668-155-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\UUgUkUYY.bat

MD5 fd2c102a1cbc7e8405f14eb5623fd8ad
SHA1 997b2b806d5219b1a45b7e72a5dd3102d0a29150
SHA256 22534e2be894bba38e45c3d85d7f978c0853a438bc3c69ca32c163422e457fd1
SHA512 05a46b1a88279b864cba48c8e4eaa2f3a3ccc1b72f4834341541e432977e7fa5eb56e590da8a98eecee60ac8040744b8f631ab8cb1d7d47e8e75b55a180aaf27

memory/2272-132-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1460-123-0x0000000000190000-0x00000000001CF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cIEswccY.bat

MD5 0e11b32e23839f0e8ee79c14717a3513
SHA1 0d65bb1b2e4b343594864498e9f85d07511add6f
SHA256 0cd70a3f77676045e2402631a035636f3a2976ec40a77c8954bfe60689d7d522
SHA512 dc50ec7fc8872a48b556b6b6e1ecf8af3291818ce641f6c5421555d84ca51cb92576c94fcdbf7ef35463cb02254af6ca264a06bba3a4bae1b3d59ea28b8e6dba

memory/1768-110-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2016-101-0x00000000001A0000-0x00000000001DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gWgEYQcQ.bat

MD5 01e9ef29c4681fe0d83c2eb4b04cd1b6
SHA1 d4fa8754f4094dccbbf5914c9931e761f481573c
SHA256 d5a966da174528519033876b36aeb63698f503bfc775d1ae642d1cc8d76546ab
SHA512 b0e58fc14171bcb895a08cefc4d4f601d2048a7ae8c01db4404d637b16638be8f441fe5e239b278646de84e74727cd3fdca8f0321f3fcc49bfc5be6315d76170

C:\Users\Admin\AppData\Local\Temp\wcccAgwE.bat

MD5 acfbfae52193b117cc078bcd0f702d5e
SHA1 c9412ab85a65ecb6fc4e90768c34f85b0be9af5e
SHA256 b4cfebbf9a58fe42765d97c523cc7c245ead5b343bc5dd982fa778e814a2c5b5
SHA512 36a85522c133d0de6ed12bb0d25f87b872a68d3119e922f1e19cb9762ab1d3f7e083663191cc85345b96b667ccd2e90f8986f2550f198d099ec6b18bb3eb3178

memory/1740-88-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2360-346-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2472-79-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GKMEYkUE.bat

MD5 a376676436522d32114724a59d2569a9
SHA1 ae48f0351a1d67c7647c6c416dde54779ca87e36
SHA256 f4d5527fd4207f3c688e3e1d99b97e9cbb8356a3e54cc290894761cd0942b040
SHA512 293495f52db7cc8c1441612b4483bf34935aa0afcca4e6155bd7a3822c80c139585c45d2b11ade582e45a275778130e7713e7874f335d73afa06f21f1f16ca87

memory/2772-66-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2188-356-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2108-57-0x00000000005A0000-0x00000000005DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FGMAYgkg.bat

MD5 01a29c9a2186f9b4a16b63edaeca5a5f
SHA1 483e78dfb235eafa3ad1a59bf88f5110ad42a961
SHA256 a555a11e0343d83f9498c0a7af19feebd97908923c4c692cef4f695b13546325
SHA512 36547b4961fcafde31e5b8a0e1f88c9912214aa9a3d398bb8df6a40e4e419965a9c822b3caf917b2c9d122175ff69345b33954c092812ff7957d3fc6547cac39

memory/2268-42-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2752-33-0x0000000000270000-0x00000000002AF000-memory.dmp

memory/2772-34-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2752-31-0x0000000000270000-0x00000000002AF000-memory.dmp

memory/2268-29-0x0000000003DF0000-0x0000000003E24000-memory.dmp

C:\ProgramData\oyswggAA\uYwUQQAA.exe

MD5 41911908467782d16533c99424efafc7
SHA1 a2c1a67383e9db6d905ea2293eeb5cbbc0aa3b71
SHA256 1c8ab27fbbb88aa669f4e2db2785823e7a1afd57edb2eb0c4871c0f73d57ce6c
SHA512 0ec6e7ed21238a2cd10d385defa0a9e3c2e674a5aa259d1e8f8f83b441998f3f5c26e0df20a73e2490fce386d0a76e953f30041c4ce20290d73dc407917fb7ab

C:\Users\Admin\AppData\Local\Temp\fCAgQcsk.bat

MD5 198730bbf7143997616706859ecf430d
SHA1 4127a5c7c77a902974af7bc8076c306efe9fd711
SHA256 536ead52db84de392e94b9645d873d0e98e37cb2df13605ef7f80f803d84f0b7
SHA512 13c3631afd85b3f203925930be68013a25975170a049ed3a1e55b71ec0b929444afe0e56671e564f3c7e071ab4fd1ea12e6ae8702e40fba770b025a1e27b2538

memory/2684-30-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\fyowAIAA\tOAIAYQc.exe

MD5 d8c21265bea0b503478e9c9bebabc353
SHA1 d3e7e22208f9d3420a0a5ec085c8c89518be9938
SHA256 ddb76ff19057a51b7b3c8af459446ce82156885228cd4b80d3b3560e8c2493bd
SHA512 7d73c937c600d7cb8811c90367498d7a8135ac5f38e492e7c68314d073523f24ac4f898ab8e80708eb1118a2c017b76ff0e78bf6ca8c80e3a39ebecfab776ecb

memory/2268-12-0x0000000003DF0000-0x0000000003E22000-memory.dmp

memory/2268-5-0x0000000003DF0000-0x0000000003E22000-memory.dmp

memory/2268-0-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mEEwgQYo.bat

MD5 eaa840f1f2bb40c05970c0eef4fe847b
SHA1 38b067eafd219caeb8b042a85601afc51a84b6e4
SHA256 ead8c5a592d126a1aedcdabc529be0e1015afb1f190ce5eb0ef1a8649d94cc35
SHA512 27bb7179627765d8ec0e68d2e7ff1c297d72e1826e7301535781a68553ac76103e3a238840d342333820190a68f65c77ac9071df83cb697e9b8f195a68b6db42

memory/2140-369-0x0000000000120000-0x000000000015F000-memory.dmp

memory/2388-378-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BiEAEQAg.bat

MD5 50d80402ba37a51cf6ccd2b5663d8b0a
SHA1 d4fb768e7e43c162a8958f1fb7b98f9861aff0e2
SHA256 1f7ad3a44dc876dffbea1028c51f9ed776f2fee4da806afc50115cca2e0d6aad
SHA512 73022739dc3b1c9cd908b2ecaa13a07339635c67deeb240efff4f09edf9acf8caae06bf11acb31bc2de7f07aac7118a59363147703bb8f5e3eb4cb6ccf5f1db0

memory/2488-391-0x00000000002F0000-0x000000000032F000-memory.dmp

memory/2932-400-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fQsoYgkI.bat

MD5 188509d1af6ef9e65d48b87fb7c87db5
SHA1 d1f2b3e00f291eaec1f43a2dbf2e20d35a114d48
SHA256 d41a66bbdeeef98dbddd8bacebac9032d68444b9904e79144d3d78a55160c83b
SHA512 5caf6e1620bdeec995b7833c71502b7247a2e84fbd420a260344770a1e8b0a158d2495cb2ad2d413c58b91fc618dbf35b372db04eac8068743e044142808bb42

memory/2716-413-0x0000000000160000-0x000000000019F000-memory.dmp

memory/656-422-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PMogIkQo.bat

MD5 1d5abeddfc1a73a5539f22c884c2341e
SHA1 5170a97a50f766d4901749f09bf4e76795d28dae
SHA256 6fed26584cdca4c3c8a1e62c80a6e6612029ead74ad32aa3d59c4903038f1aaf
SHA512 f846db89e7fc367c1400ee4fe50010f61900f5ffd2040576d06989d524203779030b7ef40503c4b875ecade8d1dfaf4b4400ff4e72242f6f893da745b76aa536

memory/2756-435-0x0000000000370000-0x00000000003AF000-memory.dmp

memory/2624-445-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rqMsIooo.bat

MD5 1eca80b706dd0153565bbf6efaec1c53
SHA1 281de5ac5bd9bfbb22ec138fcab56ef0f8dd68a8
SHA256 c7d0eeed83c6bb0aefa4ddfe8c00909382e66b1822bedc403674edcece9ed70c
SHA512 250ed97d2362740a012d32e174eff015db6f21ab8cf7a41172fe5f236e203577bdad5734affb1a52a0b1351f49ed0adecbf4c500472041199c00c99d33b9665d

memory/2356-459-0x0000000000400000-0x000000000043F000-memory.dmp

memory/408-468-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IAQwcEQQ.bat

MD5 297938985e93ff554d3a4d73aa68261c
SHA1 af811c34f075956eb925e4fe34101a5c54246ee4
SHA256 1ae01594ecbac3d5d06abe49f6e141642b776b474c5cdb639665b345076aabab
SHA512 a0a98fdf6c59edba3694c5482e65197a58119aea8e975a6ac74df947dff9e0a17a43b35b9574d3349e808f2ff9c9b2f5eb375544727037c5f47311a906bc6a39

memory/1480-479-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2356-488-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WIMgAIgE.bat

MD5 bb810b199663e1e23604d0dbcf778ff2
SHA1 9ea1f22e7469120ace1aacd7ab08b9d4a831cf46
SHA256 80ac0899ddd3d642340698ec6be0cb22ebade2f88ce9cca5fdf15465f50a47c5
SHA512 093e00550cfe730fcc71c0895e25a53d383ab9bd46801a732bd83a1949c9748291c0de8a9d6bb516785a4580d84f3a2e9b779c9a107d9fef3b78d1f0d790d70e

memory/1480-506-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\awQUMcII.bat

MD5 30a8a0d042adb9cf1f1224c647b56548
SHA1 3a8aea84c609c81d679adfe972e3484ee8b165e0
SHA256 a617263f918634096edad598b1a8096f8a69480a81870fad76bc79cb713f2541
SHA512 997d9b621527ce02a065a4827ec1c9257d4dff7517ee5db285f477d1425d1a9472d5a74eb1a22d88dd84b5fb9953120597b6327581edf6a6919a1b72d84106cb

memory/2540-516-0x0000000002230000-0x000000000226F000-memory.dmp

memory/1600-526-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QWAAoksY.bat

MD5 94ba0bcb91a2860d88d3a06ab3ca935f
SHA1 af26ddcec0288ea1c3eb97a0aa6819d85282ea15
SHA256 c21e24496f17af93f9a5971dbeb777d698713981d23642ce1760c2529349ca8a
SHA512 0b4ded537568cdae2f6abaeeb36454f552e78f3cd742e5d5f7669e11f5aec71278a3fd266d9a1b563626dd2ad90487819de4bfbe3bb231ecfecf040ac4f325e3

memory/2752-537-0x00000000005D0000-0x000000000060F000-memory.dmp

memory/2876-546-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HYswcwEY.bat

MD5 0d0150bf40350a60ea6ff6accf282fe5
SHA1 a891b639939d222d70b1693b4725945c13fb0d50
SHA256 ba226e1f0f624eccb992e97c6c7e9caa330a7ad01916ef485a374771ca95ec21
SHA512 ff1eeae3ca8c1a467a49d3b0c22efbd10a8f161701bcc1f524d75f337edb2e797f7a6612506700cc65a6bb25c3f82272440907950897f822ff532423c3a52a73

memory/2716-566-0x0000000000210000-0x000000000024F000-memory.dmp

memory/536-567-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2928-568-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2728-565-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2716-564-0x0000000000210000-0x000000000024F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JCUUwAos.bat

MD5 202c4abaf4193659242adbc6064b6f37
SHA1 b4350ebe597562507aa19e868363be049e5e9bee
SHA256 e75119443d291179053153868bb0347918cf8de208fc9a93f6363fb912deedf6
SHA512 b4e465f9777c5689edc3b5b0ed0a8ca40e499f77a191f137ceda5ccc78c0feb5d327d3e82f8ebcf2e8ee4a8cd3093c4816a62a439d77635ece425d7f09f6bb6c

memory/2924-578-0x0000000000420000-0x000000000045F000-memory.dmp

memory/2136-580-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2924-579-0x0000000000420000-0x000000000045F000-memory.dmp

memory/536-589-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PyEwYsow.bat

MD5 1132bffc5559dce257ec5807ee7decb1
SHA1 06f8697b0c89e0393e0c9ee2fb5f6d2fc1201fe2
SHA256 a35ce0e94430d30303cadb1b17b0e5721ab3ff40970d32b84006b5de479fe0a6
SHA512 8a24a895d0e869fbae9d3630f8609e7a2b879cc2652aedf9254760eb74d83b92a567fc6c83b4bfcc3c47438ff5d22fa1804218cc68fdf94b1ecece5e62d9df66

memory/2684-600-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1688-599-0x0000000000170000-0x00000000001AF000-memory.dmp

memory/2136-609-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BYwYsYow.bat

MD5 08240afd4a02024974a1ad73fad04757
SHA1 4d15daa5d641abea3a898be17bfa868379eb5eaa
SHA256 8dac9e7efd44bd63db94363197a557f60c9c6cbd2309af64838213af708f010e
SHA512 6f51f3d784c0ed7087c99641ae3445c50359b8e7a40da33401bf12438713ba246ee0464a8c4c49bf711e7c9cef40892979ed52b51dfe03486a3204781013f3ee

memory/1852-630-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1464-622-0x0000000002220000-0x000000000225F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oiAkgMEY.bat

MD5 63624c8929a8822d7119447d2ba26925
SHA1 c63e64652dbc274f4920e9a3d3e453d77d212f6d
SHA256 de36719f800f7f778a7cfbe57adb57c7fe364270d373c795b6ca630b1bf5d106
SHA512 47124cb3b5d068c811ca3e59f1295fe30ed7a48daa1f29ca1bb36061d5ffa384f7354fcd1167b923aa90d2b3105adf0e10108dbe2b838fc18e2de88060cfa975

memory/1756-642-0x0000000000260000-0x000000000029F000-memory.dmp

memory/1756-641-0x0000000000260000-0x000000000029F000-memory.dmp

memory/1656-650-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qoUMUQEg.bat

MD5 5cd35baec537cc6eb043dcdfd1f227dc
SHA1 c8b40540a24ba4943d7e1f2ea615f458c73faf14
SHA256 ce3205c577a0dcbcb630973b61fe972baedae180879ef8d5e631a5796647ef37
SHA512 a25fb4a6845b6ea80665c6c27672113dfcdadd7980c00e325a352e5401c58f19ce6533353e221d7683136c39f5d719850ded0dc6f056b528cfb789986ad0ce64

memory/604-669-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1984-660-0x0000000000120000-0x000000000015F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WIgcMEQo.bat

MD5 d511767e10592f1e60f9340b4432a8e1
SHA1 0ab409e5c5e89a98764a251c58058a06ad79d1d6
SHA256 3bc33560cf4353b3940949a18e0dbef52467f2678c00d5b77fc5d1d91c1670f9
SHA512 930f2e17015ae1b3f9f33c336144b1705abef8e8f5c09391f12ed6db970f44b233dd7ced4e79ae4272df22c923ae9a69c5cf9dc892feaa203ca73b978b0a36c8

memory/1192-680-0x0000000000130000-0x000000000016F000-memory.dmp

memory/868-689-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\McEC.exe

MD5 e9905102adfb6826fcd3968ab7c1326e
SHA1 35d83539cde00b8b0591df9e1f36b8c9328074e6
SHA256 c68f4c22f862f21dcc762e1fc8189fa2504c2f3ccfb6ccadb28289f23a35099c
SHA512 9d766ed545a06508d581e291d42985264f93544144fd46b7033a6dbc55853bad1d529ffb4408838eefee1927fccb059c21f6e39422615f4045596c20df38a975

C:\Users\Admin\AppData\Local\Temp\uesMogEo.bat

MD5 471349512add58d31f4dde35b87affbc
SHA1 6334b14f02d6e4ae8eb41468b8b2b0c976ada27b
SHA256 82a68d173da631c83ab1985e81b7bf2379e701b406b26e3df16de76c4dd139c1
SHA512 10490293e41ad6d6312d4be8c6f89517299de55f1cd21292708d21783392707f307bf5cd354e098b7c883b53130cf7de7be8b9fe32bd63f9672d0eaaab387ffe

memory/1212-715-0x0000000000280000-0x00000000002BF000-memory.dmp

memory/856-723-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1288-724-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tWUgYwMA.bat

MD5 cab101ef9e0da520e2099c66df79f64f
SHA1 a872b6770a6b84e1afc3ae04c28acdbbf40e7d29
SHA256 462a59d0a75665b6591b0be2aa23b1540d40f0785147e84fbe09a58c029411ab
SHA512 e5edfb0b212503fddb599ee38928de78cd5a12fa23b9a4799cd0d323f6f5288cbf6e2b88b9a1134b0cef85d64bdf95e0a00a69fb596736ab482d3d932dbcafe4

memory/1896-735-0x0000000000120000-0x000000000015F000-memory.dmp

memory/1896-736-0x0000000000120000-0x000000000015F000-memory.dmp

memory/1288-744-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vCMUUcwU.bat

MD5 432bb095c6c3fcce796429b5e86a4db8
SHA1 0b0881fe75e84e27a34844071725229cf6c04df4
SHA256 fcda19bce8b6c771759ee2982f02e2cd8dd4a6938d724b79fd9e6ab77353f938
SHA512 ca3bcf770c86ec7c720fc9c5354369b68e4ccd7b8080b28024ca1a6132c21867a63fcd878b622a04d22e2d00ccbbfd7dd74e23d809a13e968692b047b64711f7

memory/1652-761-0x0000000000180000-0x00000000001BF000-memory.dmp

memory/2536-764-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2620-763-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LcsQwgwk.bat

MD5 a298c65849310666b56798631bb0ada3
SHA1 8fff76e112f08811925a7d856ca30daf63faeac4
SHA256 72b0c006474b44dae12a35bd4867db25e851d8c35e9a22ed89668b373107d853
SHA512 ae4bce5ae4f9b78b7f13d2263ce5f37ce7bc79fd2c570de087df4b47d13ea9d71dbdfc2ebe2266dceaea1851c65c0218afae514a2feb63543519eca74852ab18

memory/2620-784-0x0000000000400000-0x000000000043F000-memory.dmp

memory/324-786-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1752-785-0x0000000000430000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yqgYAokc.bat

MD5 cee3515ffcf8fafe08d3bcc5a48f5bee
SHA1 8fa1cc22604a7a6555f0da2ca33a86ca63840b1f
SHA256 61df397d1219016b8c5e0000cf23f14d5f093b1bd2b6abbee45ae2adf906a3c8
SHA512 4bfac792e1eb7705cfea7b81bed46e953ddfbb22e1c70d76719cc6b117eb5317868381cf3ab0014e6eb9a644902f56186cad5e3b8867bd8243ba9e135b34ef62

memory/324-804-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2888-806-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2204-805-0x0000000000130000-0x000000000016F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CKEAYwkQ.bat

MD5 e0f294cd81b640f2e8e5aa21c2c89f78
SHA1 61346b7d431db4577b5a39e028529d8d2ce486d2
SHA256 0ea3550d397bf6042ae65d340003e7f3d1d81b6631befbcff42b7fee1296c9b9
SHA512 3af0d434220556c8ca42d83328fd2a1b7cc9ecced19b2f9d6d97aa9c398afdc19497133a06b0bb2a84502b84d2a7a623c39f4b03cbd7db4ca06bd89b435e10ba

memory/2888-824-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wiYUIQgM.bat

MD5 b625d927c77add756ff430af1042cbfa
SHA1 e3b755d92058d197d271f7afad5588a4457e46fc
SHA256 db38b5b9182ba67e49530961baa533ba0109e3bcca471e6b8f593b521a315646
SHA512 315106d359cd73c11b81e0dea5bb1606d09777de9283c300a2ce1a74974a192ab67a288e7fd11cd37bf42f6e93296934f55d97975cf4480a785a997f13f2f688

memory/1836-843-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\sUscMksU.bat

MD5 fb5b0732711a32af58a279c0cd97bf41
SHA1 f24e7f7427aa0ebb38dd4c26bf8aa7a4dea70619
SHA256 be2f14b8b7069805632ebb5730693277763ca489440502f341ea3a74bcff3e0f
SHA512 6c70a21dea8045458412022577d4092d02037b4b670421036d6d3514528dc398dd93b657a56801dd4172310fa4d190c8e26110296b583b0f00153c3fda03f7c7

memory/560-862-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LAIwgUYs.bat

MD5 28d3c4c7ddac4232f1b6b777fcf8ecc8
SHA1 57c5054beb94a4e4eb01d131cbddc08a4591a09e
SHA256 94cc2a1f400ffaac580933950865722cc49f656cb91a940c0f3bf05f060580b4
SHA512 fce4533af49c9c926f3c035894aa9fbe081bbb1cfd9a7e1677c11e2a793997cab511f9ce97646a20d22e6d037d5618c28921a0eff6465c00bda4a28c5dbdbde5

memory/2472-880-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xgUwEQsA.bat

MD5 ba2d21658af020604bc51e16b9df763c
SHA1 7ecf4706ac81747f84360430bd7caf33d9a1fdb5
SHA256 d1303fd5d06468a070506b359f0ab00b50a710f095f0db2ae367ae022726864e
SHA512 3f94020ec44e88f1830eb3448d83d6ea0509bdfbf3991cf02445b5c8771c6567d3ffeb2631456bef8ac8dc20429b5211a9929d5dc8dba6c1800f9c1bfdfc6272

memory/1228-898-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LyMowYkw.bat

MD5 51d88710e29239b3f5e9f6e9e868e9a6
SHA1 7873a10b466a452915cbbd627b07290e1321307f
SHA256 ccaafbbde3dfa47153e0a3703e7362615c4ec12654a2ae0668bd106099acb340
SHA512 a4d9de8629c52bacc74d87dc060eeb6fa60347cb66c56a5bab2b8d842786d96bcc3955442345a01a0d6a8fdee31592fd4085246e88eb3a59b8cb588ce9601fff

memory/396-917-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2164-909-0x0000000000170000-0x00000000001AF000-memory.dmp

memory/1752-918-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZAoEsYwo.bat

MD5 cb1a83023c4ded0b9d1021c66c98d7b1
SHA1 d531060638580e2a27f89350937bb0c7b94aec63
SHA256 fc227bdb7ec6ea145d63dc0592178e2fffaa292ff2b15aff4798c9be6c40280f
SHA512 6972e8e514f833823dd705d50be56266b38273e0b30210699b8671e708fe336fd48c3f295418408e1c32cf663530be9f906129f87ad18b86565304f8a3705a4c

C:\Users\Admin\AppData\Local\Temp\laYwowss.bat

MD5 1037cc773371215198ca619283934cb0
SHA1 c5ff80502cc0ec4dd45b6fbb1b40154a5c190b5d
SHA256 a65451284a66ff0cb8acb4f9d65481b3714d2d261d27262b81c73fe6a52ac59f
SHA512 f2d7af8878bd033e461641066814c4bc7eedf31b6930e65be57c8f9dcfb398ddc5756db07c416ac1519492ef5e134adc3df505896fa2ef75f34001c967d1a01e

C:\Users\Admin\AppData\Local\Temp\wEYQcwwY.bat

MD5 511785fe05c23905d367a3e9fbd1c92d
SHA1 8e9479e958ea237a0227bea927d20fe0bc074191
SHA256 d6b10c5a875c29dd7742148e250204e2de13243770154dee9c539c22c81c21ae
SHA512 3e14cf51de3704101d54972db96b66c0c90cc9c1a190a3b0c268c6f19a6d917ff46627a90eafee923ded63849263fb00b0856e4aff36b021e06d60a6f0b4ae93

C:\Users\Admin\AppData\Local\Temp\KYcQoYEs.bat

MD5 f34270d31ec593b5df53677f81698414
SHA1 2a0fa47916375192e78d1db98893f0b6ea33c370
SHA256 6b6fe2f653a23886ab3049f3077c8eb77dd5e2826a5b3826da110d8d2e46d3c8
SHA512 e69f4a18f02df7ba868f91d246eaf243bd9b41fe4676b7bcd6ffdbd5f7f0551a8a39a5350a02faf6a870c5e2cd3b2930a9c3427e2b5609d1ecea66c59ad55701

C:\Users\Admin\AppData\Local\Temp\gesYYQks.bat

MD5 b388bd1fd96a37b214c225bb1293758a
SHA1 1c93f58cffa6c92fd69db47dc20f18cba6fb04a2
SHA256 b910ec5e0a49d5724678c879f1bad7b3612444452b6e7087661448febbf41a0d
SHA512 d4447d0c1758c4654939e6e059a7cb50c29ccb3313afac0db43ecc969a17b4cddd5f6583643822fdddd75a32dfa9d3b4b584609ad0e9be1f10ea972a3de31cfb

C:\Users\Admin\AppData\Local\Temp\jcIAIcQw.bat

MD5 007b62ffc3f3a6456f899c3b2d9c8872
SHA1 be747069d505825420703c8973c89ad8761d919a
SHA256 e58dad9421ac03b45acabcdfee90004c718f76172c9a9ceaaf24add0680191bd
SHA512 535ae21af5a2eada34b9a148843840f2f8d2460c52459f845e66a075645708179a201c77026eaab069871e5a1a622379a8400e9abaf270fd30e32cc95da63933

C:\Users\Admin\AppData\Local\Temp\DgEsgQsk.bat

MD5 f6573c1f10bb4d2b80ee5dde0e1419c3
SHA1 183170560f2c82e768bdd3791610cb7cde79d332
SHA256 3442b65ff1fdb2f71b19197508073ff41fd1f89e003d3cea37c4c7fdaee57d3a
SHA512 b77c38f617a405688f5e74c2ecf1fe88dbb16549babdd76675fd3bdc8c34b00d544215ad189051756a3d80869aa4b173f7b9c5eb74237d349cc96febe1b10795

C:\Users\Admin\AppData\Local\Temp\zSkcMgwI.bat

MD5 e3ee028d9da5a5656da9fff75223fb1c
SHA1 8b740fe025e2169c6e1864d21d2fda9e73740055
SHA256 ef19604f41e4908a0c0226cf23213195b860d98109382d90b1fb93a4fe032e40
SHA512 aca4133b6b8286b0b2f6758223c8fe43d705d59e08b54a155bf6cce405b462a53feed8f1b85e3e102b457146f5c37c9a581da3459503f0b8ab551e0b95eeed1b

C:\Users\Admin\AppData\Local\Temp\kYYy.exe

MD5 9291400b0fc830748c370d20f8484d61
SHA1 f3171c9a6429cd0f24b3f7001ff260011aa22d07
SHA256 3a0e5fa524ffe0847ce5c987d8c2ee381080719971b8666b53dbcc2d175bbcdf
SHA512 6cdf39fe526b4ca2e65b4f0e9a6d6c04d7789d53369bdfacb9719677053009820981958554abce01ec2eccf9d209db48b47736ac1ac1a7094ada0e1ae2df1d06

C:\Users\Admin\AppData\Local\Temp\KcIs.exe

MD5 95a97b5d0d09be10614796615c1ead63
SHA1 ffb6a504810fe6d95e027577fd838e49f4b8be34
SHA256 f1ee53537354a8174c20ca04635c755fad55c02c187c42817fc47416166ebe42
SHA512 6eaccae86df1f452bff111aef52c588599fe7c965b01871374351ae7bd72b1a15164275c041f510558ac68493969c781e5fe098649f499688941b7c005a5a1d3

C:\Users\Admin\AppData\Local\Temp\wMoQ.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe

MD5 c25062f8d6a433c3610a8fb6618aab84
SHA1 53f22b08158f88c494c579b2b58d1beb242a41c7
SHA256 18cc044507404a0f2e1d6a95faf22ddc18a6ec9473d40f12dd0a815259268a6c
SHA512 e860b096614694119a22a5b8514b97618d87d3505a0523ec5ea2596e613f6d0cce3ddfc778f7ca02cb225d3d86ebf51adb3c72a8325c0f2ca4b6af3c6c215746

C:\Users\Admin\AppData\Local\Temp\CoEu.exe

MD5 643a596d2c6706bc220f2c7b48d15859
SHA1 3704135fc4286c2498fcfe8e835c019bcf7aeb2c
SHA256 074d0a801682fd718ab9f311c716ae2e98cfbf8303c9e73dbc380d477265c426
SHA512 8486404257d0920227d4a1baf80f4425e83095f37b832638a67edc93aa8bfdab47c3ba7157be6d85df25bc6ca5c2ce79ebdc41d02d8b7eecea62a20e7a530eef

C:\Users\Admin\AppData\Local\Temp\AIIgUsUw.bat

MD5 10dfabaeac70c99a918f01990b01b7cb
SHA1 6aeaa185db8f748defabfc055273e0e0bd1a851a
SHA256 a77f4d2c71043fa1f1bfd4a9a874b3716feb59522b7e09d03b4ecb0a8a71239b
SHA512 3a31c478cd46aa0a9d424be31d42322517e6c38184e54b7faa65a52f677882d02818b04b148296f16b5e9725ff3b4b08c4af3cb7fd1ac8997dc06b9f27c5b114

C:\Users\Admin\AppData\Local\Temp\kEYQ.exe

MD5 147599f02a9ad194a7c2cb2f1f090815
SHA1 9a00b6879cdcaceb712266682d1438114073f117
SHA256 06980b54b493d46756ff1d8c26860293b0666b062c0f39e9ebe9d3293457b151
SHA512 a7a97a64a91d7a307270dec5b2f6181d20b11396fea7eb1789581cec1516f527e2f8a03db4f5fa95c3e8040846f69f74c02543a92c1a0060352af8a8dc0bce50

C:\Users\Admin\AppData\Local\Temp\MMII.exe

MD5 faf9cb4ea7ce21656833b1065574102e
SHA1 7a7be450c5936141804a3d7679cae7e22a6644b6
SHA256 abc300f2fef2784ead2e41b6091434cf01a9614e7d0e27d9a90b0057bda3e052
SHA512 12f2b4b103aecb3c3d629e13e3122effefaba656024a6083352dbea18900456339fed08c2081eb4b41372658324d200838aac09989417f12b28e89737b0790cf

C:\Users\Admin\AppData\Local\Temp\qYMA.exe

MD5 3fb7b8cee2d3560785151ca59bd428d5
SHA1 d4e3d1cbdf3d5afc5ca93def8e8f523ca864fb7c
SHA256 c4e2658d532c8180d828df2d96dc98e4b69ac7eb46cafd8563aa9ebe456c3ab6
SHA512 f99b562f1773714ee5989463ddf87dd1823bf206a06c7620daa4ce6e91db7f5851a03845cba07a97a86ea4bd382e16eb8c3623e66592964d5c0e58e9942d3cd0

C:\Users\Admin\AppData\Local\Temp\WQkG.exe

MD5 53d976aaac016a964e5642f9063dc9bf
SHA1 933712ce29ee802fecdfc6e42e17985a5b8345b0
SHA256 78c5b036e97c16d9b693add38872bb2d66779c37aeab423586b85531c4ac91df
SHA512 6d543f4ebc6d73181c6eb5c920ffef75c9d54b50b1eae99619cb5dd25c5e3ddd9c4a018b118509e610773cd6f1a2309b8cd361011fb68a73e2ac3e26eeb571e1

C:\Users\Admin\AppData\Local\Temp\eqgkwUcs.bat

MD5 13e2d2c82415178a939409a2725194d8
SHA1 f4376e8321dae27b6f12b23249822a4ccdc0d80f
SHA256 31554c90d7bbd88a9c933ba7be9ea3f6adaa0a5dee2078f1922fffb014c958a6
SHA512 706c5cffe535a67b1d689fa4e3e531728ca425580417bde320699885056d4e7cd6064e392d0f819003aa1dc3ce3842c875ce6e4086be0749341ae54f4be4ada8

C:\Users\Admin\AppData\Local\Temp\YQQw.exe

MD5 24919e4adeec72fec4ebfd6652710405
SHA1 7e50c436cda9ffea104083d8a818620bc167d182
SHA256 17964c2cbf5f89cf172bdb4418da48819d069ba620c45e9ba81d1869a4a276b7
SHA512 229a8eeb7c1ce76c109b61f21fc8daed5345cd0744718646665bc5e76c49600a69ca7fa49c7c0647d98d263f305121ced01c08387af4510e569bdb64a098752d

C:\Users\Admin\AppData\Local\Temp\sMUe.exe

MD5 a617ed35644c162e13d6efb0d32c5e8d
SHA1 a190597b553bc317024dbf81e383fc87b3741983
SHA256 3111d245d930bf0240e7ecf6a42f1f5cff48907cc6371c9f75787d1cc8da2fe6
SHA512 1249a9b4408335d41520fe073a935205e30a3a1410018de02d0206f558ac394704e3cc306476b3f6ab6ecdc8eef72d25be9abe41a5104159d0aa91e3b573f872

C:\Users\Admin\AppData\Local\Temp\QIQQ.exe

MD5 f41a93ae1c0c688b05a6b89be10af08d
SHA1 4c36302555ce774ed406fde002b522786d0a8f34
SHA256 991ca3e5397a85db23dcb0b44516c0cc79adf21b9ad831345f6ed8c71c86a8a4
SHA512 5b1e9cbb8e1e1d0a6ab6fbb26e92b3b93b8a6a37d686fe50c4e2cf70256e97c5a698f9b1679c2ea98ea0902468505d94197f1080e22714cf9060b2c337f22b2d

C:\Users\Admin\AppData\Local\Temp\eQsW.exe

MD5 a8409dffa9de05dd199b8e57c4320c83
SHA1 a55b8995d41e711e78cc8e6aa67e23bc30e36acd
SHA256 1bfef3c3e8bc33a54074e96d33878223923e94efff4e12666033dbc8c4a37893
SHA512 00415bf6f45c48e31ed708514b6e0401cb4b3878204686eb8d3dab19905ec1322637e895b3974920bef995fc8d2eda5b03c22f67852030d558bde8eb259afef5

C:\Users\Admin\AppData\Local\Temp\CkMU.exe

MD5 5268c23896f4f545a60afa0b69d90e84
SHA1 8b49b5d8f147d6b3c6a82a23f774aaad713bb09d
SHA256 58cda3b237d2679d406db47ed1d82477019b275bd4c791d87dbebc97cfa098d4
SHA512 28118575b9c909b3cc9e3ddfa78e4b15531c873824363840a20b81be17199d6ed1a2fdf68cc28f740419245e863167fb77a4f663f4c5db107d1d4f9a42d4aabd

C:\Users\Admin\AppData\Local\Temp\qsUkcwYQ.bat

MD5 eedba3516afbfefd29a27ad646187677
SHA1 738d82c3ca65c9fe67234662d98746b2c247f849
SHA256 3fa73031542a5d44114385325c48f9c08ff0ffef06f0565a661b177e461d9ca4
SHA512 c3dc5b2461a9679a0bc7c32d342aaf3fc8024ce1090639e593c57b136f7ac85a6c559d4c812023c40f9e306b3be53a13a2935d9b3165d46dcfd5c9b714d359cd

C:\Users\Admin\AppData\Local\Temp\CsMa.exe

MD5 4ea57a285f73b82906166de4d61e7d82
SHA1 ba3e730073f6bf3d8145d0886d6d59e44cf8e734
SHA256 bcc5277c7b5de8f8106b47915c179f8aa417332db07f2c37435e0ca03704460e
SHA512 d71b9b4348a5cc8bce650fcb458faff1d6b0dabd57e1cba724dc824ae05d2bc9befe448602cb6ad0c5d847f2e35bf97f59956b570d148e77fee2d28939823647

C:\Users\Admin\AppData\Local\Temp\SAYW.exe

MD5 1a36f98e1db1bbb89eaadfee3de101fd
SHA1 af7007fffe0e7c6adfc19116908863d7a3f28417
SHA256 c94fab8a11794a047b527bad18190eb94a015a2c422d1cd863f4fe8e9e43c378
SHA512 763a436110a9e5b4e9ba9ce6ef2cb5293c22fc6bfb564651c0c1fe1b455c234f7a4add283ae17408505cf8a98b4b5f71e83b2a1c49dbb5fbd4a0fbe2257b2e18

C:\Users\Admin\AppData\Local\Temp\AAAK.exe

MD5 ea2db9eb5496b2b8182b432c7cdd8eed
SHA1 2b04ea8f4dddc210e45fd146e4c212fa2de8e2bd
SHA256 4d429327774d757f72bb15abfc13662d01cabb8ccf7eb24719c0dcdae6e80248
SHA512 170f20c1de18d133fb70f60c2db844a4937ac57867bcf182a213562991617bbe5904e1b4cbeba4510e5aaa238808be42bfbb85cca78886d533524e86af45ae11

C:\Users\Admin\AppData\Local\Temp\cQUk.exe

MD5 6d12979ad7add06a4b34a9ab436870eb
SHA1 da2c25bb6cfddc1a86cdd0a431b9a776b36a297c
SHA256 19758c6a9b2aff3a11e3159bb95a131e34358aee47c59b6f908a7d34372dad90
SHA512 e237e430f0cadb6670a1dddd1d796b5e5b700bc03364d115519b70bc3d5cd2c2543fa04537bf2cfd90210a118ade2d965f6c6ea0cf7369754e8b63374dacf19e

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe

MD5 7b8e389c63b0a38b0076a63b085d5878
SHA1 6b6428be2cca43abe2d1d0c3e55e048d143af2aa
SHA256 bb0e29ada72d47abe1f736a1e8100deae267f4bbb6f7b38dbdf99deefebcaa5a
SHA512 ea8d0cc8277a6ed5ebc59ea13a916f1e626a6ffa6f08995a33449369ee306ec0231a7c75a1197dda50feac862a159453db2c9335ffbc28c99680802d4c11b11f

C:\Users\Admin\AppData\Local\Temp\aEQq.exe

MD5 c87646c16c2a2261a7a4fff1037363ed
SHA1 5843b50034a7b8db987f21ad3314c2bd27663c36
SHA256 c3f01ec016c378e48c5265a1316fc8f64c4d6377f0ccbdc14bf5acbd33186be3
SHA512 0b52c1e132298aee9f801310f9fecac7dac9772aa5a38e2155d4f8c16650e52ccb0f329d5f017231bc849d7e55d1e42b4a67037d607ec062ced4e596a5da3466

C:\Users\Admin\AppData\Local\Temp\eeYcgAAA.bat

MD5 860683c864cfa894d83a553070d1f1c5
SHA1 68cdf91a7370dffb805b5f1ac389b87af747b504
SHA256 1b628e2c9ffe5cf2c95e427a1a7bbd899a5dfd6e0e13520f917e383045cf637a
SHA512 9e4d89673392a51679efed7481aeb3207cd871a32be52bd06598ece8e2efa71f8acf581f64e720e370ed17d1f59c1fa10236de70fc70aa81e80978de1c4b3c44

C:\Users\Admin\AppData\Local\Temp\QYwC.exe

MD5 ceab4a7b99f5b386a9e52e1efbabf5fc
SHA1 d978966d8149b61b744622f5887b3e0edc25c2ae
SHA256 ac0393452d7eaac07d67642527445fc944b161bf6a039c5e41f1a059395552fb
SHA512 0ab5082a91b49dbceee89e1614946e4bb6558777c84c4eeafe0d0035b48bad4b60af96ec65f1112adb257dd7f52f2d5f4fbaa52932edadc7b664e2d5a0027b04

C:\Users\Admin\AppData\Local\Temp\EwEY.exe

MD5 0afe5bd47d2a23e2d91e0b52b188bf2d
SHA1 1bb9bed7cb9c4a9d055f3792f0d3925241f19616
SHA256 406d4acb8d9866a8a3e17b287563578585dd366d961f18d6c501d14036eb551b
SHA512 fabd3901cdd4efb5dff3e4bafbfd9b2bbf8b50c979df630ab3c53cb72c45690cd102bbe9c8c6051e4628ee2f511b83ccc85f26a84e6361199d766e95a2d41dd4

C:\Users\Admin\AppData\Local\Temp\GoQY.exe

MD5 6595496b7d46237940489c1e0ce6e8e6
SHA1 c1fe0e68a0c1e7a5c94097bde214f023d8c00fb5
SHA256 0b2841ff40f8e7d5e5d08656e83ec8fc4ded3e81d995fc5aafceae404e742f53
SHA512 1f9920afc3739d7bc20511722ad1bb476d2b28cd0e4208ede7294e2d0229f1c192d9739ab2a5a13e8aa47db6c071974181efd4b914db2236dec77342128c2a06

C:\Users\Admin\AppData\Local\Temp\UMEU.exe

MD5 5c816547650c84e103a6acbda6c70ffb
SHA1 8028647bda1490e12a129303314e48759dd5728a
SHA256 e822a16c6cb7cd40546a5f9a64a0718369373b10a94027d1c27919e521ebe739
SHA512 e9e1b563ff0ff3a0fd87933abade54458e4e897e165c203e0a1243031d564185c8bcc6fc5b7d8cea3ca2d26ba4bb8d554bafd344f97f7098f0d7c33b5f7f220c

C:\Users\Admin\AppData\Local\Temp\SQIU.exe

MD5 59fc22e1b9f6a679c0db6a891a21bc5d
SHA1 073c834358b869f266764ed435cd23a5ba062611
SHA256 e3c396cb04a1adb2b4cc2f0d235dbc4dd75f229e4c8d31dadae1d721b32c9261
SHA512 8ef7fc93f4f568643f2d878bdcf576508e500d84b158f0f778e09497574d6106c9eee61057a6d8f828764302e2a27249d802db8cb533a3a4afa279f1020310d5

C:\Users\Admin\AppData\Local\Temp\gYIQ.exe

MD5 0ada5d9cfda784fd44f9716d9f3b46b7
SHA1 4f53d66d6c4c3e2ccd42191b1f43d2b47a21db28
SHA256 670a4a3a16d763c712e5df6266b9a03e8fcec6d54cd1c4bf36b026709da0703c
SHA512 367fe44c6461438fa34914ac0e8a719b03f585def6af630944155a645cbdfe00cfc54bbdec55e82a91d73f0b2c45188873345fe01e8ff6bfc509d2c9f2ed6ae5

C:\Users\Admin\AppData\Local\Temp\WwMO.exe

MD5 b0d18f7295bfd218d882f6d82aebcc66
SHA1 c9d04cd75b4903c4046fd52d54ebce614b4cd0ef
SHA256 53766a85513f49ca0257e84b63a4a9f9e0285cd4aadb3e5a080b0dce00a6638e
SHA512 5782563fc91dec068a97be5affcfb4450c9a2e0e7c99a41346e696c3ee74784ece8fca084f669f1bb53b3a87a49287cdc61b52e9cee4966c7f83a3fe6016093c

C:\Users\Admin\AppData\Local\Temp\PWkwQMwM.bat

MD5 05f80a5afbb655461f9dfc175264fe79
SHA1 94c5db4af8898c360ccb0efe101d6c13410a6db1
SHA256 9139dbd3c5e80b121fd1308f48079473e41d91658eb250ce9b5f0121a75fa23e
SHA512 8a5a93bf1a7a4d90c08fa35d914464987347dc6b1f8ffc9682aaafe79fd65e30a59e5418d68b65f96de015cce120b8504fd20eb2edc7b28c7818fbf7af749d3a

C:\Users\Admin\AppData\Local\Temp\AoYg.exe

MD5 4903af1a31d1dad0834ce3a268a2a2c1
SHA1 ab1a04c01d856f2625af3c0599da0339bad1a6bb
SHA256 4cb5dad2b93364bdfdf84e6016729a5f1f9f37aea752d32186097dda31d9657b
SHA512 34dd29bcfed0aeae043b815dd69dcb58d62133c260d6f615a7a1c9e83c0ec948509e2160251ce809c34f5f05bb02e2d1efc5afdc0277c2bda26a33bc7078d096

C:\Users\Admin\AppData\Local\Temp\kkEA.exe

MD5 20f26ab7cc734cf2511f34874bf62964
SHA1 3e1ea50ac26905859d69e37672c9960a96eeb3a0
SHA256 c2c5569c00cccd1e66c89ae31b7258a4f87a41fb0092136a94d2916cba0eeda3
SHA512 b977d11b0acf1760dc7b1745b3ac0061af2aaef7e9c7aa3f99c1f28fd33363eddf4e423fd097703125914e663e8750b607ef7631446d675137a53aaa90d6e76c

C:\Users\Admin\AppData\Local\Temp\AEUC.exe

MD5 6e4f12f1100590813cde343bd481ab09
SHA1 36ff263d53c53a67feed75cb2f0e50281b9565b8
SHA256 ecdba7ea04f17f07e0ce72cee6c0c12eca7e836a2c51d1b9048e466871c0be93
SHA512 f871cd0c400eb0d7e02240956de4ea2916c2e0045b792c91f15a1d1113b1e757be1822318386ff7fc1fda57ef829bccd0001bb629847dc25684c61cec38d155a

C:\Users\Admin\AppData\Local\Temp\mUMW.exe

MD5 e662e0ab50f0399698f6837a9378ae31
SHA1 3c33550762d3fcf455c2da1a5884e671fc3e5d6b
SHA256 3efce23c494f153083cb1bb82292fd1382928f6c1c7aef14ac022ff6ec6e7b3e
SHA512 7898f8f69bff29ed4c21e456480417f81cc719bcdef829869d7fcd736e1d8e9c2f12ff37e4132bdfa0a9299b05ce0267345e28db4562ef1bf001e42e1e18ac07

C:\Users\Admin\AppData\Local\Temp\EIoQ.exe

MD5 390ee5b4d83ee43e3233a486a1f32a03
SHA1 4cfd1572d215a387d3cf0f4c802c0d8c61f55a72
SHA256 64a4a44793a2fcd6cafbfdf8c627a81dd82212a1a1bb15956be28fd2f35bb9c7
SHA512 4dbdd4d68f9ea354ecc6cce68c317544d58ca2c2900c5391017c49913937237d382622828516ef93ee40025ae04c7c84b75ee93222ab2b5e33b3f43322afc47b

C:\Users\Admin\AppData\Local\Temp\AoMc.exe

MD5 881d757f89be342e4833456e5d7cfc8b
SHA1 e5aa0f5c6b21a4270b46451ed5f56d7e0d0c8351
SHA256 9e31af6476b410d0e4c09a12aa75f48b8cf1692b4d59da17d470a9e22273fed1
SHA512 2d25d950040e57d8bc5a8b126a4031ce69fc15be6e6d1e1cc20f970bbfd861df30687d5819a118a21208d9015cb7df2853f844bdc66ac8027c3ad49144193685

C:\Users\Admin\AppData\Local\Temp\YUMK.exe

MD5 2fd82d0b012da05701bd1898b23f352c
SHA1 ae47be5a5a67c8f1d526b6a400341683c192cc91
SHA256 cbfcf42ce0c362356222679e10fc7fd668087d7ee234176065413ee30cf918d9
SHA512 40a6d9541f28e5348d7bd6e0a8c796e002876338dcf1766e3a5bc5b198e2599ae61a23ca01c9799d059550a7c449ae45acaada656715573f64484b0d54cf43c3

C:\Users\Admin\AppData\Local\Temp\BYcQMocE.bat

MD5 a101a131f2894621422dd25c48a520b7
SHA1 49c2225278ad162ee81f4946f0b6ffc09c2f1b6f
SHA256 552b9adbaad45142bc66100d434d77cf5eb7c0ddd478eedb9037e991372be455
SHA512 a7655482d85c8bdbcf5e8e844a81f04426b0b740871b872d58eeeb736fc10b746057c2b75c002b5dc0568e54fd608c729dfe9090f99232ba174f9c4f749d1a62

C:\Users\Admin\AppData\Local\Temp\iUUM.exe

MD5 a66d8eaedd301aba2c4eb5ce63ac7e52
SHA1 590155d6cb24be14fd5c2159f469d3ee9080229b
SHA256 de0a872ad1296bca4ccced1545ed7964d7336e0d9fdab33d3a9f89c81b26d458
SHA512 b47f07919e7c902693d5adf070c95e574b79392cb5850c7944d407c048af7a18b2513ac1b1801e31f331b8528a1cd0d05bc8a62c0c9c4366b592e5743fb99195

C:\Users\Admin\AppData\Local\Temp\WMIS.exe

MD5 06650e36cce5ed722b8209f75d71878f
SHA1 737b57c02e6b957cf3ccdc53383a8a2571732b90
SHA256 504d358df271a37b1b84a9374e099880b0a6846c36b8085c54c95e0b5e5cae4f
SHA512 677284ecc9621e69b7839bb162e2a69243aa7945718629848a39b64ad9c0fc6d93daeebec91105f66ab1c82f79bf6a0067809eca73a37ec801a2ca17feab8f48

C:\Users\Admin\AppData\Local\Temp\IAcE.exe

MD5 d460c44e1ce0fd6b8a395b4f63158145
SHA1 b44ebe578b94e85fb209232c27139d7b6f316641
SHA256 e17e8885fdee684f38f9acc1d50364d3c6fd3395b4d9d57a73007885e7e746fa
SHA512 fc231b49799d4dae9e245d9fe06686fc9ab1334539cd046215c8043614f89b320cb5f48b05450cbf9088a18119eddd4befea9c12599d5ee6b4937b0b8c566a48

C:\Users\Admin\AppData\Local\Temp\eQoE.exe

MD5 21942c8dbc1a1ae1e52699efa5dfa4f8
SHA1 5760008d99d889ba7ddde53e06a36877e160175c
SHA256 368e6f8dedfad62bd6f3be171db38076ee7e29f5407680e58c38eebf86f387b2
SHA512 53f1d2d6b3317d77891810ff5fb2f57c17b811c1f480c19d89ba610d16bf61dee7a205dc1e0042a26f634a63d69dcabb3838125c4430d56dbd7d61f0661efd15

C:\Users\Admin\AppData\Local\Temp\iUYW.exe

MD5 305eb31a64b9f1bd6eff57c8fad0e043
SHA1 7ce939ead754740ec358a9fa3b1b950163507f3f
SHA256 d5b23eccbd0149a0de0fb37d6c893ad07d67e1f913777aac489062603eb541f9
SHA512 44a347096539d863e790ff3da68d4495d5f52ecd17fdb99f5251e39ff37a8f1094591c211dab35524946f923718d77a10277831731b35f9cdecb913788f5b61a

C:\Users\Admin\AppData\Local\Temp\eoMy.exe

MD5 f407daf545ccb9a8f7687b848ded1cb5
SHA1 096b9068d6a751e4106a9bd9e0f657b690a93cca
SHA256 d1916dc5e247a3db4d5e8d7f835b12ffd221587e76430f149606f593744c6bf1
SHA512 db938b507f554010e6b1ea8d6c2d071aee88688bfc468f83c5dc8c65517ea9e7d83a5a96dd19b02440bc25b70a4fe126dfbd867e02f5e2d60affc5109ce2eac1

C:\Users\Admin\AppData\Local\Temp\oIUI.exe

MD5 843e65c88997722c623cc7ec1b3e7b25
SHA1 266d5a9d199c8bce7f486a22db6e227f26029eca
SHA256 04f7d0f2c53ae4fbabe2ef9572426ff91269f23c69905467ca28cdac4479b123
SHA512 9a414df495cec45d33aec54a76aa2fbbc933b375f71aabc8a303880448920f9bdbcd44aeb2a4b4f8c4d745cf1f08a72e8605a450b83dfe6c9080c773387ecd37

C:\Users\Admin\AppData\Local\Temp\ucQs.exe

MD5 e397d357299cdc5dff27107092ca0291
SHA1 71660640e973dc62fcac24daa26ca3df6db26c6d
SHA256 43ea643a595e0e31766ad09cdbe0c993b42cc412138ce477b3f3c3976537c07e
SHA512 acfb7fb6a028af37cf6ece9ce4c1aa5fd863c61302d64b636f7cfd46fa82f5f3962c0e713a743dcb0ead589c4e0552ab7457f0da14761fde79c83e8e3b88e65e

C:\Users\Admin\AppData\Local\Temp\owUo.exe

MD5 6e687b0b43891cdd0529cef9836e62a4
SHA1 f92feec7f0ff1d8283b000010e2cd7f4d4bfe347
SHA256 585023c2a7edd0754eccdc42b468c155b46dc9610ee36aee0b1c2c8ec160d91b
SHA512 27671cf6d57da421e83e5b622101c981ec48af6051e4ae963ead2ea32d5b2401b137b3f099065f78c7395aa2f82ac784fef92cb5199e7dcce184fa11856e8bbc

C:\Users\Admin\AppData\Local\Temp\ZUYgYwco.bat

MD5 9384fd91faf414db9db88834dcd490f7
SHA1 cb43446bc9c6fdcf0ebf03025dbeb559a82a87e1
SHA256 299945137efd49cb925d2135a3695c747f7ee3f8330b2517c453b1c85f180a57
SHA512 aac6252efa573cd41c73a238df9fdffd91a36d30d800e7a3f31050ad223d4ca710a76e7dfe270c6a4340dcaf1471a454013f58562724a05193e72026ff53299a

C:\Users\Admin\AppData\Local\Temp\WwQK.exe

MD5 f647122d46e0b268867d2e7422d35fd1
SHA1 668527a4be5c9c9a63494da60d7cc15238751ccf
SHA256 7dc08967ce181c87d8a97e4129a94358ce461423e2ad2b093b0bfd6184a5f457
SHA512 43d0ee79692380deca4332c383141474f78423b5f41f242355dcd17c27be23bc60e4cf3820b2d472a8b64c823882921fdbbfbd106915e825bb60d37373a013fe

C:\Users\Admin\AppData\Local\Temp\ogQY.exe

MD5 7b788c8614d98ed29c9f7e51f26eb116
SHA1 f64fcc7769f1ee45ebbf1c5b452fc0e173d65289
SHA256 038aad6e6b85bf560c0175b16086268a05f2ba84c205c35c14f005f336c65c11
SHA512 2172616f6f40011d601521febd6fa2ced25108fa50ef3999dc16f835ce76d173b5ef1375b580b61b400cb1cfe252f6958ad10f9052a1ede4a2bcd1ab91926d4f

C:\Users\Admin\AppData\Local\Temp\OUQG.exe

MD5 ce90c226b47056fa2e8fec100b94e322
SHA1 a75ec30ee307506192367ef3a7bc70f2b189f359
SHA256 5bd2373a96bc9c74c62d32771072e76eb6031918785ba27b004ada32060102c9
SHA512 50899b6cbbcc74a8d6391d9fd07b141202879ca17c440a031a0a927f0d494ed5195c0498650af755bf725cdae8228f60048e9f728a5e48499ceba5d64a855c97

C:\Users\Admin\AppData\Local\Temp\GoQW.exe

MD5 dec745c35dc8e64f593246d6ae5d5704
SHA1 021ffebcb3ef5fd0b0b3486d9f94ffdd0af1e07d
SHA256 adcc5b7f93747bb7381f4983788cc7ac7498bd8269226a7fb466bba2e39249b3
SHA512 81a5b52047536e25175227e31af8a2a435edb879a04a976a927833a7b8f70863abf3bdb0e3d978f0412785c1490b7f10fddeff43b7e30c7d571502db0e763c6f

C:\Users\Admin\AppData\Local\Temp\osIW.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\kIAG.exe

MD5 b8d37a26f68b3e5e01007a5713bd0112
SHA1 bddf9096ca2d0dfd07c918891c6f5a2afaa8f06d
SHA256 77dea9f54d60f749d02f503bc1aabd347d745baf469d2b3e52e3ddb35c51b3d5
SHA512 9170bcc54775c3767a4509a06f38ec3c690b530581f19f866af4733d9eac5c9c7fe8618176e7b6507418cf84a89ce8adf0608e29d3add23ebcd9236e9d52b5a0

C:\Users\Admin\AppData\Local\Temp\pAUowooQ.bat

MD5 dc38bba58d9fcca7e4c2c51c60859620
SHA1 c4a561bf59235e37100133786fef3bee1f9ef58c
SHA256 767433d79efaaa555ab13d5ddf19308249da58b49271cc9de28899f4002b51e4
SHA512 b618fea84744726fbbcbc40b5215be34a9d7c49b3b111e8fd12a4fdfa87654df490d4694e7d0b2101d2c8ed25de96a12812038c73eefe173c9cd6276f11edd2b

C:\Users\Admin\AppData\Local\Temp\AQcw.exe

MD5 173d75c7e8b56e0e0c0d9eadfdee2d2f
SHA1 22faaf1d844604ed2d18815d7e81b7dfaf60319e
SHA256 d9e05093ab3415fd7a6c28aeed12d780beb16eee127c74d10eb377d6ce60a898
SHA512 d56d243aac4bfb51d1e13f4da0ad97c07648e16dd89cca59ae6b70716a4000083094b2108adbdedba2c9296edb2537e14f81716d89439cdf3f06478a2ad03485

C:\Users\Admin\AppData\Local\Temp\aAsy.exe

MD5 7d4cae6b86d5249897745aaa11526ccb
SHA1 5743a6c94383b30699074da2a2ff03e4a2a87257
SHA256 f12e6208e5d3938c973c85bf51c166f3ea4801f0febcb444e7792c050c9601d7
SHA512 74ffa4b83008befaebc542c2f13910d64279ad399f2890b1e9a8f2453707606d9ee6529bf04632c2ebfc0cc2f4ade80cb2a307c24c48ba7c2a3e99752eb9c259

C:\Users\Admin\AppData\Local\Temp\giMoIoQE.bat

MD5 c146ddf8db43d3d716b43bf58f3f40f1
SHA1 0bcfa782f746b2b919b7ab7018da4fb6d25bb497
SHA256 f908b802d50d8e11afbd6dbd32ad621c1a7076c05ea53eea3e68f08c3fd7e259
SHA512 65597c629216af65531520fc6028c6bcce4afb819c6e7c6a9a5e4143da29690601fa7ea1aeffd2d582e9f72d81b0ad17aaf27c9400b8e2801b395cfb746f6f81

C:\Users\Admin\AppData\Local\Temp\OsQkgoos.bat

MD5 afcc63eda8b78986b307e91155155896
SHA1 3102658ab752cfd2964eeaca54dd28b824cf2e54
SHA256 d9f7b604d062cf82f5fb9282a2a618aa7a5dc816cf8303ead4687d348e3d559b
SHA512 80b2eeed03f97bbbcaf98c64fa98f803a37dad6ad2907e4cbde05ac27e5b5cfe6ae490dfee8c4507ee71b9c0549fc6ca93a8586690d0dce739b69b751c9de0b1

C:\Users\Admin\AppData\Local\Temp\OMoYgsMQ.bat

MD5 185deca01006aaee3148bb4c197c39d3
SHA1 fd94a2dbb1b7398264f0f1d4ea97307844a4b789
SHA256 b87a4b28cdf5d24c5065d347e9982f1fb409a008a477a1c282a813c9947c8846
SHA512 10d03959b7cccc90848646557eb3e5d7c7fa2b6e576f5bb3c4845d06f7ae3293bd386c47a2918000e1a2586b28e20d3061fb87ffc48ca9ad600256d3ab11d022

C:\Users\Admin\AppData\Local\Temp\emkMsYwU.bat

MD5 ff9f468869caab57860873e365d7b462
SHA1 6a6e85b3d36fefae29f760c5128855915c25c9ed
SHA256 0a59506b11a281053c2228e3e31340cb9c6d8dc54eb6e13e04d9a204b560c72c
SHA512 59f3454ffd8806697fb89d6996d09ac1c94287811491ec41ba97abf9219c14bdb5e238bfa0a72f06137b34064a7f58ed46bb5e565b4c3047b4f011bcf3e83fa4

C:\Users\Admin\AppData\Local\Temp\dOMwIkAo.bat

MD5 b49305f1de06eab4359ad8b9b7aa3b2d
SHA1 fcfc903e75fca2d560945d286940dcfc12554b25
SHA256 0288540cf682e45970f358edc66a4abbefaaca42c9c13cf7faeb5ee2340036ec
SHA512 2a8fd1533bec68f1a86b15dc6e9876754d12f0b69fe6b8b7247dfd52053f276e9a801cf0b6d4adf52819af726082ba9df7ffddf96a43d038d4568946b84eb03d

C:\Users\Admin\AppData\Local\Temp\DqUMQEQI.bat

MD5 29c18b2c022ee732284acd744618996b
SHA1 5bfa39f1f0dcd26985d319d6e8a579f9fcf4bce0
SHA256 f75a36b1276c896c95f22505444a8b0d2029655af9cbe063f9dd11457ba5c97f
SHA512 f69c8dd50432a88e0c12aee6588f5e2a5b39ae5f21378ab726b0b515d1067bd0adc00afca834c0b8b00138292b267acd42de26334e9b8cee4d6d52f682a9876c

C:\Users\Admin\AppData\Local\Temp\baEIgoQQ.bat

MD5 9eea45a7d9091324ad02050f8d442f1e
SHA1 112a2ca16e1b11f7e1c98a89cec3fe5f4bbcb178
SHA256 590834e1605f24ca2e4c36e2452c0fd5dbb7b422a1c0df8be5ae616e2f24b833
SHA512 c966b498612d5d8288dd3b363d673e2e549814efa20b47f940334bebc10bea105ee376611247bb9514279669704343289a09109dcff06d6c36b33a4639d16a0d

C:\Users\Admin\AppData\Local\Temp\lIwQwsgI.bat

MD5 bc925aab9a5e2240e3b95775e695daaa
SHA1 2613cd28547a891e5b074399ad2339c16522bdb7
SHA256 098a1a0b9eafb659de6110e384b54b3440fd6117d03e7a07efa5baff03be736d
SHA512 9b362ff32ae814f72308b958358d5753a1aa937f5565e4829c42aa0d6bc4314d9fcfd62ea7c21ed8741055024d1c8476e0614035a18dde798fae153f7408f81d

C:\Users\Admin\AppData\Local\Temp\ciMYAoIk.bat

MD5 235c72cf3fcd4dac4e3d2c3c0134d592
SHA1 aa088929ba899c10c3ad4ef5b3f233077f995efa
SHA256 8ecf79994b6910aaed5f4e682328a3216864cf965e1ddef449e9c87adf957bf6
SHA512 04588b59259414b5f22150cb10905e291e5fb83b84efd29dd32a03edfacc668265a14587dce47926a399e19c1e9b9b673bfdf78f02b9a3bd947006da44d2f503

C:\Users\Admin\AppData\Local\Temp\eOAEUYck.bat

MD5 407b514631b3bc44430789513312391a
SHA1 f42b7c5a8ee665e2778e01d533a608b0eebade1c
SHA256 7d34d4ca3cbcc2a44e2b496982e931c609e6a64657295c0ec0644cdf7bd0775b
SHA512 de10d639026811104698ef09c23fa4b96c780fbe583a564a5705be87623c20ea13cc545f522eef0ed224eeafe278085dc6f02b4ebba4d4c67fec4c7652b6093e

C:\Users\Admin\AppData\Local\Temp\MOowwIoU.bat

MD5 1aeedfcbd2c9fac962d9fad73114598c
SHA1 8a432a7dbb11236d45dc8e4465cda118d6db8bbf
SHA256 3aca4b2bedd667e355a45a92fe3c79e159ac571c6bd4a968cea5fc44ba808704
SHA512 2768d57427f40f89acbfb97f5906bdcd165ed326e7d8534b12e13c15f1b584bad65fbf6122daa7e81ac18af53b7f64e68c9461fcb2eb723a257aa2b6ab22b549

C:\Users\Admin\AppData\Local\Temp\IoUc.exe

MD5 474b79103a20aa8abb5f8c1a10ac947b
SHA1 7315a98cd515b43337bb10440b700375528d3416
SHA256 7c45b61aca4f4f70829007461acaaad3891595cb59657ff0ba99414bbd9c1a5d
SHA512 2b547e286fc8673a924ddc507a9d37093afb18d2395a11cb56ccff0cee15c23e6fbff49a791beaa9921b099379216784a127ed5ccba856bb12a266e3c439918e

C:\Users\Admin\AppData\Local\Temp\GoUy.exe

MD5 fdabd4ca9e3b0270d62acefaced12ebb
SHA1 9b98687fd30e0f55486c95e0d2b5710906595b2e
SHA256 1ad4043042dca461e8ddbed141a3f83d28db0b0915988a35575e0a3e2a791ebf
SHA512 4efdb371a0bb36cd87b55bbb1b5231949ac74419398866c226e589209ef7d5605dbb11b4537953cd1e80d865d67c6025d13ebfb3917227a23f80bc58e829b742

C:\Users\Admin\AppData\Local\Temp\RAAYsQkY.bat

MD5 6e3d3bee063dd22de5be6370767a766e
SHA1 d01cba3ae4f69c663aedf567cae6a82a6cba2c00
SHA256 e0fc67552f58a4f32aa5fdaa2d550635ee15601116c9bece0db9c908f87b7e10
SHA512 1d540ecb52795406183fc36698312f2fdcbf1ea13f72fc7760ec7dbdb5402ed5c1fdbee321990fc6dfbda7f07c01a011b7c9d225b69661b8d207b02dd448876a

C:\Users\Admin\AppData\Local\Temp\UAsq.exe

MD5 658b14bc9ed15161e4ff8c94db90096b
SHA1 fe07e55d9645c16d1f0ea455424f4c6c61e22194
SHA256 271618716a3c09c0db07fc187c66cbe69d895a79c463d9ec50119d8aa62d8274
SHA512 a97ab61fcd74b9dc3ecadaa019bdd757fa13abdfeddb714082f25d36c3556aa33a5e3645ca71f49ec4f9a492e565c94e91933531cf9c324f3e8623b9937338c4

C:\Users\Admin\AppData\Local\Temp\kQcY.exe

MD5 12abf53fe28dfa3ad3a4468b15c67af8
SHA1 d9390c7b9c835eb5db6716d1c4a299dd62db9425
SHA256 a0da6e8ff8031977ea397c47a209e19e58af2f5ca14657c8af8afd3d0ae30b7d
SHA512 a2cdefcc1cece1a9722f1fdfd323373ce6df2dabaf968a295b09535fae4d6c62fa48d82f3b3bd6c3e4e255f72dad9af6a67ed81a7d87f50cfcd16a3e49f23e79

C:\Users\Admin\AppData\Local\Temp\QAku.exe

MD5 0090a9f111559a72192a21a7b3958397
SHA1 380139c1777b2d195d97e2977ce550e6dbc5e8b3
SHA256 8296640f85cc72c9787e5ce384b53c69dcfc26c766ea529773d5761c810bc4fc
SHA512 b20b2ffea61e77c30fac8b77dcd85dcc81b5608dad74c238f4d0e08fd755fcec829147ef15b129999c0f3fcb18dcf3f36d794ae9d3a3f7bc623736182d561799

C:\Users\Admin\AppData\Local\Temp\gIEE.exe

MD5 575c050255bcf1c67673ad37575dc361
SHA1 8b0bbae57253f7c343f82dfbd858da83f49fd4e5
SHA256 1f369ebda2c5a5a633fcdf9ff33e936b619c8cf386f651e1274f4b43295f2bab
SHA512 f5ba8d8a531c6f1513a8ce99ea134d128616fdf93b4bcc4e8ab1359a96a4c538e4222549d234d4d65a392a65f0496e237c5a052593957a4a41b140dfcad6f704

C:\Users\Admin\AppData\Local\Temp\okom.exe

MD5 80da54a256e1305a6221c54ebd9ea0b2
SHA1 bbeca024cc82a7966d69ff499d645049b0ba2267
SHA256 072ca11ebf8a78027d3b2fb9de7635f55b1837790237d4397013c1bb8fc8ad55
SHA512 10123052e34f524f78f4b842e5f98e6398029e412d29642e94866608d21dd2f6e0dce34c5c28165832593cbb041a0d65f4eb06b6af10d7c53f8f0d2785514d78

C:\Users\Admin\AppData\Local\Temp\EYoC.exe

MD5 e1d2bd27d379a1991a2af58221899921
SHA1 d732ba0fdd72de873791f7f5543f6f914741eb74
SHA256 8f734b19a46a664828523815eca3a81a6905b801ee10d392f1c298864cca4238
SHA512 c467da57323eac98b6cee427fa51b6006e6c33525c47df8065effaad8f09e1c1d50326bc896b6f7db086f68b1628253f007a503fdd20efe4ff0ba8a394d1c78f

C:\Users\Admin\AppData\Local\Temp\AUAS.exe

MD5 62057bb7e79ae0315edd8bd6cc087ebb
SHA1 06d9771bb78233b63114177e9355d8e1bda0591b
SHA256 c77f901702e49e5c5889bcadcd261a9fd06a02d53871f8a847ff4ff81d79ed7d
SHA512 b7100fd8027f3691899aa939d01aeda5324a3fd03432d5c33fab62bbbdc21c965615791587f3bd7aec057f0aa1006962bafd7829f64426bbe28fad04a6c64b45

C:\Users\Admin\AppData\Local\Temp\VwoYkIos.bat

MD5 00f7b10bd9a299973051cac9404c0f77
SHA1 8a8354b001834d6ad1c2d8f5a30b44d94f7e979f
SHA256 cefd38e0eeeddaa72f2b56f0e1d329bdfd5524a8fbf7ba27fec4e11bcbfc8b4e
SHA512 331841e266de8ba1c9e0d3fd6e1a6afa0eeec49bd97f1b800386221d5556b57163911adc8c3333e10ef6fc493b95065b7978acf2e29711d3b226cf65823489fe

C:\Users\Admin\AppData\Local\Temp\EYYg.exe

MD5 d362624224d1c9049eac52876063f5e2
SHA1 3d553c4412f39257253febef8e25220436be78d3
SHA256 b9a6ad14cd257f9ced98a7a0884cc7a5c6b8d6c03d98fdf2fe56e80fe2d9b3ba
SHA512 8c79441524a81a93777f592c6fdca5a51b20ad0b1ec8e7b0f5483457264b3c1267c1f3b8bfb7e43563342526bcd21e9ffb663538f281c34b61b1a6d72a5f735d

C:\Users\Admin\AppData\Local\Temp\GYEm.exe

MD5 ce2226fba98a54ffe96dc38769ab3d29
SHA1 5c164be73ffadf6ba2c0d7810f9ec7e2cf205f11
SHA256 eef4e7493c9a30cba86c9fe3bfe91edc8e5f6454316b25066c09f5c526bd8cfd
SHA512 953635a0eaddd4f4190947f1c0a46a5c670d963b5d48cb1a71c5673b890381a4cd407a894c191443738248f22416adeb3ad8d88d2b2b8efd160128a4335dffbd

C:\Users\Admin\AppData\Local\Temp\GYQS.exe

MD5 fb918c352676376f0dceffb7102ea291
SHA1 0dda0caf9b4a2ba8c0dedd20a1b1452a09fdfa09
SHA256 c2a9300d29456c32934bf5e769291fbe9d512d3c20938f1f6df804ddc38e360e
SHA512 e00d529947b5a13f49db5a3b5856bf419a4a4f1b85d7274550c20704bc9e57be6e93e7803ada133fd902f649e7927789528b2676b99d5335ba029199c06ab86b

C:\Users\Admin\AppData\Local\Temp\YAUS.exe

MD5 04b651e9fbb20b93650d637afcc0c5eb
SHA1 f39aaad35c6c94489cba5369536c7c0af73a6b61
SHA256 2e9428e602b812ce205851a9e31a5d8e608d50063dc8b97dd6b144ea117b5dd9
SHA512 3e5ba8ced4289c02c63b242c5483feaee07032f6ea9558e29c25ec7e260fd8afb68d78871812f902d3812916a869d43ae096a96f19328618e9df6d5c19483bd7

C:\Users\Admin\AppData\Local\Temp\YQIu.exe

MD5 5c20625783bbf72747ab657c1608b5a9
SHA1 f42188fdd08540f1291f32f0b178fe578b35209a
SHA256 948d30ee4e0af3621c59a3633f4a9fb1cb15efa13736e1f2fa0206971fc23ae4
SHA512 6964130ce8e399c5bfdd62fc324b9aeb7c747573a422486ce10326d645df739d91a70eefcea53a8dd07c7ec03ef7a7a5ab687c9439bacd825d2a36dc07fc74cc

C:\Users\Admin\AppData\Local\Temp\JiggsAcg.bat

MD5 3411371ec420777cc07a70442f16fc29
SHA1 8be9b87226a4b491a3d8d7e7a13f4336328b1031
SHA256 3fb31a65ce80731ba1233c52698a435309c0d0e1fbd589b1dd5d0e9bfd3ce826
SHA512 c0d6f465b531cd45d7d7edc1c4e1f1dec9ce78f645481dca0681147e67bfc4ce25864525a14c775220dc7dbf4bfccee614854d32d88093e2da6c4dabdd1f634f

C:\Users\Admin\AppData\Local\Temp\UckY.exe

MD5 866b4502da5bbef8152126240d300b9d
SHA1 6f45ed463602aa786aeb7db8ddce37d2898728d9
SHA256 143e23a427bdfa6d5018bcfcbb7221325a7a8a47678ad055f244e4b94d4861ab
SHA512 64f5dc5695a43b3f06cdeb281bc3ea7fdd421d2696430cc73de9ac8b997ccab906b9f14e1dd426a13fc92f9edf0adcfb43523a63ee6ff1c283af2e1f9cecccf1

C:\Users\Admin\AppData\Local\Temp\ykgK.exe

MD5 656706c2e14c7fac2c80f9fbaba842e9
SHA1 94c00d40acbfa91110dfa292d376a76da96977e8
SHA256 2d6a548e13108c156caa88b78ff6acc8607b87467d0bc5cab84fd4d5a750d19c
SHA512 6d496875aba4c7b65d09720d26bdb3c14c75e01a13825fdbddc16c97322921d8da7aab4c09f7b4a08dc6aff3173ca2df5985fb6c01c24561d68345d3387a02ad

C:\Users\Admin\AppData\Local\Temp\oMUe.exe

MD5 770d49563087fb987f9578b532bca251
SHA1 00994fdbfecd64235c02012a050f14e9a51f87a2
SHA256 98c3063ebcaf8d9d7c7652716d64e3c5a5cf97b020efd9c989ef5c94c2ab407d
SHA512 44776bd968c432ab4879e1ffc15e190cae92de533b311e7c693ce52f232db10629e3f3095c1ba3e48b8d6a6b7384bc9bbbc2688459a2d0c1f22a0f0ff85efb33

C:\Users\Admin\AppData\Local\Temp\yccI.exe

MD5 b07a00a6833a12202f560d1af1769462
SHA1 fe6e3c24091e52eed37e52a0ccdc1664d42b7382
SHA256 f17157f59da4128cac4771cbea031c063dceaa4963656839b503a8a97548400a
SHA512 e8fd76c4788f728fa60de3af3d4ede583db6d16613e37ea3689146dbded5de4046fd694a4946eeb1a4d217a25b02a7420ed6a81dd91889eec2dc90ae072acf32

C:\Users\Admin\AppData\Local\Temp\JokkYUEk.bat

MD5 76965d5aa4987df9d0183d03c297af38
SHA1 45a31fe10d45989b337f6f74222468444b79f4de
SHA256 f324b2679a3f309b3ddbcdef06358b090f422340dc292769cd9478bd2344fe6d
SHA512 73251e2bdce43fbec274d972d665cc63ef6a40ecabda898012aef48935722c5abcebfd11659fb69fe8d4be26bd9b3d1b5e7f74dc571a8cdc31775103a97fe9b1

C:\Users\Admin\AppData\Local\Temp\wUAG.exe

MD5 e204b9fba2ad79dbd23c7dd8a0ea2c47
SHA1 dc6f31e38989b05856295dfb1bed16cdc8626925
SHA256 352d437ee3f8d36076be8b1123f59826b31edcf4df68ea267c1e47772dbe88a0
SHA512 2b437faae3bc55b7831d2caeb05000bbd13300d7773fb562ead6222b2b500582681702ebe8a1a347d1b9720e642dfa90e54a28e7c85d6dc8f9c1dff6395bfe21

C:\Users\Admin\AppData\Local\Temp\cEAK.exe

MD5 fb9be72dfe6c3ef4e1482f41c88f8893
SHA1 c0b9288f5962c61217c97da10dc5bdb10daedd20
SHA256 58d74a71bc3ad300220632e728d1cdb4a527e9ec7b9b56707b20e31c0b4897da
SHA512 ec8c50d7b4998047496b66e9a2dd64fa14acd0c7ddf0aa0d9c4b61cdddbe475fe90c5bfdf62e3c3423bb77ca4d1a46a3a7d318e85f1ba68f3e58601b4be628bc

C:\Users\Admin\AppData\Local\Temp\GcoS.exe

MD5 b9d26e5900b64fc7dc97d62e08c825f7
SHA1 16ad6322be08dd7299344b49f80ad781b27a41d3
SHA256 6e97f24b76ab5ac7e9d1419cb373a67837ef76246fa479c453b9e1f501e84b4d
SHA512 0ec01752acf4e6d6f2186da7031357d4eda48f944a1c45de43b1205a9a21406c5680f3bc9ac707a31503bf31b77f9cadfd381437f397af841db452813d57b3c6

C:\Users\Admin\AppData\Local\Temp\oksi.exe

MD5 3b05353e2cabc59a0a0d7debdc58bd8f
SHA1 158499c98ce8fc0f3302e64bf0b4a6b99849e0b7
SHA256 c0622dd26fbc0016bd227cc27522561e372b8d2fc32dad6247999fcb86631065
SHA512 8f4b0d076f1b6f230ff838cc89edc3fb9cd588f6bd1aa39b203b677fbeb08b014069d43f121a93759ddcb7899e03117a790ed0ba48c72b8299263734223606e0

C:\Users\Admin\AppData\Local\Temp\SUcu.exe

MD5 0aa044915f01b564c08de3c83901e8c3
SHA1 1230f4ce5c90b98e567644d8992f6a838641c4e9
SHA256 dfb40bd863c4741a2c024f3a6f27e8097aa98af523788f13b750398dad9f17f8
SHA512 da4613d61c1cad0c752939aea8ea6b4ee3ab0a9d827aeea008696ff8554ad85b37210c6fcdd8e3d79dd73e298119e3484e28a1ab5ddcfb928d0e00fbd7b7b553

C:\Users\Admin\AppData\Local\Temp\QqcAgcIQ.bat

MD5 89c3381b272a13b39589541b741a0982
SHA1 939fc496e1eb457ff2fcbf6e6ec5a5bae95031eb
SHA256 c3bfc828d20e49eaa4c943e6926bbb85d469abd7f58a386c4ebbce75a831ec65
SHA512 daee0f6f71df6c764f96a8aee342fb0d24d7ede71a02947594d5480cee674d13bcc752d2500379354649d88d0c5afbc07d1f0623d84acae01c4b1bddff191300

C:\Users\Admin\AppData\Local\Temp\qsUm.exe

MD5 5de906f1db72c38d2078cb9f27b16831
SHA1 40ae572f1003d00e230b0dc6afc4d80537d0b266
SHA256 7f7aacf85e7c673d570b8a5203a65c9a54d45c876135f6835d519967d075abac
SHA512 e8abfd38a0677941b23f3d71205b86ca0544d5ed515b9434c9ec7330ab2e081c9421ad76dce2927ae3a0aecb24936d53a81460b7d27c602d9480dcbf66dba5ac

C:\Users\Admin\AppData\Local\Temp\ykEK.exe

MD5 d47c3c10cf31302ba84d1c372a4fd50b
SHA1 e2c4f59c53666e87a80c3058d6f7ea9ff9c09c40
SHA256 820bcb8279a7991e5391db5cd2e21a41e92431cc3643cfe3a1230befb2b5fce9
SHA512 b104a45ec8bb90679d914ebe539e0520eee4232f5b361638c785f03b4f606729cc28a2c33f4786c4455f81109e43c1d4c141a82f74cbc0e3adcfd8dfd501854f

C:\Users\Admin\AppData\Local\Temp\QIUosock.bat

MD5 a94b90e7c7ae6d9dfc43b857adedfe3c
SHA1 1fb3e0da8eb4f6419c462963135b23bf4a0b2e3b
SHA256 d86464b919cf55d2039911aaaa86f42984a9acefcf2728c58598c7e4311f9ede
SHA512 a40f5f5bd9417071afea248dea0bba0a634ca3b49002206460ca889122351a512e82b39112a4e31863c1806f1192b08112e258f336d9b8f668fe4eeca941c2dc

C:\Users\Admin\AppData\Local\Temp\Skoy.exe

MD5 8120891c0874014cc83f3ad4f61195bb
SHA1 c9913f2242641bda2c164e655e6b4fbe205ff666
SHA256 e234194dc5d992b34d66dc7439f32e57653aa934344fe81b6f0597e2269705b2
SHA512 27dc9a52d7a0870473fbb3860a115a4127bb3c918b180b222e0c67d6152e34b3bd7252f4f43c08da41bebc11481d9655c4e79566b76bc7110b9ca3032a343528

C:\Users\Admin\AppData\Local\Temp\yoQQ.exe

MD5 42ba9b67f3669da712eb22e26a37b899
SHA1 55d66374272d29fca134ee721ddb947fdd12677c
SHA256 d071c36793277d7d3c228f9c0c2ca06eefef69487557e90b673efc40871c34c5
SHA512 9e765f5cac2d04742b1b490518e44ca0e2290a4869a82bdf8b6a9fe05034a202760f0d00c21b5891fca61f04a2f79e17a31da6462eff42f12e8624dc50427cbd

C:\Users\Admin\AppData\Local\Temp\sUEk.exe

MD5 5d1d505b537672ac9fc7dfa0f1d1e20a
SHA1 2dd65105b73ae6c219405c7f48a5b59bf1bc3b63
SHA256 6cb22a2aaacf99f69bd15e1b16b3a56202dc4f7a71dd0787a3a6e84300b1a943
SHA512 f6e0c6b9aff8afb2b47b32e333555786f08ac236114f9afdb6e1bfa876333c3b0bd586fef47f03094540bb22616dc3af31f2d1d32bf2b2e342381a7d98540faa

C:\Users\Admin\AppData\Local\Temp\IQQc.exe

MD5 6ca7635ab4d914405fec780e4aaf9a1e
SHA1 6ab142182ab2fcab7de76d6c5c216a7677e35aee
SHA256 178aec003cee30c12b5116d5db6acd0a45af51e9db28b86aa639f9afcbcc8695
SHA512 5773da045cc27194859f9d3f9b71477157016bae1feef0832225289414f90f90b6f50dad9ca52f4dc51b432d2cd78593ebfa779a6ee8359f4e396f1d3f06145b

C:\Users\Admin\AppData\Local\Temp\uAYYsMQs.bat

MD5 27c4d19b109064c69dd07ff48e6d2e21
SHA1 0ad217734b2fc59ce9bf4cc7725c4f3c4bb9544f
SHA256 aad51d426b68a493f7f23d4323871c5b4c2a7d727a7a5e746b5e1364690bc4dc
SHA512 129afbe147dfdb7b433d425bedf2d5e5d7ba9b743c354da7708ffb91dc7811783aa86f343f7b47ae1fd992408b665a9f2594ad574de0340e67372dc9597008d1

C:\Users\Admin\AppData\Local\Temp\wQMw.exe

MD5 ac6911025b55cc1c762ac4756af36bb2
SHA1 69dd7a1545bc1444c3a0f1fa3258d76620453ff4
SHA256 be7e5688c3149ff6f37325fc94268f84da3e6f40cc89c405e5eae725ee874440
SHA512 a664525420e4eb659438b324cf0490f85ff556aabf98d9e8d12902ea9c9eac7a4fed3629642f2cf88c6d5df818c0aff151ff1a832c5bace008ffae7024f86a0a

C:\Users\Admin\AppData\Local\Temp\aQUG.exe

MD5 5e7b73205558ed4a82353d85b68cd5d4
SHA1 79b5578d72dc7fe919db63e215b5bce104b8a62f
SHA256 7d0ad5686db0876f5ed46aae571a0e4be247e354a7b853530db6bdccedc370d1
SHA512 5122d3b95650c1d97d619f1dc11c4794d3984e7a50e7a3b3c07fc96caa55ca1efdb96f6f78a87bf8d36c429032f5a2187f8bfabe0c08168f2bfd1c86e05496a3

C:\Users\Admin\AppData\Local\Temp\AYMK.exe

MD5 fb0825106aa7bacdcb08e2c3d6a9e1b0
SHA1 9b7e2375bb2cd8c5a0dafbc2a1c1ace6cebbb2ac
SHA256 a561f2f991c53d4e02996f779a1c9e3fe6c595ccb3cec47a974bc2a700e1351d
SHA512 955ba9d4abf377022c2072c1871d026714af30d314a5b2444f89b2979b22857360d6358013cfeab7fcd73a34d4e6932aabc5bd2d4a199c72fecf0ae0bc4edc7a

C:\Users\Admin\AppData\Local\Temp\GAAW.exe

MD5 79dbe398f95dac6bf0e3dc2a4ea170ab
SHA1 978cd4ce7f4cbb340f4e0400cd320d6c9ddd294b
SHA256 cb4c1d31d629711a987d9e5382e5d6fee7cf026fc29fe7c26664de3aee892505
SHA512 67d2cc4856d0e1d35d6383bc8efbef7225b8c4391e6be1520bd0b4ec6fa08a6e3475ec59efb04f1c9571e4289ef16470b49e9488095318e0621a43f2d14edab8

C:\Users\Admin\AppData\Local\Temp\gEgO.exe

MD5 e0203629cd06892f0d71c90c75c2fa9e
SHA1 c4c9a7e1fb1216867e3dfa34edb33b34b39a1791
SHA256 ac5b3c3b39dd4970e687d22103da4ad7834f011c6365bef7df3500ea5e2b2de5
SHA512 93a2d2df80b38b08aef7efef7a2c9c37ead9f3bc2b0b20647e4be48c9079ce3c6a746667b20253f7974fabea2700fc60da7e54505c421afb5f8d0405247e7c1d

C:\Users\Admin\AppData\Local\Temp\OQoe.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\wuEMoUQc.bat

MD5 416b00fc5ca0d14c21e0bf65955463b1
SHA1 687aa5bf83c1f2f67074a33125c78b9f7bf6c822
SHA256 98aefaa36522162482c62d727192808fdf46a019672a96a5187828d2beb4c08d
SHA512 a0c708adf90d945f5d0fddfbdbc8d84d1b2d5e6e5b988fa53873744e41dfb0cc63d4a009572f84382860cd8780c1e0a2c455862c5298c14d6b89f611911f2735

C:\Users\Admin\AppData\Local\Temp\ScIw.exe

MD5 38741cf1e6025ebb05ead5d026a4458d
SHA1 84e74d739394ac887414aa3860189d9d7ec6b4f5
SHA256 8027bccfc4c0241548f61011ec33e2b44702853036bed5d7f355ca2d80db5e64
SHA512 ee5482f4aebcc40b5b1903527bdb2c3a7230a5067fd2fa36470af2f2a61a8333dd59d7cbb32a14e63734bf3fed355e0b972c64c06af362f6963a6e88b7c8f5bb

C:\Users\Admin\AppData\Local\Temp\QMES.exe

MD5 303a7fc7463e84c1360d2b168b2de280
SHA1 b6e534ef435e15e901a6222a4991994858521289
SHA256 16cfa2be5488e34823953c8e5140be278a81376d61b44eb76831f2967a5a2ce8
SHA512 0f67f970bf1b11e5ea39466e298c213b13d7e5a9d05a0491a40c01da706330f8201239c09347582d267759e6e125e83271f3cd567b200bf9b17ea712587e0260

C:\Users\Admin\AppData\Local\Temp\cgks.exe

MD5 dc53eafb9eb90e34a6f31e5fedee3526
SHA1 470d160a29ab63271c2ca4edb55e215810844e8f
SHA256 7ad09829b06aac3e27619139beb15d19382ca3c5aaadb28533aa127ed069c1af
SHA512 dc16dd29515c48bda4f56d406f95768080eb28544681bb4753d0098e75e2d61364f30e4361bd911b64e06d8e76c61371211f03c0b166d6714adf5bfd5dc7f4ea

C:\Users\Admin\AppData\Local\Temp\ekos.exe

MD5 e8a682fee0feb818b8445d6a21aa490b
SHA1 556f8d7dd1f54e4dc7a832e57e08c26e04952cd7
SHA256 b41e917fe650b551e692e9e81028f55504459038005efef50ac1828e19234dcb
SHA512 12cbf740d7fd44ed979adb093ee5eb7e4180c14b78f81c0220e75083bc57ca92235c9de50efc5c50899efe0625ecb2690111398a7a406f16ad2c581adef6e32c

C:\Users\Admin\AppData\Local\Temp\AwMw.ico

MD5 9752cb43ff0b699ee9946f7ec38a39fb
SHA1 af48ac2f23f319d86ad391f991bd6936f344f14f
SHA256 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636
SHA512 dc5cef3ae375361842c402766aaa2580e178f3faec936469d9fbe67d3533fc7fc03f85ace80c1a90ba15fda2b1b790d61b8e7bbf1319e840594589bf2ed75d92

C:\Users\Admin\AppData\Local\Temp\qIUW.exe

MD5 c172605ea8607f864ec8bac7dc27fb78
SHA1 7bac1751f2f56238c17c03071165eab7ccd4950c
SHA256 35a8312374344a14d013d9947cd5f2e088e50bac10da244c7c7c4b243b723ebd
SHA512 6a5932aadbe659de09a5a6a120105872ad3ce1de0f561d5f81abe3c4f28a45a9e3320e89e9fd19c47746457de4f86c4f15712a403ce92d0e6a18ad8028d0699c

C:\Users\Admin\AppData\Local\Temp\jIgkYoYs.bat

MD5 2574727fae51be47acab25fd9cf34ef1
SHA1 3b16646cf46e652cdc8ad5618f442f5c93f06be2
SHA256 5f21ce34efbb8239684aaacfb93d3fdf03f00028529fc063eb18955ccfd64456
SHA512 e790282c0f8e130b06c378dbc3a4341be13dd7d596af62155cc0f6fc5a92a5edca1fdfde68fabcd60e84fa96ec00bedee0bd1e7af6c71fcac3cd9e849f8afa05

C:\Users\Admin\AppData\Local\Temp\wowy.exe

MD5 555c44212adee7a9689a13c156aaa455
SHA1 5011e2ec18d81e5c409ddd80b7a9a5cbfa5bd9ea
SHA256 49559cf429532e852f600c0a87fab7d2d21a3217167bc206e3b359cf6b907f99
SHA512 affc48f45920955ce3f2fec4e560ca7af6496cc4f5c5675e87e46586c161541879c95f063323c2992051d7cf3ae010fdba91a5e9e3bc01c0293c6f5e4ac96557

C:\Users\Admin\AppData\Local\Temp\KosQ.exe

MD5 deb82e3239b09e3c3609df47c8b790bc
SHA1 6ea3c7070645bf9f54b142133decebfddf589492
SHA256 cb18b5391b925cb77f78c5673925a3911ca71a51be6b38cabdaf1e7ae05a1f9e
SHA512 7a4655b603c0758979e54e6c1a768a27180fa2278bd78cd7978c7e0b3141785dca80cbdfc7b081a93757b604f663da04d14a824bf1166068887c816fca48decb

C:\Users\Admin\AppData\Local\Temp\SkQs.exe

MD5 b60ec2347f55d8967a8935ed1cbfd678
SHA1 bb2a66df3aae74a176f551a79e99be181652b428
SHA256 c420764317695a3ce03b5382949511542e4ab18b2a03f98583ccf994c5b3cb82
SHA512 52c31bbf2312fe9cf63ba88eac2b9ac6fd43bec5442b09a8ccb1895674af9d01c88fbadbcfee4e7ecb029a2c28c61a77abd206afe9c7ec162ba1c61e6b33dcf9

C:\Users\Admin\AppData\Local\Temp\SAYM.exe

MD5 e169176a1fc6da7a0afbae869799c2fd
SHA1 2c4640952e4e90556df95e5befaa37db84c2c8b0
SHA256 589bce3aad0ae021c3e050cacd14b6a9ac5d41aff6a5cd3f04274821f215826d
SHA512 9b28819c77cf76c9121a97a62b088fa46d5655db2eda115855548cd3550197408e856b32d446d26e62b7f9853e48b6c518c625595afc08db4473787dab8b689a

C:\Users\Admin\AppData\Local\Temp\AAIi.exe

MD5 cc9cb704055c2bb1e388c77a96b1a42a
SHA1 7488913176f51f47fce63041115989c627b48ecf
SHA256 fbe06b848a07e3af41e0bd68dce0821240acb6e769910ef194f8abe5197592ee
SHA512 b7b295b91b4acb48d5492d7b1007c79916117671033f3dae77b363df282cc0860f04be4106bc7cb8f8ae2282cc4b6a521341bf318cd690dcac1c1ef0f4d442a9

C:\Users\Admin\AppData\Local\Temp\egos.exe

MD5 b6f289e7f069f7ac956f725002f2ca7b
SHA1 1dd18cc2925272bbaa208b95e793967e21435574
SHA256 357550b9050870e0cf12af6a14d326bbafdd83a83c6805e4f19978581a8a272d
SHA512 742005e71481579a6848f83ce7c6fd9794729b3239a3a64f3aff1659669b6b29412409e812be3fde046d21910022a86171784d17a9defe44abd55d7127bfd20d

C:\Users\Admin\AppData\Local\Temp\JosAgEUc.bat

MD5 c6b610064039969c27a036558192df76
SHA1 7fa8de4bdeafaf019269cf16a77e2b1a170bd862
SHA256 d9456109734ab4d069a8647c225870dd297abd8459267002cf00f50c5f7f4cdc
SHA512 250465e2c3fd9a055647c8cbc406da0fdcd3852a0d7287a9b5e23d45f669c8112da6b1d22fe360a9f59c6d6a8e2853c3354de04b0e90a6a20b30326ecfde7ccc

C:\Users\Admin\AppData\Local\Temp\SYoY.exe

MD5 32878193c208ed784b6661dbc55edd35
SHA1 f2d6d2cbab2b8da76553c3a89953294c11d3f2d8
SHA256 ff484cc969fd20a5993d3c05bc54305336c839acb47ba05586f479329a5580fc
SHA512 6b3f638b80a85ae75498871524c225fb67057e21c3eac4cffc8ccf3ce0533b1f6c2d0f7a85ae3721a3f7037c34fc0fd86ba70bb3029fea22f236b0b64a424597

C:\Users\Admin\AppData\Local\Temp\mYcw.exe

MD5 9be2677762ccfe175d9cc3f86a8cf54c
SHA1 6012dd040d7786959db4cfa3f143b87d421b7136
SHA256 463645b772251ddce1a8f4aa007b49092dff0ff2a4f55c187a805a8123c4cab0
SHA512 e2e02a6a18947a65d7c85a94c292011fda336e3983cf3709d2dd7885e418b3f4f53cbd3a9fc079dc7e5d976f77c81c6aa7d29b0713b740631f01971d8e9d9973

C:\Users\Admin\AppData\Local\Temp\uUcI.exe

MD5 6f8437fe9c7a15a59668572047bf3a2f
SHA1 778c6ac278832f4492a6365a28c9262e2d22d518
SHA256 0b18a50c4bcb223f76b66d16ee4ce8db5bb894f955b470887ae33defa5bbb826
SHA512 cef9597561af63a8b20018af3b8d2621e71290009cb4e4a85f360b9f9f335341612ebf67d535ef43db81af7ffb4ab29462f72cb8b8b6d3c6266e2b9562b073b2

C:\Users\Admin\AppData\Local\Temp\IEIE.exe

MD5 67361f8d9ec1eded31f4d10c3f1da940
SHA1 1873a5f7b1c1dadee0267adb549e189e8c5afd97
SHA256 5034c62b009a206d25402e435fb0fd5b31869d9a255db55f5635a3b6f1db8fcb
SHA512 2980b418ff4d17b4ecfeb03fc1eb23f22e2e8a941022704327fcfd553cbad788b431e9ad3cc75f29f2a9c7cfbbe896fc995fa88ad7ef3e328279e3df8f80ea3e

C:\Users\Admin\AppData\Local\Temp\TgMAcYYE.bat

MD5 cbad039a125ef1101924e37c8a5ca4b7
SHA1 e59c7171487bec7d0e25e3cf30986f49f452f6eb
SHA256 41c911c4e39152b0bc6e2b15a7f0ed86253544b8225707d5a83bb89241b6b62c
SHA512 22542d030db5c7c5e8d0ea28f5bcd642b82293730692e331956ea9c1adb7bf12a29d328cf8d59117b91124a7ef55816972c240a2bfa523d78ffc6ad3b8353c86

C:\Users\Admin\AppData\Local\Temp\usoA.exe

MD5 92a7d90635a974635693eed449550fab
SHA1 86ddda78e1996e5cfcf22065068874348bf43c8c
SHA256 4ad2b4900553daf3dfaa6056b78ddba257527c230fc46c57fa88b9a1f04f0f8b
SHA512 5db410d876c3e7799e9dcb7efc4f9f3bd112700e5b87d990fad64df9ffdd242064b57fc339400be8df9ec58ffcd9839df82ba4d5227ba8ac9f71b16608ba9288

C:\Users\Admin\AppData\Local\Temp\yQsq.exe

MD5 61409bcf90b0ad496c9d3f2581d6ef4a
SHA1 8d3c4bf4acf2a80ac2987d91410e945c7530e53f
SHA256 0acd2b3b755e36d401c72fa743c27eff55cbe27a43c099b043311b66eca16574
SHA512 1c0e005a9bcca1d97376170f4312cb14d8caea4f5d96b85d42a88c2170a57f2f19cfdffce60a5e1e76af8c8ac113883bb0a4ca136b794bae69323796ce42ea37

C:\Users\Admin\AppData\Local\Temp\YMIA.exe

MD5 bf8a44060cd74c3b0b1809e1becd6dcb
SHA1 b52f26287a861582f2695e8014e4ca9ec2f06488
SHA256 8c81882fcc5224c52708f443642ca6cdd25adb8cd6da11e95c65365983e34e2d
SHA512 deda0385bc04f382f44375964c0463fe4b78d4dbbead5483a65afb0b14f9fabb91d1b806e79455e255b803ac4a751cba9dae39d1b488e44af3f9707d099d166e

C:\Users\Admin\AppData\Local\Temp\mYws.exe

MD5 91652acc1c383c2e13385e2609c878db
SHA1 414f5880bb2901a84d372701eface5bf68df53dd
SHA256 4b76de926f22bc19fb5056ef098273e07eff799968e77b81f154522018297902
SHA512 726747f19b25d0104b18794e6ca626aff7d7253e3b181944ce7e62b0969c862e61e72bf3c2211c23bb306ce36ac09f02b5ee2d6631717622918f2ab19d2a5c6c

C:\Users\Admin\AppData\Local\Temp\tsMokoYw.bat

MD5 e680a5c33359d8c8672b495c6e4665ed
SHA1 309880c4c7484e4ac981cb8a267ae98450c8efea
SHA256 9c42e5ee9e0ee78782dd25354e7dfa3e8c668f7db32257e22a926ba2c87c19cf
SHA512 19a32e715fc4a5cff414d177a52a94b3ef55f481651726b345978270ba6fc24867daec07768d1ae999716f5b54d3236a7918dc9dfc3b7bd6e457f831fc979d7a

C:\Users\Admin\AppData\Local\Temp\GUkq.exe

MD5 f3c08e5fa4c92b4161abe9b62fe95d3e
SHA1 d5761452924a15e443502223871744a4f83ebe89
SHA256 21c92c6f875f30caa8c045f0c9f360d755f4ecf10ddb2660a0fe2cc2c7bec883
SHA512 c29f6e65caefa83a4b970e288b475db1f1ef7ad188404fba2a26326b1eec8b60ae61248ea57029dc77c0dbf23f360deadf7dd94b7d3cf41354c5c3381e0c8a8f

C:\Users\Admin\AppData\Local\Temp\oYIO.exe

MD5 95eeb97bc7b5e133ff0056e22784b67a
SHA1 e4cd2f8b24c27fe05eb28c0e2d96be5c77c92a6f
SHA256 4d86bdfc7101ea091a5ed62b7d55ea0f962b7f9f449bf95fd973379442eee683
SHA512 0fc339009556816f66264a5b99a670057d41249cc78308f77f90d7a911e0fc3f6fd5c04aa49a9e7bd7e44331100da96bfa6d7aaf5f59ac9437e6a3e5a024a118

C:\Users\Admin\AppData\Local\Temp\MAEC.exe

MD5 d097a02b4397d17f8220a47e0d3e5fef
SHA1 c0060a505e6bce7313a6d94e4ad48d3d16f514d4
SHA256 9070fb2aa3b8bbf9832d0de9e5c3812a62f59a17a24680986ff28deae3d4f706
SHA512 7c55cd4a8abeb6727d812c8b0e51174c5e33006d173f3dc3a7bddc191c479b4644090a65a1430f333b1d528212aceebaddf9862295109517d599a35e9d0cf0e6

C:\Users\Admin\AppData\Local\Temp\mgEE.exe

MD5 2050290ec8c9bdcb9f4857b870eff67a
SHA1 2d1f31f3fba6eb8c735fde89f371865ee2f0642e
SHA256 9377ce2fbf03fd493afaa9a98de42fa8dce73ac3981bf2116d0b3d5494f65b82
SHA512 ab793278e1bdcd0d8cd53fffef9e94e02383a167bf39d688e96823dc7d27f194b08ed6983a759d731dab89af6acfd2a9c58aedfacef6923017c92ef526f9814e

C:\Users\Admin\AppData\Local\Temp\WEYsYYwo.bat

MD5 7c84d97416b3a6f81888860e2ed36b29
SHA1 d00e6573cc562e8bd82626116b58205e506a4dc6
SHA256 9e5eb9747a3f9f4fd13ad4e0b07a2c9211d92aeb0827b63da989886582eefd32
SHA512 8247330ee070dd445b8f85644683f78ece642d968c599c991d3c0a2bac92fe8db744b08aba682ccae2c184743ac1a55f843aaaf30634ecbeb732901d34b8a249

C:\Users\Admin\AppData\Local\Temp\OAgY.exe

MD5 abe522b1ae1ebf2ab0f71ff93401aecb
SHA1 40d5a33662693466190b00669ea558cd7adcecf5
SHA256 e51399e809799f3091acae5e4f1b09d32c30e31ef4a7116a1dfb14d74c1e2dfa
SHA512 03ff0ed182d86d7ccd4bb0891780aa8daa5f0cf538fe3d6117b35b8e97ad133ef51d1f1a0a874b3ae2a50ee3280f72745a1a3030185e0bdda7565923bb3a0e36

C:\Users\Admin\AppData\Local\Temp\EIoE.exe

MD5 43138911714a08eaeebc84eaca892ddd
SHA1 92a5dc1bd977f52b61418e2341e67d024b6467ca
SHA256 d09b7a4913b2c5660d52b624ca9d990de2673929286a821b61d6bd14c9bb9c1c
SHA512 7300f775b7ffa6122e747b885781da42ef95b7f42e124f62440b3876e09f28f30eb26264461d993cf972c25385fe8a850829f839a1298bf1fb2a5dda3801c5cc

C:\Users\Admin\AppData\Local\Temp\AYos.exe

MD5 29c521b523c705473acadb0a373789c0
SHA1 c065b71d4c45602dff032cf7ad2805ab26687ddf
SHA256 1e4a9dea4f4eda82251f400d85745480f11c340dc3b6f00dffcb7bd953390ee5
SHA512 66bb1450dbc82e9793dcb46ea48bab88ff65522030226cc8d5628a97069d95a8c5ea992db56657687a3b20d50e1fd31b6c6ed75fc1ed75dc22c141475a507f0a

C:\Users\Admin\AppData\Local\Temp\gEYK.exe

MD5 3f53c05da4d145cdb8ebfda907a21207
SHA1 b9dc246d569ae16a9938c3a33f22d8eca6a95de6
SHA256 1199d101eef9ed2f7bd22a5c9a23777c3edbe239ca01dd76c73a29f0ba962d95
SHA512 fcd49a388f4a9336d4e6bfd65eac594b06e7eb337ce3f07c46588a72756063ba2832ef3b586739b5d9f58e0dac125b5c9619578336a686a0384ebc24c07c181e

C:\Users\Admin\AppData\Local\Temp\QQoQckoc.bat

MD5 ad220bce338f620dec91526555a1e358
SHA1 2fa9b30e24ee8a789f0af066e232fc6848dfc17d
SHA256 8a0374aee7f646ee7e907537687b7216a12f5c41b27d82fc1fb38022d0b1ad92
SHA512 49fa29abd188a769a0d9ff3465c93e05619849db48c0e0eda3b43d4a4e37545b87f0984b843742086283b8de2e93b7a3090313f4a79ceb889be1246198077aa0

C:\Users\Admin\AppData\Local\Temp\AMsc.exe

MD5 1ee40520c6fc777df0f88eb964f72d50
SHA1 bef9ca21722f987bb1f22b5d2e4053969ea4f42a
SHA256 ebe4a43e71ec7fab5e3309b90c3a92246cee80b868c6500f1fcc9221304eb9c1
SHA512 8afc35ac1733e2f57e1e3120fd9285af0b5f400ab57ae8ab100954ea9362ddaed628675a29430e8b2ebb678e77335f5342de7288c67c671ee1fbab6ec7afcc30

C:\Users\Admin\AppData\Local\Temp\oMcU.exe

MD5 1614d0aaa7a65dd164905e46a9a5c5c2
SHA1 0d70087118a71c982c987bfab423c997d08c9998
SHA256 ac02a088cdce119b1c1467455f2f8f6cb29da81476cd905e6ab402b265b4748c
SHA512 82fbef4c3f77ac610327c106543996b80d6016c629a7f83786d611e89b417feed8df50360527235c5a7f7cd52554c1de2981d2b7cadf12e6891003501d23b832

C:\Users\Admin\AppData\Local\Temp\CIUy.exe

MD5 903e4044de820933e8474de397e58433
SHA1 6d952a3d55df576114e817dbbbca2403b98492f5
SHA256 139cbcee5d9620996067cba51e28bd156d173a5a66c52ce7dbf4319b39030b8d
SHA512 53761676dec099a2cd79fc732c9119edede9d31c7e2a5c2ff57291e6986b5694338e19877ea0b7db13bd4ee7dd79434d3316e399ff7f37de24d0a805c516354e

C:\Users\Admin\AppData\Local\Temp\KwMa.exe

MD5 2347952152235ce5c0c45eed6ac831e1
SHA1 f4387644d8fa8dc32f5e2cb19566220a392a7931
SHA256 4e0e2c1f6303c0e177b38b8129f3ddc07147df688fbe76a031035f0f1c489fc6
SHA512 3e36ecb3609c202ab606e492a0e5ef4a1b2995c9f6f8846073ae850c87c36e09bc167e62d4b2e43c35f9aaf0a982546a9746983116ce43e6a301e756e3eb588a

C:\Users\Admin\AppData\Local\Temp\GggoMIME.bat

MD5 22f3a9d0bea48ae0b17d78ea64d15ced
SHA1 6808bf3d6304cf0b5c25ce540e2430a0ff0d80af
SHA256 b39fdc7d8b17be89646a8d986fa3e064effbbcd06b251c9f4c3368be4b2a406f
SHA512 e8fc261c379c412f2284c4422a4135ff8b013dfa257db4de2dcc86ead891b3c908c6fcc7c1e1421ffb22657cc9720c6bb1315fc777869fe790db2725c8859476

C:\Users\Admin\AppData\Local\Temp\QIQC.exe

MD5 3d539b4b76f93a02dffec023e93bdfbc
SHA1 881ec6674c5b659105d69932b138f3b33e6f57bc
SHA256 2889c265e0ccaf422405fbc0d04da487d0dcd3f03a1a269c9d858bf9e614c5e9
SHA512 1e99dfb41492445fd942d4a5203f1e88b54eec6a3b0e1759ee1eced51766a2d196bcea0c70404a9d4a507d354899a8cfea9ec4a5cafcfd24f586c4a9d311abc5

C:\Users\Admin\AppData\Local\Temp\IEsY.exe

MD5 4ec16087c7c6076da844b8587af36125
SHA1 4b5c94cf137271b0b0aa7d2c56797dd4eb76525b
SHA256 b20c6d63d68f4e9035ae1578898269ca105878ed40691727578e08698a4e61bf
SHA512 a8624326196782f75e77092c035bb088e538cae538c860f8255d3983b539f96a62eb7b57c8a58c6a976e56b56bf9f1344453d1e05798ddddd5caf8636c5f7432

C:\Users\Admin\AppData\Local\Temp\GaoAkEYA.bat

MD5 b33d3a0c1497439e2015b6c4103c4dc0
SHA1 a972fee514519e9de23caf40b379159737b78e91
SHA256 3a6cb422acd17dce5b430158bee91fad91b3b495dc91b8393aee1f694b314ba7
SHA512 c2c862442af164b58654be3bb3aec92262318c9db780db01d5024c0931545681c07ac2384c66f229f6b89ee82f3b6ec2c6ada23b156ae1cfae0ec96cfbd982fe

C:\Users\Admin\AppData\Local\Temp\CIII.exe

MD5 d1c39f3f8c6444f68859c534cc6b9102
SHA1 363e3c470faaa39b70dcd0f64af11d31faea8f0e
SHA256 bddd4743b0a93e662d50ffaf5f58b720d40ab2175e90c5e805f3e3b4af9000d0
SHA512 d9c43aa4cd54d0ef8ea53a34ee6aaf067d80b26cacbbec2439abb97c6bca7a47b71b7a7bb65255f8f627e8ba7ab6a111bb2e283716b0c7138ba6f9ba6c3772c1

C:\Users\Admin\AppData\Local\Temp\mUQo.exe

MD5 3ee91a1ffcd698ee689f0eff6609b823
SHA1 5a29a573803fcafcdaf4dad376447628ace747d1
SHA256 99ce8d855f4f1f52d0987c6002860f8545f14df79c48b2be9a6fb84e419833bf
SHA512 85d10dff15b93ac09846ac71200f70322a76c87ed0be2c7e161bbf174ed351e2d9da56fb984cf264e0f1ef0144adb3f209c1950b68c9b5f3fb6a71980c5834fb

C:\Users\Admin\AppData\Local\Temp\OAkK.exe

MD5 51263aa5b8c99c2df662ec56fe006498
SHA1 f434fe0b094cc230d65e2fb48064d75d6ac4b23f
SHA256 56f60deba5620f7e827171f2561e0fa0e68d75634e6a9f1e224aeb30a0ce81a8
SHA512 8484fd2981bda949e0859fee04d2ffee91c4ee2cfe85fd8eb3386d89d632446b6ad278858c9a73cb5716095d2494b80e3fd3f931a711b967e81ab344628935ba

C:\Users\Admin\AppData\Local\Temp\oIMu.exe

MD5 e2c72ea02bbc5ea35d827b0e9968dde8
SHA1 cb702c4f8044b615c4c8e4861ddcfd64ec0a667b
SHA256 368af6828cd7a26148a2e60f8fac534ab2406a060459feb3a283e3cdfcf13645
SHA512 1ddd3b37746bee9f14ab781995c53c2b86d08cdf4ee5590df55e454a471af7f459503dc2e033702f26867c7543a481d9e2a7e385dad063b970120b9ba0cc4da4

C:\Users\Admin\AppData\Local\Temp\BSMoIEAs.bat

MD5 7ccbbc224487ced23df6846ed531b230
SHA1 bd4df6a832092199ab2ba4d37c83d75c38705240
SHA256 e5bd8c4ba4cf6e346dd129dc23ead357c5916de8d3198d87154d1e6b5204eafc
SHA512 b6bbd052e577a05bae5fa4f76ab1b96d7ac9bf45ddfa362da0bc13923660d75c481dce27c59f6b65d3448aecd7951f5b749bb66c70dcb342239cd3da007e51ae

C:\Users\Admin\AppData\Local\Temp\Ekgi.exe

MD5 c5b1d07d77c0d749fb7eee4d87acb66f
SHA1 c378818f4d080c502b081522d85ed4b6d52745af
SHA256 cf8b337d62a54909cf6514e2b7e6371c71052b385c25b22ea7cdd52fa30c166a
SHA512 43a3eb3561a047071e8adb80a2f51d7044e4301e77305230d9d29c5ab47ea5f6c2046e91ba319a0acbb94b48e27f587bd678cf2e8c9c0bef1d09dca9713515b9

C:\Users\Admin\AppData\Local\Temp\KEEE.exe

MD5 6bd4087bb4e021beab2df929659474c4
SHA1 f93524d0f78774d167749f55fa8bb433c26ff1b4
SHA256 cc347a1824287cc55628b683935df6bbc9ace4318e146986dfa0e8e8602a36c1
SHA512 849154ec2be208e82f24d559c2037528161fbfd31776ab2ab97d663a390001ada8f50077f6e3c26f2a31b912600b9bca074124752c05281f3b845a42151175e5

C:\Users\Admin\AppData\Local\Temp\SIEw.exe

MD5 73b15117a8fc173036478651efe745ba
SHA1 69dcd9812f520b20751e93aa7ef5d7581964817e
SHA256 4dbd03cb207eeb540a3bfbb44a98927069291b5c08e1bff445380f20c77e9c79
SHA512 33bbcee73b4e5276e70c838cc52482079e7776c6a1b55f92e3c847fa26c2fe93ae49db3b5f1f3b65f41c87610ddd99bd1a14cf070faaef6d25877e47755169ae

C:\Users\Admin\AppData\Local\Temp\PGsEgsYQ.bat

MD5 500ace26e88599e4a9463e6ccfa37ef2
SHA1 13ee75ebab436912752b8838f24cd29b93689340
SHA256 c34c6829720655e9e7a048964a7b810540d68a734a6127418a3467d285ea9e39
SHA512 28b77b0e0eab4dde568e8f97482505e2be412d1f73b2356c86c2db8d694429d78038d41601c03f3616b2232b3630516f1a193e15b6aaa7688b109239427574f3

C:\Users\Admin\AppData\Local\Temp\isUK.exe

MD5 ee87ec100984c7c9c27863bd7240eade
SHA1 002d2036c964ebe2900a73d6eac2890d236e37a7
SHA256 39f163e2c3fb18f9deb71a6d25307de62de853c04085a424baa6d23b7d2450ed
SHA512 640d50d173bb798ae4ea2573bcf56a8de5d88834e4dd41062b54eb5d24653670e92de8d78e3e3ce5fe870248649fecce810ea35ba5d6316179b69c6b27638b6c

C:\Users\Admin\AppData\Local\Temp\wAos.exe

MD5 4d356381a77b2b20328a2802982d2cb0
SHA1 3223f2d007e946787473891ba502ba8fbc7041d2
SHA256 f83bdbdd2a2f1e6f8b3fbb512af05f8a7a7fff93ee275772e54256e9558c0dc5
SHA512 2e63e95208f85b2084efe0552c2a1baa9d9a66e14cf11703e93944dd7935ab9d3c7d8b3db213c8463c10b5674329893566eab86550f17c1460b0fc4df63ccf33

C:\Users\Admin\AppData\Local\Temp\XqkckUwk.bat

MD5 21d4a95e0d4b2cc574ce5d285dda6f17
SHA1 4d98d23bad716125eab71aa5990089e963075dd0
SHA256 f9edf7b93636f24039d21dbf1d5954038e2977a6994499701b22f154ba15e0e7
SHA512 600d830f1207e5f8653ed394160f3d1aef8ae2f8651590eb5379ef263b751ea7c0dcdc3a56f6a5b368e39c81e8c6012fb9a371963322e8de1edb2942c213cd6f

C:\Users\Admin\AppData\Local\Temp\ecEO.exe

MD5 aa130433c1fb8146f02d16d4aaad3557
SHA1 c3e498bd586a6a42ea524b6463e018794427b462
SHA256 c3166993054122e6607ca5fa4952554fc64f5767910e857ef5e36589b5cb8fe3
SHA512 d953c70a078ea96526e8cc23ba38615c6acccd0d7da0ab41b489ce0818f3fcb43c9ef2cbceeceb89304c11aa007a8801f5962e6194953063435ba450410330d2

C:\Users\Admin\AppData\Local\Temp\gIcG.exe

MD5 f4be699e492031d187d6a9894b88cefd
SHA1 a0fd86176c5af8bb98653303df3b6e36fc724601
SHA256 6de01709590d6b881b61baa1f43eb4b439b6ce5b1ee97f259e39b6ab127cecd0
SHA512 e4c77631f100bc2fc470e1cce9ef3e0c9e10bc88bdf311bff81cc4c8de2cb7405579b08d41c10c7a95ba18497ce0b769583ad04014176c35a6e8f6cbfa30edb7

C:\Users\Admin\AppData\Local\Temp\EAEO.exe

MD5 cb05017ebde3bb20b3bb40d22c427da4
SHA1 55c284a7a678991b6daefe5cbebaafd5a41ac76f
SHA256 335be4bc130c5a6ee97d818bfd9d11879a28c9f0a734a6ff965ab1cc172121a6
SHA512 fd89f93f603b192c29f4b62940eaad7b208243dccdb474c36ad817b765b5f1be3a9042fd4c0ce9e82b653683c9c8f5a8b8c49d19e34032d08d97892b69241b65

C:\Users\Admin\AppData\Local\Temp\sMIs.exe

MD5 04c972c3e3d7cba1f55347a5da4161c5
SHA1 62ed929a664da7dfdc8351e686cbe21e2b85c063
SHA256 6acca4bf057546a1cfa07a243d3c6bea5584b54f691f1f7291ed7f5b947ea054
SHA512 6fdf7f8b52e56713c5663a935949b942f43af2a53033ba6012da4ee5d2226f8d231b673254fa0dff0b66bf0a50c88c7aec92c11e2cd2eda5ead183c3d1fb7212

C:\Users\Admin\AppData\Local\Temp\lyAgYsIk.bat

MD5 51c3b20cea4e192c67fc1dc2cb13fe89
SHA1 1a79941b7115d50706ac966d2b97a09de474cf5c
SHA256 9a3f43311a106816d368095db760356b33a5f915a2c4cbefb33425022618f21e
SHA512 10239e357156c20453f10f2a6da8c569765309c921dd56290f9c504e47b1064749bebef72e3070ec606f964cecef55bc9446be6ef3423755b0331084baa81bc9

C:\Users\Admin\AppData\Local\Temp\qMkw.exe

MD5 21720686503a98f6b3e4bd86177a7b04
SHA1 f0bf89a1c8d470446584bd14f0074e71b365d518
SHA256 c74fe2e2a710e8b3e9392a6a5aefa9e99286756f571b6f599559ce1a7b7e9e12
SHA512 24ba619c7c8bfa6b0c0b1c4f665bde9a83293c1f62ee62ca6aa9e6d4ad096482d2b418ebb5e98a4a9dc991c0567c8bafc6e328459eced3251a306d22db5e9bcd

C:\Users\Admin\AppData\Local\Temp\MkcK.exe

MD5 959cfa7bb4b6e2686f64b4e3ada0bfc6
SHA1 c4a8368e92ef6ee743090dde15c077a4461d56a2
SHA256 f80ee988fb5008a16d9644bb0aaa58df36bab11d82a8d9348e4572edbe71dfbf
SHA512 90d8188466843c54c4442d4c51601053dd0aa0855660f04ef8381812866f447358ba1807ac8c9d378cb6af7f6a99bc66aa85f151c600b6171b565ee0f9f13adc

C:\Users\Admin\AppData\Local\Temp\mAMS.exe

MD5 38f1ce4c4b31738b26f77818457c14fe
SHA1 bea04b6ca740a302e8da2882b55707d0f76da731
SHA256 7b2cae753cc08eaf6e6d00b3f5b9f0815d0f357a226693a0530ad787c3782c8f
SHA512 8fd9b7fbcbf2f8e9e424d9cc921c032ca94d61e0cfb1f70ef66eee1d94decc524ba923e27bf401ff5254e522fed8fee429c9cd830a77ce9f7a76e5ec3546ab6c

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe

MD5 8ced999421d6d7380e6c95071551c529
SHA1 1d3cf065ed782c37f66d7af04051dcb4181800f3
SHA256 b3825ebb01b21dd4396b0f94a9e0d8f6f5ded3a0e210c7feb4660f3f2a84dc02
SHA512 12605d8df27f6af8e8f013ad9a75bb3c51c07b154e3eb6720ef3d580fab81c7a15755f7a75b422a283582d64eead127599d0983e1a38f19f4e5a3bb6cd75acb1

C:\Users\Admin\AppData\Local\Temp\PsgIUYso.bat

MD5 78a96c1da8e6f8e49fd99232066b36f1
SHA1 830b908c56763f7ec2f27f2cce3cd1b4717a6e66
SHA256 dff8dd9e2c6fb50bad611c600b046bc77dd0306530c3e39b22cc49a27548b93b
SHA512 b22ba3d0b32f178ea9b97440c1b020b39e0b73ad3bd01ffbe6e75ceadd3175ac0fa6b81aecc147607f5f5ba1d56a1d1c3fb839461bf625c651915b05e7f8ed2c

C:\Users\Admin\AppData\Local\Temp\cOMwUAEw.bat

MD5 09aed638dcf61da5507eba56d8d713b5
SHA1 7b4bbbc0277b618c850a649eb715c47aaf00cef3
SHA256 fd874aefc38371999f0efe32c56d7a5336315c5f99807ca39c1ea9a90e79c8bf
SHA512 6401083bb5a85c3bbdfbceab6ee82d95c63539b1b1c800a13d2247270f172bf8be97b4012410262427ed4a485c6c256347271c32fc1ee23c5eab5d1df6258c46

C:\Users\Admin\AppData\Local\Temp\KMUC.exe

MD5 771d01bc20a6473965f0a691aed09bd3
SHA1 1c7f2d7c0650790f671bb5ad10177e9cd347f1ae
SHA256 aac05ee3fb21cbf0d2b67a543b0c562d4f5fb2cdac1cf2073b5e4ba1d3da804c
SHA512 700e36a9ebc2ca49268bf372aad7fcfe8998d58f131401db3ad2992bcf1235c03d1528dcc37432d72d965f13c42747d850025df87ebe8c17b461182bb383ba7b

C:\Users\Admin\AppData\Local\Temp\SMok.exe

MD5 71ee518c140eaa2cc8cf1ad0f2144672
SHA1 972d75c7b0fcc52d6539c8dd8f35b94156893902
SHA256 68b5fca17ef0ab7ba50fa12e1175e6b15cdb04101a160c7ed8e35a5a52089c90
SHA512 845e0edce170203eb0a9b1959e172c67785ddbaa7089f78829735517b0362255f0ded63104a9516226f2903c812180686ad4d79a6fb0b355ab70696272bc2f62

C:\Users\Admin\AppData\Local\Temp\WAQIUQwk.bat

MD5 b97602eb03abd3f5920ea80ec9af85a7
SHA1 145c689b820c14c0b2f877efc849e5ed14b736f8
SHA256 b479023de55f64c00a083fb108d3e5e26d0f98ee752196e13f17188494eadc1f
SHA512 b13e0ab39b96b35de06d0cc7c687b704067264c0cd163d23a0ef6649d0ab486c252df5bb36575b48d8030e083f448820c0673b030225b1f5dbf087fff890d3cc

C:\Users\Admin\AppData\Local\Temp\WEMm.exe

MD5 9f66ffdda53aa8c5d7e69990c00c8ea0
SHA1 d112b0dfa976eeb70834a7100b59035caa9f8be7
SHA256 37156939cc368b1f4efd86ed747ffd119a3209a92552e6f78a4a4b79a7d3d59e
SHA512 7b84b6ceff63b3f591368f5711345112fbf8a3d44688d9a7093c700ecc298c9bafc02648522d6265ad848259031fc5436bfc84c57bd76d937218419f0299de4a

C:\Users\Admin\AppData\Local\Temp\eoUQswgk.bat

MD5 2a5cb862f3528199d5c5dbea43d92392
SHA1 294cf4510d372bc5cff79f826bc9ddbb70082351
SHA256 13221de8b32f02b94cb2bbc9a22688fe2d6fc8d7975c3caa26c8441f314d96ec
SHA512 940e678eaaf5c28129740292ea6576fd7f8e62ce43bffd534bf476cc7be9961945c7241e15af415abd42731e61c3e593aefb58415c87bebd11e80eff41a960ca

C:\Users\Admin\AppData\Local\Temp\YQUE.exe

MD5 c9eaaa87d075c8707f46bf590a0324e1
SHA1 011c1fb026436caa45abfbde50ff3d9d5e9e5a96
SHA256 8ed62effa839cd109f594a7d010c9b35c990c58b244bae8dcd037af27d2a8108
SHA512 18d84eeaa1a2740e1bd1c540e4616729ee085e1969c3348d98fd1db31acc26d0f013b089267b06a84d2f2ca132e89d999f24feb0ba9c0ba08fb813367a2c2d7b

C:\Users\Admin\AppData\Local\Temp\EMAe.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\qAkO.exe

MD5 edfd2eff0968b1e59525b5b9fb4fff38
SHA1 adb060287d94779b61ed3cf4b8fbfbc07c83ea09
SHA256 116b4f6f752e7e3c30b0670f448bb83aaa786e3b50ef0bd343f2a342d43e8d39
SHA512 56686423b9f46b8d7b3a6e541b077445a5b2b3deee2f14f671177f7babdccb17695e2182233488105f811760ad0d69de0a6cdda33dc07a9496d8c8c5934fbf88

C:\Users\Admin\AppData\Local\Temp\sqYowQUk.bat

MD5 613ea6f621b1fb908338d3a1503aea75
SHA1 1b5c26fd81a8c17aeab1b40dae675720a4abde02
SHA256 ff0804c35899a7133d072be07d8e6e5b79d05537d993572df376f9d61e695fe9
SHA512 ff24860d40b1b0a697a641c1552f1e40ab396ea1c0c53c55aea854096fafc056a26e0403935758cb5616801f2eeffe7f6b1e84d8c16c967390d8803e6968908c

C:\Users\Admin\AppData\Local\Temp\cQYk.exe

MD5 f70ebb547aeb1c059dc04e492c320099
SHA1 78dce688e5f122cecdc7060cb9cc057b11bcccd4
SHA256 02cf20cf96003d627c548a952bb7655bf4cae9de63e7e62e973f3d6795a62775
SHA512 e5723b6e203849e5a9ed9736770caa316ec196ef6163583393ae51bd0e171e4d978c2d9c98da1f3a86de63c7cdcbf9b015c718def3ba553421c12f56d1dc7e6b

C:\Users\Admin\AppData\Local\Temp\koIC.exe

MD5 07e56744de2457e3aa63919a3848579d
SHA1 697ccd5e7a44132f72a18eb5b5f0bdafaa4fa682
SHA256 6e5d1a2ce74a54ab699903634141929769e50b61c5b19c95e8e9c01113a3698c
SHA512 d8d8aab69018af5e0f90da09e74868ed79019cfc6c7d9cfdda543b4803a2cf3e7091d54cdf66a74b573f43d8ef3e7fe87fb398138299ca72cb3262ff8a061368

C:\Users\Admin\AppData\Local\Temp\SYgk.exe

MD5 0afa25b5b31eb371f28e5093b46e1c68
SHA1 66a7219c050aa95c2a8cd76b96059f57563836da
SHA256 ffeea3d6a0e7d849b2fa2c78673763bbb3d5a1a10d7446d5792dfdc6a6c606f6
SHA512 44b9c309d2b8613fc325604339a74978ef57f38d80117bc3bedcec3113109599484a2d462a219df015733fe093b385351fc63787a8a000462e1f79ff1ee3394c

C:\Users\Admin\AppData\Local\Temp\yoMM.exe

MD5 dbb9114159dddd43b9e44a5d9d3f3b07
SHA1 884f4d0bab4bb8e07e48c2b4832c6c1295158c4c
SHA256 0aac6c4be968c7a1ec52ccdb096c5274b1e2de19be2c9f4109385926546db0d2
SHA512 a35a05820ee256b195e53be775be0cd397c03daefe025dc0b48bf56f32649c989650ff9ab72126e03e0099f9b3598f5223afb4e51b0327eea3034d3e0e8f5d4c

C:\Users\Admin\AppData\Local\Temp\AMsS.exe

MD5 a6a9a6613a256f1322eec1dbf2dc2b8f
SHA1 430a6ff8ef33a3299d2c28a42f60c87abb2020a7
SHA256 8a86d4e6979974106a6cf17f5a01c04576bf404ae1ce603e3ed659dca53709c5
SHA512 75e74e215dbfb80ddac77bddffdd24f6c30eee2a983984aecabcaa8d945319b084cc60bcc328019a0cb9e36d9fdaf9200c0117ad2292a2980a72f03020997704

C:\Users\Admin\AppData\Local\Temp\fmoUkIEw.bat

MD5 d3ceaa71b94be731dcaf174aa714c635
SHA1 2104b2d8880b5500f01d990ef2c3f68775706252
SHA256 9749f38a634241de6d5c484193db9dbda404d9a900eb4a2fe16f1ece0ebfb85d
SHA512 d39cb6ce109e3d893191dd6744b8fc10a329ceb09f39fce14ba93d58354c30f9cfc40ce3c9d2e669660a3a8669ce705314e7da07742d48b7f9e48a23cdb0f34e

C:\Users\Admin\AppData\Local\Temp\XEkYYUMQ.bat

MD5 7d66afbc7c7c5bfd03c35dac88ea641d
SHA1 37259c8bd5663a89f0f9c95bbae78d55f92d69d3
SHA256 7eb23a4d0ad01fc68fd20fd125c67216db21af4600067bccd9fc17778418085d
SHA512 9356ef78f64311eb10024cafe1f8e2fabecbf1496b40049786c8b85e170fa27484da8d44f0c754b90b6c9c13c54de7107bad1551c92402d3b8e4c13328e35e49

C:\Users\Admin\AppData\Local\Temp\haUMkwsk.bat

MD5 bbf75777b58845507df4bd737199a0d8
SHA1 ca4614619aff19503c978152219a9f3b828b0558
SHA256 913e140027eece430f08b869073d68ae5e591bf444042bb912d6c15d0a5c8207
SHA512 975cfe81073c5924daa033eb515ed96e0c9729e1ad5b64edbaed440d298742a5746744b3ec102a236c74c37e2b2c61a3cc3db361166db9b448d0e8a7ad1a25ea

C:\Users\Admin\AppData\Local\Temp\lQwYAwog.bat

MD5 166b1b547e63ddf6ef7052ff700895c2
SHA1 3c1a98bc57c010a45d4c9466203f242448b36567
SHA256 7cab7b351b2e7648d179fa68b90ecaecd4f581e346bb228e1776c689ccb47445
SHA512 cd1b848d2547a3a225346923d429b6c0b2e2620861ada676b696ade0acc0277e6faecaf093952ecc624a2b9b9b33ae647e2a9c21135c2472c33a655066b5dd9c

C:\Users\Admin\AppData\Local\Temp\cEoMwcAI.bat

MD5 2ea10d3eca11578ed9417ed3ef486432
SHA1 93e95cfca6b4a131aab2f7c6f56eaa23ab096134
SHA256 8a31ff10f3042533bf63de3a495a84752bb0f21250ae2deb7b14bc966436538d
SHA512 3dac121286d2be734cc9005755661ecdf6df12fad3057cf9ea219ecfec02891ddf3c7e0b5c0275983db0d49262cc9fc1cbfad94bbad106a65c3b8bd82e40b249

C:\Users\Admin\AppData\Local\Temp\siwUUkQQ.bat

MD5 f09b17a783f487de9280fd6c8c3c0def
SHA1 d46da699d0d4eb7ea0ab5be3bcd46bbe555b0600
SHA256 b41fc0a19408a54ae054d2bc4d202505c99232b390c4bc7cc0120a57a6a9668d
SHA512 620d2b8cf24cf37721878220bf0559c4e8327073222a4c9146c0d8e1293efc3e2527a0ebe58a0451e2634da5132acaa9fd241e37c1b7783fa9fe0bd1f020a865

C:\Users\Admin\AppData\Local\Temp\SyYgoYkk.bat

MD5 ef4fcc6923fb71e771443d1fd72b9d4a
SHA1 e41b5c3b94a636ae9fc39ca00ef9a9ec92b4e43d
SHA256 065e1937ff852c78f7b5c601f96e61a83be4bec4fbf398b7ed795e8720f8278f
SHA512 71b1ff58582f493151e768b06b8f13f3e8800b702ee3974b5e7066f57af2c2db6d2a36799f3eb9628ba81ddaa72f20dc26f123eda5bb0ecbf5a4199766c84bfd

C:\Users\Admin\AppData\Local\Temp\WkwMcYIk.bat

MD5 bf5308710a30ca50171b4eb1d066e6d8
SHA1 d11f9afdbef0d003b06dc813f83ad93dd6d788fa
SHA256 2d58b14dd5c3655b143b2409a4c5c49582304fb7f52f280a49a04e3d5b5d6a98
SHA512 75ffb5d4c321d369c414f1ee579ed2832bfa24d3e81aea13be826689ee20660c8085e8b40027e33a13b27215d938f5f70717292017cab313757ec964f0a76802

C:\Users\Admin\AppData\Local\Temp\jYAwMQIg.bat

MD5 9314ddb5e5b323dc598fb4f285145115
SHA1 0b323105d5a41c2d1f9a7d76e47ca6b9d70e599f
SHA256 1cd5ab01965fce9eb19382e24328f88f54420baeb9ae81a57f73db16b92cf48d
SHA512 49df9bceefdef4c33473514a677d1135259f44865eaef0491f4b2e24abc2f2df20db3e1f63ee28b5415b0b410424ea598d4d2551a63f704b8365c28815e575f3

C:\Users\Admin\AppData\Local\Temp\tcEAwEcA.bat

MD5 b449ca17bd1ec0838212369912fa4d3f
SHA1 f41c764a4c52bcbb8ce6c3a3c6739f185d60f9c7
SHA256 ca2d3e2c7be3ab8816fd1627f8782c6159484345009eca30f6b7371eb4f47dc1
SHA512 ec57ce739ffaef5604a82015158dcda809c38a18e001a7e679a9cc72e671517fdda9ec7db4ed832ed7a061de0b9449b8baa63f77159ede54a7d04dba90f52369

C:\Users\Admin\AppData\Local\Temp\dmkgAYwU.bat

MD5 da7944da5716c96a2f8b6c048475f5fa
SHA1 dc5cdd1e727b4b274ecb2d0fcb1755c771f344af
SHA256 192c9bfc5ded0038984a5b840ce0784053145057d330203928c27096c9766986
SHA512 f0bdcfa954da3bb97f3e466ba8f3baa2275da1d93f8fdaa86b283d5af9e31e9ac2de6cfb2d4c0d890c045260ff432774652c191d49b867f8daa63789ae984f9e

C:\Users\Admin\AppData\Local\Temp\fOIIUckU.bat

MD5 1742b85e5103152ea143d975be6350e1
SHA1 d27e7036da71ff2622374bb9341d2024c348baca
SHA256 38cc50f4e7789f93e8279ff30da6aad668546a82094ba0cc6877f84f32efc524
SHA512 8b3acaf20a99a8dd6607208bf2d6379ef0784c03378830a696e68e11c272f2647892bee017f7bed1b4c754520e5afa930bd698c96bf2f01da8b49c5896f00f3f

C:\Users\Admin\AppData\Local\Temp\keQIssAU.bat

MD5 0c7048449c50f6a63a888c78622b3177
SHA1 e4c4180e073af4fec5de58cdbc2af488997bb685
SHA256 28cd1a08bc1a302af15fb5d4da4cc5816bf60061e734b45c7dc37ddb342344f9
SHA512 953698e7d40dbaae1801cd858f04aba9e648fb7543277a4740483a15a12ff1f42af5a188adbd171114146fe42922d3550afb7ff2239a9695b4c4d55e700a002c

C:\Users\Admin\AppData\Local\Temp\mGQcgwsg.bat

MD5 5ab4228b5557ba53bfa45bb6cb416311
SHA1 6bc9d5021d9a9f3b5670870cd79c3681b18b5b49
SHA256 dfc4a396dfeef721719163eef183f42916890fbc2651cf60a8efb42e6f6a3878
SHA512 889a767a263690a363e90f780ee955652d4e0f8adebde1b5b035fca7e053f9caea3ed81aefc2c685e5336da9d5e9f38759c9b6095d708d6128333056afde8ac7

C:\Users\Admin\AppData\Local\Temp\oCkMoIMI.bat

MD5 7d6d5af3f0f1b363c007c396ad5aa70b
SHA1 9855d381221794b6507400ef49f80932ce80f941
SHA256 c047ae2478a78fdabb0cb9c617f143339b23f96892ebd7fab6c8fc89f5b76451
SHA512 12fe5842916efabd5069f117088307a24fae86708aa35f4be6e0dd1fe9d19ea42d1e967272cec6b05190d790c70596d9fcac9f767df8cf84dea26e768b326d20

C:\Users\Admin\AppData\Local\Temp\IGoIUMkM.bat

MD5 de4511698ed23b25eaeabd846f7d0333
SHA1 55db4cbf59be00243aefc6ee71f98198802fd697
SHA256 255f7033762926f85ecf5a6c8a4cccfe9f01efa9366962fcd165fb19e2acc42d
SHA512 e5b299ac2f22ae609b7ad502c6ccf379f0b993c14a4bbce063afb2056adcebe76bbd7f926db291c82b5ce022efc32eaf7c92eb89d31d644ab9c79a1ff9ed7a74

C:\Users\Admin\AppData\Local\Temp\xawIogso.bat

MD5 c6ba59364879589d9ab345dbfb8471a1
SHA1 216b6204fd8c2dc757ce8910cb52dd609507c22b
SHA256 8e8af8282d951a164cbd65c8d9479f5a7de4c7222ba2beea741541265adf3d2e
SHA512 bbb9028a8a8c13cc77dfccc30be407a6712cb5f4e908b21d9dcf3170199c4b0ce95f6e30730ff514a6e390a8297fcca70e7ac77d912cea5ae8653fc108a5ef0d

C:\Users\Admin\AppData\Local\Temp\XsMMkwsM.bat

MD5 952ed53ce9940cda068b2774724169e1
SHA1 a589df5a53e394f824e1c2fa5588ede73e3143d9
SHA256 c45e2ecfb6938fa82518b32c9192c6e5f812f182b1fcf706f477e3f4cc1ed6c6
SHA512 b61c126cdbde5507a363c47215371cbee9e21c87b1c445158d79a613d61a93f08849a131abdad2b47c7d1566ca8848d8c93bfa1d6777fb363745b030c419906e

C:\Users\Admin\AppData\Local\Temp\LIMAogcQ.bat

MD5 20fd3010265d24e092af17ca69201a2e
SHA1 36648eee0f064510df921030f52a8becfe7b313e
SHA256 d6c21b948958417ca98b682a573eb8aa1084b292d32f760f253ef53da13e5589
SHA512 bb7cdfa755bffb93a77c59921abea1663ceeec349cf4327e9b67e9260232b85ebe67545538fa80255eac03aae7b48f99bd64ac8386698e1eccd69c2138849ab2

C:\Users\Admin\AppData\Local\Temp\JcwoAMss.bat

MD5 f55c4c6c92f75199a6db062979ee5c96
SHA1 72deeb46122ee189e5946881e9ec4c1b72e74faa
SHA256 6591a778afd36323831f458a42ef9ad508c60699e1b6134b74864a4708f44e4c
SHA512 563ef8e04597e471ee9562c71456ce85011dcf9d10a643f0046d8a8d8efa8b3e01c55bf7d14442f3566d31735059f50e9712318713c4645bec99c8dfc7acb9e9

C:\Users\Admin\AppData\Local\Temp\eAMgwYYw.bat

MD5 cfae6e4ef964b5d837b6de4023c4f9e0
SHA1 9e60304e9de41e18caac833c83c2317ae5404acf
SHA256 f183cbc9aadd67bf5e523161e8c1a60c07ba2ff00356fae5ea3461ff9d0f349a
SHA512 f09c3700e4d937d3765dc401e83216a2b4e8b7a18a62afd841869b5352fa8632ab9eebefed61920bc98a1d99c8a677d47633593ca5673035790813caee1bc3fe

C:\Users\Admin\AppData\Local\Temp\AokQYAQQ.bat

MD5 83ce2ebd09fbb0d43b9da7acc14cf2d1
SHA1 0d6454d6ebefb304340deb53e7fc28a6c8fdafed
SHA256 8bba406ce42728e1ef14207e7afd9509dd8e07dbe4bd8c2eb5397821b2bf8dc4
SHA512 d13eaf0c475c7e7b020ebcab76a0d281fd27bda378b42f8ba34f1b660cdd143835f73cea3547094883606fcc38146049b1c0a22930efa2786694bbe58025bdb9

C:\Users\Admin\AppData\Local\Temp\eSEUwEwg.bat

MD5 a87f40883ebc9c0aebc41692d26b309f
SHA1 4f01695770017e3d02e0b6f13d337469cca5e003
SHA256 74137ea1e1795c5b7411ce558886fc7ba9fc76030ec2c58a4bb761f48b64f05a
SHA512 82c13ae77f477005c916cd66c120cce2271b8d22bf4ad028668c7c12ae7c7335f6fc0b53af0221e0b415f914addca0610a28c707113b9e842bad4d7432fd51ef

C:\Users\Admin\AppData\Local\Temp\YysIgYoM.bat

MD5 4b8f109ad771aabc170508a552c7abf0
SHA1 8379498504a0dc9dea040564c8b43cceec3bf89b
SHA256 a4b94edf9ada7a44922247ad8a4ab70e4d6eb9e0c78e23053d72f0079dec4f8f
SHA512 9c601e62f60f2b58835700223adfb87cb3ec1e093365067d3c1c6b1e53cecd85bc3a1a85625197f84a90878a8ae84877fed856599ded76953c96e3b772a69d44

C:\Users\Admin\AppData\Local\Temp\WQgEUsAs.bat

MD5 1d117e82aba1c7db9a83a6f123f9931a
SHA1 38773b4a7ed95d83c22f094b8971142b11297087
SHA256 a1de84a72ec488c4158e4ca4492d29dd84225afd26ecd73ada7ffa170c7b8abf
SHA512 6df2a39de58065dc68f55f42567aa312f123ab1270dc643b208a3bbcaa4455a2e74ba08f138a4a601a858ab9a98f1730de368efb8562135c41456b25d669be85

C:\Users\Admin\AppData\Local\Temp\xkEIAEAg.bat

MD5 5f91147a3fd7eefe99370f0a6f903b1d
SHA1 6b50f7b72bac69cce26dc18b58338e80889d71b2
SHA256 f0d0538f88e7ce9f3dc28c68c77f63a16e2594ae77aa4568593b2b1b9535b903
SHA512 51b3de93c7e8f343e710b9956d9903edbbf6f44af0223698748a56a3ba0196956e9f3abc9d4098d1b270f72846a3d23dff13fec3e4a0c214aab497ce3b1f9dee

C:\Users\Admin\AppData\Local\Temp\vkwQAkww.bat

MD5 912d58fcde5ca25b2124ef7e378f201f
SHA1 518f37299c908325d4edf34dfa38531436461468
SHA256 479421ec75417c3feb64526a88d8b6625de4d9433d150916e72f039c925edda0
SHA512 e21e08773271a5dcaebcede7603690592fbdd12e69489eb66407657376ea5614a9d7f9bd54496e3839f3f3f2074614df2a681bef411a04b57fc7397b79824b5b

C:\Users\Admin\AppData\Local\Temp\FWQMwkkg.bat

MD5 399756c58a265260db178e3768347634
SHA1 f119534f6a16f16363741cbfd86fa876016b3429
SHA256 3d2e06bc63accdfc5e64f3a4c352b833965ef3e5d6b8ef482861fa2292e37764
SHA512 f5df569d3cbad46a9e55184081f257e670ab2aee78599e6aacf97d04d5c9c078a80fa1781e736824ab9e31d58cd326e1e0bf08e54d3bb3c3e0cd0917e6070fed

C:\Users\Admin\AppData\Local\Temp\xisQkoAs.bat

MD5 d353c3098e15f49c93d0a010a8f3c8c1
SHA1 3347ecbfa5d0b5210677728999d13e1ee6e76828
SHA256 04d9f1adc5ee1a526274022668b258a0d1b605b2f15886008b89ad0c98698c9c
SHA512 c076d4922f52520ad5848960d255cc085d0941f1f471273a88c79ffc588569b0b16f58b1bdd55e83536981737c341293809024f1ce4cf7d3dd7f6cbd37afceb8

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 02:55

Reported

2024-10-18 02:58

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (81) files with added filename extension

ransomware

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\dokcgYQU\CmkosAYM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmkosAYM.exe = "C:\\Users\\Admin\\dokcgYQU\\CmkosAYM.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GeYMccsM.exe = "C:\\ProgramData\\MIAgEkwU\\GeYMccsM.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GeYMccsM.exe = "C:\\ProgramData\\MIAgEkwU\\GeYMccsM.exe" C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmkosAYM.exe = "C:\\Users\\Admin\\dokcgYQU\\CmkosAYM.exe" C:\Users\Admin\dokcgYQU\CmkosAYM.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
File opened for modification C:\Windows\SysWOW64\shell32.dll.exe C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A
N/A N/A C:\ProgramData\MIAgEkwU\GeYMccsM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4656 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\dokcgYQU\CmkosAYM.exe
PID 4656 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\dokcgYQU\CmkosAYM.exe
PID 4656 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Users\Admin\dokcgYQU\CmkosAYM.exe
PID 4656 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\MIAgEkwU\GeYMccsM.exe
PID 4656 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\MIAgEkwU\GeYMccsM.exe
PID 4656 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\ProgramData\MIAgEkwU\GeYMccsM.exe
PID 4656 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4656 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4656 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4656 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4656 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4656 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4656 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3888 wrote to memory of 4880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 3888 wrote to memory of 4880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 3888 wrote to memory of 4880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 1816 wrote to memory of 4676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1816 wrote to memory of 4676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1816 wrote to memory of 4676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4880 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4880 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4880 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3760 wrote to memory of 4828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 3760 wrote to memory of 4828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 3760 wrote to memory of 4828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 4880 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4880 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4880 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4880 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3172 wrote to memory of 4932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3172 wrote to memory of 4932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3172 wrote to memory of 4932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4828 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4828 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4828 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 5036 wrote to memory of 4264 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 5036 wrote to memory of 4264 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 5036 wrote to memory of 4264 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
PID 4828 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4828 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"

C:\Users\Admin\dokcgYQU\CmkosAYM.exe

"C:\Users\Admin\dokcgYQU\CmkosAYM.exe"

C:\ProgramData\MIAgEkwU\GeYMccsM.exe

"C:\ProgramData\MIAgEkwU\GeYMccsM.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luQcsYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sgEoAUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIMoYowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yugQUsAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwUIYogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vmEksAQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pagYwMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XwIQAUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HmMsgUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ackEQEMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MoEIUscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IQIsgMko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kQYoIcgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bUwYkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zcEAwscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jQwYskQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vccgIsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqQUwEYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OwQwocMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ImAcwIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYwAUwck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vmoMgUco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMsgAIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCQYEcQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OaIocckI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAsokAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKgEkokI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIwoooww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RKUAEUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dyEgEocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmgkYYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sAcoMsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sMAwYYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mwkwcEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lEIYIwcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUcoAQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DiQQwAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sQssUsQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoooUAYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AEgIwAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eykIIUwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xwwEIUkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xUocsQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsMYMQgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQQMEEgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CCAUQckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKkYEMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmoUYIAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HwsAQIcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSMMEAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PkUgIQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEkwsYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmQwQIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYAUkIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmocoQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKIEEIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jkUEcMoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xCkEAgIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lUUoYEAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gegIIAQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAoIUMwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuIQEwMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUMoccgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUQgwkkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lyQgEUwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOsowUEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YOQUIIwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kwQQgEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GqUosIsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GKAwIIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JcQswskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bKAAswks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWogsooE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEgoMgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amkIIwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgQAwAoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgMEkowQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tGcIMMss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JAkEQIkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUUEAgYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yqsQcIUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iSYocgQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSEEEwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOIEwMwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGYIgEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWgkwYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PwUksscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGocUQIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUUQUwQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EkYIUIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DIAwAQgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rygkkMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LcQscwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGUEMMQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqYYYEIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeYsAMME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uaYwcEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSgssQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwcMMIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAccQsMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUkwIwsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqwgYwkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEgUIQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWEAIsQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cawcQEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BooMkAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmAMsgYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rykYkMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGUIYEMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WuMsYwAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aiUUooMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAccAsUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcEwwAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMQskQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JcMgUwcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQocAQsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOgAsMYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\siokkwMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kgIQwUsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TmEoYkoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGMoscUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWIooYok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SUkAEgYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIkYwgUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AckMUowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CsQUIoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZmQMYoIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RmgMMoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JeQYccAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MGIkEUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUosoAgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CqsoYoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSIIgswo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\faAQskMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PawIAEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\joQYYgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PakMcwMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xGAIgAMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kSsgMkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.78:80 google.com tcp
GB 172.217.169.78:80 google.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 4.73.50.20.in-addr.arpa udp

Files

memory/4656-0-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\dokcgYQU\CmkosAYM.exe

MD5 5bb5f051ddfba6a3dd6b0fc1c339180b
SHA1 316bcf7a005c736f2981572b80e4a7ffe1098a2f
SHA256 9c5a142c0a4d20bdda1f78e43560fa7615858b1a5b3b48c3f14161b27d28dbde
SHA512 0c878eaf6f3386194055ab0b2ef19843c3b715a2f0c6893ded0f7847547d21a5d7de9d814d0ff6126a8d735a4a4cde0b542f188961ed344acfa113a6da5f9e05

memory/1088-7-0x0000000000400000-0x0000000000432000-memory.dmp

C:\ProgramData\MIAgEkwU\GeYMccsM.exe

MD5 180f6edcb7d207bf5ae50a8b508d8afe
SHA1 6d6d71a8d4ad4f276d0f7efc896de17cff7a0fd4
SHA256 3f8cd034e5595c4ec1e4b70816e2bc262e267d94f7afedef3d01582deaccccf8
SHA512 ac30a132b3993714a24827301073aad458526d441204b23868dbddb86d4f2fa7399019dd875ae3cf732b3890c5bdca4e233540e63bab19d5ef0dad6b288a59fd

memory/2632-15-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4656-19-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4880-20-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\luQcsYIU.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock

MD5 3d404187efd7b9fb9810d112bd8cc368
SHA1 4c18184896e46369b2af6de3d84c25f44d3f051e
SHA256 410fd53c9634965c2b56efbf7a774d79014c98a2cd1d767adc51636e97428c5d
SHA512 5c1ab1a5309e0d2ea3f08e0e01d1291cf964de682c06812061d46d7bf8db454d36532c58fa511873564db9cfa9d215a63e752d57acb5038581b3b9a55dd27390

memory/4880-33-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4828-44-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4264-55-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2216-66-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2784-79-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3868-90-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5040-101-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2100-109-0x0000000000400000-0x000000000043F000-memory.dmp

memory/220-113-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2100-126-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4192-137-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1160-148-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2920-149-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2920-162-0x0000000000400000-0x000000000043F000-memory.dmp

memory/372-173-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4760-184-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3644-195-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3052-208-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2252-219-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4072-220-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4072-231-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3928-232-0x0000000000400000-0x000000000043F000-memory.dmp

C:\ProgramData\MIAgEkwU\GeYMccsM.inf

MD5 0075286ce4f7b7b8e9a97e6181659ee9
SHA1 7af6af7d81a13a9bcd92e03af541a830a915249e
SHA256 634a72bd8396ade4e57ccba10060250eaa7d2616d74a761f97f810a1da64bf37
SHA512 583b8b949dea13f38763094541c5bcea92f672fbfddf99508128e647156e7bc526bf2860538bcac9b4d415f2fe1d07a260775c55d636c63fe192ef168ff9ab62

memory/3928-245-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3836-256-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1628-264-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2108-272-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3612-282-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4824-290-0x0000000000400000-0x000000000043F000-memory.dmp

memory/820-298-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1988-307-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2236-306-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2236-317-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1580-325-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4172-333-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3472-334-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3472-344-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2336-352-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4868-360-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3652-370-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1856-378-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4964-380-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4964-387-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3636-395-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3448-405-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4516-413-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4468-421-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3572-431-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2216-439-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4048-440-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4048-448-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1008-457-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3576-456-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1008-467-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1072-475-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4804-480-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4480-484-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4804-492-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4672-502-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4612-503-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4612-511-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2296-519-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4808-529-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4400-537-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4824-545-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3720-553-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2164-563-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1680-571-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2712-579-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4828-587-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3472-598-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4948-594-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4948-606-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4416-614-0x0000000000400000-0x000000000043F000-memory.dmp

memory/208-624-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2920-632-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3572-640-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4880-648-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4044-658-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1920-666-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3532-674-0x0000000000400000-0x000000000043F000-memory.dmp

memory/8-675-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3532-685-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1524-693-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3716-701-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2884-709-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WgkS.exe

MD5 78294a8102a2929086e239f733f16ea8
SHA1 5930e410bd90378d4aa23ddd494c3b12978479aa
SHA256 ea6100c8b8896cb8dcde860df792e5eaef23019b460304dd70f278b1398eecba
SHA512 628b19c2fd6e3cbf4500121b125b4c566c45c1efd71719b8e81ed67cbd8de6ce71601b1b76b176c6d4543f2b381f2872362ff441952f8f39e2acc1b6aaed25aa

memory/3484-734-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KgYe.exe

MD5 86fe5367c7bf9f59ade611253219c01e
SHA1 c3ce6820d4703276a3cc7105428aae9cc1ccc9a3
SHA256 6f3cc7916064242dbb8ff7229e3f1b753c71fa9416a43fc292439c6da5474a83
SHA512 394aa2b61e8249ef30b2100da8a53ab25a551ad968e8ce2887c3b285091d54662713be695a78d561542e9753d06793400b8f5b0f6360344ce8f78a11e4306e61

memory/3468-756-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SooI.exe

MD5 5a366cdf8166abaebd0ed4a81bfe5b3a
SHA1 322dac363af482d60acaaec7d41607a990254780
SHA256 bd08c8bfca0d4dc2e60b444de01580ff9fda4e2fd7be87c66cc41cfc8b4655a0
SHA512 42a82235f45a6cec6fbaca09b3805978d2ea7fdaca62dbff9cc484cdf71442d79a8982bafb81650f4687219575538f66c40df98d97473a19948ffbc73052bb4b

C:\Users\Admin\AppData\Local\Temp\GcYS.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\CAsM.exe

MD5 b0916e754d7a956b66219f84e770c64c
SHA1 2ecc4495e2dbd57d0a4447367c3f85045dc17419
SHA256 0b6b47548829cdb5a410e4bd6de7fce4343dd1e6efc59e41b207f3ebaa66283d
SHA512 2c8c1534d4897f0fbefb2a7aacac17d04ec3777867544db643e0356d75ea4d3585fbe4d07f4e28f743200d4b2e0646d4f5d7aff4096a95833b3bd0ddf8665426

C:\Users\Admin\AppData\Local\Temp\KIMG.exe

MD5 238e28f538e6055ce25c2c3ac473be2c
SHA1 5a5054741b7d7f716a754fd1d006aeae50e880a0
SHA256 7028b6a1b3e95dbdbdad4b3d1167dd2b9fe4b2e0eaf87153828ea7a3ca78bf03
SHA512 2fd9db38798669a85700fc859c5adc6b7914b6e3e7eb925072275e507485a6ee02a7a561c50d917abd230d51f32f3b677e275411d755c55d5979641b4f3974a0

C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe

MD5 c3682b84d15a0bdd6338227a263eb6bf
SHA1 6238064a47ed7072986763781d700ae285bd7a69
SHA256 d30d4785dd9f204dfa9d9b5f477c1d2d5fb42b2c363b9e8c4ffa6fe59dcc0e31
SHA512 1e3d37751388db996c84ca6bba3534ca868d39839bd8c888ea8fc267cc5012026be391b55b96c8aad9eaadbb52646a74b7675a8a46c47660aa6d4cb2d5a15395

C:\Users\Admin\AppData\Local\Temp\yooM.exe

MD5 910cd3ab5975e34ec48eeeeae223b585
SHA1 e7ca5518ff57d5dd5c380c9377d85b5ffc5bef8d
SHA256 c567fc9a9ebefc5c949ec5b1fe804aa85fee73e6ae9df7370f735283f7e1a9a0
SHA512 b70201ac8fc3d37fadb7652ba242673b4068b85d47a9b4c82ec3c37e02e872ca5a9bc91593dbf7ce4e4bad923a54e9773ec9970f83f298009c27d264a8d790c2

memory/3932-834-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1008-833-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gQQo.exe

MD5 720622b6dcff838ca83be0c38c49f127
SHA1 1f4e410425995cffdf395b57351f9b7ce9757fc4
SHA256 3def39dcb1833a65820603364314e4a964b64a7e5b3def5bc6f6b126e9191e8f
SHA512 f57fcd96262c4d9f18431b12aa968d251e32c0c03fee18664dd70129124ebdc1860782e23c10cdb544aa2153a9e50503a79af6d5896aad49d9d994236c0840cf

C:\Users\Admin\AppData\Local\Temp\WgcQ.exe

MD5 0aaa83d625d637c09b070f1b3b6662b9
SHA1 a08854a7fb77b1f8b66a73da893404e3d35fb581
SHA256 6c276ec8628df488c1f4ceaace865475e974178b73216017d7e0b2a77c79a723
SHA512 f3020b372777e5712d657ca1109bc39c56ed224ac8695b748154399bd294f687bb5f4b52e2c319e05b487608d5f084ba258bd9bf7b16c7909e8c633b058cec77

C:\Users\Admin\AppData\Local\Temp\kEMG.exe

MD5 a2ec8cba19f43396dd5af196c531a341
SHA1 bec86df4fc36d4c1cfcd0668b8f87136e69392de
SHA256 a34f51cbcb888a1c757aacd1557f10458f3da994103d092370bd42d9a6005986
SHA512 89a6cf07f6ba510fbf8b1def7d7aa689a15b6ed750e7970dc10664cc0c9b50d9de61a27ee559a5e7b1f12083b6f558b5be7085ae14188c6015730676e26d4aea

memory/1008-886-0x0000000000400000-0x000000000043F000-memory.dmp

C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe

MD5 3b4b92bf98567aa4998ebe333a6c3721
SHA1 9db0f789b707689188ca76f47dfc6e3924d6affb
SHA256 cf5bac739921159ee847020917ad251a1bea52579439562f31e5c004131797be
SHA512 85377c592529c9c6def6738ec7ab9e7e95c036699fa52e57823b56d1a3d61c356e3180cec56aee70875a29720098cce790b645670072e20dcf28b28b5039b025

C:\Users\Admin\AppData\Local\Temp\kcQC.exe

MD5 2db989c2caabddb022f2a5d56ba06f15
SHA1 73ed33f137ce814c68e55358423ff21f82c8613f
SHA256 234ffdff77997bd202c1cb7039c7863bde05d3ec08c0d7de8e56fb856dd4e155
SHA512 93cb139d42b1538467cf0c8d1b2bbab3d28c77bdc7080c6d081663c33d12d144d508aa34205ae4d1bc1c82cb5510068ab3a69a3c63116609bb989988aaf1c317

memory/4100-922-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wQYo.exe

MD5 ebc544f29defbb8e71064a32ba489ea0
SHA1 6963c7fd751a6b02f459e7af096fe327e09b48a3
SHA256 6178c6c195d65961090b16d32f4a284b06288ebd802836317db62d398477eae4
SHA512 239fbc924e11e3e5afbbd6ab5685cc67d5a9746ab7b86edad0f630391149eda6d2ac3dfc97240ab1cb35d234bb3e3250850b68a475ba01a56d74b1456b8ae885

C:\Users\Admin\AppData\Local\Temp\SQsU.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\yskC.exe

MD5 1425d2db056ec0bf4f31902b7861f5f6
SHA1 297f62f0454d2550a62914ddd9ca576f2497f890
SHA256 3b1e1f4d9165839c3f6a77c4af52c92e9618970125b2ea62a75763c5ba5d7b56
SHA512 de3f6cfed689f031fa7064c156f13ac4699840b75bf8209b18b58b92058bdcb93e25c35d19b7ec1d599c89777642f0e551e65328ebb5273435dbe4eab0323bf9

C:\Users\Admin\AppData\Local\Temp\KckG.exe

MD5 1f4046a28aa5e8449d1e79337a78292f
SHA1 c29249eaa422dfd1d3f3b720a53510538ef1281f
SHA256 346ef13bf257ef1538a2c8e8b32e9037f7d67e817daca567aaa5d6cf7e3aae8b
SHA512 dbdcab7a855bc74eaf5117292612160d77a0af516b426e97ff4fe41556a1cf4025fbf5bcf4f12c8cd361044e734fc6a60192d3eac6d646a209d222bfa7bef9c7

C:\Users\Admin\AppData\Local\Temp\qgMy.exe

MD5 cd454297ea2244726944e31bcc672a97
SHA1 86b853aac121bf14e738b29c71e15a3e3412d36d
SHA256 1248c1f58cf8f9a479f34dfbaa2d887a22602d58116f1bc92c400feaae3593da
SHA512 b0e0ece08afd21f242a9b26227c80d3201b8ea6b20787f2309d4fb9531714723f33bfef2fdd8a7dcdb95d75d5088a5ac27f337fb9041ecc01eb89c0319859a18

C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

MD5 40513dbccc61fbe242b6280845991dc3
SHA1 3d14e2df2a58937a837ba8832faf4d3a11f35c4f
SHA256 7eac089189dcae8601e997dd63c675b657196a643b36fe4a97f4f4db03232c28
SHA512 e92a44b5190c3d721772c8f101f4f2a8919e939884f8d0dfdbd6737223e80fcfd787d5abca35e188e9380d4d9e5245fbe149e0508ae1457f0a2a3ff55b6eb458

C:\Users\Admin\AppData\Local\Temp\ywow.exe

MD5 d8a105a03252357d9978eb228ccdff27
SHA1 3bdc0e9e6f8b4591fbc9c92c0c60bc57f8010b29
SHA256 722f3a2085f88ce3df641ec33b0334fec157c34b01e6db89c408a12f08b276f8
SHA512 666c55d559ee0d92b7be3a288db2c1a35130026a6f5f5cbaa4a3a43de10a25f6d5a5bb7c129c09097719864517122e425e8d8a9d7cbcfa745ba1653694fd590b

C:\Users\Admin\AppData\Local\Temp\qYcg.exe

MD5 5246698aad43d1494dc8a0816009d1a0
SHA1 c6d2f7a09ff85ebef3b797b40cbe3b8e45fc344b
SHA256 6fe83634f5bcc1bf9d83f0e7dc4519b2fe7fbbd127eadc7e6235ccb3820c125e
SHA512 0629917644fcaee93e8582af623b230b3434c4c582907dcd94d0f085db51a45cbbb7e678d64483fe1d2bb4aff2f1d50f04db488ff5de7156ed26fce9c93c6e1e

C:\Users\Admin\AppData\Local\Temp\OcQa.exe

MD5 c35e193f58d922ffd763d346e5fb3367
SHA1 04b9f9035c2647ce0401bfc9113579bd811bfe09
SHA256 b9f5b8effb56c95cff2501f3893bb63657de752c3a91773d3b3f0925ae4e9cf0
SHA512 cf836f1f64609ce2c8ede4f9e226db6633daebb6fe9fa64db038f211cd8bf1eb8534edd74ef280768afe8df145c726478641bffa3ae94c90efd762d99af86f94

C:\Users\Admin\AppData\Local\Temp\ewUO.exe

MD5 4fb0f2163ec62a5443c0479b5ae17426
SHA1 efd13ad36bdbe8b02a3cdf0553b61193c8ed56f8
SHA256 ca2f8789cbbbe07cc0f840bd010a953f9f8d485967eebb9afaddbc609b5d933c
SHA512 054e42c003ebce47bef27f4f1f70e1e44d094863917893fd20469d5cf98a5a82abc9f121cb2c61dec8342c5270a5608584585bbecd642761993d479e1cb36ec0

C:\Users\Admin\AppData\Local\Temp\KQAS.exe

MD5 07d5b650e5b04600f8c938bd441bf625
SHA1 352f67ade878e89d75802d5d785aa03e33945fec
SHA256 c2b42959303cc4f5c872237687c4a28f5e3eb0e4f000b71be898a5fa0b3fc13c
SHA512 c5a355be9fa14bb7bb65258845556417043262ff3bb4205a87bd8f31e957aed1a2d77b1e252b2729472a3af3a9e8c69a35325d3591c58f84d965719798f7febf

C:\Users\Admin\AppData\Local\Temp\qoMq.exe

MD5 4ba6c4e123496b9f061fe8730c9bcdf3
SHA1 90d02c26de518f7b698e55b6aff34b80230c3389
SHA256 a7c7bf8cb75ddad6e62f4891748712a8f9b09e7860ba1506fd6bfdf354c4281d
SHA512 0dff4c5a57343e581b46d93b36c6953201dbe62b737bca100f5a0ec3201a853613b475ec482580f24910fd7f7c88379c3371f6caa0852cbfac634dec702814b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe

MD5 11a07d129ae63b31207b9a99a2dd067d
SHA1 c60799ec72f5c22710acd49806fd88b4cb7ffb9e
SHA256 740bb5a52dd8da6a8853380e954b2b9f370fce65ff1eac8e1a20254c94e3244a
SHA512 65d32cb471aba4c63b075ef2abcfd002d304b76e846aa76f0a96cadab01630f01a3a99da422df514780618aac86825307c54b6c9d17d975808daa458a83e75df

C:\Users\Admin\AppData\Local\Temp\wIoE.exe

MD5 816c020dcc2b949ddf3be14c06f5d4c7
SHA1 e962d4896721716c333cfa8ac5550bbbec6c45d2
SHA256 e552ecf25a44ba6443aa9f60dd9054d5c3fc26d1add100e36fda4c942c9e91ce
SHA512 d898eb68caeeb612b6aa10b66ff18403c5bdba841d86a51ace3c0dd4b5b42abefd0efc5f750a4515d85800f6b7e158f54f7576faa3a8de1075095bdae1e39125

C:\Users\Admin\AppData\Local\Temp\GYUu.exe

MD5 5eaf9d23b1ee6e4379fb4f3a8278340d
SHA1 8c1191badd70a07dec045aa3ffe1bbaf5fd09da8
SHA256 9c3eadf40dd8c965b4ea291a9bf434efbb5f0fa6a0f4712eb96b61dea30726ac
SHA512 29cf260a9097e924ffbf0838c59502a228ea0d52a7eb62fbf7269e6f8b3e802cb5d96a9a2e46db97071dd01c62eac2a98a3816d858d6c5cec919c065528a39b3

C:\Users\Admin\AppData\Local\Temp\Csow.exe

MD5 934110e6490a42881f5c6a119a083f4c
SHA1 60083115f2301a69358a5e88f0a61509b4a8a533
SHA256 8e2c36d489bb38154d0224c734fbcf1c8e211bdd4499dbc9e3105640d35098bd
SHA512 13e83019a88ce1f83b3b3ff1d43409cd3d371088904d7f7378ba9bd28efefee6e65957ddbf47fd7e3d7f0f27b3da3bf651ac2d9057adeabc4a4d27d4b6257600

C:\Users\Admin\AppData\Local\Temp\AkoC.exe

MD5 6231684a5ff343f1653a8ce553643f11
SHA1 314fc135bf710f04f2570940c0f4bff8cd4daa59
SHA256 e7664988f071d0e8e0d2bdada4bb3c17985d94fa745b41447ce8feb1c3d1ed34
SHA512 b54c3cf05937a4cfffbef935aebc5e0f7033933b0d7dfed6ddb640963331c7b0a0800f3b81feab5a055fe8371da11ffdfba7ad1a7e4dbdfac4490735497ca4a6

C:\Users\Admin\AppData\Local\Temp\AQUq.exe

MD5 27db778067b53bff2d0e2bbf13791c46
SHA1 3eeb1de87364dcff6770b55f480c2d24eda85585
SHA256 924628fc07504bca52f2527f22cd291959921f88bfdb03df615922edd0098625
SHA512 8cebb833735b475a305c267a461b6ee5497338462dfb3c8ac8119b756af5c562c95b00175436a55f92b3bf660aed40f6c44e3a53f47a3652add9d1dccca4d7ba

C:\Users\Admin\AppData\Local\Temp\SUAY.exe

MD5 baf71461bc9c32af7b315890d87cdd09
SHA1 31f8e8be453b82b89245e2f0283a647b8db5099f
SHA256 6daa7ce217fb92c0916aa22702e679bc920e5862bb41e73ecf88148ff1cb868e
SHA512 084d621b17ebac06125c4ffa50ae05f6a731944acb58d68c08cc9e31b83949ab8b23232d54254fefd97eaace8368a975d0c88c54f83846b139d074b275dc69d9

C:\Users\Admin\AppData\Local\Temp\akoI.exe

MD5 bec4c34a3a17f9e6a5d7f81a7620ed76
SHA1 84e612063b7fee776c5831969952352ac37880fd
SHA256 760796933343fac4da06d4aeb7ae5c3d11be13a531a1dc14ac16dc40c5ebb08d
SHA512 8f8cfc34d46c76bfb2e641249f3278ee3d23b80e99c0d516835b9faa3e15bea5bbfcad77f49205797548dd3fa0bfe495699d2f0f87a829e576ffc71bebdc6ad5

C:\Users\Admin\AppData\Local\Temp\uwoA.exe

MD5 534e2a62d7f23c38c496dfad7ca4d7cf
SHA1 5adb3231dfc372739de557a39cbbb52df50b4096
SHA256 a8800d3c22f1d4fe3d919593e8392195d3155a2654974b0520fe4497c4f512ae
SHA512 5e728f837a22e81db810174abde65fd2726e3fc095120e4ad6c6a488263d0b59ce4744542ebf23274aaa662dfe739b04a8c78e123a4325ae7b5e87b9c1b6aa99

C:\Users\Admin\AppData\Local\Temp\mQIG.exe

MD5 99e1ffc113f4a541d826f0fdfc1c5117
SHA1 a92513dc7d77509da982cabebd91cd7575fa7af0
SHA256 22c3e75150f4010a473e02be8475612af22b5c63ce29d226e8ef07d76fd93395
SHA512 16f1e9c22d20bc2f209704c07c4caba9bec2460f15a275cfcc454e51c887d25e37086e7738bf395c485b1576224959b1cad5167839dbdd8908f82b315a91fea3

C:\Users\Admin\AppData\Local\Temp\YkcM.exe

MD5 52efce47b0167698b00561f6b729187e
SHA1 023f0e3b516349c39c3e5f11236014f0daa4cf40
SHA256 7a0965e63d4663a294bdc3456b2cb66d5792f1abd07d303b57cdb57ebc12f949
SHA512 e0a555c952888ac1651d23c7d9897997a337afa48ea6f7d7ebe5931f619d72ca45991326f62bc1e9fbdcddcf1cd196c0863c8042d169ec64a99dbbd99d8bd2de

C:\Users\Admin\AppData\Local\Temp\CoIG.exe

MD5 0f80f3ebc1a657d6768b115bbe29c039
SHA1 996aa4045768b0aa673c3fa3e915fdbd3b75f565
SHA256 60c1e4d0170ddb68ccbfd5256251a4deec485ea80f30c1b52558de3ebfd6deb9
SHA512 50a304f49fa68cf9181e435d17117da53555014b7708b7075582e0e322448af298c21f32ff328515e392504d17d1956b59f21f9bd21b0f13138483c7de558b03

C:\Users\Admin\AppData\Local\Temp\WEMQ.exe

MD5 6c15660aea312ce9c1452b9a7d2281e2
SHA1 1110fb65a0b382c26464c43b91341b7e2ff8deae
SHA256 dcb4b19def14a323d73e016d9b43a21df7f92a2a29904cf41f2639b99432882b
SHA512 6f3f0e172bffe6ccd53c24cc253bc76517d07840d6739d3ed1573687e173654d72dc7da30a564ee9bafc734a01ac1c8f8036531b342a4b6c13d89268473fab37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe

MD5 c651d243e03cbf9b848336d7d23a3680
SHA1 06f2377302158cf591ae1f287934dad0583e56da
SHA256 b97783e9e667081cfc4a792913b6b6f87769fb6f86ff95ea6aef5a5ffb5c1295
SHA512 c5e96499e87376850e929050f91ad4b6ed7a9eff433db29eefe9a1ae70c539aa78fb80579c626251a160d196f11217e837762229a01001bceb2f6e908e93bf6c

C:\Users\Admin\AppData\Local\Temp\Ocow.exe

MD5 2df0e4f457ad941356e9152d55589155
SHA1 0d40ca3ed6fb1678e97b2f66166d2d644a34d7fd
SHA256 9b66359369428a35fa2a3387c0ce79a3cf7f1cd6bea9dcdae14c12c67772e5d9
SHA512 1e9c47bbbdad6423bdff3cdfa53760227c18ca008fbd3751ea899ed495894fa5de928e83ac595989ff69b86739f24f96ae4786f2c5c83848304b2b12eeedc7cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exe

MD5 396e52f08975a1cc2cf3f9afe3c68111
SHA1 a08fc25077a265e1852228ef73c7e1a9c4f22e0d
SHA256 20f4df24147fd68ead8b367942eaa0a1bf0b35c694b6caa4a09a0f404a22a645
SHA512 cc989d0250e0e20e8e8e36ebab2a0c332fcbf774d0f27c4bafaed30d69e5d29e812faee4cfec27944e5d7c5d18cd6fe57ba913ecbc7cbb7368d7cb4115e67a25

C:\Users\Admin\AppData\Local\Temp\gIgy.exe

MD5 98c9ab96aabcf70329db463b66f1a9e2
SHA1 ea8b858002fc54203cac61655e91b1cce90d608c
SHA256 f843faf144afd458037975816d9e006cf447799d79763144c5a507b6c49ba1e9
SHA512 ba955f4cca1ec3f2c2128422255912315423fd266653cab874dc57ed59201b73e58fc07895e2597764f9b27bee9dfcfb7432b7a49a9ed2c5ea7ff5a6f43d781b

C:\Users\Admin\AppData\Local\Temp\KYYW.exe

MD5 22c37e52613bd7cf257c1e9709e1ba7e
SHA1 a6fc24876ff3d8458b6bdcdf43f492f686d5c850
SHA256 3fa9443a1f3acc71fad7cae8e8aa000b33d962365a00c8f975a6cb8b2febbb80
SHA512 ca1cf9283fadef466a5c5a7f487d957832f92fe3646f69cdaa0bf81b06c252761bde5a142c2f93d72fdf14e6d49294045cc3e41b3db7dd7d1d1e51e54e86bdfc

C:\Users\Admin\AppData\Local\Temp\EgYk.exe

MD5 9b153143cfcc84f932587d192802e87e
SHA1 ae486a98228697ebd05474ebd8160bfcf7535a42
SHA256 686cfbceb6c1313a375c835015c589fd98c63101ea75639954c82580988b6d32
SHA512 b7d384e0c642425929a112e17398e3fd0bdd46138c49c75338f526685f8a7f90d1d527d4042f29c5fb1893a6ce78dd41d6ba3ab867b47c0c352a62cc01fb8725

C:\Users\Admin\AppData\Local\Temp\QMYE.exe

MD5 04985676dafd137c5cfd9a0ee0579243
SHA1 eec35666fb5b59ec81092fe3e168fc3f6f0f17b6
SHA256 89aef8784a84f1b7e3162bd029b8eae5714df8633ae47b52db052358ffb2d156
SHA512 00b9709ae1e0f0c47d9aeb68017b814748f52d1e2ae8dc2844670e4f4d56f3b0790bc0f4d7a3f4dee16f08daf9954ebfb6f66eee7ca4c6a2a4f28061a2fa5dd0

C:\Users\Admin\AppData\Local\Temp\yMwK.exe

MD5 e6cdd61e72df55ba1f49cfb9163fbef0
SHA1 b759b5c27f1f0092a353df259b1674e15044c494
SHA256 2bd0081662d1d787a1f1335a32c3a9848061b07a0cf3ec0075f98b80a3a0d4e9
SHA512 d7442c576a7eaa4db10ff2ff6ae9d3e517a58b6bbe9996e9af735d948a42221edccbc05190803ded09db518174ebc70d0d102a7026df05d778ad4cad62c23040

C:\Users\Admin\AppData\Local\Temp\kEQi.exe

MD5 91fedca964679206483a55e42b1a1448
SHA1 2678df6ce1170a9db4951e98fcf2794ea84191ee
SHA256 15d9a1db43c20819b85ff6b3b1bcad05e44abf9109b217b4c932650a09eeee10
SHA512 6a283137423374507a6ae30e18064eeffd4056ea07596cfe9a3cc2183b4847048435c3e2c012d14dbb7deb78c1ecf4caa29319f3f2ba668e7174c218e1c92249

C:\Users\Admin\AppData\Local\Temp\kIgc.exe

MD5 e70a38189320259ef1753097a7a8c465
SHA1 9385a89d801c7b440d022f75d95db7adab1762d3
SHA256 83afa5d31169d82fd42b41e71e45d924aa195eee26939c6f63b3ad73600e1b92
SHA512 315452d4d35c74e3c2754f30cd85db3c08b92f32ad474ef1bf6291b86f3157c5656c1969665fe57e9a519aba312a6ab789da86ce64666aa3d83f947f9f5f9219

C:\Users\Admin\AppData\Local\Temp\ScwG.exe

MD5 b9adefcfc521a80b4e0157ba670b488f
SHA1 c3a5b53cb68f26f4243af41c916e1513627c9702
SHA256 51228a8e4ad081b7cc5f7b2547e87f63f57c9b0bc1b4af6c69205b2115b9d5e0
SHA512 0422b30d057622bdb1cfe579bab6d60c6a87227ce2eaa8076497c291f1dc187c046c8c073d5b714ff3da46debd419ae2fde6ca0dc34d70dcad4eabb25d8f1a45

C:\Users\Admin\AppData\Local\Temp\OYsW.exe

MD5 bef508dcbcbfee3c80105501f22cd26a
SHA1 56166c1801dd9175f661ee5498005d31db0666f4
SHA256 44a7a750d7992e17b58bd242b802e439e99f89491e4e27dc026aa1c581fa3851
SHA512 46e8ca85bf3b307e63c14d6752c9c156f80e90cc1e383f1a61b4195ef30b1a8b4278271c8bb81c3b2f6aea593210f4d96629f38ed9d7c00adaac5d9659ae9e94

C:\Users\Admin\AppData\Local\Temp\CoMq.exe

MD5 e3729787eec9c9d2c05c36f12316f4be
SHA1 d15970929fd8d09500341721ff6d87550d91a000
SHA256 b1456c643c4b506265c44643eb83df7b88a44a7021e260cedb57c1bd366f1f0d
SHA512 60ef2449d07294c41b9bb3b399dc3e969ca4909d4da63b633f388dd81177a02f2bd66a75a3c24f4e0ab3d31cb0f7a400c7d9c7bc258d789d3a3f09527031be0f

C:\Users\Admin\AppData\Local\Temp\SYEU.exe

MD5 6ac1238bdc94990f9d016e8dcf9cc71a
SHA1 6a9e4b75c8a1381cd3c84aba95ddf3728ff19f19
SHA256 4b38f5f49ac842d745dc123112e9b7df8a7a6e3dc33d3fcd9b89582117c6f505
SHA512 34180173b0f2872cb69a58a069183a3d0592a0dd088e28acc3db573fab609a388e1fd5552f51a24c889d9f42f7d37b5ad9fd44aaabdf247147bf5f9dbd9cc8ca

C:\Users\Admin\AppData\Local\Temp\sIcI.exe

MD5 c51458ddf8ea594a7ebe9d9650b584c2
SHA1 86d6285065c34b035eebe7ea72d2ad72272ad5ec
SHA256 99e1cd32384a5b1cfdc58487b02d5a5c702754e3cc64363d5b4fb65a72fbb47b
SHA512 f7a2eba83ef840a431fdc97870e6f563631bf49ccf5d7924405a7b64c58b5a82093638ce78f7ca34567cf36e160b6be201e982d630342aa790b9d3b9c4b5fd05

C:\Users\Admin\AppData\Local\Temp\YIoG.exe

MD5 7e5017d8fbe348aabe42bbe892ede117
SHA1 b36ae025282b9c50463077d8f26d2fd4a6311752
SHA256 c216c498f18d433d4aec2758c2c4aecabdc5901a56d6249ee4d580532b72c311
SHA512 d3e8ec5dff48a74db939857ed1fcbe9297994f58eb4ea6572654c6462ac0fd655ddfdcbf031f3fdd6194b470eb56a0a42b254b5cbc5ca3e547bfe820a447bcd9

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe

MD5 edd3e0f359bc8f377e1de49d6a9686d1
SHA1 905c45f292fc6ec22bf379ff875eb7a7ce5a8bfc
SHA256 59fd8ed9baa05df50a9826dc32d8a3e122df5286784816394cc7db71dc74e312
SHA512 eb648f2db80186b2da7efbfb4dc182c037932be4bcfc2a97a5e122a50ec974b8649c8389d8cf5e45e275a4d3a9de78c64a207bb5579b5fbe131770535264e69b

C:\Users\Admin\AppData\Local\Temp\kssK.exe

MD5 c5edb7f6f5e4c1b1d842803d2e84b7df
SHA1 979c8fd284a789323046dc4cd942a98e88757bf0
SHA256 414d94a0447d768bb53fb6bd1b0b2e74cc8eb88a9565819f569439f91e6819cd
SHA512 d281c9195f990d4d0a94cc3d2202840b826b7e461702f4b18d95878824124530d28bda00e11c5c7e7db4446a33e0129ed8c91e4e22d8839bb906982f20f41f77

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppWhite.png.exe

MD5 ff379da5ad4f175fc0d2aaddd224996d
SHA1 b636e669da7674e6e437121d01567626c039c50b
SHA256 daf967a673fc8e30dd348d438db39f1f781027cce3ae5c735d006bcddf57cf48
SHA512 e90b3b5c10ee1edeb68fa0594679111e7a3678e90bfead5262db17ac7ff680c114e367cd8db23fb4e37d65d9c7335953d3dc7544015611d399f539bb646a95fc

C:\Users\Admin\AppData\Local\Temp\qsom.exe

MD5 dbe9fc0d9090d7a20d07b1bdce0384d6
SHA1 339763483395232ae0acae02075080d5b0fa5d6b
SHA256 698a1b23bc0a47702fdc1fd3585a36bd2512e5f1f0f1bc8962788ff1b2e791c8
SHA512 455ba18f7667bc9ffdaeb56b5fbe3e12058c87e970c7cdf9bdca6642bb94802d2b73135b60e93f90f4721297eba4898cfad819f6b162c98fc9396fa5eee53f22

C:\Users\Admin\AppData\Local\Temp\okcc.exe

MD5 9e056992c1afb28ddcb3a99ef15657cc
SHA1 d1bb1023fea34422ce94ff2f6e86af822729d5ee
SHA256 1e55f6622e3aef363649563d72e08ac4bfddfe066ff834b2bf63abf27ebcf440
SHA512 fcc0818f7d4626929482fafd9f479f888945a0d241f1697d55ad457fc4d89ff4ee051a4eecf36b19c1751eb3bea830fc79e293b5f90c8822eb2bf08fab47fffe

C:\Users\Admin\AppData\Local\Temp\wUEO.exe

MD5 a418821328025f3db36a17fd5e739ff3
SHA1 b4098220f277866ac98f06a2150694527600028d
SHA256 d6157a690457a0286485b5962d6f9b97ded7007a077654910716f515d3f5fcd3
SHA512 17a121d47d0da896be1b1826bcb3726164a6b4ac5ae6da0cf66eaf31c6f2060aed536b31e189f118bceaae377ed5067ff628f3b03e659dd2cf22f141ff148ce9

C:\Users\Admin\AppData\Local\Temp\YAQq.exe

MD5 427daccc5e45aadeb9d238b8b0b17925
SHA1 ee0c59d325960d9e86ce056f1c8b849079e77c4a
SHA256 f32b38e652c556a5b5080da29129f2f764f08e4fe29490b7a6df44118737d4fe
SHA512 5332f1871a5367325459a685a73ae0615af081fbb057bbf1220e05f6f6453e6cbe47e28d7ff0db9e527ec7a2024dd2b6e5e77e00cb68f18a60e09e653061e9bd

C:\Users\Admin\AppData\Local\Temp\uAEi.exe

MD5 53d5e84620ae6d97dff5fcd8ed3e0ea3
SHA1 b5eaa3dadadb71a8daeaeabfd3cbc0c1df14599b
SHA256 e3efa4ad29ab69c88da22227b29568b27b5b1ed6dcfff8fc3dd2e26d9e14f971
SHA512 9cd5b39373d57d39ef95792e939482b7e94754bb0ef3ed031f251e479840625fe604de2c89347975937d01a617d9a1575f3986b5a947f8c8424606d49555faa7

C:\Users\Admin\AppData\Local\Temp\acou.exe

MD5 ba33e42fface7b6e8c3a2c499d2b0927
SHA1 342473d705dd97684dc9db807b928e336d590dc1
SHA256 f964fbc680769de40287b52d3e35e5878a5b222789bac67e7be5bb0677a19b3f
SHA512 bb02bb49a5812a36058c5e416317948d5eb2fa8c96829acebbcac807347abc1ce128b9e4fbd84b9787149877c0c460432010dc44f715dad4ee3493ffdabe3761

C:\Users\Admin\AppData\Local\Temp\aIgI.exe

MD5 69fbed05f2f6dda34ff7ccd8509da5ab
SHA1 1bcde08faec5645c889f9354af720f616db7bd1c
SHA256 193e10d2ac24c265839b623762589e1ac67a83bb3fc4a7490a97563eddae0903
SHA512 9b21f6913d4d3f267e55221bced608103edbde7df3defb5974036810d014b6f699a088dc74e527523862bfd10c1db54e4be2a28ce770544650dd73b8d0bba322

C:\Users\Admin\AppData\Local\Temp\AYMs.exe

MD5 c5c364c09f9f938607926064ac1c04a7
SHA1 90dabbc267c1b8f9ef76eeb4d2b9a9a811603ffb
SHA256 405b63f1cf4f0ddbfa565edf192b2c854644595e777d26b6cf56f10a9a14f228
SHA512 cc447cf9da490e99b02ce40a0c6995c50cb616a6f30138613276877fe2017997c6a4c2e2623e9f97356d6bf94c5b14b9c863ef8a6486e59b37f4728d6c605f74

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe

MD5 6065686829f964785b0ac78457815715
SHA1 1bac2d82a4392acf259a7cda00515854f4cefe12
SHA256 fa786c59171e35730c567acb713318e675e09df287ba3b3c2cabdb981d15ed8c
SHA512 2de8428fc1ddff9f999b45afb5724ca0b1f7ed86973037ffcd20f782975c57dff32404727eadcffaf96dd201afddb3e79b6ffc86b538302f07127150389d4d88

C:\Users\Admin\AppData\Local\Temp\UUwm.exe

MD5 e4056d7901efbf2a207c825ac2067919
SHA1 96e8729547d2dcb5ba36efeea57b41d13628f82b
SHA256 f7076e3051249c1831e5c29ef8a717067f0f32ea2a114edc302741b3a616c175
SHA512 a5c428a649450336055379aeadf2f0832d669dd10cbd953512fba2fc3254165de6a6a9ab97a58ef8553fca0b071ce457ebef8712d157b23de01d7749ca5ae3cf

C:\Users\Admin\AppData\Local\Temp\aEsW.exe

MD5 c5c6abef029891cd22ec2c29b8ed571b
SHA1 8b9a01661d1c3acc9ee2da87914a29ba2bc1ba2f
SHA256 8f0d55c72ce7b43897e107c7d8c7fb2ce97d44e3af1197a286c0c442cbe20d5a
SHA512 97da890571293ef00f763ec1d9d7ebf56ac44e4cdf82097ce7402a761f06e3efa0094500663edc01cb39ce0b63abd8c6869b5fe322ca4ff9f2d686d676c71863

C:\Users\Admin\AppData\Local\Temp\ukIk.exe

MD5 1f563e21170dfbe5c9a2614b0ce64cdb
SHA1 4612948341de6256cd9408a423c2576718a0e7af
SHA256 e50431e3e4ea0f774bac0f7a5d4ab0f7b8b72e06398b813e01d46761751d26d0
SHA512 a7991c4441fa4ac99ca1c066c64e7437452430fe8e9f3c82d7079fd14703ba428d86a5d1d2099e630a86b5b21b953da4c551dbfd75f4a2823826d413c4c21f76

C:\Users\Admin\AppData\Local\Temp\uMEE.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Temp\acQm.exe

MD5 c7231cf9e33145bad7dad06e47702ced
SHA1 387a65e3e5b5b62b87cff22b5ce22d8b8d4e3b0c
SHA256 8178c846e9d79464390b0220b4ddb5ad4d1cdf4b966000428a59de78efe80087
SHA512 c3da6932fed65fd955b59d5b0f79e7cf97d83bc2473d0ef41541c1727a73ed506dce1496fbf192d1b591ff2ef512e3d0a19b922cfc445520b1c407e6d02695a9

C:\Users\Admin\AppData\Local\Temp\QMcQ.exe

MD5 989dd93ce66383b4e2ea5df575f89070
SHA1 81a41affa6daea09b9cc48e500624a23ac5e4afe
SHA256 bfeb79377bb0ad7bf904d4724a9560cccf148668ee24ee0bd206198096983a5a
SHA512 24358f3ba44ba27578b2332b21cad48d693b1ab0d3bbcf5e00cd8c534c1a233c3929d3d831efd832c59476902d0426389104af15e487626ff180b19a6dbf4cd7

C:\Users\Admin\AppData\Local\Temp\EMEm.exe

MD5 4898038ebb091f360250cd70c93a09e9
SHA1 e75b1fc91eb632723e3b2be9d652fff27c666124
SHA256 2c67febacbc80180fc0cb2239447156e0469bbf8fe2ef8cecfdb80af9ce53c04
SHA512 2e6405dbb8767aa822f1f4f8ef873f32436a20aff97508f520cc5b41e50debc7a50a08c92eedc5823df6e87006985c16271985fa184cd7b415f0dd502d3472e8

C:\Users\Admin\AppData\Local\Temp\uUAk.exe

MD5 d2ecfdb86976c85e6e94ca4dc1b287da
SHA1 cba4313a8603c97d54d2cf8f44b186c99308984d
SHA256 98c5a29332e7aa5fa1ffe667212a81df8d2db0295c6b9cdea1d9e0fdb07f12c8
SHA512 d732da0f0d53cb13e45918dae15f120c043c7bd0a46ef9dc482758aa2e42bfe26bd45584a34cb7bf419f63d5a81c3dde0540ecd22b1bfc2d90cb48b5dd15e4ee

C:\Users\Admin\AppData\Local\Temp\YMow.exe

MD5 8c3c96ae2e76eb49e6aa8212247947cb
SHA1 85abea128c6eabfe7a3e88ab0242537dde414130
SHA256 bb3fba3c478e88d1483245a59866839cbad4434b584802deaf53f5e225cb8cce
SHA512 3a051b777548561d3e36fc95d5275e761a69800d7e75c29338b8480a7d1ca9bda0e0a7255e94fce7dc48dccad82897e8725a13ebe8b8a4f2cd824143bc882f08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe

MD5 f3b2826982d6b97d6e961622258ea9f0
SHA1 b7b8130dcb35f760156c0f6a6f342e99e41f7324
SHA256 253350e65441637a760aa78416a8975f97631a20e530747101aa98e08e46c56a
SHA512 d15806a2e6fb96cc79c5bf0f9db88022462e4c9f0d4a1ab4e9aeef1d087762baa2e2bb035a6ebadd00985acf6a622a28d23428ccad331aea1dd3de7375437df2

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe

MD5 277311a2be48bd4a425ad5581a493e88
SHA1 9e28080f4cb703d222a2dc7b1e7364b49826ceb7
SHA256 2b4037e0bc4023a551d127db3852aaee375567836f32f32624205bc1aca7d356
SHA512 547c7adcfaecf444db2c1a50b11d59552d364217186e9c89f32050c84b9d1e859184f33711e72a03e7c66e2097df8984a9b05c91b965686e16f9a5634b4b2309

C:\Users\Admin\AppData\Local\Temp\WAwS.exe

MD5 a8cebe845b7b754eff6e50dfabd94e4c
SHA1 96756872c436893129bf4460f736121681a52df5
SHA256 15b1ed7e4d7ddfe9143207bb891c5ed1cc2d0e08803539eb4a2f0fdbcf9b7b12
SHA512 504477c24de7ef06097d9ca8d38e1b1881ee8929e17fb761d5fe79d00e2d3ac946aee3ca4378100e10445481099f646856f71bf8e183ba0257a27502f69871c5

C:\Users\Admin\AppData\Local\Temp\UsQm.exe

MD5 db7b994add0c2772afa6131cec231dc5
SHA1 37f00db6c6db2668839cf3ba070cd9e04a90b935
SHA256 f572a99481934c2e8c86c3b9628064acf74b2bed992508cb59eaf7a621164606
SHA512 6bb0c222247e2e642479b6b6089111537960e4e2f319fdb012c46f6f794ebd28f62a26016325639a5178459b6eefdddd2f42c62eeb01edad44b8e8744d18d432

C:\Users\Admin\AppData\Local\Temp\yMYs.exe

MD5 b19821327b6a40e7ebdd720ca2d516ea
SHA1 ff762e7cc71c564b9fe63c80caf251ea7ac7515d
SHA256 36bb6515078a75e3d62e2f7f12a0978183048819d1a446d8deb190030fc69260
SHA512 cc09dfb137fe447d2ca3e9d4ecdad515faf48a2dce0948af76d2db02aee3348d8a5b5a2e9b6bc1bc26d04c5e273dcada1ad35993f5d7b5efdb42ed0ec2e0cf60

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe

MD5 0fbe3dc0abae86d6c1423cf098cd1a20
SHA1 cfd2b7401e159bbcb35cf9a54a01219550b852e5
SHA256 61bf40c9653c74589e420f2c73397e5b73b9b4c125d87b75db80d3f553dbf464
SHA512 5117c21ea119ec0b8b5bcbf99cfdb70ca1d64b199f7c9d32ab739f3db4b4fca3562b6db5bd3b7b35f3c7f08e452035263b2111fce4af0f49cc8cae8f5da956f9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe

MD5 6bf2c63d8c1b0dc8b9570af9ac9ae430
SHA1 093232f792813533ce3ad56ba3ca94c29984ce0d
SHA256 7b8bf89f5c6f205d451050ecd9beb308261746fbacb287d65de86625424d2086
SHA512 4451041913a1e002634fa6297d906c0bd5e5e18b7c1e3d187e1db259df0df5a3ee3a4803476738063d0c620216b6c4b60ac8e1f884ff96ca077604ca93e4a10d

C:\Users\Admin\AppData\Local\Temp\MoYK.exe

MD5 19a4592623b0afe9d01b6fbb119202ec
SHA1 9a85ce9330c2b3acd9dbb626dcf6e71e389c5606
SHA256 4ee48b46f581ea9c59a96d84de012ac24f6240849ad7d4d69edde14a89112e5d
SHA512 03aeaf43e1f7e36b81dcc85ddd8ce42338c18b9b132141f9023332345198bd2fe742529b3d5250f1cef47a347665a83272ac1b8368ff93c66fbbb5bb1f4e5abf

C:\Users\Admin\AppData\Local\Temp\csEE.exe

MD5 4713970e809c4a0b121383e7dfe791b7
SHA1 e162a8e5f9bd59156d6c27edaba55de23245ad0d
SHA256 be58ec25719ba3124b3bb8b4871d2298db5f165f43ce6932e83aa5973483574e
SHA512 2f6561b3f4b5b0dbc063ac23d4051e87534f0ad4d4757fd68b42c424abfc82820b1492f87b670b762211f7eafb3bf4c0ed46db927d6e88e084363b10088e7165

C:\Users\Admin\AppData\Local\Temp\MwUa.exe

MD5 7ab87b27497038f964d15feab8635203
SHA1 fd23b74501ce18faf8a3ff9783ff86d2e90c59dd
SHA256 3bdf79310b42de1e3e1a5c116038c585a246288697b3535c571137e1b1888c5b
SHA512 0f931002bf32fb7fa656beb6987dc182697720ee607cf10576887dd0abb943ed89e313fe6f05875627228c5ed4aa875b5c7fbf01611e93981a31af497f742553

C:\Users\Admin\AppData\Local\Temp\SUYy.exe

MD5 918afa8d2430215e121b91554d35764d
SHA1 a691f12c31bff4842af45c55ff1e6748ad9880e8
SHA256 76e07d85a958e268462e898403e81eb64901f05efe6063718dac8c5fad56511c
SHA512 3c73727719e5d7e1af03233732f89b3571d2af59d45e1e78899e6f065562c95e3c9e11f49da0a486845dc0a416b63fc756d4a9d06c23eb6951a031868a2d5579

C:\Users\Admin\AppData\Local\Temp\kMYk.exe

MD5 d6f95f887a5dadb5746b5688b822e627
SHA1 fb1b051410f1b9b9bde1b62131975d98053971e7
SHA256 8693bccc4f3076c85cb649005ed213977e8beddc1fa13cce709b5a353a1d4678
SHA512 ae3df74689b1c949a7717b8404be15798324692c8ff0ae8038d3d47bff349e32e64c547852c5f31768aeca6e94eb93ce8d5000393afc2ea1731dd29df945018e

C:\Users\Admin\AppData\Local\Temp\GMYM.exe

MD5 4b7caa8e5d251708767f43ad65cf7722
SHA1 adf6f65e434db73ab4fff3a42d5564d68ede35c8
SHA256 ec335cd813c87118d84c12b1645ed9d73f4811b6d58702c12273b846b6d6ea60
SHA512 701388b7db55e81182ebbf591ababd6ded3b898760f6238beceff87cec0a45a0f2540d803b1c55f312409a2df9c2bd805f01ada768c4e7bffe24412e7a31bd14

C:\Users\Admin\AppData\Local\Temp\OYYU.exe

MD5 a29a84ce9fd92775944826874799092b
SHA1 cb59fc2fa262bd14a6fcab651745e18151316e1c
SHA256 4ad71006101c1569c0448083317fa3e5da53c2e292ce78ee48878df5bbc540c2
SHA512 b476a54b41a5a500b4ee5905e2630c5fabfc8d7994b273bf3e5e8e49867b1e225c2a07aa154b58cd46edec22d2a619b47898e945175d42d906f93ccd260a71f6

C:\Users\Admin\AppData\Local\Temp\YsMY.exe

MD5 ddc314760b11cfd86787ff27111de89c
SHA1 647ffe4f890808bd6ba0bac17b752609febd948a
SHA256 a12711b0349a22e9af9ed06d339b30df6acd4dd69701298c2c3083fe2a95188e
SHA512 d7bf2c7afbde7494f3d5d249b1e7ef8535ee07b5a0a859fe1eaa47ca9330918413c5c1a19537a6a37ef1eeea684416485e2f11a588ecf2d7abef92137b2e6d2d

C:\Users\Admin\AppData\Local\Temp\wkUw.exe

MD5 fe977603b5d2ad9135823ec29e2da3a3
SHA1 224265b3869466a0be2299a7db802de65c485f75
SHA256 052034099c7eb163402fa563e1a97b1a0d58955aaf0a76020552b93c50a273e9
SHA512 4dbd23f1ccb8657e1c88680ae1480b7cef04bff6054fd370342e1993157640b81f7aa47c94ba5da4ede1264f68491f009927faa4dc00544ef9c729d306befe38

C:\Users\Admin\AppData\Local\Temp\KoEg.exe

MD5 b349a2cc724a9317de50966f079cf698
SHA1 829cd2956ae2048124321cd0efbfd1158d11878d
SHA256 7d7705712bad6ffa3fda3c2f1d5a241873bd8f03b705621e665e4af06da81031
SHA512 26e418c2d0adc7e8829f8f70113e9728374e4199a059dee8ae5a450390a1fc5f2a9d7e25b41e313671df65d3dccfe701787c72a81187dae2ed2eef2ad9fc97da

C:\Users\Admin\AppData\Local\Temp\AwIc.exe

MD5 6475b5b7541a1e505ffd6c2c8072f334
SHA1 9c6c00b78dd7b0c6c570fcdb2b742c6cede66786
SHA256 54c7e7cfe269be70a5ddcd07bf36bfaba0f625059f9d8ea9e9352b305122e98c
SHA512 bc3843c5e3b56cb260721f39bdd976f580156852788a70e9d29b882fd7699858520342ed52ad22558c6f2f5f72173aec98b02d6e905109022c68eb59e7d20313

C:\Users\Admin\AppData\Local\Temp\soku.exe

MD5 5b1130cd6ab36ff3386f73d802dc2045
SHA1 29b81146a4f5c091c6540971fa8f8132c5c478b7
SHA256 47cb10cf37a408590f965b8d1735e63e7dfd2426a46361ada36df6953d935057
SHA512 d44b86d33f8862f999e02090a6c97ecee1cbfa360bfe16ae48f6b5a731e7780d653fa05c8f0570a6981397fc9559388003145f393f2f16c127ba9f09c9dccc08

C:\Users\Admin\AppData\Local\Temp\iowG.exe

MD5 ec5f844c079543f7c944accfaacc0bc1
SHA1 6a6acc1f2a3e858dbec9f8f92762081346141253
SHA256 330752524da5387c2f73e5ae013d08487bdeac544f0ef118a3033349e7705a10
SHA512 cf0867ad21f4bb64ce2f4dbd454b49b920c49cfde2e1043e1a5c345a695dfe8245e9b95134291c338e960051c5450145e488aab94436fa5db8658937b5c7730b

C:\Users\Admin\Music\DebugProtect.jpg.exe

MD5 079dc56fe0ec7c97849df0735de3fd85
SHA1 5e192f30c0383d69ca3ebe9d79707d4138447a4d
SHA256 c86a9e5c85a5d945bed16558f203a8fed4328b512fd0b8e60c78f7a734b6ad76
SHA512 16aab3e25e695c82fcc6fa4433bfd60ca6ae31b5d87312ada345328efd44f49c90c493924ad6044759d923ebec9cdd73d1f194a44e7811ab079a5f18063cdc93

C:\Users\Admin\AppData\Local\Temp\QUoY.exe

MD5 35b199fb030d31f7ae51bfab27e77952
SHA1 32dcb69616a2849e22f375ed4ccce9ecef13f545
SHA256 72713529090ecc794839e23c55fa1721a318d847dba81572fea202569157fe8f
SHA512 3e97957b7dd3d6926880789707c1a81c73c3a9e61b822a8fc21be9d9c977e883c739d98cc740121884f39c7736c17cf1ec993450385e6a1faa2f620d710d81e5

C:\Users\Admin\AppData\Local\Temp\ikkA.ico

MD5 383646cca62e4fe9e6ab638e6dea9b9e
SHA1 b91b3cbb9bcf486bb7dc28dc89301464659bb95b
SHA256 9a233711400b52fc399d16bb7e3937772c44d7841a24a685467e19dfa57769d5
SHA512 03b41da2751fdefdf8eaced0bbb752b320ecbc5a6dbf69b9429f92031459390fe6d6dc4665eebe3ee36f9c448a4f582ac488571a21acc6bba82436d292f36ac5

C:\Users\Admin\AppData\Local\Temp\qwIe.exe

MD5 b164b8a8fe8f4f96b30159432f9f1238
SHA1 d27432797f0b7ef3537cde071b732cf0ac975f21
SHA256 b79fea48bcf9188b0d1ed0d24b7714c86e6b84854eecd15ac7ba5923b441f232
SHA512 d441122d4dcc3e3c747c6ab7fda6e75d9d8bb22ee461ac68c620ecd916bd6bab3dddde52c7cd16d02a85204f9ef3f6519bb5b24002b19ee33ad48e140228c70b

C:\Users\Admin\AppData\Local\Temp\UQQm.exe

MD5 905a896519c2ec51b235ecbb089b424d
SHA1 49f550532199414371bd4b7b36c71022bb1515c3
SHA256 764bf0204b77128a596170e1a87e88aebf6b65339c3a90b6abf53fa818fc9d62
SHA512 e3d30c10f70c6a57416b24c282a13b87d7635f10ee34da7cad27cc71684421d8b62c1ad2d1ad0af0b6f2e56293aa9aa262b02495dad873a04f2e72da69fcaac0

C:\Users\Admin\AppData\Local\Temp\OwYa.exe

MD5 414c10d209ae72dd7e87c2500c22d6f8
SHA1 23f36c4121b61a19b1e844d82e89ff3c6405fa04
SHA256 6f5a28bd71e576c58a66581d36cdad92b4e49783f4c695af20419e01d84dfcf9
SHA512 5d391fdbf055762ca22d3483f40e7c12a26b4462808ec13ef1b218b76eb7b3b576f914a362a629c958c2be6c08e55d93d6dfce92266fec57df07d776bb6c0151

C:\Users\Admin\AppData\Local\Temp\mIoI.exe

MD5 c2ad5b4c8c3c89b05aa9e4e20c19a40f
SHA1 dcbab1a8a3a8d826bd54e4aaf942f404afb04f1d
SHA256 6445e5e9852625aaab39c937755c314653fee6bee253bd1c8ca459347b222a5c
SHA512 43fac4689aecc090d03d18c520e618e178fd11879fff48506591ce0c3c61924251af270c6b16f84744aee91d913e5ffd9f9c20555ec9a1caf386ead53b3e2a84

C:\Users\Admin\AppData\Local\Temp\CsQG.exe

MD5 320e0b7d07c09fd9b537b8838512c785
SHA1 f5b641237e5bcb59e097490af283fcb726ddd95b
SHA256 96b579887d27c5dc557424768afd42d6405cce4b1bc3947f4fdd8779f32fb122
SHA512 6d72ecb5b0a25796475aaa06b038edfa897bdebfa45de5aaf8519382e24d3230401eb98660c8e33f779981bd4d954d4da542df8bafee120f21b3bfbcd137b99c

C:\Users\Admin\AppData\Local\Temp\GsQY.exe

MD5 39ebc805543b6651cba38827bfa7cc05
SHA1 7bd6d2323f1bf3e270b8f88357a51d0a9e0416a6
SHA256 7794f834e6eb478bf68d4102588e1a502072f354bed8dfda511aabdb73b76a1c
SHA512 45a6cc881de61f9a9f1b73954eb9a8a56c6cc0e96446b711ead85e08a46a8552b43318aeddafce3d5165a3b5658c271857b4d01de0b43d0af988d15be6067830

C:\Users\Admin\AppData\Local\Temp\CEIE.ico

MD5 ace522945d3d0ff3b6d96abef56e1427
SHA1 d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256 daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA512 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e

C:\Users\Admin\AppData\Local\Temp\Agku.exe

MD5 6cb3da42c90edd1a72fefe14c102443f
SHA1 4f718bec941dd084f7e66da6ed5693e2d690ef93
SHA256 4ce042c72cf6e37e8b64ca6c7f2ac8ce1744f4667656941c321850966c4a6e72
SHA512 ea85b950aa2bb8a3ba681196b8d28b8114e4c3a4474f44430700a4f45aaecb84779f092849d52d18bb28897d1534e6af6246bb7bbaff9901da59680ee346099c

C:\Users\Admin\AppData\Local\Temp\UIgq.exe

MD5 30348c68729a0b17ba747a91bcd6ce06
SHA1 f0db950e229592d44900f0723a4f50f6bb664318
SHA256 362f06d222577247ff4d3eafc4b1783d9411d8e622b6d1c1bec26684753dad0e
SHA512 bdb69f3a4e50b9de16cf424bfe07bcf6f5bd2684e94ab20130ad96ed779f13bb471602ec5d675947e74125fc4b1c8e739487b813db9f066e71919b904dd38f1f

C:\Users\Admin\AppData\Local\Temp\igIg.exe

MD5 8257cf64434718766577f910f35ca080
SHA1 199b9c857fdcde156dd957d26c38aaa54f7cd7ea
SHA256 1c06230575b0b9fc302c9b0bbb514227426ee2653ea21249c47408106ecd12d0
SHA512 2a0bb2efb6dad8b86b9a06f3457e59270cbdc13f2f33b049ff3b92198bd3b7e46b74918c932ae121c3bf48a7848b444ac8dd96b0b0b54197c8eb4e98140274f6

C:\Users\Admin\AppData\Local\Temp\mYoU.exe

MD5 ef77b87bcfce6f0dc52853e172fe7b4d
SHA1 0a843ddb7453f137a6d7164700e1b35e7067a6c5
SHA256 441416590afb032869a986ecb9f7efdf9f0a7c73c1007ce44ae9ad6044c45aad
SHA512 082ace5e8c460da28dc205ddde097b96789b86c752cc5caf5317f7cf67e5497b56b524acbcf3bd7260029d3abe50a2b8bef40bbd63882ca476b27bc33b9f21ca

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe

MD5 881c05aa6674a8b085e2d312308f667b
SHA1 3f5d3cecb569168d7a0dc3c8d501e8b60c5e69e8
SHA256 1ff65c5ec69bcfa581795c3d3ec153ce0978367f57e01e68d656b6bfa34e4232
SHA512 ae8bf66daaaf40a63a3712a4b00c59a5c531e1ed425ecbbb492d7c7e04c53a9d99a24387f434dd5fe291c28df39ed55c5fdf5471efeafe08e65ab90e0dded694

C:\Users\Admin\AppData\Local\Temp\mwok.exe

MD5 84712fc052fd52a3db3ccf26b9d2657e
SHA1 f7c878c9a50475798f00b6ecd353bed6e9b3e101
SHA256 786463ac12b1bdfb40fbfc2e67e6ea1364edca02b45b2de87586496262bc0fd9
SHA512 db0d1a1a454b96ca2799a157abb7e6497d25db261a56b92f3c63636be638b60e0c6895563b9622632909c00a115baac235d35b133e309e44a5d780f0f9ec5058

C:\Users\Admin\AppData\Local\Temp\owMI.exe

MD5 35a40b24b1eed5cc19db8da98690d1f4
SHA1 4e14c96a44e481bb88b88290a0459db6c9805322
SHA256 ff830ca954bfd461820fd8c9aa36d71aeda8a1cc2bead14f8b09673f2292ae7e
SHA512 2d92d93275b1c845653aea5e480452925fbc3988ee44a73f3271be10c7b23b5875020a5f7c6caf7567914dd23edd69409f658f866e688fb68b3abeb362fc2f3f