Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-cbvcyssbna
Target 2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
SHA256 9e5b495ca615441e41664c15de272de18ba033eb1285f9b374fa28e90e1df353
Tags
discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9e5b495ca615441e41664c15de272de18ba033eb1285f9b374fa28e90e1df353

Threat Level: Known bad

The file 2024-10-20_81ab65298a81d207d0561795301cbc83_virlock was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence ransomware spyware stealer trojan

Modifies visibility of file extensions in Explorer

UAC bypass

Renames multiple (88) files with added filename extension

Renames multiple (59) files with added filename extension

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies registry key

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 01:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 01:54

Reported

2024-10-20 01:57

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (88) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\ProgramData\vAYUwgkg\XuUAQkIE.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SCkwYUks.exe = "C:\\Users\\Admin\\lQwMsgog\\SCkwYUks.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XuUAQkIE.exe = "C:\\ProgramData\\vAYUwgkg\\XuUAQkIE.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SCkwYUks.exe = "C:\\Users\\Admin\\lQwMsgog\\SCkwYUks.exe" C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XuUAQkIE.exe = "C:\\ProgramData\\vAYUwgkg\\XuUAQkIE.exe" C:\ProgramData\vAYUwgkg\XuUAQkIE.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A
N/A N/A C:\Users\Admin\lQwMsgog\SCkwYUks.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4484 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\lQwMsgog\SCkwYUks.exe
PID 4484 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\lQwMsgog\SCkwYUks.exe
PID 4484 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\lQwMsgog\SCkwYUks.exe
PID 4484 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\vAYUwgkg\XuUAQkIE.exe
PID 4484 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\vAYUwgkg\XuUAQkIE.exe
PID 4484 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\vAYUwgkg\XuUAQkIE.exe
PID 4484 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4484 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4484 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4484 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4484 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4484 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4484 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2316 wrote to memory of 4432 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2316 wrote to memory of 4432 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2316 wrote to memory of 4432 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 4996 wrote to memory of 4424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4996 wrote to memory of 4424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4996 wrote to memory of 4424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4432 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4432 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4432 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4432 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 4432 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4432 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4432 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 4788 wrote to memory of 3468 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 4788 wrote to memory of 3468 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 4788 wrote to memory of 3468 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 1712 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1712 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1712 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3468 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3468 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3468 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3468 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 3468 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3468 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3468 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 3604 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe"

C:\Users\Admin\lQwMsgog\SCkwYUks.exe

"C:\Users\Admin\lQwMsgog\SCkwYUks.exe"

C:\ProgramData\vAYUwgkg\XuUAQkIE.exe

"C:\ProgramData\vAYUwgkg\XuUAQkIE.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAQgkcgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKMIkgQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUYssYAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JyQskEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oukAkkEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUYsMkIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oAAIoUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqMcoMMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkMokQMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqMgcgog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aMIckUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEkgwcsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueQkUAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWIowMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xuQMcwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xOgwIUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\paIkkAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\icAEUIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sQYgcEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUEAoggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYokUQsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fGAUUUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIsEEows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POgUsIEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bmsMkAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EckYkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iYUAEgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSwEssIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yeQYwswE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOEMYgwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\takskEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hwEwEUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RkMYoAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkwwgMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\geQQgQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYEcYsgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\akAEQcAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgwMEYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyEEMMwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XKcYIAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqAIMEQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEQcYUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AEkEkkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuYwEQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOsoQMMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqcUwckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsooIIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LUMMkYoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSEYkEcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YoQgkUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKoMoAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmUkoAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zqMccMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vUcAsIUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LikMcEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAwMkQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sEkwMMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GAcoAEwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IGYoswgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEsMogIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZQswggsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgkMoYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yScIIAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQQgIUsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YUckcgUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HkEQkcwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bCMYQQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nCwMcQow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BCkIAIco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOoQwoEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aSwgIsUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCgUUIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DIAsIocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcUgwEcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RuwwsgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAssYQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wcQkwIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWcQMUkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\smwkQQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOEYUsME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hagYEgUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIgkoIsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUgEMggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JYQUYsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gUwIUskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACwsMEgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOEAAsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MQsQoocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vygsAYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZsEckgUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ruokckkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fgkwcsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QUYoEAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAYYkcEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKscwcwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGUIEYws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TiEUEEME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JuQEQUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XWwIcIcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LKEwEMYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MokocMkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GmAMMAYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYAUgAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZyMoEocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv 3koMc1jjHUGi/dKsLeMgZw.0.2

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HiowAgAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZCkggcMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VuMggwQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ukgMIssY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ScwUQIos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\csEocoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hgcoIYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\naMcooEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgMoscQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqkYIYIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MawYwccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWEockIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oesMoQcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKIwsgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XucAkkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAYgIkMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAgcMwUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yagUwcEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CSEUIAMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSoYEsEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\toUMIsIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyYEgscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PAcUYkoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
BO 200.87.164.69:9999 tcp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:80 google.com tcp
GB 172.217.169.14:80 google.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4484-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4704-12-0x0000000000400000-0x0000000000433000-memory.dmp

C:\ProgramData\vAYUwgkg\XuUAQkIE.exe

MD5 65f53fbdc95f7ed5cc99117239fc3815
SHA1 3ba43bb26403e3550087568808e54e1805b2fb54
SHA256 78fa9d190135973a802b5adedbcedb8f1cf34acb7ffeb196e73bd0f73eb71498
SHA512 533e4d3c53753d1527b79dcd7b28f642244664752bbeeb855eb69023587b6e647745e01585cc02477e0492029172ad010d70dcfaee1061c432b2e9aac566e824

memory/4884-14-0x0000000000400000-0x000000000042E000-memory.dmp

C:\Users\Admin\lQwMsgog\SCkwYUks.exe

MD5 9a2a702fd2d0ab0718a2aa800c38f829
SHA1 9457e0d81d8f32f2ea15760850b8b9b7a098fd62
SHA256 a9e670f7a08f2b859823bf3225a1f402b91945fdf4965219927898fa477ac4cf
SHA512 4586cc8ffd09763d2bbf1aff55e07cf09c68b045c6b9dc5614801de3da9b3896437bff54c0be9d28dea15f457d5a31eb5bb7e8b363bc0006f573831766f75613

memory/4484-19-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YAQgkcgk.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

MD5 a51464e41d75b2aa2b00ca31ea2ce7eb
SHA1 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d
SHA256 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f
SHA512 b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

memory/4432-32-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3468-43-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4712-56-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2616-57-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4712-68-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4536-79-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4976-92-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1400-103-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1992-114-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2436-115-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2436-128-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3464-139-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4908-140-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3464-151-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2832-152-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2832-164-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3236-176-0x0000000000400000-0x000000000043B000-memory.dmp

memory/512-187-0x0000000000400000-0x000000000043B000-memory.dmp

C:\ProgramData\vAYUwgkg\XuUAQkIE.inf

MD5 064db4d89caeff5af8fd704df6fa26b8
SHA1 9dd2775d229abcca72f84fa5da65306455868afa
SHA256 1a3f964a451d727618baabf92adb294f2aa8ad9df34f6e2cbcf642c014cbf1c4
SHA512 27891672175bc1edb79e36a013fc1c9917db5b542649f40e5cbae6143f1efa0759ba3f5c267a109838f7d4d6018f0a56e53cf8f6cddd7ed3c79f226363b01117

memory/4468-200-0x0000000000400000-0x000000000043B000-memory.dmp

memory/5016-213-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4660-224-0x0000000000400000-0x000000000043B000-memory.dmp

memory/944-235-0x0000000000400000-0x000000000043B000-memory.dmp

C:\ProgramData\vAYUwgkg\XuUAQkIE.inf

MD5 b344ca874c60f29e44c55eee39c82d8f
SHA1 3dd1db6ba707075258b0d017e81a482b49cfbeb5
SHA256 09a90bdcc53b8fff59dc4a2940e44bf197299357b170a9432ceb6b08cf056534
SHA512 d3b63ad20049179609d326258e1f804fef27840bd96da67def3e44f89bd49c251f69325807b41ce73b9ca624d0bb2b111aedb8c573eef152c00d18d4e0e6781b

memory/2804-247-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1032-257-0x0000000000400000-0x000000000043B000-memory.dmp

memory/208-265-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1688-273-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4252-281-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3896-291-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2836-299-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4228-307-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1592-315-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4000-325-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3856-333-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3932-341-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3000-349-0x0000000000400000-0x000000000043B000-memory.dmp

memory/860-359-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2956-367-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4464-372-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4024-376-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4288-381-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4464-385-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4288-395-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1000-396-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1000-404-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4316-412-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3012-421-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2828-430-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4960-438-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1932-446-0x0000000000400000-0x000000000043B000-memory.dmp

memory/5016-454-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2480-461-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1852-465-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2480-473-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2912-481-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3736-491-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3368-499-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4040-507-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3472-515-0x0000000000400000-0x000000000043B000-memory.dmp

memory/5032-525-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1340-526-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1340-534-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4720-542-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3636-552-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1520-560-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3872-568-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4868-576-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2364-586-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2928-594-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1068-602-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2556-605-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2556-613-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2924-615-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2924-622-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4660-630-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2108-640-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2368-648-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1052-656-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4256-665-0x0000000000400000-0x000000000043B000-memory.dmp

memory/976-667-0x0000000000400000-0x000000000043B000-memory.dmp

memory/976-675-0x0000000000400000-0x000000000043B000-memory.dmp

memory/764-683-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4796-684-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4796-692-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4464-702-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qooK.exe

MD5 80f8982bf514fee730786d2051fadbf6
SHA1 2ceedef9ccf7de6bf9c7e31c5783cad3628892a5
SHA256 0b028345b73a6b5857b0084060f8ed662c5d8b9b5920c8f6d256314bdfdf6b8b
SHA512 b79eb3d0434221a3d07d3c7c85104c681e0a8526d6b724ea70b5c263b76f6fb953ac82a15feaa18d0ede63b5f0ce6bad5f86086908ac412e20e6d25d5d72c285

memory/2028-718-0x0000000000400000-0x000000000043B000-memory.dmp

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 ce61b419f4c2513a84704fb58620d0c9
SHA1 2d8af49a3c102b5d84e7108b0bdbea05a1088e82
SHA256 349a152086afd63fb7b6305be903f58bd93a1025329188cce811bc9eab2e6334
SHA512 5d09a6949f9f2bf5422d3f368a9b90455dd40ada28483c7cc7c50717fa4c22148f4000de93e9a132d82bfaf43fbddb05fb8a746576aadf19fa32883fecf33e35

memory/4536-738-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Ggwy.exe

MD5 d114025a816521ecfdcfda1ddf9d6dc7
SHA1 d09e071fcff5ce2ea1822b2403c3803e1393ed31
SHA256 7b088b0e633b1888cef8c5acf0b36579544f3c9e6cbb394484a88ace53ed5949
SHA512 fcc5afed81a6de9ca0b8922987e3e8ce3395e7551c5de0bc3694389236cd3796a8bf3ae3d7f33f8827c98ac5b3b3f2ff21ba66e47aff889258ebae5e7f1a89ab

memory/2028-755-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eEgK.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\CMUK.exe

MD5 04526224af6d753e188afdd12b5bad5b
SHA1 c89e56a86b2ad5f1294721b8b5552066f0ee968e
SHA256 66f9a19584e1a52b2719ecf5f4c89f21edd1d241a18e103de7f15811ae18281f
SHA512 8da36a9a4460a82d6ef47d4050753fb896a36c5003b0021a2541e2af1307487dc43a3e6ebee15b6250ceae6e266b3f34c96e936565966a88be699bbdbd2c9e97

C:\Users\Admin\AppData\Local\Temp\OwgW.exe

MD5 bdb99ce7ee29a684f1203e4db467e360
SHA1 f2dfa5010e8c3d32bfa67d443fe5b3f5eac0f131
SHA256 871aa39c5fd9b41db9da8869eb37460f88a92c00267bc54d161505940fc96f4a
SHA512 1770264e82e2a2b6196a4fb94b374d35a714454a778f2817cbca874fa5eb5152f823d46f658aca069c5f13bd5f05cf1cff76d4027e145e38d5b509cf4d4cfce2

C:\Users\Admin\AppData\Local\Temp\wwsa.exe

MD5 425daf96aad30cd551701dcc9a99a812
SHA1 7a224a65db855d27f0233abbcb99ce33f9092909
SHA256 ff58ee4757016184e5f96c23b07909a93ed6c54b28f32b6e66b0c88eea2d74ae
SHA512 af3fd556949f7e2779f1afda3fea9aacfb934f1dbac064c648ea2843109eaf1a9ac8f1cc3d47cbed161734247efd1c36871c059d7bd78472aa0abc9f5f8f03cc

C:\Users\Admin\AppData\Local\Temp\Okwk.exe

MD5 1a979f0c65a6cd6e89868e3bca6d059b
SHA1 7ba5be6fd29654bcd25abe4013920be87096082c
SHA256 2387e4b61d3bd6fb8cf10d4ac4616b3cce6b3cbbd5eb6ca1410bba3dcad1674a
SHA512 f524da2638e0edc753565bb83583f1a0dcfa090e9710f3e4055b040699b8e8dcd7159894ba53665ac6ace21434dd710ca9b8aa409a77ef8259ed194fa993a2e4

memory/4536-819-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EcIM.exe

MD5 787238fd5e62258d75a8d2d4ebe7ce4c
SHA1 65a252b837cab6e0fed8d118d59f88215a766b45
SHA256 f3630c55f60a9a4b71bf51108a0a1f50e6e856f69ddbf36f2aaf544b58df84ee
SHA512 09dd5b11326a6cf78015bc80bdfccc37ded698970e8e0030e0b64e3537e0386865aebfc9b409ce7bcae985828de95e3a65a7ece6114efbfde3df63189ed2937c

C:\Users\Admin\AppData\Local\Temp\AwsQ.exe

MD5 13a7e7572af2ff2fe5f4fc9f463bdad9
SHA1 006edd1e2d043d90d3c371b42471bf0916431af9
SHA256 fa09b757340f1ef8f6e162eb07b4dc480b7b954d02baca84a9a7cc84ca250bd5
SHA512 4f32b526aebb5dafcbd1f33d1b6b241055c00e1c561ec62ece4b0f5be51fb3f239c18f226475b043cba2290dc7700e3770bd6c0954287f7d195b2e723c83fd5f

C:\Users\Admin\AppData\Local\Temp\iIEA.exe

MD5 5675e7a65900f1e338a307c9beb25e42
SHA1 9e1ac4fcd85a6449eb6f450d46cf0db4e1acce14
SHA256 78c181dc463e302c9248b42e34dec4b9e7b5ca5ca1ca47c4425f025685d51861
SHA512 aa7a29a3024802f8cb632f1ce50631cf27b0e594592586ee3f1d4acfc3d5fbbbbca0c3574bb13755c70543f35a053b8a36d3fdebd81724aeef28c7fd6f415fde

memory/3604-869-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3068-870-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yooc.exe

MD5 4ba3e4ea01544d3283be0b074f4dafec
SHA1 2559e0c070311b32f8f1a03daecbf9398e244792
SHA256 f5c60a1f2fd058ce831c3645f2daefa037499a46b99f5ec2c4e7973c434a7d6c
SHA512 433c0619acaaf6409013dd969412a0b26ffdf7990d9037512693dbc8ab1da0c5949c785b335ee47a261cef15226e80567d6021724feacceebeca52a30b68c2af

memory/3604-908-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CAQQ.exe

MD5 fd585aea973a793263216b155ed3d72c
SHA1 473d7376ace3314d78ddc3dd8587e3b2cab80c11
SHA256 58cba064163599ced5af369333eb6c500eba071b4571e6d9c1844bac89c6060f
SHA512 505b9ffc59588a7cc32120978417e7e0404b06b222be913697d5d12c1e0995fbe1f106f8652b00e45e6bd565acdc990333a08857d45df5c94dce61bb6e211af5

C:\Users\Admin\AppData\Local\Temp\Cswi.exe

MD5 0aff1fe349e42bc6b45a5a210d99f14c
SHA1 0711b90b919d1d61c2d00ba06d39ac572230191f
SHA256 6ff6c9608d9f1a379cda2f3467573ec2fbc2bc705930a685e01f21a4f4c009b3
SHA512 bb1dbb86930c59399dda0f3cd1e8f62b7b4be15951b96e831c4b8fe61053bc82855499fcc85863be7b660e76813469ece3fc46c9a1a8b386da96a0204e458d59

C:\Users\Admin\AppData\Local\Temp\UUMK.exe

MD5 0a4eb505e0c94d0f86a752a9065ea015
SHA1 53d40df17ad8ea0f2516446d7835f8e009bd5608
SHA256 cfc0f4a9d79bfeae38a6a4d7ef7c7075c6362e208b669b4108dc842c57bf2d63
SHA512 b18c246c877edd9f814a3a8a666532653b388c7e186bc2c050235c33dc7736213c481a462bc2cae04b354a4422a8e98665ab0b1a8a836ad23e80b9bdb1e748c8

C:\Users\Admin\AppData\Local\Temp\OcAw.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\Uckm.exe

MD5 04aeac516ff6375bc5425e5311e918b7
SHA1 7aca0e15e5daa1ab542fd579afa61d684e2dbfcb
SHA256 e0c465b5252335916df17a8f738e411e2145964437d29a71ee8004a8aae77dce
SHA512 481d86219ef8877049cca6d6da04e835462fa619d0ed81ad4743bbe3d7ad9359f066950d16e96e2b280994e74bf5a89a50e77fe336f6ccbe168b4523c7c7de23

memory/208-955-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qkAI.exe

MD5 805cf72fa59df348437bcb53e95ac529
SHA1 fa208a90e21e16f473a76cf4cc6e765eccf02dea
SHA256 aae9a902f313047b50eea0af55d78063d34a81fe1d99336d9aebfe888e8e52c8
SHA512 8a7041524157f77452ca5c6e74a79c9e826c481c85e733895dbc9d012dbd92d04c066e81c04e19357680a345193c9574a99991b8bc70049192906da11aafda62

C:\Users\Admin\AppData\Local\Temp\ScIi.exe

MD5 d32183ddfa2d9cdd78a6616bb38398c5
SHA1 4f940501f039433cce122e4bed162bf3f732b1e6
SHA256 b9365b8e42c8f10b0da40463493230b502b2ee56eef999ddafedbd13a1d0b58b
SHA512 c907d7c15c6183256d6fbbccfda45dbd0ff5a9244d8140124b9884a87ad23dd3bb9d7258d65070407c8959da01a991759fee76ae0f4329fb751f1238637fe5ea

C:\Users\Admin\AppData\Local\Temp\kYMA.exe

MD5 b7729bbe68755afea05578b2b8949805
SHA1 41d49028c2644df6aa8595af62ec5692ddf15bec
SHA256 61d6ba61708a808588f45adc32b5209831518e7aef1277312e2b764633f1ce0b
SHA512 c4fdb926f7fba3152432893e0c1195f4c16dfb0d5e1fbdaac15f11ddaa2eb104fc89790196bd72a10f81388be00591026706199d8a4d71ec1c74b257bd310953

C:\Users\Admin\AppData\Local\Temp\IkAU.exe

MD5 c646ac771cc69c900455685c37723d2e
SHA1 bf695767051d888078bee0001e726fde4c411465
SHA256 1c0aa4dc4928a8e3888dc9d6f0b9e54f012f24956f281cc7e8cd66bb6697300f
SHA512 a32b7a85c7d10c70a157962146bac4a46797811d2f2123820d7f8d8c86aa56eb83e4d840a45cecc945353a89555ac910cf1fc301dcb0a096fa0668f022942a56

C:\Users\Admin\AppData\Local\Temp\uYcu.exe

MD5 b8e7470793db2c4e5c915906045bab08
SHA1 0425acd623729fb9ab0a0bb678827d472fac921f
SHA256 d3bb3482a545f89efecc18b156d43ca58523b07c7df162d4726155dd5054b8ef
SHA512 00554bca7048632811129e4de9103929c34a8afa790c7b140cf2fe6160fa35588f483d0ba28722cd62e21bb978bc15bdaa906cde7e90f18a2851537e3dfef28f

C:\Users\Admin\AppData\Local\Temp\akEM.exe

MD5 12ce83e48492328f30249e7819306a7b
SHA1 c4d1c7531607b0e686daa8c38b0f7e8a1b870748
SHA256 0400ceb89a83ce00bfb221490ad21dd7dfaffe7604b6b1870be488ada30e6edf
SHA512 35f7c182bbe7efbe82be18035f61b313be42dbfac2a9686bb396f1c28655a408073ee92bd44e7d9ce55959a5629e8a422cdbd55902879d367b17faadeafec5d4

C:\Users\Admin\AppData\Local\Temp\KoME.exe

MD5 011912a39dfd2e77f890561b5c6edaa2
SHA1 30028b446a8c1ad039157f301e5831cf44327c33
SHA256 3a568f5f16ca8e0c77d8dda8115fd93b2c8e022b91e02298345ba38a0cb92dcd
SHA512 2cda537ba9213faf2019c371a174c2ac16323392be796bcce9ee858b9da5efd2578512cf243adbc93b465d14cae8e2a18eead90403073ad9141d68ef2cab5f0f

C:\Users\Admin\AppData\Local\Temp\OwQG.exe

MD5 70965233b7f7d55efa885a7ed5406bf9
SHA1 2417db1db5f45952e84be81377a438ca2ad1922c
SHA256 e4a60d997e33349267d522e6714e37f080342af8408fd61ef5e0316348af9772
SHA512 2fbf312d026f7c54c1c8cf5854753c21f111f7960ad5c6a59f4149811e6499d901fcb6e752fea6a5c3eec019fe736256a22e8e36a6d18fb8543cbfc19cb0a6f8

C:\Users\Admin\AppData\Local\Temp\mAUy.exe

MD5 29218b9bcb1ddd0e5d1c49ac3cdb2cd7
SHA1 274daf5d7c538670bfe62606559075e2fc602dbb
SHA256 b345463fbf0af78877da752bff38af8a741be9794f8685bedc1b522b9b91409e
SHA512 0b38446ba37b23187b0c87d0de41b7d6503358969d672f727e5148cfc630d70ea7d1d2fadc43836af31cd02cd63ea513eb272577f695b2b8a45c36935be5885c

C:\Users\Admin\AppData\Local\Temp\Mcwg.exe

MD5 de1946ad42f142b8b7a64625de0ad6a5
SHA1 8612ca9402ef7a1f9872a5a9076fa5fa106eb9f1
SHA256 4cfce407f82a983c8dff5df29a2e21e950dbc7e711bcef961979c4fb95552978
SHA512 baab90ba4d36f6260a5b63f850385ce9d66ba560a0cfbb827a573edfc1d8f6f43eb613c10a531a3f58e07527b6c8e85de65dc636156ae3cb5de7a552632a7d22

C:\Users\Admin\AppData\Local\Temp\yoIw.exe

MD5 9a6cbafe26e0f0aa0acb457e79f6d0ef
SHA1 8566c54a017ac8d8f54732c026f543c90ceb8a0c
SHA256 27a6087d4a4583beaeb05bd0838a6baa4c15b8eaa4969c8aae82cd86585e3fea
SHA512 756cc557392f082ff2689206c8e05348166a381f3bf94398d0acebb4cc3b6f6beaaf20d7e99a213f4cce7fdb0d01889a855289127c8130403cd00a98616c2122

C:\Users\Admin\AppData\Local\Temp\YscW.exe

MD5 c5f320944cc8cf9d9efa224fc918a5ef
SHA1 78b41c2d78e16796d5e50eff9a605035049df208
SHA256 0942de31aae49331d9ae5a2335968665af14d0e2bb01d2cf2d13bd8cf79b73c4
SHA512 a45ba7646787160d20707858b9decc107719ef6db5240b2e11017d467603f745a156024cbec63b04a97eba7d9c5742873e863df79cf9275bc79b4d90205e6a91

C:\Users\Admin\AppData\Local\Temp\oMIm.exe

MD5 2f952a5dc25034a637c274ee34939057
SHA1 aa84042fda7e9930a1eda5fc61d99be2ce51936f
SHA256 a914c6d594153ac05a516953863ba4067b89fc8e2461739d4a7ee53fb5ed5456
SHA512 79abf5ed4a6ce4ce296726cd04a08098e3508e271075fa70aadcd8532e6aff75af9ef14a40809d90abc82dde945643c0af4ec9f7c6bc64d9329516d6259c82cf

C:\Users\Admin\AppData\Local\Temp\oggS.exe

MD5 7149e7f497b7f8c3ab7ae278039421f9
SHA1 22a1b6adbf14b7d9a086559faad273e459d80652
SHA256 b28c9987fdf8b76ba6604be1e0d84eb1cdf2971d54d87646220522e81e1306da
SHA512 42509efa4efbf3041f814dfc4d7cf6ea8e5070bc800a6803eec571b0640dcd6854756305d896ee4bfa90c86ed97fb0ae02f30892fe90161b408f5dbb20670c76

C:\Users\Admin\AppData\Local\Temp\iooM.exe

MD5 1f0616adf821dff143b4ac254944e328
SHA1 fc3537d815d19f2b536103c586830ce9a2da854b
SHA256 23e366ebcb94134c00044c58ef90a3a46cc81707cf154ac243797784a13f1774
SHA512 4c5b315f3d5328b4ba239a3e41f915aae87d11b5e5a7e7e7bd9059a6bff77526aedbddac21cd60fc3042325ee1ce923c0f69255d7e1656de101c8bfe3223304d

C:\Users\Admin\AppData\Local\Temp\Qkoi.exe

MD5 4ddaf7f9b1d69b60a276fe77895e2886
SHA1 0519014cc755104477288783056d3ffffcb9d6b7
SHA256 885f6a18db163a8bf7ea38bb170c4627a00498f9ac1b634c9a72168a1012e47e
SHA512 eee4abec761e934a88128f44af1e49b0ae01abf4e3a245fe908dee106a35a5200bda3e092d0bdb8d97bff7fa58f07f2d6e3ed70e7fb98c6dcce2817bf3596559

C:\Users\Admin\AppData\Local\Temp\kwgc.exe

MD5 1a5a3225a165ae18bde52be65a4bbb24
SHA1 8e53169e4f615ee1c097e20f2495a0ccac2bb764
SHA256 5a6cf925c85cd55aa11a4aeabdb3c75f203833d8f172be5873b501dab7ccfb88
SHA512 139b788882244b408f49685993d38a50c9934742f0148766944d90558d06031c63a49c749b848fa8155c6f8c9f21622404ab45e0a8fe0079304d24d1e83822b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe

MD5 f0fbe0e68b028192d1f44190a7ce2b90
SHA1 650c1db3031cca100bc28d20ba1c3d0100487595
SHA256 06e7d2f00c2c84781ae337119ede75398b0aac114211a1d70b3f1a5cec11ea6d
SHA512 5872af24f992c1526b3c29cb901ead58bfa790f6c2cae7b72cac286af0ef84e33c85eb0962becc8eae4e8617c42b26bf2d6f9072df7ccb8e835e3e2370e8e73e

C:\Users\Admin\AppData\Local\Temp\cIYs.exe

MD5 7e202d43d9a516c6d912340f5c0256c7
SHA1 5cd28e3b0cb5640a7f3d558945fc6aa0b3078d88
SHA256 9073b70aff8af76b6e02cf0d92a6c8f385cf6bf4f906f3d8264c62ceab1cf76d
SHA512 731a2f8819402aad138e5e1c46dab02ac508529aff5d67926263511e5fc195e25dbed3ac8643d850417a56f438eeac76784924c4925796a29faf652eca354c46

C:\Users\Admin\AppData\Local\Temp\sYUY.exe

MD5 df6695497cf5dc0d8939fcf18bd369fb
SHA1 6762bf2bcdcb08b5a933fc3163b3bec5e98ab7f2
SHA256 22511cbf8e8c572e1874943a564b8dd40ec4f382d853c5ced07f18c284175838
SHA512 bc35bd49420d4b9440fe1c504d67e1a880fc31fb465bf158b66a775c6333eb56a5d29c980695c172e601c9fc88fb3fe6fd71f916bae87efa46254ead1bdde810

C:\Users\Admin\AppData\Local\Temp\KwQO.exe

MD5 377b59bb2aca0228d831d3ce95718871
SHA1 5281395488e8f5ebd4d5bea39f2175bfc32e445e
SHA256 4a5cdb1f0a6934d44f65510654cb8f8e3ea40cd7c52e2835d0fb21e632548f50
SHA512 d371cdcdde7c253564cab3dbc7ae4406c5248d025fb63e03adb76da097d85b838989080a2f5df63e7fe40a6ecbaf9c497614bf4a1de6845ae9f52f86e62757b0

C:\Users\Admin\AppData\Local\Temp\aYEC.exe

MD5 defdfe1bd92533a73bf840cd9344fb20
SHA1 da3332060cf00c3577fc47035363a61af9915186
SHA256 622e7b08ebe858a4d8d00da81113c0dd5158a5d285ef1403a009f0d15da3ea70
SHA512 208010403f1843fff12f9b5150fd36852eed5e157effdf826311021e82d6a203a1a3a06661207adaf732988456c2cd14683ac7f3abc8b3a5354ac3bf9a29e9fa

C:\Users\Admin\AppData\Local\Temp\YwoC.exe

MD5 c77414ed38d50c7e5185aa4bd1a40820
SHA1 7eee1ef35f6360ae1b57742bb6a51b9e0a6668c4
SHA256 0c921241559e2242036ec7c502beb4ebd01aed55d57cbb23c3fb1ee850706ba2
SHA512 e9145a165a73881f7dcd8841db40e762c85caf7c43c07114af66fa5bf750c771ab6442c062a7341b669bc6338a7ca12874d5d08e79fb13fb16bb694ba8a9b0eb

C:\Users\Admin\AppData\Local\Temp\OYEG.exe

MD5 25656a58016a490169547b4e362f607a
SHA1 303f0f573efb64631fbaf7fb73c912049abe57f2
SHA256 0ebd142920965c1412e08a7e70dccb0cf3d7d01282b76b314d429b6116ac38a8
SHA512 4d2a8a0749e506f50eb1bfe2946a2b652e57d75b452f10dc7faf4c28640fca0929fae3fadf8d0998d3daf8fbcce7276a5e3976c0efb990b1fa5ee32bb83ecfbc

C:\Users\Admin\AppData\Local\Temp\iEoc.exe

MD5 ae8a9b527bc2272b1965376f2134ef90
SHA1 530bf50db6e983d836536bf20bddff6a831c1943
SHA256 8803310c6d75d9bd988156d4f12edba047d1389ee7d538a16f7a2fbeb768dd78
SHA512 640db106766de4ba86d300fc2f189d951910dfa5238b62f9464626524a64b99bf9c8f58e60312ede2b57f5ec45edd5c37005a1f5606dee545b8d9041e679b7fc

C:\Users\Admin\AppData\Local\Temp\iIsG.exe

MD5 2e1b7c733caafab10e5ecf63b861ac41
SHA1 a2abf40259d05ca9a0d3802ebe28eb62582b79d5
SHA256 4caf71a6a8f6ee86ae32339c975bcb735df2a9762337061dbac721f7b48e2676
SHA512 47668bed462697f429c69051f6c70b5b107d5050baee0a60d7b1b3e8b259d4751c4f628d9ae5cd1142814feed3ebc0b5af6c300f17eaaae06d20bf29b4aa0b26

C:\Users\Admin\AppData\Local\Temp\OoIi.exe

MD5 a9516a4ed9bfea94a5ebbe6696aa0c37
SHA1 3ee64636a6a9560d7447d10a01d4cd3a384cce2a
SHA256 a2af3e4e052e7d651f15b13d88e77e39853c80c9bccf39180d0bfd47364a86d3
SHA512 67e29b2c7dd9c8618ea8353987030e40590d79678125be75256a02a600a516b23656f3ad50d75bb483ef23dd9070e9fb432fb7b86065d4d78ede8234aa522bef

C:\Users\Admin\AppData\Local\Temp\oAAK.exe

MD5 9835cb0ddd47ebe6da2c3292363fce4a
SHA1 f7a88b7871b3f5a305bf8d9d54aad96028466ab6
SHA256 5785935d0d6c4426df654366eb22c73399f6e64ffa901f7321404ea0584e22f8
SHA512 0be7016e2d797e46bf61c930ca15fafbc07ca9ec8baca3a97216f0792ab5d4754b60e1a2cf1d49bdcad15949eabd766cd84857f0d8cb9222ef71b56b598eb322

C:\Users\Admin\AppData\Local\Temp\ssYg.exe

MD5 5c3b01d686dc79cbc7b4f1117db823df
SHA1 d9514cba5957e05231be0000d02d903fe8666030
SHA256 21eb09a5c9615b65aeea2d83869a990ece9ae25ceb04b44452e75dabde3aa005
SHA512 2977d3ed49769eb70f7af4822067698ede7e37f9706afe04e26f3299ebadc9df1deed113fff60ae631b9a32dd759029f49e4517eb7e904b6de0e04ff1ac3cd3b

C:\Users\Admin\AppData\Local\Temp\gsoY.exe

MD5 c8da3baed120a18092fdc856bb5747d7
SHA1 0404c4eaa31b7e7e4006198a8b9ae2e5c827b006
SHA256 174c4f41a4161464bdec5e64c0cbe8e63f24a2ff56566d29be488b6b391adb97
SHA512 fb2eb7dce6b8670a9efe8d90f7a172ce390ca291dcf970576e2f567245b2ea48fca0ac216f80834849abaae456e74b85706dbc8bddb5058a63b65058bd48b796

C:\Users\Admin\AppData\Local\Temp\IocY.exe

MD5 1de35c972c37ada7731e81d39dc36e39
SHA1 6c780cec4e23d9ace83a44b633e4c4c224b02241
SHA256 af2fa959d3e0e390b24336eb56f501a7a87e1a613ff14a1d112eee7158d0f277
SHA512 8146f90dce375f442db10423b652337e8baf3d63f90c0e4ae7217bc167268af65f9c7ca040cb72cf6cdbddfc8ebd2ef49f715d68a0a9d5ea7051dac82cba6784

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe

MD5 27c9bc3016d091c78394c1ca58e7b674
SHA1 f8cc4357773284aef63b6a97e44c19f0cb38b8de
SHA256 8e33c38bcd18fb17b7927896a00e61a86e276133dfea429d373b11518de45473
SHA512 d737948df28864acef5ecfd8f6a372b62b801d86a94a3a58ee543a84c12746ffa1a38b980ae5b9d1c7b599f7f8d1a76a8ddfe994d2392541a8ebd417aceb6e9f

C:\Users\Admin\AppData\Local\Temp\gQQM.exe

MD5 133b0d507c077bc7d25922f0334585f3
SHA1 5c1b04c368a92a06f9b17f171334d370a05693af
SHA256 075e4e1b4e3bc27998b0d64f41b973bc14ccf93de299942e813d7af49b18e97e
SHA512 30b6644288c46b486adb7e584215a4068ff4a700af883b667003fe99f6adfbb5538c9abb2eb4384f6e2322425ff303e45c837c9b1dd4f52aac5b1e697f668a41

C:\Users\Admin\AppData\Local\Temp\OwAg.exe

MD5 1d3723fabdebdba76b9fc97eab7629c2
SHA1 b5acf2c9b98874787231be255f62dc012f43272f
SHA256 d87ef791015fbc1bbc65abf677f3a71b68e3fee9da706ab22a46a0e9287b5083
SHA512 c8c6c3ca8153e3de2fc8cfee2b18b429cc0a98954d45febfeba047d32bc8ad1f763032737b39aacd13c7561b7acc03643755bcce291fc7619257a91300cf5b4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\128.png.exe

MD5 4d42be0c205ec97928463281cad0a04d
SHA1 cc488b51d99ddfdd3b259afec1ad26f97e2c5b0d
SHA256 5cc8563bb9597eed525142fe6502390077a364cb99ecaa9e9595bed70476b84e
SHA512 566314fb68ed7dbe3f357ca322f8718bbc2b1fc5d312fe730d526d47235464a9ba6eddd7a0bc0f42e57d53767aab8a6da1f61c744ed3c474c3bbcb1d6db24e1b

C:\Users\Admin\AppData\Local\Temp\GQcG.exe

MD5 9460625f760f0c1e69889a6b2c5d57ff
SHA1 b80a997078f08236a047d2cc0fb9a1bf5657c910
SHA256 24b3970378a6f8bf93f6a9a58a803f2c77276305e0a309ab3d9872be06494ead
SHA512 c6852641c2b0addf8eb3359f5b5e38a05b269d587f20a8aab3618398e79b3201a8630f31f87f9397d873fe9a81fed00d6c75e7d8fe9c51b927d327b9bc07f55d

C:\Users\Admin\AppData\Local\Temp\WMMm.exe

MD5 47cacb470b82f41d4c549aa60e1fd686
SHA1 e60ea2b7581861006f43f44f41b4f54c08bb0106
SHA256 9a8d92ba6da197058bd97e282b2e746b1cc65973f60a4789e11551b1d7901c8e
SHA512 2ab3f025370be6e3c8f199da702d6324b6aecb0e6fad4ff5d44a1dd025dc707a0ee4162e37c354d61f20f354e6cc216e2a38fab52990ae7e21ec87dc41123380

C:\Users\Admin\AppData\Local\Temp\goYa.exe

MD5 324aa1a812dcb859c5b13fc32615f411
SHA1 b16e17e44fcbb3317809942b524ef3f796aa93f1
SHA256 1a4cc31bb0472afddac3682039266bde653d34998a7bc5ecba71ee0c9e552bb8
SHA512 84f0d8fe7f3664b2443216fa1736400d1d61ff0707573f7fba70f2d066e9aba5b36ef7b5d7e6e6289737bb708e2492cb53a5aec869438709477e008879231aca

C:\Users\Admin\AppData\Local\Temp\UMQm.exe

MD5 dbf40dbec2fcb2328aacd79c604357f6
SHA1 cb40d49fe508330f72b7b22fa9fc82129ad724e8
SHA256 2a7c275192e0723c01852eb59b2adfc982cedcd943041338b6b19661de570142
SHA512 ab4d597f077ef85efe2bf6504903004f214d896c537733a974812ff6b9e581046a4e76b2917be4ccc1ffe255977522dab2aa0d906c764eab12a5bfd3b6cd5acd

C:\Users\Admin\AppData\Local\Temp\QgUC.exe

MD5 a9fceb0b7c78f541a9799c37f1449eb8
SHA1 b8f8c9c8c4dcdead1b1aa1847780287fb57c4ff0
SHA256 8e84cfbb497355d079d69e27b70d45d0c606c85f15c54798169f792469044066
SHA512 2e079e3c38f23b4c7a105af69f79b7fc9d251e400b06af14d8529aa19319f2f41d1f38bbecf1c5834282d3cbf799bdc1f608291dcd1264307c0ac8e7eb4ac01a

C:\Users\Admin\AppData\Local\Temp\IEgm.exe

MD5 91077a72e4a911763346b6f68a05b8e1
SHA1 2966ee2cfc1edd899e3faf71ffac9862dbd8ccfc
SHA256 ca2fad052fbd9681b222c5149deb68f6d085a667ada99225cc1d98b10fc57a87
SHA512 484d2a61cdcb75251ecf2446575bf63c6fd175be5fa4f73a4dcca4b78d2235a8d7c458ca1e94f93cd60c94466ac30f7af6cec87a0e69fed1ccbbda4957099ae1

C:\Users\Admin\AppData\Local\Temp\uwkY.exe

MD5 3fb9153b938973c1b6dc8ac60894c8c3
SHA1 6d4fbf4f76fdb76108fc8b175403efc3e3a107f8
SHA256 4dfc4ddde7be3f810754d71d3b47b41f19e903d7bc4f2aae96a9475f000ae17a
SHA512 0a7a76ae030c448304c20807a9c3b5ce8a7a45e22901fbb21d930224a41c3dd92c18338b77e866638c69c3947bb3ee8928f45ffa52a1380ab67e2dbddf83926d

C:\Users\Admin\AppData\Local\Temp\cggq.exe

MD5 618800e863ea3f48a412b0864ed80383
SHA1 9b8aeb829290909be678c00b2acd2527cb87a09f
SHA256 01fed9765b0b6e7cdc3dc4e28e31c913936d4b8854bae1e1e344934e28324df9
SHA512 30ddbb9d3e4f22f00768ee9b8ad4a6a589de42e1d470beadd7f0c880c812c0459033648ef2b3dca83123c9c039e5278eb09df92ddbeec1432bd34a8f453eecfa

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exe

MD5 c3100250fc61e61a50213fd0e0cc5d49
SHA1 3c47eae3452ecd94d745b4a0ba99d763665ccf09
SHA256 4c2dc368691ae4af5c4ca432b162991bd7600421b3f7e0663f20b8fdcbc62c78
SHA512 a899926a9c6b8c893bf26061f92fd3546803b8f646300557157fd1e7ce2bab15f8cb5082ee8e511eb59cb9f3a80ecb8df5d1ebee4cf91905482475249623bf60

C:\Users\Admin\AppData\Local\Temp\Qkko.exe

MD5 75f4f75781c486538ade61b4221df63a
SHA1 e2048ae7447a76161c2797d3e9551d7e003f3a2e
SHA256 e1d1769c4d4185ce0642014a7be9c723c550053ad6999aa282c51231d03653fb
SHA512 0bc9cb2e1900cb31cc70fe46e7c6a9dde71d3607b6977020c7c089e7a188d7e6d0a16c3a4595f385c04f0882e01e3ed14f5c41a394339904caae30bc1d277fd4

C:\Users\Admin\AppData\Local\Temp\Gogy.exe

MD5 54af0b0a12b1bc5903a26519bc5f3085
SHA1 a06827cf12ee1e97d21d3b1cff8b5be59e400378
SHA256 529bbd609ba28f3db6a1c89d57319b29d28c8cd83f007ab5a0ea51a942e8f6bc
SHA512 b97ba06053ba0426d3f315a661b3f45ce18d2b3d86ee8ccd623af14d314492ddefca74a4a98d6cb733e278eddfc38434c501ca507d6a06846a6ef1755be0a733

C:\Users\Admin\AppData\Local\Temp\aQIY.exe

MD5 4e8fe2f247a770333724795d5a207f8d
SHA1 abdef1c671d3d48d224d9f5095c631492a9d8ef3
SHA256 87b7dd98fe7bb5d1120bab8437117841d776c163b02fb2bee1e87e282a2d4d5a
SHA512 616597926ecf3303adf87032c0fc6a5ce093433d51365dde8aea43f78c16d46af7e05b002237e61ebe58bf1f25964dff2baa9c1e52d51b6bff4892b0bdce9d55

C:\Users\Admin\AppData\Local\Temp\sIcc.exe

MD5 b037f3ce87218c0449257fd49fddcb73
SHA1 419c1fcf44167362a29fe9d7b25987629de50a73
SHA256 6735c9c07406057d651ebe39b7b2328658c21056de83159cec1bb3ee6861689d
SHA512 23fcb52dbb34c08a1270c7bc704312f931e8eeaff10f2544bcbb2dfd9abe26df89f1b1f26ffb121a4ef27c9ebc766477a7a19f57c41992869b082907a2a2b553

C:\Users\Admin\AppData\Local\Temp\sggw.exe

MD5 350de814fb6c4f024fbda148ab6c6bcf
SHA1 c5bdfdc49b2c49aa38ce89e23cb310918564f833
SHA256 e47b22ce16eb8ac151c860b46206ca94e2695e794bdf6c9fed2e8fa38cd776bc
SHA512 fae7f70992c58af715e2a824eeaf2e7e8ff2146f2bed7da7726a1af30814136dda7372791acd80d8c36545cb6008ebd5b72a14282e96d43f9695ae5134556548

C:\Users\Admin\AppData\Local\Temp\mwUe.exe

MD5 d0c7a7ed34c556a77d920bff5acd5d68
SHA1 c6b3377ba05133e624cdf14ab4ed4cf79f5b2676
SHA256 d090aa0a0577df4df5c47e2fa6b4b26a93c73851af93f50eea69744d78c4a17f
SHA512 e23dd8955a47f43ba22ee8309636565438a02e9e86641067d6666cdd3967f61f080aa82d89bffd9b581a764cedcdfe5060333ec1b57742a1df3a11f014ffeb94

C:\Users\Admin\AppData\Local\Temp\ugUq.exe

MD5 d9d0f777db62a2c8091d8a37e6e55034
SHA1 9e861170118930b916d513484aa71ec92ff0792a
SHA256 fd975158414954beef7011c0aefb0dcc57c15390bf12aa77df53362a315a4987
SHA512 6e0f1906e40ec7f40d9c4efb003f50c56e0165009da3b0e39adc68c69be6ece0c15b815d5e2f6da0d38480176d91bb292ad0a71bec2b201b81c8a3e04aa53bad

C:\Users\Admin\AppData\Local\Temp\YYMG.exe

MD5 28990519d34d85271c432e38f601497f
SHA1 567ddb423a517392a8cd1d790e40003862257012
SHA256 e857f9fb61b2deda80fb517ef38701fb274f731f83c0068e382d059e49fc1764
SHA512 62ac33357d84d626852f050230f5525322fde783a6cf73a1b5a256215bc77dd25204feb4e51a2cfc74d60fd4e1bc842904fefd337fb4275ca43f66001f07f70e

C:\Users\Admin\AppData\Local\Temp\qoIq.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Temp\ccoC.exe

MD5 04c5b64619971df5e5e012b17e48f7c9
SHA1 1a5428f7ac0692badeb5fa32c242742e6fd01bb9
SHA256 ec58f59290e3622e3e69ade0c63820e959c87b54f2272daa1417dab865227496
SHA512 97b8042af962d633e1b7bc5466c7883eaab746dc65816cfe1cb3c6508c448865a9acb4471ee5b998c8ea6c81920f10c5dc0994b253f998950f7a3ad957c180ca

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe

MD5 ccb705442fc4fe5f4044b5785981e350
SHA1 52496ca83db7060dc4baeecae345f9fe40bf3c45
SHA256 056041ad229ec1cb234417aab673f8ba17383d68c97372fdcdff10a73c354325
SHA512 b2b9b0567a0e3e8fc5e66e9747016bdd864a522a0a6468511be3df2390caa714ba49793314209234242ea8c9274c8a5c4feab802b5b7e7a8c8589bf81a409e9d

C:\Users\Admin\AppData\Local\Temp\skEQ.exe

MD5 cee0627e853230aff3d8a2d976b414c9
SHA1 f6be7d356cd939ee60bceaf32eebed98b8c40d47
SHA256 27f71f79874297faa152d020fcbe8a1f342f09edb358c3896e718a5fba800756
SHA512 684530220e0bcc6f1c98647420f2fc8bed96b17e55acd4adbc4b531acdf5fc65dd0d4834676a1da45c765f48166a83a26c37e31ba832f71f1fa79334b076ed73

C:\Users\Admin\AppData\Local\Temp\gocG.exe

MD5 3c6608dab7bd1bb214b98d0d44d29a49
SHA1 9b9f85447605d876a4eead220ae9d54032deae9a
SHA256 721e2117bf4d5bb0df5fcd55dfb0302c1bfb9d2cd0baf5a3b92287437299e1b8
SHA512 49100e7054a52a250893aeb3ee50481303a70c2a7a42a7f51d8a15f20fd0f6b114c2d380f5364e6d6c5646ee8e612992268c696bb193e9cd7e1aced6b3422182

C:\Users\Admin\AppData\Local\Temp\SEYm.exe

MD5 b4948d93644e2c67b78a575c8300ffbd
SHA1 43cfa0c3811902741dca668a6263c4fe67d03dcc
SHA256 f33461a5c2d13d3e83dae80f0d47f2a2a2f5f674f75ab59a623175f3a07e59a1
SHA512 1450d377b239ae17b81f19eb85c7d579c0a08cbde03d8f5c2cdea1816ae5471b71f385c874bd652809aaa1b5f11663e53036d3eda84251f0575f3b2f71124487

C:\Users\Admin\AppData\Local\Temp\qscc.exe

MD5 d8a3e0fc8851bec306d020e885d63003
SHA1 a4acb6019f5103e1b2f7319bc44dcee67269e527
SHA256 6f367a65749479aafb02ed8640fc90994ae3bd40294b509a6729e1fec9412946
SHA512 cc02f0af5ecfd0cfbf3e851555d64467e443338ecea733bcd372a442acc8231750f45d445d85188fedb1651e080d845129926647073cb2fa372af39a71040c61

C:\Users\Admin\AppData\Local\Temp\kwEY.exe

MD5 22997fae015a3861d3492c3af8719692
SHA1 7f1e436a0a935b2de30d087578e25b5e1e9336f8
SHA256 0b2590807d539382528e860310d117fee576a692f86ea552bb32293d26b916fc
SHA512 2a700397ec05f5cc51391c8e431a096e27a204a00d157a35560767a69bd036d9421933602f3708660d926089710980fbb0b22833b6c196dd2f5e6fd43ed44334

C:\Users\Admin\AppData\Local\Temp\wIAq.exe

MD5 d1caa41e0aee33218bdd0bdd852ea33a
SHA1 7a12b5dc30dfa700fd2ef0a26ea80a1172416a10
SHA256 800140dcb4271e83c3bce355aebca280c8f0f567c19956039e5e2c946cfb49ce
SHA512 5e5999b8ed56b7d8578398fe440779863eed8dba5c9cad35e54d47b9f8b952b3f39d168b9b76afd267711ddc7db13603a6d233d6fde848ad564ec643d9f79d5c

C:\Users\Admin\AppData\Local\Temp\ioYI.exe

MD5 d02c9556a9c1b9cfdb886164fea7f7fd
SHA1 588c5c99ca436ab824d85989d401414fda517e8f
SHA256 7241413cbfbe65312e8c8f836db55250fe823d867dd16c694646cbbc43ed85f0
SHA512 01314faff5493c462a4cdd0ec4437977f98eba44a3fb148f17ad976f3fd2e8c832677fa32cec6057da5120623251b4fb0d72cb6f4f4a65f60c5960f8e48ad363

C:\Users\Admin\AppData\Local\Temp\oUAO.exe

MD5 e8a65d72633c6c068e0c9cc0e68f3824
SHA1 6b9ca8f78f0553135fb4982aa06b5f2b650be4c1
SHA256 76ecdf0c254088ae79d13cacd104e8d8a636462ff4da6d6583c698fdbabc89ff
SHA512 436e6ac839c0885812c64556082e5cb1ab47d6ad78507bd0dbb60f0b08af887fcb82061ed7b449df4414d555a74732a508e3e0fa5e3711ada3efdb72c3fa7a43

C:\Users\Admin\AppData\Local\Temp\iwMW.exe

MD5 0dcb925664361cd8bc0ce9fc51459255
SHA1 db5329ac74288d26153bc3ad34b987796121e57c
SHA256 64da5e391fb872554f659f1708d02ca5a523a9e4f01a2148869e3dba849f7fd5
SHA512 cdbf34d2f145b04e394ae11d4c8ebf1d34ff80138ff68993d929bc8451a9106719fa2c7b2f98255fc8e2215b9ad7306913229c634f540177babf3bf09357aa60

C:\Users\Admin\AppData\Local\Temp\ikwS.exe

MD5 519a80f08342fd6d88d3d91fd6d7f45d
SHA1 5e0d05a64d70d0e9bcbb79e630b2f01aa6b38ef2
SHA256 2808034aa2f12f56139d3553eac2656a7485f057a955943b314ee1c77e650c4a
SHA512 f35187983da337b930ee1b271f6c3fc2aa2cb0204f9094af49a382a9b346a55770888cff3d21e0300eb4e59ab5a88144dcadfe0dda5e3a222f0bb31bb2025762

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png.exe

MD5 6e00606e9c256d1c472754a1984cbcec
SHA1 59e9c07a9781945a12ccad3dae19ebdfcd482411
SHA256 07587d5fdd4c640c94fca29ccd8cd9446e36bdf5d79a8a036a423f0219e2a237
SHA512 f2a1fd3d3328902d6c8ae9a577599f7f7f55ec99ca2c60f3a3b4c4f6722c96968b3233540448d8ddac6b9cc8065f05ca0108bc82e473a16457ae90e8ce107f67

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe

MD5 5af5c2bbf7f40653942e42d9d3bce0cb
SHA1 23970ca8deb41f784a7e46c86ab845cd3a8b4f7c
SHA256 a326d2197832ad7ffd1aeb79e52e1625204b72c2f710629ec443b06127e620f9
SHA512 f87768a8e4464638d4feaf2ab48c39c2932dd689cd50bce358ddcae20751e8275d9a76a257d5b8fd2242270d166452c12d0c4023404005046f62caf83d5c6a68

C:\Users\Admin\AppData\Local\Temp\yYgc.exe

MD5 d7e8de379924b9a27830cc454848728f
SHA1 beda73a15309812682ea69362eba070cb3725d3b
SHA256 e8262ec9e845e99a31b35849db2bef741eb563dd70e048588ed59cbcd97aebcc
SHA512 a81d6b42cb8cdd0991768d8d6814c268257a31888e173dc5c1cdcc04bfa0286f29c74dc6660b42248bd657d96fec286afc2b5d13a2ba2149bd1cd9b49abcc2c4

C:\Users\Admin\AppData\Local\Temp\gAsM.exe

MD5 bd728643d6bd2a76456e9f46c75bc61b
SHA1 5efa443ee24f39e308396726cdf5c25a10f989ae
SHA256 134d63261896ce9c4d18c106a28d8912afad11a44d0bd906ad89f692e6528b2b
SHA512 919d2478ee6c28ceb86253e43269a31c75d7224db6bdea81889adb9db14260f3b29b6f9156b243efd410d0c17dd33ac1463f1caa6b4d4cadf423a8b3a68d8ef8

C:\Users\Admin\AppData\Local\Temp\Wgky.exe

MD5 828505f37916b85a7efd59d0eaab4dc3
SHA1 15d640f2fa9b73a1127ef05b90679ff4cf0dd0ea
SHA256 166479f6e6bf77fcc3019ab35f9c944779f6419ed9702e98fc55bf40149fc775
SHA512 9d569d8643f48036450e3f47d1420de44e232cbb12961c95027d2b93d305a8d984df12000b54d371f343ac976fb6aa1abcd7b1eacaf7884b7b24a0dda9550e6e

C:\Users\Admin\AppData\Local\Temp\QEAU.exe

MD5 2ec9f78a296bd711dc9f04b5850652c3
SHA1 e631c0bdef5d79c1b20da4c4c2eadc2bb6c53f7f
SHA256 ec4c448bf68a4daba902d20f6b5791f7892bb0b1f450d3ae15c19bdb457422ad
SHA512 82475003cc46fabb93324914a38d0c888f0f0886849ea71f31c956424c4eed92a84b05e280379c8de2a3675013b0835a5f25381478de4ded0d6c5070cd591aa1

C:\Users\Admin\AppData\Local\Temp\KkIc.exe

MD5 a1411bf8a8c7757b63ef3011c06f470b
SHA1 a1cfc844da25221ba659106562c9a506c4d51545
SHA256 a1a630f07351c4f2ed19d1ea695308075323556022e97329750eaf5523af2670
SHA512 2e195d87e4a5f276dc85c01112f9dc0cd91734f35254884710570b82336c929a2cd4ca1cd0b6132be07a32d9981dfb1006036fbc5004947cd17788d31d1042cc

C:\Users\Admin\AppData\Local\Temp\Ucwk.exe

MD5 dbd37facaf42a343a3b6de3f4f31e9cf
SHA1 481de7a6ddc2fe24c476d75f215e3414b3ec8613
SHA256 f105e494af4dc79ddddad32a74ee2f03b66d232644da3f5cf12da881e5292400
SHA512 9e42863796e822618fe4dfeb45cc54d6960bad3a67f5ef4a7d8cccb593bb713e0881c468c487b42f1f960cef9c17688f26ee959e3162400320887b52380433ad

C:\Users\Admin\Desktop\ConvertFromClose.png.exe

MD5 d29dff3fd555bd33eb4b595df7446fb2
SHA1 12f3dc8889c30a371d75b860449ebd5f17b20992
SHA256 cab2f1303637195289523c9ba3d56c73f8947923f0ed2d405ae6e3b2b574a5a4
SHA512 1cf433ec9b4e58561aa27064bcd491252df202d68480a283a9c6186a6392c515d0fe969fd42864e04a27b34d3e81f8cb599b9ba457c081965644753277fbec0d

C:\Users\Admin\AppData\Local\Temp\woUw.exe

MD5 cb156aff467a202f3b4dadce41b2852b
SHA1 8f373caf297ef345f93382caaa982a50a0117c12
SHA256 4b9e21f65af104f612e483dd45b9fdd4cf3cac762fc452f34a6e1bbf3d5d4f0b
SHA512 1b2bf7963b1f66409a4ad76f3f1e302ebc23006d99a5ba9cc4bb8c76d98c464279d400b21c6e439f7e8be31b47758644a826897987a0516402e5994bcc90c612

C:\Users\Admin\AppData\Local\Temp\ekYA.exe

MD5 cf86acb721271c199d21924ffc8ef472
SHA1 1c0fbf300fb22cfd3766e3a7c66d858c67594d9a
SHA256 22861a5eab8d0235331247f634abf6a918056854677753c26c20b6b7fb20bd1a
SHA512 aa6ae00664105002f1078f892b67f107936daa16f12b171054430bef8441a94976240b48cb907b34d0feb5e9a35781cdbc7da3b72b822dc52009463e14ca13fe

C:\Users\Admin\AppData\Local\Temp\eMUk.exe

MD5 60d4787ae698c87fe29b6570277818cc
SHA1 a88d7cebfbaf05042a0c1fe832e999d89165fa44
SHA256 3b5cc9383c27914903cc056fc9d006784aa412bb625f6052806ecefbe6d17b5c
SHA512 1d61fa7aaff697cb3aede62fd0dd8deb52bd89e1c278525a8e28655303a5b2875373133a36125099428d88dc7d2a84541a5abac69435ff14966f2f471ca4f496

C:\Users\Admin\AppData\Local\Temp\kAIQ.exe

MD5 309f9db849b52e96d6a26eeb56854a78
SHA1 4d93a59e239eaa04c24a216783d2c0d8c5dd01f6
SHA256 4ebefe8efc1f90dbbb870f976b07a381bd36d3ef789dc72a902afe90941f357b
SHA512 329085aed9660aa1a98e80b6745f5a4d5dea2d699a9e77ca3624592eb0dc8c21b4b6b18df6077a3f570bcb03417d6134bdc77316891432033238c68cd80b79e8

C:\Users\Admin\AppData\Local\Temp\CAAU.exe

MD5 738ff24cdf8192eaccb3e8682c667564
SHA1 3df7eed1d7d084145d559db56a408fff2d129ca3
SHA256 7fb7e0a3defca4ba7f209d006161ae2c33f192eea2e9dbddaeb12dd595cfba87
SHA512 118f30bf97ac4bbade1e78d3cc7ecde563c78570bf1f213468f227b50714c1856d8006d3951da3514c43da7ee086734bbaf2ba7295a57215d2f53fc98d1ee31b

C:\Users\Admin\AppData\Local\Temp\AQco.exe

MD5 1845e564becfef2cc08ba6bd8546ec77
SHA1 33de07e65312e59c6f01050b970018206dbcb9e3
SHA256 41fed60c2f9061a3741b8bec641dad631748792655ca6ba6cc48871b2b8a2e55
SHA512 c7782eeec967134cfe2834d068dd9bd53a87f90ce8f2857515666411d1f1160eb3730fa2fbd59308a70e660d8af6fb6f194b4ce11c046000e3cf07ed0a3459d9

C:\Users\Admin\AppData\Local\Temp\kUIy.exe

MD5 60c564148fcc85ed255bdd9a5bcfdca5
SHA1 7b8901e08c3d3bb95821038d3f33b88dab95afdc
SHA256 c1900f2aba4f52d232feefa8f31ec18fcd9c93a7e002636b52e136116197120c
SHA512 057db60c7e654df244639a1c0e1956bf44f8f53fd9c5e47661d1cee6a7a6242d2f98e59c082b4791bd4ff7aecc472ee001aebbd0982c4eb673c435de1beee193

C:\Users\Admin\AppData\Local\Temp\mAwS.exe

MD5 584326174d0a03d83ebe90298564c85d
SHA1 e87b7c259d71700ae2e71dac33a9af5c9aa1f2fb
SHA256 0f6368aa47e082ec3d91d71c86c11fab1b38894cb4f50ea211fb0e271aeee792
SHA512 00deb3c666770249421a39af998d39a745c74f8b36faaf854c22e46d772a5e5d96dcb9db1ef585dda53d0e1d309ce2d198fb0f4b4486fb3f05f4551bdab0b216

C:\Users\Admin\AppData\Local\Temp\ywgO.ico

MD5 ace522945d3d0ff3b6d96abef56e1427
SHA1 d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256 daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA512 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e

C:\Users\Admin\AppData\Local\Temp\EoUU.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\AppData\Local\Temp\OYAs.exe

MD5 c1bb59f151f25e49fe280cda6c5c305b
SHA1 9dc14849f9a31c116359c77ccbd5f27eaa765363
SHA256 635543293094c6ac7956eb3cb79f8210cdd8c1967325f24c89398297b405377f
SHA512 541a026c2cf3a555510e22f267c5bc19b6bdafc0dd719528a931e588f7635f3c645d02566964818426d3a141ef44aa638c9b3c32d665df7c57766ccf72ea5c4b

C:\Users\Admin\Downloads\UnprotectDisconnect.doc.exe

MD5 95390ef5dc447c0329acd2abcea4c58d
SHA1 53142afc9334167c8bed3d4be2fb855b7677ba38
SHA256 8a398d7e1a9cf6decc70a7c12b207152261249a1657963e9207d1454460b1521
SHA512 c7a3b9beeb29ea0372bd2fef260ef8d678b175b9f7cd78f2cb8466b51d981ec982ca27db9df01cae2fbdbc88731c6a37681a69895d487ed7c6781ed980e1aeee

C:\Users\Admin\AppData\Local\Temp\wUYy.ico

MD5 2d56d721c93caea6bd3552e7e6269d16
SHA1 a7f0d3d95a19f61d30b9e68b0dcee7c569249727
SHA256 f8e8be11d1062a945187b65fc5e5b1500bce03cbdbf6f4af9404b649aacc2aa3
SHA512 c01d86c43876fb8eeab79b72380a00f095d95c3047f530b777ca89d309e7bd797bf83857beab29527eddbbc491da3edd95ba343f6a0725cc565015f095cf0919

C:\Users\Admin\AppData\Local\Temp\UEES.exe

MD5 3257ce7de2bb1a270b6f5cd0239972a9
SHA1 4e7b1d3dd96ae1e801977ed55e171fb663412afe
SHA256 34a923e700ee378a6e4065b46e2625007283e4ea1a51cc8e7492c5568509a623
SHA512 5bf1a26037f4b5e6a84f16627b01499756bea4c360fea3df659fbe12d71bf8d7a04164560cb8a56d5375bcaa38418354381239b3bd38084fa4feeb31c73b3ee7

C:\Users\Admin\AppData\Local\Temp\owcQ.exe

MD5 36a3bc9199fbcb9d803f6e6dc204c2ff
SHA1 e98cbbdff6ab8c3afd49a219b5beb7e425f1b27f
SHA256 8a2adcd3489a38bdcadb87a62f7d77d29ab7d8b546a8c76c25a0e421b435d81e
SHA512 fb6bd2d301c480615169b92734ffde0c8f12add2725262858014585c1e0f0cbdb58920535128c82069632dc10ce1190e7ae56c99e0c0c55a71634a6152a26971

C:\Users\Admin\AppData\Local\Temp\aYkY.exe

MD5 d36ec7d836af6e34da9959d04dd6c4fd
SHA1 8427fa959b53c6910a93ba1458707a8a442c4a03
SHA256 a0e54076a03e9e586aa100aee58032c13671472e9ecbe0171ea3579245360571
SHA512 9bf501835646f4af32f125156c2f7716be44330262c35ac4b5642abfc695e33eb37c2481c69aabde002a2036b24e3f617ef4f71121f686a75a2c47d06753914a

C:\Users\Admin\AppData\Local\Temp\QEQQ.exe

MD5 83aecbee32abe6f123d836a36ba167f8
SHA1 bb7582407c533b97cb82edd433fc30daef90cc30
SHA256 9b1250af12800876d7010ea092f67f751b8d9d7ad4756ed691815c914d6b4989
SHA512 41efde81325937ea396f95f826aff940ad0acd43831301a2f92e643d1dbe890cb0e92bcdebb8ec7d4f84dae140e8256442955aebd8cd025c9cf6891ff7bcba5f

C:\Users\Admin\AppData\Local\Temp\kEEq.exe

MD5 62d49b7e89b7617ecde0d658557b9818
SHA1 3834b3e533254090d6522b0f13ad3ebd84cc1a2c
SHA256 c9f5742fc00ede57128f688b88f6560b933aa4731b4872009ff221ed2395f232
SHA512 546c61997966f3f4fc5cb94384e5dab3e5e00917c5ee43d7a458d53980dcdfa907767ac4d601a986421782760068073dd9f0ca0856cb9af4aa641ab5439e9b92

C:\Users\Admin\AppData\Local\Temp\cQco.exe

MD5 2dfa2df500418ec66c13395ad1cfe0e8
SHA1 aaa9c2d6d2acb7d47819239326a8afe45ada70c1
SHA256 09371533d9777e1369247f67a7c86e2e7481447098244ac2b04a8c00425d69e3
SHA512 d33976f4135997e513025ebbf53909b3c260f98a5895f05fd939cc70298edb0f2d5106a0373750023a9e99f32b7e407166e8469f4ca12c41f7f3c9bea3a5ec8f

C:\Users\Admin\AppData\Local\Temp\eQwm.exe

MD5 87af249aea5f7d41c023ebdec2d12f73
SHA1 8060f7ec9d511d32bb18ca97478b8425b9c083cc
SHA256 90f25e8343b12c7db19bffb4f68acee8e3a3fdb744b743e80f6126dc0b8b01d2
SHA512 3cd502be7b85fdad24d6d01dfd66e43d88af3822956fe0a208596d0719e2b2e3779bfe86573539b52ea2dbfaabc963632730c26658314400bc33621da50c82c3

C:\Users\Admin\AppData\Local\Temp\QkQE.exe

MD5 ac9debb81dfae34a3ae895aa087c48fb
SHA1 d72bf33030134aabfe9a3a412616dc85b3229f33
SHA256 eafd9d73ea9f92ea162f6189554a41b3e44a5215b7d677d52c567d26a1c8c49e
SHA512 4d027c2c38343bf86c0e437dc384ac20258ab8afe217e1289e7a6e695d67bf88844541d2ed0d7ce4d606a1b00879c2504a5617da34b32884a2ba887f55313773

C:\Users\Admin\AppData\Local\Temp\uUQI.exe

MD5 3a37561694e7008d607cae7aaa4e11f9
SHA1 70d3d1061e7c395109664f6112a8a6e713b95350
SHA256 bed9cf7b0e842a75de523b3534e3269e78007c3ba18e2daf1548dce22d063718
SHA512 9f8fdaa6a6c5df26c3c310c893a0d6b146a8262e38149f7e2ec9519711ab319633911c7202c6ce6214f09f84e58d81e1f06f287d6e22756041c09dc987484cca

C:\Users\Admin\AppData\Local\Temp\Gogi.exe

MD5 9719b261874a771d345871c083d3be27
SHA1 b487f07eac3e7c17090fe2287adf29a8140383f4
SHA256 31bd8d65388822e772e2d5fcb6f1f3b4c32e4c844975b0b3d64179e0cbba8b2d
SHA512 f28d10fcaedf047d620eed08c7052543611a2052a5bb99c5b446d10dffe6487523332b0745c48296e21b169582d48ac402fe4d96bd16c6b0dec2d562b0f6a8c5

C:\Users\Admin\AppData\Local\Temp\iAgQ.exe

MD5 b6919b1d95301bba0ed80c664d92d3a3
SHA1 a713d68952356f6fdd794e874467a4f7d31ffa59
SHA256 b1506bffbec512ccae36ff3083ef7964e2570bea7e53d84592e3d16ea84f5967
SHA512 a511770cd91c797662c4e160d519af46d58420912b52853a4d793fb85c945f69b80dfbddd21423e76caf65af1363d6c7a310ae52cf8feb3d15aa6bc4c7a43c5d

C:\Users\Admin\AppData\Local\Temp\SMYa.exe

MD5 fa96ab2de1cae8de38f66b47dd3991a5
SHA1 c7b8ffd2a9327f36054eeeac3871bdcc7f2f7f47
SHA256 0739b1bad29153b4da5a13f030e6cb1cf4641631a4ad9ad1df9a3986ba4313ad
SHA512 aaac6b05de3423f594b0eea6fb05aa993279f41bad40cf1106148b58d86920d7d138ed69877e7d21a15c90f95b31f8bf67aac33dc51909961aadfe99c2d52d92

C:\Users\Admin\AppData\Local\Temp\oAUg.exe

MD5 4cdb64274950318dbd3207aaf2fcf114
SHA1 9da02b8673f111fe99b43d8c503c83e4f344facb
SHA256 64b5857c27ccf929c060874e0a5b76fdca5412e2c9407c521d6a5c90307f518a
SHA512 3c36c12dc824dc9904d634678280838bc29c5092e22f8cf03594d97770731f181bd76079b61c9f290483c926b025e58d9245454a1745087bf07933d1d748e2b6

C:\Users\Admin\AppData\Local\Temp\wsIi.exe

MD5 1b50e480c747ee99e9171eb86cf199f0
SHA1 e763049f74da9f16a723358afe9839a9cefdd65c
SHA256 cfd2ed4f554e8331614046f2bd3b7383703a421c11ff1ee84cf7180b065232cd
SHA512 9c6f20677348ba56c921acc329b5ff9af49bbbb22a4041571b5d8239a87e7eebca7a3580c6b83377fca75f6af7d7c2306099be94b5f00b2f98b527c437589687

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 01:54

Reported

2024-10-20 01:57

Platform

win7-20240903-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (59) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\ProgramData\kqoQkIMM\sUUIsoUw.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sUUIsoUw.exe = "C:\\ProgramData\\kqoQkIMM\\sUUIsoUw.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\HmgQQcMU.exe = "C:\\Users\\Admin\\OYQogEkM\\HmgQQcMU.exe" C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sUUIsoUw.exe = "C:\\ProgramData\\kqoQkIMM\\sUUIsoUw.exe" C:\ProgramData\kqoQkIMM\sUUIsoUw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\HmgQQcMU.exe = "C:\\Users\\Admin\\OYQogEkM\\HmgQQcMU.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A
N/A N/A C:\Users\Admin\OYQogEkM\HmgQQcMU.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\OYQogEkM\HmgQQcMU.exe
PID 2736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\OYQogEkM\HmgQQcMU.exe
PID 2736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\OYQogEkM\HmgQQcMU.exe
PID 2736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Users\Admin\OYQogEkM\HmgQQcMU.exe
PID 2736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\kqoQkIMM\sUUIsoUw.exe
PID 2736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\kqoQkIMM\sUUIsoUw.exe
PID 2736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\kqoQkIMM\sUUIsoUw.exe
PID 2736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\ProgramData\kqoQkIMM\sUUIsoUw.exe
PID 2736 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2736 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2584 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2584 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2584 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2584 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 1952 wrote to memory of 1136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1952 wrote to memory of 1136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1952 wrote to memory of 1136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1952 wrote to memory of 1136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2700 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2304 wrote to memory of 2888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2304 wrote to memory of 2888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2304 wrote to memory of 2888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2304 wrote to memory of 2888 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
PID 2700 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\reg.exe
PID 2700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe C:\Windows\SysWOW64\cmd.exe
PID 2600 wrote to memory of 2864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2600 wrote to memory of 2864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2600 wrote to memory of 2864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2600 wrote to memory of 2864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe"

C:\Users\Admin\OYQogEkM\HmgQQcMU.exe

"C:\Users\Admin\OYQogEkM\HmgQQcMU.exe"

C:\ProgramData\kqoQkIMM\sUUIsoUw.exe

"C:\ProgramData\kqoQkIMM\sUUIsoUw.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Eqkcwgwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sigcMosU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOAMsUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWAkcQcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vOIgcsAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ngAYswIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wMYokkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGMoUMgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EMEUgocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIMowUEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYQkcMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pmcooUQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWQgUkIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PcUMkgoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\okoIwUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uwkUooIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yYYssswQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QAckwggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vsAAEIwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\puUcYgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nyYMoIUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqsIcgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QEUEUwAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWkQogEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuwcMEsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WKUkUckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FKgkYQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqUUAAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TCQkwoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQIQwgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cecQYEAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EOgAgAAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMoYoooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ciYAcUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEIsoskE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NqQUwQgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rwYsUocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NyEsMccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WckoQMkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uCQQYwAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKssgQYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\eisgIkoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zSkUEQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xYsQsoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hokUcsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWgMIEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mwgIksYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMgAUwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YqQAIcwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\smMYwckI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zoYAIAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgwcYwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\puAUwQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\deYAocgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SqYkcsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUscIoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ckooogoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UqUQUEUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwIIAUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Zqskokgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xiwIkoEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KEEoQYUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qqMoYggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wuUoYAYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mSQIQAUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qsscEQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nuYEccIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\niowQsYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\newkgksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmgwsgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWYksQcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\akIUwccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SQEQcQoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\naEwsQIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rUIgIYck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FigwwsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zeEEgAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UaogIoEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MyAgMIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQAIQEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CCgUEAcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XuAkkEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmYggYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tKcEEEwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bCIccUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYAwkosc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sQAYoUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iasIAAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EgoIQsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xcwMcAMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "561103393-299229983539259278-3998386921538848667477778704-671497523-1055925525"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\taksckkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZGgooEQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BowooQYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uSIsMogc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "819731805-1296504296-14507877331150779537-2112967438-11396398319667714821748522836"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iOgYEQQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OwIgkIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISoEcoMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PeAYIwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hiMAsQco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-406146649-1938949108-146542210165262343914798403781628776481-1541533103-1951217053"

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\VsEoksAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AaEsQYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "11917442561799197005-2521787431489477445-117351719010368953911215110199-781429629"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mucYMoUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuMIAUwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "589424482285265279-157150677-9512960145716563851851562388113162701942135659"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cOwIgsQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oYwokgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-9550302041020915312-18786761681327874692-138762938018229935461835214435-708210531"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fSIcIYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BccEEYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWQIUoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fsgUMowI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "694532512-965912994626378249-143228986610403123171749335940659905586946298646"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSgIAsQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-13396363051990574902-50544158975373465516960628114059255231172756043-1454767601"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uAoowgQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikIIsUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uSUwEUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSMkswgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKQkIkUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tsIwoMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGAEwsYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKwgYEko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\esAccYoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oeIoQEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\AKwAYMoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\NgEIwMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkEMQQUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nqsIAQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCAYwskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuMMskAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UmkwMAwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:80 google.com tcp
BO 200.87.164.69:9999 tcp
GB 172.217.169.14:80 google.com tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/2736-0-0x0000000000400000-0x000000000043B000-memory.dmp

\Users\Admin\OYQogEkM\HmgQQcMU.exe

MD5 a9927942ec7beb451534757f90b94a79
SHA1 7d08ad874a413201dde61fb4879311eb0fec3449
SHA256 92f5f55d8f819ebee19e3e433a2f40bd9ae7c26c671404cb2bb1f8a19153a055
SHA512 726a35ac9c258f42faf7d05f91e91d02a7028a88418e7539eb7ec6ac1f4f8305f3aeb05cb410fe09e6c91a7ab412b24de2978bbba7aeda59b76d83b7bf6ed456

memory/2968-14-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2648-31-0x0000000000400000-0x0000000000431000-memory.dmp

C:\ProgramData\kqoQkIMM\sUUIsoUw.exe

MD5 ab02a10c3778364274dd64264000603a
SHA1 d2b2b5b69940aba2649d143b14e688f793e81b69
SHA256 6be8e75efdd49c1d71508bd9de999c3ddae29eb302fa12460f6b39da12ba9af8
SHA512 7bce76c6c7581f23662a6c8e55ce1c289c7d938ce8ac17f833ff90d85369b4d68339fb611bdb28c2ea0516fa630b322f04835ab87ea6b61e9dca1b038505dbd8

memory/2736-13-0x0000000000470000-0x00000000004A4000-memory.dmp

memory/2736-12-0x0000000000470000-0x00000000004A4000-memory.dmp

memory/2736-40-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2584-42-0x00000000001B0000-0x00000000001EB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Eqkcwgwo.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/2584-41-0x00000000001B0000-0x00000000001EB000-memory.dmp

memory/2736-29-0x0000000000470000-0x00000000004A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MMEgYoEQ.bat

MD5 df4c7d0ce8c50caa8d6d0078c0d1b961
SHA1 f2c4651eba89d76740b229b057c31b43ec683c7c
SHA256 c5ed23cedf39a2e1b5d7359df7d25c1d680f370eb22519288456f92a1f8ed839
SHA512 d0c225d35b6dea974d5f8c9f3e481abf061f3e4e2c6dc544477eb1bf4b9405c86f717cef5ac2b00cb0480c71510383c05a74d51e21e6291f420a98b925b08396

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\MQAAUkcg.bat

MD5 313657a357db14028bd1f86804187ba2
SHA1 046d10bc176344a7f9bd79fb53b3269622ef8ca3
SHA256 76084588e269b4e8871b6002f4e6810709e9a803250ebfcbf784364abbb77409
SHA512 c62b0ca01b6fab713b7a87d7fc97a09e5b19b48264b427e0f3ac7c1d5da2ff4dc890144038efa23d152d17d0d099d5b575034cb79a795c37aae21faafb4be852

C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock

MD5 a51464e41d75b2aa2b00ca31ea2ce7eb
SHA1 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d
SHA256 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f
SHA512 b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff

memory/2700-65-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2888-67-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2304-66-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zIAAMgMI.bat

MD5 143f666e0c5388f7f07478a3b01ed509
SHA1 e2495ba7922130f84570a8f8fcf5e3acf8dc9891
SHA256 6480552883941fa2a752784e60f3cc7a884bd744ebf5674d2e4bbabe2a23db0b
SHA512 d102094ce01d6b0b3c387b74ac83f01804366240a6af33b29973524f023093b73c5f35a313c2ddcd8066a4705ec2ea4c218225d3020cb0b6705d0413da517be7

memory/1752-81-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1192-80-0x00000000000F0000-0x000000000012B000-memory.dmp

memory/2888-90-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xqEEMwQM.bat

MD5 f5c8978df4f5605921b863a0e77c59b8
SHA1 5ffcb12e037bd8b0d25432b62849473fe7502621
SHA256 605a4c97f5b9e326383009c93db1b7c36d79135c531c102f83b03b51c60e7dbf
SHA512 f32b82421b03da9c121ee5a344c72161d2183c6439f165e808ba169d8f1cd823e9bae717e5ead939c19e8a5d7b3d8b97d1ad2c4ee3c581c311046fa6b43af569

memory/1088-104-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1716-103-0x0000000000160000-0x000000000019B000-memory.dmp

memory/1752-113-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FaUocQUw.bat

MD5 e14b6f1b925f96ef54e4f2498bd1b8c3
SHA1 6973f626f1fc36dc2a195138ea0552fbfeabe3b6
SHA256 7af3a8c3d0d2765fe5ab8ff3e0587deb80212ba12f22c203185ff0d3fdd4e693
SHA512 9aafe9681a1c2349ac57c35c99b6ca9e3f41c81cf970aa8f346e34241f191cc69008d514e834d818a0e26d9954f324337e21de1f5b95ed849eae9c2dff674f80

memory/1480-126-0x0000000000120000-0x000000000015B000-memory.dmp

memory/1088-135-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RCwIcAYo.bat

MD5 0aaf2248a1f8e8c9e3971e12e7a324ed
SHA1 48900fbff14b5a1a93217abb3b933c9949ace31e
SHA256 ccf7cba079dd1679ed6c180c2d9853e8d5464822e334f070fe68afba7dc0003a
SHA512 3e4826b08ca56d7e371efb6fd10d6016865b70b6db08da7048dc814fa0d2ac843361ec4978959b5a13fdd6f3d6268d2f5e9269f2811f1eb4e49060fdd6a45a8a

memory/2188-150-0x00000000002A0000-0x00000000002DB000-memory.dmp

memory/276-159-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AgwkgUUo.bat

MD5 47a96d5dcfdeea2653b52681ada947c5
SHA1 ecaf79ae45df2520fbf55234f4f3c466b75b9fbd
SHA256 7d945f1a126be4a6154d5251ef58e00f89fdb77402a3e48b33110053a7c1d8ab
SHA512 accffd0efbeff61e241f123e965e27a5ece9d726903aa751040ea834faeaa11f15275b4c3f6a002adfeb89b19b6fc7c597d0a46538b2e2d0eb313e37062aa6d7

memory/2704-173-0x0000000000120000-0x000000000015B000-memory.dmp

memory/332-174-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2704-172-0x0000000000120000-0x000000000015B000-memory.dmp

memory/1684-183-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AsIkcQAk.bat

MD5 5bea305450f05c86a80f76690e53f3b8
SHA1 4841780dd7cc870cffccbf10a19bec638f401469
SHA256 2d3ae0a30a2a0066403c8bac73adfd031c7188e98b332466e63e2dd7c1d4db3f
SHA512 613160bbb2d2f1a504fc083da45f9f1db990e3c75e11ba52165a5969a4835d368b3d4ad817093a99416e1d973181302976fccf52bb5b83fd0407c976298d22e1

memory/332-204-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qwMkQUoM.bat

MD5 7516eecbdbaa1c40ffb389eaaaa98e32
SHA1 cff65f96d2aae6b598f62f17403013ddffc363c2
SHA256 16446e8b0449c7c30146ab699cbff22dcc6746524c0ba42e7a50bd74935a0a04
SHA512 16efd36b1477a5b6bd89a8c5237e4ce615f4c02db679c3821bca906e0993671227e8669d1363e4270403bfadde72fd727fef68d62afbc2a0e296c7edb13eaef6

memory/1704-217-0x0000000000120000-0x000000000015B000-memory.dmp

memory/2620-226-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MKQQkUkQ.bat

MD5 7fb68d58418d6bb2aa05aa6aedee6439
SHA1 0b112e90a3122901804f3c73910bc8b693826cef
SHA256 ff128a04b42bd9b95c776d326e0eda505268d71ab7c88f61bb23f2bbed5eabdf
SHA512 5185710d53bcad10fca0db06590592838e8b49e48e8db04e1e0669bf3d759e74dffb61b951ef7c535c349969bb33726afdafbded8eb824c82d4b8029701dc4b0

memory/2976-252-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1692-244-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2176-243-0x0000000000190000-0x00000000001CB000-memory.dmp

memory/2176-242-0x0000000000190000-0x00000000001CB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\NkIEsgYU.bat

MD5 0094a0061119a17cceebb578a4cf2620
SHA1 8b59252e82b07db01823b0152dd68eb28c626c73
SHA256 9bf409fa1abd894a86d33c86bcf3f550df0c21a41ff0fc371cd6bd6e7538117b
SHA512 2ebcc77692c8fd47bd6c253c56025d42683e5d422aa57672f80468ab855f6822594eed24d59dd03a06fce616786975eee0f0e5428057f4e22ffac0ad3cdc6fb8

memory/1692-273-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\VeYoYcMY.bat

MD5 924555f3c2b1f8b91140164b2e5244ab
SHA1 ae03dfd4e102a14ede365c0670d5d575f7077379
SHA256 8bd5d626da5dada72860f29cb366e9513ce82fc1e6225de4e53eacda0e726fff
SHA512 712d3ee4c0698392d994702f62dc670f820c0d7139eae18d0b58f69d9c6145308a64ba7b0bb0887e949a5fdeeabd8388d7fd71f4ccb2c9ac2ed4b7a35dffb9cc

memory/1956-294-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2572-296-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1960-295-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lMUkcgss.bat

MD5 bc51dd0da81d4a7295c30da7cb29a662
SHA1 b42253f6c5753776974083d38538f3370cc5bfd6
SHA256 c137648f21c2a0956b85d375d439f6f35a7c39dd2dcc99ac8a28e6e72682a185
SHA512 40a714adfb63c847ad17375bc242d1d8da342393429565e5113893ab73d12ccc32d66245159045d3d10c20c69c0c37397990de83e9e26ba1691ed52d12bfe0eb

memory/2700-309-0x00000000001A0000-0x00000000001DB000-memory.dmp

memory/3064-310-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2572-319-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LMIIksAg.bat

MD5 2c1c5e758d3e3138cd3f4f887e7772ad
SHA1 e3e23316e4e27bf8140c42ef550aa0b30dd56e13
SHA256 7a9b39910c0cc7f261434fe20be0dbbfaa571597dc048132e9205693091aba8b
SHA512 9ac7a7a1b2076e5b4d6c4b68fbed2c512e86adad2864506ac55918a6ed98d4cadb2e2bca131d6a3a7ed949ebb7debdb4f6f9183781ce6ca455d174aa880df8bc

memory/2832-333-0x0000000000260000-0x000000000029B000-memory.dmp

memory/1736-334-0x0000000000400000-0x000000000043B000-memory.dmp

memory/3064-344-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bYUkswII.bat

MD5 98272fcf3bb492f69d23c9176864e3f1
SHA1 c890f337100c4fff9806cb128594975201a24223
SHA256 87042ffdf99d6fe64ef1683d6c2dd7a6b828d3b78a5fc452b8448d64ca5fac1c
SHA512 afb9decbb63113aa1d604395355fa564f284410b6157f2c98f5417870e7863b768a8ad971f440a6559684d24ca71a718ec509a01618ead1d359827548ef0e01e

memory/2160-357-0x0000000000120000-0x000000000015B000-memory.dmp

memory/1736-366-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WmYcUUMI.bat

MD5 1cd5bfe24fe3f7c8473ab5491cd5dca4
SHA1 cc8ec5807b4386541c1d0c6469c41a170229375d
SHA256 65c21f90a922991ce151d7fea3f13c506894985dc7985e4681703b9305d8de95
SHA512 a6c93685b20edc766d74518754ee745743efae561118a837ac44a143ec023a781977e091ea68bb79e242e89576a27944cc083f331730e308ea2d46d794966464

memory/1164-379-0x0000000000160000-0x000000000019B000-memory.dmp

memory/2392-388-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\iSQYMEwk.bat

MD5 fc22b8f65657194e7898d5db79a9e87e
SHA1 b665ed7186be5adfbc8c82b689a27c74d62683c5
SHA256 5978711e99c4b39db751febfd41ade42383b5e0d0230652d026fd4a23bb821ac
SHA512 2c76477b178ae70cd2d5420be0216ace4beaee1d74fbf52b758b179afccd24caf079491ab2781553dd891f558731fc519db6d0e968539c62baec9309afc5af2a

memory/2208-409-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\usckowoc.bat

MD5 3bd8d384dde98538b245f264423e08f3
SHA1 95ba353019277ac0ff543f15d9d365cd69556210
SHA256 4c5aa4c46b1769ae5b8ec8f2ceeadc065a444af4392694eb7072689d986fdf1c
SHA512 6f9e2aa7a53d7d1ef84d519e02397bf897b68eff584aec55feceff727cf2e903b44664dd061628592bc506bb16428732707f89d4c2be8a1cb67cb7f615711c7f

memory/2672-424-0x00000000002E0000-0x000000000031B000-memory.dmp

memory/1140-433-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dwcYUUkQ.bat

MD5 7cc5561a564636588ed1e00efa0c0a90
SHA1 7e002dd3146e4354d8490ba364d7b2f7180eeab7
SHA256 078bd68e546038d8567171ca96c23b776ea49163b58962c4b4afc9174b27fa65
SHA512 da3e55869f87a282ff877b576878971ba1728e7f5f0b478568e6f359d12bef4693b3c039593bc11f9db504282afee1e14ebf619fcd5e5cd8411ec1ae2fc96dab

memory/2772-446-0x00000000001F0000-0x000000000022B000-memory.dmp

memory/572-455-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\hsYQIscs.bat

MD5 4e70241f67b58a6c72e75718636a535b
SHA1 4f51f6e372d2de474a972021962584593dad1f08
SHA256 a6e7d050b9253d148e06944ea49467bf36a4900671aa00219aa641388e222c8d
SHA512 994b54c2aedb933384fb4c20c2c73462f7d38101fe7d41ede233468e7b49991a6bc38123e5cb7f4e775d5b48fd2b9b8fd9fca94e25c4237d771f069856b9959d

memory/2748-476-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dKokgwUI.bat

MD5 c0b5389e7de511746b6b84add949638d
SHA1 e73f527be1a5b29a413e3051a0e1380aa3c1b357
SHA256 36e077812a635c1586b2371180c67acb46e49f8e15e217994606ecbd8387098f
SHA512 730c1d86bbf5b98a28d9c5496b0fc511c5f522142904459a64ab9965a9e7981b4448bb9042d54abb37b5b1a6ebfeedd8d2c795c17b6b140802338025dfa23534

memory/2620-495-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BioEIgwc.bat

MD5 6ea5c999d867276986131ba5e2a27411
SHA1 7942d5e52e1431a8cdb5f22c791fa680a4e00380
SHA256 8a34ed1bc24b2859b26d188b026e4d9545d78a16e2e58ed833ea1d1804566c8e
SHA512 254bf93e1c02d90f84d169483f0fe91c153e9c606060b4a751fc0c73a0291b94fee458a1037413989108c86a01371be86be8b1249a7347ccafc8f1e8b783c645

memory/1888-508-0x0000000000130000-0x000000000016B000-memory.dmp

memory/2192-517-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qUYMYkYs.bat

MD5 bb0375a2901950e1b5a738b6bb7ab46e
SHA1 fd448b3653be31defc3c16e1031501689d077b8b
SHA256 5de83bd2264c8813f266c2161074bafdc32cc4ce79e9d154b090a124b582fcf9
SHA512 50f444cb6a7dc0ff0c8387e38b88149aa176cc40be1d8cf762088676c161baa0b04068e6f1462eae3b73b7b8ef4353af84f48fc7328c71377e92be889bf30aee

memory/1256-527-0x00000000005C0000-0x00000000005FB000-memory.dmp

memory/2588-528-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1316-537-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KSsAgIog.bat

MD5 eadb3ea2f040d0397f1966b63add2b99
SHA1 c13bc6019b5ee51187f39fd37d4a9b645451956e
SHA256 4e00611dc9151ec9bd99cf423ff8f07ac9eade75b2cf2412178204de7e08cf49
SHA512 8ca74562fd8c77c410adcf57f0aeb333786a1ef864724aecd1160ad400f71a25759e4d2acc297bf542bc6a6762aa665d22106a279f1c383b0c800be556f3b1cb

memory/2124-547-0x0000000000120000-0x000000000015B000-memory.dmp

memory/2588-556-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\icMgYUww.bat

MD5 cc593fa8e02ef1bc70ad3dbeabb6ad04
SHA1 171e6184873c227f38005f1b30d53cfac493b48b
SHA256 91d07d61e430164057a41d30647181441f39a59f03dafa2f6a220b3644c6a2f3
SHA512 a702e1175045de4d732ab96b03fa54c19be52241cab7dcd75ddfc6cff160dadcf628bc5e8357913934dcb760b94d689d0d0e70aa29aa59b7ec3f28f926ec99f7

memory/3012-574-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gqoQYgww.bat

MD5 a39c350d8a4cef7568f509fbf7d6a870
SHA1 745dea978968c2ad68a96393f233bd5bc2fcba7c
SHA256 1dc504d9a56062b6ed56f6d470ce079b1bdd1b1d28f134dfa62ca6f6343afa30
SHA512 810549e8d233a2aa4b8e3e3d6b2636b6c01cd4ca8ca71545b202096643e466d0f3d0dcfbf8dfdc473d1cfdd174ec4c46820989399ed0fce25ac1f60056b1d6b1

memory/2988-585-0x00000000003A0000-0x00000000003DB000-memory.dmp

memory/2292-594-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\imYwUQYk.bat

MD5 6dc89d75fa919efc64a5688bf543586c
SHA1 79027df87dd3fac2cd7971b320e50525e02ce7a6
SHA256 d3dde73eb3e2a606a004e7508dff266697c37293e5facf19e62c14ab4efacdc6
SHA512 832bf6df16b01404e5ed1e58a2e9686cbbc95017a8c653dfd14a876eaa949f731443a38292aa888f5c618206426757789ba554b63a7ed55d5518b98bd10f9014

memory/2356-605-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1864-614-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HoAQooQQ.bat

MD5 816b1bb5ae2e1f7188c640a7e95309b8
SHA1 e0141c9cecae4546057b506f2c08609ec2590ee0
SHA256 17dbca42e5b2d458752d65a4a8400c3168d4133411e9f42f42f35c7324c45da3
SHA512 fcf9605663359657fc56cc63736867dbc822fe8d321c544fdcbb6addaa92fed5865c380c2103b0549422e8ad8fe2f879e4e80982847828c47c78645c19db0854

memory/2968-625-0x0000000000400000-0x0000000000434000-memory.dmp

memory/1720-626-0x0000000000400000-0x000000000043B000-memory.dmp

memory/568-624-0x0000000000280000-0x00000000002BB000-memory.dmp

memory/2216-635-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bGAsIUAo.bat

MD5 1d675431955d94584abb1e683c79d0d6
SHA1 b8e47b42e5a8a7afd9a838370d946021d696f25b
SHA256 dc7ca25d5bafe31525d0e2245b06d87e1fdc40b613980456a6ca03e54fe77e81
SHA512 992aa01faf3b21ffb8df9643cd2c07be593528555a2fae3196f379edcc57adb275fb046fefa7877049165802df7c0472cbf8ed081db0acaad17ee5b445bb7f9c

memory/1888-646-0x0000000000270000-0x00000000002AB000-memory.dmp

memory/2648-645-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1720-655-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HmsQggks.bat

MD5 ba092d5f788973d9aa06d0f6c7d9590d
SHA1 039ea4e1e8b8bf84496c3fde0a39e56a4f9b950d
SHA256 b9ab11f1532dc63d395a245f9232d79e61b26798113e2b6faf84b605b18061c5
SHA512 fc22bea077b443bb038ffe93811009d5233397a3bf60a2cfaa0e8997ea0810187a8d42c82940279672467d8849467f20d614beb906a28eb90ae9dccd91e9078b

C:\Users\Admin\AppData\Local\Temp\CEsY.exe

MD5 c5c3cb9f72647ec579b6bc3fc5b0fdc1
SHA1 48d7f2ca47f3c576bc2142daf52c8463bd984ac6
SHA256 4674bd2f996deb004ea6c5abb8df7057f7fd44bc9b03f9195f738ab8420da463
SHA512 b287bbc077f51fb679905e0cdb4772f02ed90f46478e2e0f319108b7523ba8936ee131c15007b81af469f02258f2d2dc7a973f80960e375e0f2944b24c213fe6

memory/1004-683-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1456-682-0x0000000002270000-0x00000000022AB000-memory.dmp

memory/1456-681-0x0000000002270000-0x00000000022AB000-memory.dmp

memory/484-692-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OKoYUMgc.bat

MD5 a8c94a2952098082c1a40ca45ac7c2b4
SHA1 0f0702c2c080e0e95583a845d922a1df61eff8f3
SHA256 04c5e632d59cc903efd1dfd45766a21fb0af1c0a732a104eac0822e42bde4b83
SHA512 c2f835398ee0ac5cf5eb65f69ef9b57c26adc321359049a740d42dce0cd309fc39da9a62dc649b1f77abc0e160e87c085258da4866a9ff0eed10504765fde838

memory/3064-704-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2276-703-0x0000000000420000-0x000000000045B000-memory.dmp

memory/2276-702-0x0000000000420000-0x000000000045B000-memory.dmp

memory/1004-713-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EYYEgcIM.bat

MD5 b18c36dde6b6877063f3f7c5bc51b9a0
SHA1 b7946453649af96e999206b3207d5431c8fde9f4
SHA256 5c4078b5866d465b09b8844f636ab90cd0699ae2f1a5550d8a0aaac6bb452fa0
SHA512 c9590c838f246acff387432fc5547b5301a6f54445b6977b76356c0a11a5a6da0ab7ba840d16c6f8d966b8faff2b30b90615808e7544d3696881d6189cf87d33

memory/1736-723-0x0000000000120000-0x000000000015B000-memory.dmp

memory/3064-732-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CSIQckQE.bat

MD5 f14bf373d6ecc126164b78233cc4bb42
SHA1 0efc41eb63b9a7e6c95268c490fca3c8f4c1c942
SHA256 f79d10f7c33bedc94e9291ad13f2707a60f6dec397e8ed1688f9aa18b21abe78
SHA512 6a2cba341a0750115416d2b25447a33feebe9e60d8785b67aef302e6a24ad751bbf1425613a73c153d43a81699a915db0dec32511ff7eb3fbcc4d0662971b098

memory/2440-742-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2508-751-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ogkUkQYY.bat

MD5 d478f548fe4c3374286cc24940d7b3f6
SHA1 b24d5999594c6c530032e47abc91b1527fc1a59e
SHA256 beabdf338a5f3f3a809f242e6047b439824bfb2ad940e9059eb2990e25757cb3
SHA512 b3586baaab8ceb4f69dde6182b7ca5a995b99a4374f905bf2854810d7d6bee815aa9dffbee43ea6aa7f2c700f78c15719253ee24c11b5a7607e79657e9dc104b

memory/2244-764-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1528-763-0x0000000002260000-0x000000000229B000-memory.dmp

memory/1528-762-0x0000000002260000-0x000000000229B000-memory.dmp

memory/1668-774-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LGIUYggg.bat

MD5 0b23a1cd0aa4dc3a6ec982fb8a6cc492
SHA1 53390cc4e07b3734add222a1318628865a438af3
SHA256 e405ba1de7ba87735a9d4989a5c3ee26ac51abcef99313fdafbf3cd962df0038
SHA512 5d1beaf7e695cd5dadb9335bc6c479a4fb4cfd200dc09b1c80b87da7ad25732212bbd0ddc364c44526985b4dd4fee8e1e54da998e1507918b2cb2eec538160ff

memory/1956-784-0x0000000000120000-0x000000000015B000-memory.dmp

memory/2244-793-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsUIQkEM.bat

MD5 7d278eec17b5df903b07362db7b82b24
SHA1 da38d301c1c52327521db69926754ae269c3b5d8
SHA256 f449e795f11b0699ee6f570eb0eef074738f80aab5d8630f3d1c55abaac5fcd2
SHA512 2993e2e81785894de91bb8cd8358ea4625b4aa664bbf463930b9637de4da8313941425d86f8480429d4705359c63bf5fe611ca90fbca5ed8ac05fc18f5697309

memory/1888-803-0x0000000000130000-0x000000000016B000-memory.dmp

memory/1580-812-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dckkoYoI.bat

MD5 aff12091b41037e7b76e5531f45a4152
SHA1 179d5df33438c66ff2bf5c4517ec5ea53d7573c1
SHA256 987b670a6738966a04439da0953366a047d76ad477cda0a7e61cb2c8d84de270
SHA512 bea9fd5b8772c434cedb1173936052599d462779bdbf511f7395740374992d1217bf31c3b3529fc19555e9bb3d9e1266d72dbfe8316ee16eae4cc683f0055eae

memory/2588-822-0x0000000000160000-0x000000000019B000-memory.dmp

memory/2864-831-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JwUkYQQg.bat

MD5 9d4fa157e0bf98a9c0940f6b8ec335ed
SHA1 fcff59e872be570c4fcffb1e9145502245f966a4
SHA256 4f32e1d5f9e5ceb1bece7f4f0ae0e75de4b10613f817da8877337e7a16f51a4f
SHA512 efd53b21da3682022e6342420dfb14037fae2bb97722c5b6e3299011f71d860627ba1a4172ccd53abf119b033af6e46dd3c4d2837ae18e7834784c9b2c976235

memory/2212-841-0x00000000003A0000-0x00000000003DB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fqQUQkUc.bat

MD5 d097c1b911f120ef80dd9779fa01c166
SHA1 22c2dbbc1e5108a5b150f0bb3f6c115ef06f0731
SHA256 6a511238b24d9f7f98a8e278514fa6b390b71bdf014b2eb8b1012c56fb2a49e8
SHA512 68625b664290467267090109599b1a9c1c2bcacd3422fe2502635cf843ff51670e820f5ea7f1e129935d6dc76793bac652d7cde6d3efa4cdd61fb1ed46b53104

C:\Users\Admin\AppData\Local\Temp\yyQMgMIY.bat

MD5 29e58dae6c6ae10d9ab8acedd4510712
SHA1 4faeca3eec88fd18dd22578fb524d57dee113523
SHA256 7095f50869e03b82952b7cf826a286d2c49d1ebaa835cc7f16c0ff8ea774689e
SHA512 1b7804aeb1adeed729d420617450925525a3d63478f4e7ce577affb34c2aa0152a9e9744c8d75306d73dd232dd25535c96ca3a87f14cfdf158f6e2ffb39bbbd0

C:\Users\Admin\AppData\Local\Temp\UuUoksoU.bat

MD5 0cea25b116060ae05750b8af39d675f9
SHA1 6219f3b24fea4e7dedcf2d188f7237d12910472a
SHA256 59819ff75e66d97c6d21e1dba280c1c1f440c410e54a31d271ce2844cae5e604
SHA512 de0b6b65b4b014d66b20800b6036796a2fc4f9cd69a29b26bf45d6dddc01ddd151f2ca4fe9336c1bf233718ffb2c2ecfe1da51ea8ecc5b53197097419a486507

C:\Users\Admin\AppData\Local\Temp\OeYYAgYk.bat

MD5 14e23dde61b89ee5633a9e4abc07ec2d
SHA1 d62e4f8fe874d95fa2b93adfe54df06684dd3847
SHA256 8d0a749bf40fac6d275975911ee6a3368a4ed9d64dffb21b4cb6d25f6f0d6020
SHA512 85f85a5e6090f373a280889745a47bcf5cc1c654b8e2c91da1315b2685f23ba0fa3fa599a2ab9d747e0b5f70fd50a7312e5ea337da521665de1a31f0965ffe24

C:\Users\Admin\AppData\Local\Temp\QIYUUQsk.bat

MD5 773df7ad477cbf820e083bfeaf003b4e
SHA1 aa2b77bc4534f322094fa3b6da639076c1952459
SHA256 5c1dc0984c4e7c8819149db328eaa742a485c1bfec2120bf57634840a8c8b40a
SHA512 0b918c771b19990f6a570f8c0ee1ab653b437827b5c6b531c1a7928cce023fc07a6d38b1d1084b19d3310b57bd729fc8674ecf3bce9424e429781bed4e087659

C:\Users\Admin\AppData\Local\Temp\nGgQcAQw.bat

MD5 23d4acb6ccc0eed62c61d031776a7a5d
SHA1 d6ca71784cd2a0774439f45d2706141df5aeb519
SHA256 d489f9ab446f908ee62ee3b16b4e3c641dea5b671ecfb700015663399e5fc869
SHA512 fd68f38c5dd6b65a381dfbc5a8bb906b89c741c24c922ab45fb3fb02538da345b67ba9b22904729bd181e60bbc2602c858454d323165bd75e5137bffff3215e6

C:\Users\Admin\AppData\Local\Temp\fqcsAsAY.bat

MD5 04f77579643a241f6cac222006d1a4d4
SHA1 f7e1a20a6ebcc64e6b07d2eb3a5328f857e2547d
SHA256 4ec53e16d44930fa56ad5f8dd920ec36bca123fd40eaa4f34424c0ca775b0de7
SHA512 b152a84436481851c5ea24bb119db9bb6dbaf2a6877cbc7ea1fcc65705ed41551c7f1a20b3663cb7b2c3d444f2c7d4d3d3754ed02846e5d0b97360677a0e0382

C:\Users\Admin\AppData\Local\Temp\JgUEosgU.bat

MD5 6d078bffdf6f508c346b982edfdf5d70
SHA1 1d4d36646dff99770790d031193ee835c0f33f77
SHA256 06260b4bcb1fb569a819ffd172a205f9e0648711683c76ac579590a49cf537f2
SHA512 df32bcb95b66b54a4470450ae82ee11123525e5d4f1f0c37641da736fea2463c6ea6a2a4c0c9182a6d462a6fbac0705e5ad5af133f963c8e642cba054b9caeb1

C:\Users\Admin\AppData\Local\Temp\YsEUUUMw.bat

MD5 fa98320d17658ee76a85b0c14f2b6603
SHA1 e1573dd57d9c1787174fb88123f2939e7c575a90
SHA256 17003d738f21e6f8c4231e8e2103df6b31ddf19a4e9c8fc94b1e77ac4580bbaf
SHA512 4be7dbcf3385a4267d2e480d3392b1fcb37b9e3e09226e2b17f01023bba363ada24f8b908b70515353d98261c5a3d3511cca2900ab03836b001187d8848ec702

C:\Users\Admin\AppData\Local\Temp\sosEgkwg.bat

MD5 9efd0967d3ab0420e90aba76e703092d
SHA1 6daecb83d36e46307dd669cd556751b6291f291f
SHA256 d10597d33916c34a9d698f937b5ca8d11d33c96e1c0df7dd9690a068d148b296
SHA512 2e99430064f9de72a3db9074c518ac4215c4cced0e1380b2414a9aae56bb57a59e460290c1c22325bca8d98dfccdde5edf4f773feeeb2572e6c54601778f227b

C:\Users\Admin\AppData\Local\Temp\gCoYoQMg.bat

MD5 8ed972eebcc443358f2fa73f984da415
SHA1 b37f35b239c135bf23cff5c994d3defc8bdcdd0e
SHA256 144df31f481350587ce4bb053841b0bb1cf7681eef9dcfc774aad110b3acc8ae
SHA512 9742f52edf2249a4f7a9324c9e052c91dfb3c023a62c74f5a4f65f441f50e131184236d43cd035e01306ce5e772318e9f3ef76aeeadbc8d2d7d578228f802802

C:\Users\Admin\AppData\Local\Temp\cAYsoEoM.bat

MD5 9557eb958133c8d1c400ce6fe3dee50d
SHA1 a2b56bfc7b5c6cec6e7adff68bc609fbc9512c29
SHA256 b60c74bbc49ce5e62cf0edc76ceefe6c6f97d5608145a9e31ed3d3c314ae363e
SHA512 ce1fe405604fc3536108df8c2fe439eb904be28eca4e6245b82ba0f19b79d624d39b57cd4251f5f51b15bb9b70338aec5e985dc706287e4d804fc0d919b1e53d

C:\Users\Admin\AppData\Local\Temp\ccom.exe

MD5 923c8b2035dea44f2dafec36c93204ce
SHA1 d79b11ee7149b6d41096a09e7a98b4231bac0cc0
SHA256 d945fab0d2b2c28396ac09a062172dd9f353131d1ad847c4a361dcac369eb088
SHA512 9641289ecdf1edd559f139ad3862cde0116f473a6fdf5f77b6f494a009c8fd8111fcf1d8c299d62d5adb4cbcf162c8d5afa6b1546a865ae6f9399eb864361e6b

C:\Users\Admin\AppData\Local\Temp\KsIm.exe

MD5 05cc9d5023cd51bf2cb7c56da204d735
SHA1 ea00ca6b392cd3be7491172fa261df37162a2bac
SHA256 70dbd755766186a2bd2cb70b7c76651775b9a5785e3a86f63008940e4f809039
SHA512 38d7805331a64343caeff62227f41c7c849e214a4673fede84ee51f9ea9bd6721d8fc95315dba3bc9477082a05e46b08757c4065b10918294c04c651c2ec3546

C:\Users\Admin\AppData\Local\Temp\wyscUIwk.bat

MD5 5aa64c0bbdd6a800dfe6333117953db1
SHA1 a69ee60f11e8b6532f91c2f48f363ac2bc077e3b
SHA256 255328f2ef469459e76b3de3616aba3e21250b7a6d21682608ada38a7308a043
SHA512 e4a246fe211435681dff74d5346c1b0d132930b9e21cc8f1b0c35b88b474915488496bef6324bdbe2cf6922835be020ae9258f2dfd8d29a0b351830bed8dfd73

C:\Users\Admin\AppData\Local\Temp\sokG.exe

MD5 f78cde527b9f51b17f5446f3798e825a
SHA1 71287904d717f884891edd6bb8b4378b8324e72e
SHA256 80cfedf604ccb5c18279cab746619c1b2eabd6974996b4c12df818c5768d53f1
SHA512 130a603d24ce6899a1832b460aaa6109687557a1297f9c9792513a506bfd833a793a18a34443d45d5c09ba8f96e03d65edf466b40b9430e4aa66fe21ceca58eb

C:\Users\Admin\AppData\Local\Temp\QIoS.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\eEAw.exe

MD5 747165f05f5391704f392893ff73349d
SHA1 c454c5ae01cf6da63fe3a7a95bc72b11978feb1b
SHA256 71356b1ea09f2523c0c24bbb9945b694347f9c5755b383f40d866c9395515cda
SHA512 2e8a599cd8bd4e3c394707ab860d5cdcbcc0427d7487f5660393aec4b694d8c3b6ec6cb3633ba047949ea51922ef1e4fea41992f20fc57ee7abfdad025ac5cb4

C:\Users\Admin\AppData\Local\Temp\ksQs.exe

MD5 0dd4905896a0c71b2688126237a9fa26
SHA1 ff41ac440403760387d4599eeb3ad4dbcb681038
SHA256 3a7b8e9a0b2ba7779c2ec262875e48b10df935639f89d727fe94397b8228ed31
SHA512 595a7f07df9eb375a1b949f3b517451fd81c883ebb119faae82ef679d922771ed080671872e00c0573561c0f5c08282c3041854eee3e8e1b69060a83233f4501

C:\Users\Admin\AppData\Local\Temp\wIEM.exe

MD5 b3806ae38bb403685be6582e36f21c08
SHA1 4efa0b3e93626021e508ddd54adb55aef4379ea8
SHA256 b482dd29345a79c04a2994eb77c1d7736a72a784023cc785e56303afd1f16adc
SHA512 61c7738b3dde19ac710158a84e246bc386e8edc841748b439414f1c77540bbde11046833b37b364054c0bd1dc8aa086b55d0ba5f519a544d4783df4624cffaef

C:\Users\Admin\AppData\Local\Temp\vEAIcEYE.bat

MD5 d6d87164c295132c11a9e614c977fd26
SHA1 e2f95544800e4acc5631fef1b00f4283240bd8c2
SHA256 4458b81d6dfa0e72b4b8e29308089d7e41b48d9f5049ef0e7b6107620aab209d
SHA512 815fd4b47ae43770fc6d970559fafe0755435fa45ebbf646f177d9b63f24cfe29b455cf170b857dc198e06021e30959c92ce1015d551ddbfd2ed69ee290a371c

C:\Users\Admin\AppData\Local\Temp\iEMa.exe

MD5 57f6dec2e2f41bc66a6aae592a93e20c
SHA1 f69bc404b37257b3e2ae14fa5eb0a69cb069952e
SHA256 9eacd342a78450c2d0a09075279e2a34e6e7f040581d0756448d22478736ffe0
SHA512 3a5d77a5d39457a0aff7c66874782efeab39b2f4f52f83ebe34f76a5e83c0466d86c3b4043825212d56de1e495ebb00cc486f49d28ba10550b6278f4b3217c0c

C:\Users\Admin\AppData\Local\Temp\EEYm.exe

MD5 7d462756cc25931d5ec14aba63c876f9
SHA1 8479d6f352651d3fe34ed76a9cc364de6b893985
SHA256 9094a4cf24c517f7b07c7da7f156e2564e7fb3523318441bcf37f0a3d8e72379
SHA512 b8aa0dce085f6a2ba8e21b5f9e23504233d5b018b82e3b1423010d0c09de6c6bdac4e36ef283e2524b0d1169d80b6b087ca1b02f69e88575bf1cc77376bd5457

C:\Users\Admin\AppData\Local\Temp\woAi.exe

MD5 83662772808deca68673b85f0d4174b7
SHA1 636d423c385151bd69dbaceeed5c9770b8a82011
SHA256 df297317aaa2e2917e4847953eac8c3443184de632862edc5255c69eda1133f0
SHA512 30da1fd2d95a25f67435648faad6c812a2a761af638283a07f5bed95a6c3404bb07f9d3f1c822a73578f4c53023f1e14436c75cff50f8781a6ba23db928b257d

C:\Users\Admin\AppData\Local\Temp\aIgM.exe

MD5 b08d6103af404726d64479274d22dcea
SHA1 a16437bdfd7a4a59e3c4cfd14c5ba5322a4538b3
SHA256 e8180ec49dd8ca75f87369a8addf5fdc2c03fdf3c94b079a83b344cd4e309223
SHA512 4eb380ad533f0cdca8da6b6262b0ab462d8f8be06fec8cedf34f84abc5b171668ec3bbf09d7b2a7dbef0ae7ad9f2877d3b98797156638a46fd73282b26d8a885

C:\Users\Admin\AppData\Local\Temp\ioQc.exe

MD5 99b80a27fc99fe06adbe7fcbf5ddfd7a
SHA1 ff7fbef176d51a69c085c5377237ab801db05067
SHA256 1e38a991b62d8ade869a03d1d4b77f129e721d072b85af22aeba68498defea3e
SHA512 15830a9b8ff0ba52a5f31a3dbf4b121ea70ab73c48046d8a4fde358841f53bede6f854139e1ae58a4c0bcce54486115b580e574955585d70331a826dddf5af73

C:\Users\Admin\AppData\Local\Temp\Akcq.exe

MD5 20e1fc5c3b008eb55b8202e8f5d2bf02
SHA1 47d0d94f11ac8e230530e7e8cfb63be00cea1eb0
SHA256 647e9f386abfe8b4dd63f8a62b899b6bea35e4721b73306fdeb8262e6fec6e66
SHA512 3a5fe7bc65383b87a48b2a412719ba9e68271379f5f8b1b885423e724260142f6df57f14b4617687eb89790f12a8cc1bd41e7c2c7490626b8a7ba09f9da6ed13

C:\Users\Admin\AppData\Local\Temp\zywQMkoY.bat

MD5 e0161dc16ea80cb7ea6fd8eed50c0cdc
SHA1 55c9263f7f9ece3caa56a5ee3c5b554191745f05
SHA256 4912a4a122426b465fb615baf71aa388b82da6593a7b8686b074432e2aa36e6e
SHA512 64711bed8dd9ac5b32b1b66a682dcb1b74afb79f77589e255a45653b9f5c3cdc6ed89c9ebdb97a8d75c03c68c6055b3d37cf6868db6c7119fee53eaad7e38b6b

C:\Users\Admin\AppData\Local\Temp\eAoQ.exe

MD5 90756737d0eac94449428e6f825f2830
SHA1 6e037f6d3577cf4f163779608be0d09c04127756
SHA256 0f52a8979ea6536e6e686d7c2ede60222eda5121909e3bb3894e7d32d045cafb
SHA512 7754d34860f6509d2cb170908b8059921a90cc027f17093aab2bd1da506d6139b7864993a2cda5000e5049e3fa38e44399588fbc86aa68915a5bcf916f8df643

C:\Users\Admin\AppData\Local\Temp\ycgc.exe

MD5 1b6987a6b47a33321929a18ee78f8b89
SHA1 ed4c318d4e0911f958f433a1207a17c20fa046fc
SHA256 7d4fbcc147be9837516c99b2e26fce9cd6bdb0d3271f8584a91181e1714ceb69
SHA512 822d9c919af2ffd24b93d0833551a4efe7f0946650147409697e6ae11d0b8e2c98cccee96ae7973906bf20121cc01d5822bb7b6ef25cbf3dc23ebf2cf923d567

C:\Users\Admin\AppData\Local\Temp\QosC.exe

MD5 01412df8bdd7ea3fa5e749ff0a2dd49a
SHA1 1a0f1a712a7d59a4fe70edce4d26d4cf07f3cc8f
SHA256 300be9b44d13a4d9ee379110697d73bc802dedf9b73831135103ec2a0b64ff3f
SHA512 957d32024e5856f13c0e23306033550f06c4390a127bb992bfab2e4b4822083d123ee4bae2b15cbb4d8a27a73eb42370bc62fed69252c2404776fb2d41b8250d

C:\Users\Admin\AppData\Local\Temp\oUwk.exe

MD5 57398daba5f63d9a0d8844a55a58290f
SHA1 5d82beb80ea6f03ada788f7b3154d6813fe4935e
SHA256 bd1179aff0d4b7df25f24499b12f80ae4878df8f01560b1334b8d33a90a70c89
SHA512 24cd0d64d3015124dbbd3ac0974b06f0e72e05bce2eeb087ce346fc9bceced9a248ffe18afa94ce8fbcd8c21f7e960e1f1b780822ca59c82c1cc5201a98e439e

C:\Users\Admin\AppData\Local\Temp\wAAu.exe

MD5 edf0b444a48da4fda19a6c93a85d2e19
SHA1 42774932518dbc7ee2dc158efca241b146d19214
SHA256 dc5701bff97f39d4922da9c7088961a1544376af3c2164e92818cf41e520d569
SHA512 bde4f47864388bc0ac66b0ae64cbcce589dcee9ec70d6afce9578465e398d85a6a09d84698423dc344980a1c6b06cf37245a2424fe4e9b75a81afee27981500f

C:\Users\Admin\AppData\Local\Temp\HsgMAwok.bat

MD5 77b0c3a9cbe7753d8a1555655398c654
SHA1 bb09158140cfac1e3b3d98847420b6ccba710596
SHA256 0760962601c7c8cc1f831fd0548d1eb3e3710d4ae13a60b219579e8ef9fdec7f
SHA512 16c636cfdc8a985d6f889352840991cd06de6f8fe2c4e58f209e66061e210e862e548faf2ccc813205e490462f8d4713deb23bbfa7544e1745056959bce3ba32

C:\Users\Admin\AppData\Local\Temp\AUsi.exe

MD5 0e9f885081129404ccfd622d1f101981
SHA1 bbeed395c3a084e986100ec537bc45bd1e20d275
SHA256 488a536be26d6272384e2a7df92510ce5aa49db6e94b8fd3ba149a4dd6b6c63d
SHA512 5228f2df6c7c55ea077035b9a3d77ec6e7beb488e16f3dad975bc5b5a48f1ef799bd02123642748e75e284ed402548a3703766a726e8a1c05f65bdb690b85eb8

C:\Users\Admin\AppData\Local\Temp\usAs.exe

MD5 8efb72b493a296b2a6e1c9bf16461569
SHA1 f2c1c082d701c11abdd87c0b48a30247fe38caf5
SHA256 f9283e6de544a109927048383c9bd1c42a18ad04255ed7cd037d140268d44ffd
SHA512 9790c586d9c2dd027417b18f7a66323f477b3771f63cc7a213a608de71017ed1efedc6c2c77b8b4fafb861520ad8fed9415f8852408abf2f419afc1bc95c1bcc

C:\Users\Admin\AppData\Local\Temp\cMYw.exe

MD5 70f189f11309014c609786c56a4d9a3a
SHA1 884be6dbc7ac550cd538771d881f74aee4d59b13
SHA256 b8eb140e50d4e501a0f10bbb13a3164752efd632feac868627583acde4f71475
SHA512 f6666da5d4d407ecfc5b2ad905f3c18efea25b91c1cbac9c4d6910000565af4b3d57af6be269099a6d37166696fa6fb877ff7e7caf3ec5a38dcafc354a444a59

C:\Users\Admin\AppData\Local\Temp\wgMi.exe

MD5 f9e3cb496a84ed413edad3d93f006797
SHA1 8368c6df7f68792179b83e5d3d3be96669cae929
SHA256 b713aaad92728e2e19d3961a4ace44e833ff56fd98a89d478eb069719921d762
SHA512 3cdb0e298801589a0e32b043ccb0a3e2b5c4cbec5f49fc896c101210d699a8da7bcf56c5c0f8443ecacab490075db2b69ec443d8fd3d320e7d19808c199f9e6a

C:\Users\Admin\AppData\Local\Temp\SSkgQQQU.bat

MD5 6a837bda2f74b8e6371eafaf35246e8f
SHA1 bafd4f37f81a6e3882f02feb84ba920fc76640c9
SHA256 869fc17767c740aead21bf9c22ca397c736dbe34d86539311c85fe82e1af96cd
SHA512 4c59ee37067d4521b20b77e57129f98a620da1fcfaf4ba3f59eee4e3320e8bd52cc402550d9d929813c9a5ca4fbbd31167af6da0539600df6b498cc6ed8eeff3

C:\Users\Admin\AppData\Local\Temp\KMoO.exe

MD5 b4c9fa7dd266d7d8080aff0a485fd3b1
SHA1 e687e2cc5bd0d0a3d8d4b034af423099e2bb41eb
SHA256 f33bd40ce64cf2d8f59bc60b9f27071c882097f937013e1a41f6be88494a6c71
SHA512 6bc203ce01ee6d394cf6d26b8f3a49fdeb26354228b1146cd547b5f77472b61afccba781495c277ef10becfb2878254cfa56461a02dc9fec1fc376873a19236e

C:\Users\Admin\AppData\Local\Temp\accg.exe

MD5 a480862163d6c511992c153211514240
SHA1 ee73d8f9446ebafb65a1976429bf07849afaccb6
SHA256 8112e9325b50308fe652d123305604c5e93abf8c3c567bc59bec7d6b313e4cee
SHA512 0fc1dbe693ee904ed4ed2d0ce71b38b4da0c1dba2017b04ce950b784f4226aa0af38ba88d1beda3bdc4e84b108a93bfbb73381ff3bae58eb3f8aef4f666db0c8

C:\Users\Admin\AppData\Local\Temp\qUUG.exe

MD5 b9d1662ce2e9ab9e5643bea74cdfaaa4
SHA1 4c94ca64298f4826bad8444418f073bba51b2643
SHA256 57dbebaffde1316964008d620f49ac38a35c8eb3592a65eb232afd6e64293227
SHA512 e0f00320b7f85b70794e39b0670fcb4e2da34126a1d3f77dbb775b53d24f7a454c4abc5d840a6468b8ace3054aa111163b6bd9b9465b8af197ab91d97d8b8762

C:\Users\Admin\AppData\Local\Temp\yccg.exe

MD5 432da9d5b51b6ee28ccf70f4568068fb
SHA1 f8ddd07962dc8e02a7e406b495298a8850445a42
SHA256 1f55b5e027db70fa38ba8c1922d255ae1b57bdcd5c8887765931097f6950b63c
SHA512 5983c6f99a71ba8dead5128dde4a734a6b3d354d6637fecf7bfa79888a86f68e91466f5db7e4fea7d687412ed3e1ce58d3489c952f8d037f63a24ed6accb8dec

C:\Users\Admin\AppData\Local\Temp\IcAW.exe

MD5 6ded96e8437a9428f1fc1d57972378b7
SHA1 3ddbd398e7dce256e3b72d21bc287f09ae3eb0e2
SHA256 686cfadf36560216bf7ed5c022866945a43a513672ab121a36ed2de05a1de08e
SHA512 e85e17131c53072301a1c30e2278fb31a6ece1413df5a2e5a3680a2969f2a3a7d8e089f0fcc6c47a0da10a0f738919198f07546e20f3d5be606a5cec974227d0

C:\Users\Admin\AppData\Local\Temp\goIgcEUQ.bat

MD5 aecb9b7c480901c4c213d8a7cf51f43f
SHA1 61045dd4026a290022886538e1f220b19f2fcadc
SHA256 93cee6c9a667c99dee29457c13218e77ffcea7feec9a396553b0072009b03b0a
SHA512 7f279e0aec524fec96ba070925b6b17630d5894c77aba56d05c492fda40943fedcc7eb49cdf6ace54c573015767c207666683a892e9c872896a7f09814c8de90

C:\Users\Admin\AppData\Local\Temp\iIcu.exe

MD5 c748223decd06a4dd41676d6f7785e94
SHA1 7824d0555657f1d20a7be243cdc6cdcc5975d8d4
SHA256 ff6255de9f27cc07214cbabb9011a65c30ff59016432a21de3a53c1c2a47a62e
SHA512 b2677c76615476cbc30005dcc4afc99e7ca0e7e470a32d2eab6e82f694867c1fff053fb037f2031803ea29cd071066cc2185e7010c2d29ab6c4da12ce50ddf19

C:\Users\Admin\AppData\Local\Temp\iwsc.exe

MD5 6e7b0c0a0cc9338f121e8c96e06a487b
SHA1 c726388c3f356e53fd38951ac5409b77b3641747
SHA256 6e1dacea79cc3aad43a91c6a557ef5ba7d7fd40f51f0c352abad31ca8100035f
SHA512 aba145325756eae0346dcb037f67bc5191c9781cca66e213ac380acb0e3bf2465fcc727b7a708fc1d5ee6d159de3dff0877ce61615d94ca9b3c3110ff5a68116

C:\Users\Admin\AppData\Local\Temp\egUm.exe

MD5 efeaf7f7a3da0a376b3d5956454b349a
SHA1 70b4994f05b3d2e641ecb7efae388f20667148cc
SHA256 31ac53dabd3212395fd0aa77a7ed8508a14266ae14e68fbdcb6ccf5a7689d0aa
SHA512 8684ae75a99ac20542d5d40e6fcb8e62101da218e5babd26242d67302c452262ec37f9096c4c0a255f7ee7f709515f3ced1baf6cee368131017ac20cf643cfde

C:\Users\Admin\AppData\Local\Temp\WYUq.exe

MD5 aac213675b8ce6bbdd53f874eea6b40b
SHA1 e22401309b11ad9101ce424116ee72cc715a716c
SHA256 6ab4bb126f38a75d497a5dfd117c5f7cbb521b38b791642d31a604819f708bf8
SHA512 8ca72567aeaa7624d77eb6071a7b0b39dd1bbfae1687f777d5caa565f818b16c38b5ebb6a13192a5bc7f9ff47b8407ce14bde117a42aee7d0470ffa252a22e18

C:\Users\Admin\AppData\Local\Temp\AkEo.exe

MD5 5ac9b6638270be8e038d03b32895858b
SHA1 e922e1e2097fa0cc2686674b719bc7bdb86ccb6c
SHA256 46e88bef31376d8cb937452c5ce208ca2d14d4bb1e0763a806ed65b1b8219424
SHA512 af38da4b574c56272d8d0b1642bd76e1944baf27e6754ec91c49a390156a327cb1e634ff43c39793b6f57269d7456f365874f101ddc2b454387bd492c39582d7

C:\Users\Admin\AppData\Local\Temp\WagQIQMM.bat

MD5 6f47e54e7fc3376a68a25854be36521d
SHA1 949f8b690a3d05ca4b632d88261ba5bc6d42a546
SHA256 39dce84fcea8fd76952594fbfa03258f18c590269fa8ad3d5fc171c16622bf23
SHA512 1e4a7afa5e2954783509765d718e12a026be242fbeb6897cb8b8c845b6b072e0d73303e16401889847ee4d9a20d62e0d094c86622a729169a80b2a1e6f5c9edd

C:\Users\Admin\AppData\Local\Temp\yMoM.exe

MD5 d4a4bed1b99197e7139ed849bd925a8b
SHA1 64531e25aa087a9175c4d7909ec6edc02d289f16
SHA256 2312ef0c17bee83c9bf559aacbc9a1f9712ca170c8fe980be2d939829d7fe1fa
SHA512 e302a4d2054f751ba99753fb91a6fb6afcf0a905d5385f2a455eadb26a7364fd47321d89e32f81f0d45a49086c4845cc15e6113ea2ebe3e25d388ac09278073d

C:\Users\Admin\AppData\Local\Temp\AoYq.exe

MD5 624217ccf23d80e5738d267cd86e7847
SHA1 7e7951197d5cfa9b28a8293a5d76af1519af0cae
SHA256 f2f9a2482368aabb8ee9d83ba59d9f322c6c4b463add632e26d686922556416d
SHA512 5875b87f084ed53fcbf4e05adb28fb48a50240624225b8e86f5a59b11ba7b30ab5e3b137e27f95ee068203ea5bd154fb5f90af2b3b7f6a6e3f52bf9e65243491

C:\Users\Admin\AppData\Local\Temp\OEIg.exe

MD5 dd5b390d566d829ca769fe4d1a47d8aa
SHA1 52de91e4ee641653229606f93b34c902b2f43c1e
SHA256 56c66dbf16226c10d6682c26ab880b11f99de88d93c078f6769d4e77b9ff524e
SHA512 df7ba5429ae4038fed3f3522ebb9c981030fd31e606e713bce5acb448612922c11a70912489da6c9eb0944ce712cc05d34e0fb1d1177e90d33ae49ef3f0f2938

C:\Users\Admin\AppData\Local\Temp\gcMW.exe

MD5 313121233fc3a4f28aa7e5eb3e5b88ba
SHA1 cc849c3555bf934241f90169582b840f96b2a103
SHA256 4348cb7a9cd84c4412b74a2935798b3eb041056bce128dcd79708fffd84a6132
SHA512 86d86100ea16a2e24f7e13a87f19b94f7e01e9d2bc132f741e0bc803fda81eefda92402cd94db5130f37d870e108125c49f2aeeb4ae70ce2c1baab107dd27715

C:\Users\Admin\AppData\Local\Temp\WQAq.exe

MD5 da506d31f6eed87a0155ce2509b88e75
SHA1 aa21bd48d418f6b85b781af80fa37d8ef6182c17
SHA256 70d22d732da046b9f42af45405ed1e25d40612a4c951684ece57fe6c353bfc11
SHA512 39c43bbd75f1554a818a5bf0fa0e4b014c0c3d8cc565b6be6553404f78f420113cf9b913ce22f8d57a45fbdfdc78e5c7449fb088c028b9dd2c002debcadf9c60

C:\Users\Admin\AppData\Local\Temp\cAQQ.exe

MD5 3aaa326e671297370e372bb5b249909a
SHA1 b55080ff95d43491cb7f6160191467d3ca482307
SHA256 39b3cb1f8811e21aad82ae82e7531097db9624717a88bbfe75eb20fe10b25d51
SHA512 c2210023835deac909b0af85bcb54ab158ae753aa17cc7b899abf54beff1f2a3d719cdf9ba525ee55042d733ea10a522210cc0e290c9e7b24f7a64b02cbb953a

C:\Users\Admin\AppData\Local\Temp\wEMi.exe

MD5 eddace3f182d1930cf28d7bc2306ccc2
SHA1 ebe5f10bb649c604e8e47570ffaa83782d0d5930
SHA256 a82fd004151899d0baf0496c16ed70f563cd759ef4d9b1a51dd521bbbac2bda1
SHA512 737b478c024678413d7bb78807ef15098f797772930831e4724be93d1f54d8f1d9be63521ecf178ed4c62205cd0b96364ae41293729c8221f60c5beda060f49d

C:\Users\Admin\AppData\Local\Temp\SUIYgoQc.bat

MD5 9db8a817f6648f3d23d433daf2a6e3f7
SHA1 348e99b9c3b5b5a85012ceaac2b14517171a8627
SHA256 89a3e71fba5325e6db12dc65855b8a29341b3a6ee8dcd8e6d6deaf8881c8c569
SHA512 2e0d5a057bcb2e56b1e104244a4ae68e968d719b573e10998700386a7507ab9ebe5e56a6dd2523a86ed43af10c82256c491f608e77f52a317512eb9dc8e44069

C:\Users\Admin\AppData\Local\Temp\YEsw.exe

MD5 c580726ba68f752d7cb9bd267b5c90e9
SHA1 0f716c8be8c37dc154960baae8a2119f723b2d1f
SHA256 84bb4bbbb712204c8d3556e905b55720a76c0829d5637ea9374f2256a6c13973
SHA512 6515737fb99e6f7e98bc4cab87801f9559324c9dbcecf552f0b63b6f804f7ff8a4590ba0d831f2ee509d71e8302ac917732ed22317316c4f0258b3fb3acd1645

C:\Users\Admin\AppData\Local\Temp\aAkK.exe

MD5 b048f52bfb07e7839ab25d2575a9799c
SHA1 f563e1ebbc6b00d7bf4b705ec1a4eec486c852ae
SHA256 2f2ba52607e531795afc390c019a05d67498846606b8fc803dec795adc27763f
SHA512 8fcef17e7f39c0d93fbda908d9b01db0c9027f1d618c2a4dbd54782554ccce3817060887b2280785372b824e283a679d2165cea70343059acc9001878aa32c15

C:\Users\Admin\AppData\Local\Temp\WMgG.exe

MD5 0a6d88de0352e5f7d0440b3b693be75d
SHA1 a5cfa2744ad19af5da73ce892a78389204153792
SHA256 5865b4ad6d3cf8abd0c37c64dd73353ff185b7c6054927b91e78ea3131ff3414
SHA512 2c4c3a3dfc1cbe7de642c2e9293725721261015b11015f69692cb68e4acce967c0348c940c5dc47494779e584ad884899e801bcb7580adb8a9c890e450f5160e

C:\Users\Admin\AppData\Local\Temp\qgMe.exe

MD5 61b4ed596860d10bb72ec4e2bf4e913d
SHA1 95e4cceaa2aee0819bbd6b6da22350859d973333
SHA256 9d19a8bf13b6fd5cac1b673edbae688f2bde12a374cb61596b4076b53cfc0381
SHA512 fcf818319bdf47aea3c46c9f41ef566d1a3586a76e60e48f7f1c1f4d8c2b86f9f09ddf085462aad38f343ad18c8c87024b8628a203725ef6c2fe956c98db8e3d

C:\Users\Admin\AppData\Local\Temp\kAcC.exe

MD5 d9d7eed703bf406c8d6ec2dfcac033dd
SHA1 1fa243749a3075d86fa81f3c4dedc6d1405cda12
SHA256 a0b8354ba57ef464c5757c790d3a4a0c066928313e50f07b3e696ef367f4edca
SHA512 1a9421888ff7126595b06c0da3287412b37588e8a6e88b1fe5640442cc3513577db9cac84600346db6fc67cf956d76d59e918025be4ff083bea685c3ca24ccc9

C:\Users\Admin\AppData\Local\Temp\jesYsogM.bat

MD5 5eb179dc616139d9b66302e104942b4b
SHA1 36e6931bfa5c8f01db4ef297394b16027a5b3099
SHA256 01ea9b89c5245765f238a8d577305d6f778c4cd9a39620a261e813b10165cc85
SHA512 5fcb510969c5ca29e59ac89acdbfd12266909ffad8eacd2c12b3f1db8a61b6577607bc8f868cae74d24fdda90ce1055c72c9d2da91dcdd05d3caecf3e0655214

C:\Users\Admin\AppData\Local\Temp\oIoa.exe

MD5 b749dc30b42b68eb2db4a68cebbd8e78
SHA1 9592f1ae0b36d49ea5bb408a8d4a4acf5acffb66
SHA256 eabce27854ce63c72fc453680ebcea0047b376a1a08b5567fad77425cb77dd5f
SHA512 1588898b0110bbc07c7cd92d920283a86d95d7bc608dc21b3bc75159964608f4fa2b0e53d3c07df38d8004cb5ca2443ff643e9684b8c99d3a002cae60ed5177f

C:\Users\Admin\AppData\Local\Temp\AgIU.exe

MD5 9640b3d41ba5187f22a62d3fa42ed670
SHA1 a1fe8906d26959cb530f6d876a4c7d0c93162a22
SHA256 ed70b86fecbf4ab37df8f3f4c2c02023b2d9ec1d8ecbeae1769f1f42f9b9a510
SHA512 e4aeb2fed201d75f90fbb362370a28fac57c69c80ce25aa2a62de5a4c846e7417d630b8ffbc209ee2181ec700076a1665cbc0ad73a1d9e2564895f2ad404fe4b

C:\Users\Admin\AppData\Local\Temp\WIQw.exe

MD5 ffa7f4311280aade8b4888ab54511a72
SHA1 7d4a917996613dfe6d13a4f1c32c9ecaccb84670
SHA256 6aae6010a16e7864d737b685d7aa7dd19182ff2c631311d53ecc7de608b314ba
SHA512 274f55e79b39843fc8871ddd7e22ce5b8d6be5d2915e6c252f69780c02b4e291c206677fb5c1ce8f9137d8aeeef62204c2a25f7237fd06e811bc3bc7413a9da7

C:\Users\Admin\AppData\Local\Temp\AYUC.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\AUQU.exe

MD5 b86b928a524970892e7500573654a481
SHA1 8b4fc044a4ca28d8391a1847efdb7aeb75a9762f
SHA256 9ab1b45378676e06e0ebdd20a3a87f1c2e48e41c9bc7e3db9d2d0b9a44b21f96
SHA512 c4916a38ec030875a9cafeec2bb18a65e2f9562600991528766756ff1fe408abbf25baa9834f0d8d3bf80b8781cc9b50d720b792f06128c254f3751985eadebe

C:\Users\Admin\AppData\Local\Temp\UEYE.exe

MD5 20137f5719c77107855982242853e02c
SHA1 21cffb1d14e75eb582e64bdd094a0cb0a7cb5b50
SHA256 084768cf9029a1d66ae33bee939e9420e6a9dd8d8084129a2b68f79a3e2abe97
SHA512 e82177eb4185302e126d649cad74b28a1b32c9fefd8de85405d1b352679c50d6cf5e88247e5d34a6e594bc40c44928cd7d3c285660eecd957079cfb86423bc20

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe

MD5 cf9db1bc5e0df76c85ccb12d72c0ecda
SHA1 90cf05d67998db66ca8935d3d3bb9bc2de018f74
SHA256 60263c179ff9df9eb71193700ca416629c008b5e8ffa6e7f5d1b65107eff2ef7
SHA512 31403e2d21a4590b702f34557db0de4c0c7273eeec57f7f487531d0d810ee5366aeea2e0d97123d9fd7427669756ff6b0130e0ae2f31ef17d246d78749bc399d

C:\Users\Admin\AppData\Local\Temp\tEooEIAY.bat

MD5 995c166575f1ce17a314140203fa1fa8
SHA1 3870599d99a183c8657b949bc0a7ed76b6876c4e
SHA256 7ebf565814082dd1dbfbb7f40f42c3ceae9eb844acafd77308d2c81b26bef89b
SHA512 5e48e388c438b844622d63864bfde0a5887f19697d3b10a3bec67670132dd40246affa377f2b52fc141896b4230f179b89b0f30830ba69b84b1d5a26a54dfc18

C:\Users\Admin\AppData\Local\Temp\vakcEsIE.bat

MD5 397b2ce948d893c3afc4b1de6f0afa9f
SHA1 ebeb293111b9baa95e91beb6e1aa2687e6f9d434
SHA256 2505b03c235f9a159befa3a2f763cc6679dfdb38bb57a051b28869d64b3a03e6
SHA512 6f51615084932088ac0864ea9baa53243da20581f93d4d7d32db7de2cb20b6e71452abc5b2d03a910ee01514a028a746aa3318e155783dd895a96278ef3dd1ef

C:\Users\Admin\AppData\Local\Temp\eqgQwAIY.bat

MD5 00b3ba75252960c762a837c34c5c7b75
SHA1 6ba8d220f41ac1b319a0bcf2a8ea05cf154d2375
SHA256 92fbc7e5f32f577d5291d71b1f5f5605be9e8261875f39a7294c607f409c0022
SHA512 d802b2d1947802d103d2a4dfc973a03a0aaad1c0fddf3ef7d9e39344f4f28cca7e30f05492e256ed096a84fa1a18c0746f35aabcbe1009a728eca2e40e7effbc

C:\Users\Admin\AppData\Local\Temp\GqYMMwAk.bat

MD5 c4ed85bce097c1c2bb00e50d3df8429d
SHA1 6435f506aaa3ef3062473289321e5f5f5ebe1b2a
SHA256 39b49d6b2503d27b0e94275d139296cf661996d2099d0f1ab8994340c4e582f6
SHA512 49397c81ec97d299ff16f6d4f372c57fee24c33fa61fa844ae6660fad934583edaa4dbbc83a6c324682cd530a11b0d73403250cfa01cdeead66fa4e66c9a29b6

C:\Users\Admin\AppData\Local\Temp\swEIIMMg.bat

MD5 cb5659662674bb36730dac634c973eb7
SHA1 57431ab9ff58b7d523489707de91fd0b6e71c1a8
SHA256 d27f26187f5708d85d5ba2f4176cec8b8d22d487e756d11f03e1720d37c28f13
SHA512 e689bbf1b145c9b989ce9d0605bd5abbcf4878d4cdbf47b79632e3c32da0599186fdf7c3406fe792ca6bedc9640881dc73b917d97300bceb06b1f25c59df5869

C:\Users\Admin\AppData\Local\Temp\qswEUgQI.bat

MD5 b3d228bd91a1d60ac350e8cbbc097549
SHA1 5e134344a18599e4e79f82f8c624d9a93438bfc8
SHA256 8cc187b0155060e35364dc95dac4c0c09a5134a7de3a768226b933368293b935
SHA512 57fa6a773abfe445f7bbe5d020b72c2d5f5116ae3fba7bb1a326546e90f83b3d71a9200042b8a9cc742b0f72e87c07e8673b5ca8d3d407bde27ae122abfb5bd5

C:\Users\Admin\AppData\Local\Temp\WEAAcwAU.bat

MD5 01ff19dde95f6a15d12931031a7f9093
SHA1 669ac923beff42aff07bf2a0903494011242a0b9
SHA256 7131483bce2ff88f6d974ad75bed61a5b704efe83f0b56a14ecdc8e8f87741a7
SHA512 6929f64d2078e4a11be6d57aa31700eba20c6bab86ac23024c44ee30674de9232557417c46fd69d72cb99b492018b12f1ef1831cb0feebd12d483e1df3957915

C:\Users\Admin\AppData\Local\Temp\RSMIEYEo.bat

MD5 561d6f362e6276dab9b33676b893e740
SHA1 cda0d65e4f6863098d34fa109e61ed21eeb304b6
SHA256 59808d2730db00fd05e1dd153ff6fe6defacba102dd19d9812260cb510275aef
SHA512 cb83cefe7dbf25b2072694d53465b7a4e2846c66a85c9a528530e632b2b3381c13ec00819ce1da8adf1fc72f0523e6f9fbed449d17d1e6e621afe942dbf20bd3

C:\Users\Admin\AppData\Local\Temp\PsAcMowk.bat

MD5 2dbe9e186969eca022464670e5e6d5cb
SHA1 975d411602f8ecb89f6fe1747396295f2954c695
SHA256 00e89ace1533bd5ca9e1cdb4b56682ebef2c7bbef4407fd9576732a16a14c960
SHA512 5ac1f72925103d7141db8826d027cfaab5d9ff09a7cfc2c6c2fcdc6b52b1d9e2138c71e114e1a8d1ec5d462b1600763fd2eb010ffcf4fa5ba286a721a2d7fa4c

C:\Users\Admin\AppData\Local\Temp\TGwcEcIQ.bat

MD5 a1aa2cd7225f4f8fc4dbc74da0689c5b
SHA1 9ecb23cba370f3180d8aa7c9c3b2add36f75c045
SHA256 7af923db57ec6e5a5a3123f604d1f24fb6c35a95025d2f7879e512cfe4ea9329
SHA512 f9af0fcc66b1a2ee4a9274a8391efefdd126b2ae25d705d2af334a80b4e394136a34797b6fad141f8b858944f0461e630526065839284dfcd0a0d5059954c475

C:\Users\Admin\AppData\Local\Temp\BsAIAMkQ.bat

MD5 6629f1c4ccc482fc1fe328af0ee959d0
SHA1 0de4548c2d430da1a247e809ba34b1c04052d25e
SHA256 5df48e21bf2728901fd28bfd18e19125d9e29d8e6ba1ec88051a3726419d00ee
SHA512 ed2241902da70747955e1c9ad0383b0b93fe370fa71a80344867c00b81668016ee6b2bce1d1562603ec27d402fccc0cc542ccaab5a6ef361a3e90caf3e57caaa

C:\Users\Admin\AppData\Local\Temp\kYEA.exe

MD5 578dab9d42d6a949f440c6c8e889e43d
SHA1 da18eb7b704860db1c61dd4924463ce33b429627
SHA256 a2078b33d0c2953e261572c911a421cc7409f5b5e1c881a94e2bd9a36bc7845b
SHA512 5097898c314dcd1c9ba0fc0f366edaec6b9c52b140c826991d05981f11cb5470ffefa5e07ed0c29a058d3bf280481c4c619f679ec3e376a69319e0448ff1e983

C:\Users\Admin\AppData\Local\Temp\WYMs.exe

MD5 7ea9f16840c9b6be8120221f9093f369
SHA1 3e6f2cae24f459710d352798d85eae260b1528e0
SHA256 438e543a8a199e46c4fe7d3d98ecf20621cf78db9fbc8d5321c3f038cca570c8
SHA512 e6d503165a16ae49c970662e5a096f125306c49536ed369054644dc7da2ddc53a5254c7006e063a043d8a5f1ef0dce557f81b071830adcdbe8a58b3f0d4c16ba

C:\Users\Admin\AppData\Local\Temp\cwQg.exe

MD5 4970550a006c5fe30225a288b6cf3c40
SHA1 f051fd2ad6aad8784d7a4e3c075a3176b053aee8
SHA256 41c780c07b19090a72ea141471352ec3ec56e1c85c6550d1b7a68f447cb1163d
SHA512 a26820998e479ea1c042be5a76eb4b257adf6aeb24a3574993160ac8bd36a6dd453d695c321622e274497dabb3cee8825c36ce4720f8fc785cf9fa0b223c0d4f

C:\Users\Admin\AppData\Local\Temp\kQIs.exe

MD5 89ce576e403fe5250005f2d54f130d5c
SHA1 26e19fcff9051155d8423886b2b001d2dd9315ff
SHA256 e6a9685c8c33b052d2a896035e9f56cc17f85b5a016b618774f9085e9c5df000
SHA512 3ad957e0f330f425dc49a0763004cfc237ad94936af411f523471309adc38072eed7fa3acb7f24f4d32be5d983ed9578da47324c10461f4490e8e23e4380ba89

C:\Users\Admin\AppData\Local\Temp\icwm.exe

MD5 f2bb67839ce23921e0e5938e511a341c
SHA1 ad88c04ae03a89df3633406b1b5dc5fc44e283c6
SHA256 07c6f592634d9c753e900d1f32253155bae1444d5f6dffb261e33ba39917c7cf
SHA512 d4f93300b8805d3206d746d9f8dc8ec58cd93d882ec3e9d08761094305e4781485a9727e1245eb5cca36dc5e70c713669f2c477f9811c2bddcec7771d53d601d

C:\Users\Admin\AppData\Local\Temp\KEEm.exe

MD5 a7cc66b216ce2f52a0505695f9b0e4cb
SHA1 594398785a4e799ff519fd81606a37f3778169b7
SHA256 68b5521ac413b6903cd030569e54547f91f070cbde8a83bfc8d674aadf518930
SHA512 b6473119cd3e90bc14603038df3fba61002a2aa837a392bd254535775a3ebcb3292372cc8e2860a0cf899c2d7a15cbe332202febc17e758eee82ddd2e2d3b6af

C:\Users\Admin\AppData\Local\Temp\ooQAEkkU.bat

MD5 2b902043da0b6351b3c12a92828a105f
SHA1 9768df24f756bd943c38abade569d9f3ba9a1a84
SHA256 0d46643f5777fe908a495a4dad05c664da7266078256a82efc497fd69f6cc882
SHA512 c6bbd3fbdd699c4bf5a24a2d5fb44bf90685177b0d1f506a97244032694550c6050285717df41484de6e9152c70b264f4408b755b0b851bd0103a7a55ad3a5c9

C:\Users\Admin\AppData\Local\Temp\wEAq.exe

MD5 8c2bfa2939f0d776ae2858fe3a9d4115
SHA1 bd622429a7289480abaf555eed7f03ae98277997
SHA256 a633725bdb49ae00aa0bf03bf41d07e35fd0eee9f6b9e39e2a029bcbcc7f46e4
SHA512 16d4e8f0ca12d2d53c3e46f7c2fb6afb01b4d12bb51d01b4f91c5823b32b7f7956197254bee646225e461c4c71f7b96b4c5be7a3d5923b3c91d13535ef5718cd

C:\Users\Admin\AppData\Local\Temp\koUq.exe

MD5 70f1568489deedd418683ab1173f61bf
SHA1 c06a154e16834fd09418a509799b3934b4718e73
SHA256 51575212339570408babc7a34a6d7ac5c4111bd0bdb149d1778742d04fec0885
SHA512 81908d58960382129c674bd2100bea7833f833b3480a37728a294adf4c48b7daad73598256a8fcfe66d764e05918ae9d19485701919a8451047a1dd3f2bf264e

C:\Users\Admin\AppData\Local\Temp\KAsQ.exe

MD5 38549b67608eed268791b65ac4ab7360
SHA1 f94ae0317dd73d04170a6a7f157432c7b337ce91
SHA256 60cfce87c3ce5657366b22a86ada0e41cafd7f2d5e5c992f46ff4f4944e249f7
SHA512 1fdcff628c9b1572c15e6eac01b426bced10f065f2b03624112fa89f0dcc33ed7528f8a5b536645fc9b875edea58af7e482a0025e7e059002ad519e3f8ba3bf8

C:\Users\Admin\AppData\Local\Temp\GwIw.exe

MD5 573f1080a825313383b64ebd3f2d8ee1
SHA1 c7db08f3aa0659d559d573c6b28494fd7d135515
SHA256 b7a04539e018df4337a16deaf4253d7236eafe4941fd47c288e1a1b633697503
SHA512 24bc9f2679bed4f344a21ac382e2df8346fa9b652bc78a118700a60c076c6d53eac2206fa06d7512fbb4557ec8cc44fd584039e3c0b184415aaec667e44ba62c

C:\Users\Admin\AppData\Local\Temp\qMwoUkQg.bat

MD5 8bcf02b0244155c191aa45a8185e9c2c
SHA1 6c3350496880e5984ca15b777fff450cae8708f3
SHA256 2de1d28bd5f4c8561cc4ae886c7919fb7e839b71dda71d4155b5cd0356e7a825
SHA512 277e865148f89edd648a96f05f6a3b529fca6d86599d959f370c1822c4bf1b0398b3024b55272f449cf1b2cb984b1015f911e5ad0dc38729327d2ce3789014e5

C:\Users\Admin\AppData\Local\Temp\YMcQ.exe

MD5 7b231747d0327f6a3c46d20f79cbff29
SHA1 0b128d66b370f76125e4490a9186447391a2c16c
SHA256 0a73a74245fad69a0fe28d9d0fdbddbe4ebaa44a61a3b66e0ea21d56b676b5e1
SHA512 f4994004a9eaeaaf82a0bf5314554fe12d48b0d104c3df02a345a0a2d48db0de8f0cc7a82bc440831f0ba84203cef4e3809383617f05cd58949a7f8d7db404d9

C:\Users\Admin\AppData\Local\Temp\UQIe.exe

MD5 bb5a10b2bd5d672ebee75c8f32dc73d9
SHA1 704aa79a1130e1d006187f4b9075960a6ab6da2b
SHA256 f3b24f5a825a5267734bca7ec0e5e0453253034cdcf97d5ccb985f4b2a8309c4
SHA512 1bc42d10929a2cd42f10888c392332a7627e00bfd8c8b6e30aca1e0a562c3c10c8bec8e02dde23069cbbe30e7a33acd0b7fa44e7a2a3dcf0f5cc203e59506935

C:\Users\Admin\AppData\Local\Temp\woQw.exe

MD5 9eac657e0528510533393fdbcc7d00aa
SHA1 3bbc49dd93e95d60a995f7aee6661698d8c973b8
SHA256 f8bee577b1a75c7aa88605cba6527abb55db18988b1e92f2578bff94a1e2aafe
SHA512 0f33857142eb6b23468fb26ddd0f4bee9b2f3380a0958c46abeeabdf3261404095ac45abb6c84f0b78cd72d4581b185e3d05cb038b013a27fe39e33b5d04b48d

C:\Users\Admin\AppData\Local\Temp\KUsYgkoA.bat

MD5 71d2c6b9a915ddf30586306daec1387c
SHA1 8aadb3b67063f04f0e709983f0d7197c9cf339cb
SHA256 1920bada74b46b6206bc89272f780345c1326c6f56c2362f5e1f643275ed2d6f
SHA512 e429237412a4a63348d47d2a171eb658579f2db55db65d584b3e76317aaa0c46b223336152eae274045569dac2b31676d3175b8ec5049048ac1490198ab7c0d1

C:\Users\Admin\AppData\Local\Temp\GQEw.exe

MD5 300863f737708143e1e45e680d091844
SHA1 d2b4876aebffb771463f975b0f5d5752c2117841
SHA256 01e3455a353b1f61da72ef0e59627474c23268a1e81304fa69921ca4a6b3e9a4
SHA512 c48ccebf3f6a9ff0863eca39fb691077b48d6e6a0a59b38f5e38cd9d9461e34047078a037af42f5836696e18449071517be96818f9ca18e8c0064ccb7b5642a1

C:\Users\Admin\AppData\Local\Temp\OkgA.exe

MD5 e77d15612b7f10019d04e7ea4841061f
SHA1 847dc5a8b17cebd3fa9feada0f57995dcb685bd0
SHA256 0aa4f46edb73cdd2ef37330f28dbbf56cce6313165521bf505904678ddc72812
SHA512 8fbcacb475f31b3ed9412117577786814ba0ad1f68c8bae8d49f4622ec8b24ee2f19db7c50c12261152112e4d912cae8903454f27234d685c31a9503539866c6

C:\Users\Admin\AppData\Local\Temp\QiEgMckI.bat

MD5 3be19d009bc9b91c2e993b4348eb3e1d
SHA1 e4e1245da10a40db05a7070c75f0bcb8fece37e3
SHA256 35254ecaaa8fdae7974d4bea245dfd21efc22b5d0cc5d7dc43ff388f48d07ae8
SHA512 bb663186d45dfdbbf08430b48e4d08ebd5c965fcaf5db64146ef3e86718f43e0df5ef93ef4dd9a67d45124f3857bbaee2c259bf5ea3cbb6b65be1fa64252de5c

C:\Users\Admin\AppData\Local\Temp\WAci.exe

MD5 18f421e81a7c45b03594d878edd37241
SHA1 a2e225213d5dca38075a1d6d87306ab4802fdd88
SHA256 341146ca50bc8feba4e1caa6d43f5af3957fa78fa949f944b996ab93991e7acd
SHA512 dce7f7d7323d016defd159d4d5d49b82108cb634ab8abd3602c50fe66690c6a175b561ba1625b9e230c55a25bd9ec97cd0aff201b3e28f9a5167fc06b49b1580

C:\Users\Admin\AppData\Local\Temp\mcsu.exe

MD5 07a5c350d985d1d23128d6c005d8b82a
SHA1 64231e9a43559f5cf058dd7cf8375ff7e1bc925f
SHA256 23f9ab13c331106c316207784beae01cdd6febc011edc118b41585ffd3705da3
SHA512 2bca3581e9a5f96fb90efa0c1ab0c1dba33ee84afb8e42fb161ddbe39dd9b9caf752813a99fe07596f1ebbe65d0e930b590cfa80b9982d7d287056d83c1b3bd8

C:\Users\Admin\AppData\Local\Temp\YcUG.exe

MD5 bcd6472070acf170e5a5ab54978efdf4
SHA1 d3264205cdc3a373e066ee1f4b16fe9f9737d8ad
SHA256 7cc7988f729d36e76f64515a0a69ee3c92ea6cbd66b0336ab8bebd2dfe855344
SHA512 5738e9df642974f7bcef68073d006abae738caaa426b8aab0822f16dc908900fd479813af94ac0092d2fa755801b4e8f2f7dd41c0f4cffc79f614462ee22d673

C:\Users\Admin\AppData\Local\Temp\swIM.exe

MD5 0db4b299faad58433debda440a96005f
SHA1 6d7120b78c0048621ac1a8a2d6f74cfa0f2175f4
SHA256 157c907c28d6e9ae1764085bf3755f146d19b3b840d444b2cc210799de8c377b
SHA512 775e234732b2dcfb1583c2acde4261f0eec9c5b3e0f61d581410955189939c9c5a4528d64334e133c998ef65a55324a16f733665f24326c5f2a9ede0da0a6287

C:\Users\Admin\AppData\Local\Temp\pCAUcYcQ.bat

MD5 7cb7cc8ef63b89db73101d757364d443
SHA1 1e1b9878b410b10180830bea6f9157754dbac495
SHA256 e12ceff8f6e3caa1abe94adb7a0efb70b345e89fe7a3c4bb5fe02a16033eb597
SHA512 d3f4873301cf848f40437286a479737586dcf7a77d91cce67d03b41449ce992bfbc50d0913d3ce47e5e21a1fec7f30ca15d113b385110d4e73476453e0626557

C:\Users\Admin\AppData\Local\Temp\CgUc.exe

MD5 5f6c22951014d7189e35c29b9c68eddd
SHA1 b6d6e02fc246880ae19b91f26fa4810a21ce60d5
SHA256 16b3a9dbb6e9760f6b3b9776d933bd077b7cfe70caab1ba2241a7a34db8f085b
SHA512 6710a2b615b4075a5a48ae63be9220f4d75ed6f6637c05244a968e23ed3ed5ecb54a0b1ae91b48567e4bbdf31dc6dc83646dc6f8e99fd16be82f9506fa096b65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe

MD5 ef21ddd0f07f312f486b4eb6b70ecf84
SHA1 5091519d345cddabda518491f33bbb1119c5bbee
SHA256 6d5c27c9c4922ed8c0817a418de06cc6ad532745b0639b7081cb1f0f8f166eed
SHA512 c4d2f7c2c04e5acfd96525bc3af2c638fd603b89541fc04042d0348d8857d1a47d1ca02b3169a164c5a10ca8b9a676181c63cf2ff046e62f7763646301ede00f

C:\Users\Admin\AppData\Local\Temp\WgMo.exe

MD5 063a12d20cbe2cceef9059d8178caa88
SHA1 a201b4527a7c2135621cd9174534de31bd6856ad
SHA256 56b082ab613b9e95e7c21d045ab01c7565ada518453ec012f28b5e9bfc1d4872
SHA512 2935492ef60393cf6a1c5651e8ede5631c9b0064d3f211db5cb96b55c77175329dc7c2c0c32ff6f5f3543ec930233e44b3b073a9a16adeb8e743b4968d066c6c

C:\Users\Admin\AppData\Local\Temp\wcoK.exe

MD5 f3b2b8adba4092ade83bb301e6bc05d7
SHA1 f5ee678b1a6304c08ef43f51c7f4e00cb2c37c45
SHA256 258fcd72a26b4612fc39bf794c385be377e8ec49199adcfab6e949367b2e3b2e
SHA512 ec1d38be582f3fdf851dd4ed4cc20b7d2c395689ed6578b3b6f2c8839ad508c02fe2a18ae0f3bce9edad2e4b640b44cfb0bf1c8c5a43df5e1af2cd5a360885f8

C:\Users\Admin\AppData\Local\Temp\SkEU.exe

MD5 b908997a26699e8c75bde76d153a1f75
SHA1 670872144a4ebba19eb087c4bb0df67a15863279
SHA256 41b6af4306af272d828150cb93e9542c5d2131915d6110906a7f918e1fe3a692
SHA512 6c4e46e675f1bd5f35ac59cf8042068aa38d7ce3cae20241390a5a6b376254ca1ca7f5da6ff31611dc73d1784eec7d0097167caf5511caf83bae5f1e5a2b927c

C:\Users\Admin\AppData\Local\Temp\sMUk.exe

MD5 081a0a7cbf122d12569c3576d3116576
SHA1 5f3062b23ffc07b3ed9ca19b30cf65376d583966
SHA256 7ff1b2b28aff5e1f6b452d409edf6012a4e342f45b20f5dbfe4710cad22bf413
SHA512 e36cbc4b0e3a5359fb11a968d338106b247f130d48e73e7ab3f008f98efecbef7e0006f596db9dbaab9338cd08d40c55631f33d2d3a44d9aac40bc7a6a8f70e4

C:\Users\Admin\AppData\Local\Temp\nmwIMwQI.bat

MD5 bef534a03111e39bb25a255551de275d
SHA1 f10d3349a839e1486f86d254f4318df5a3dd8bff
SHA256 fdc152d4ed0fa728bf82f222cbe6179a5b442033ae30924e534e510148674b52
SHA512 0511a609b819ac3d6dedfcc040579eb5ab4ee703ce7502e7e9a6b8e35943a85257d4f370c16922e0b6946d8100dd983f60fbf5d66cf335990e0feda21c798cac

C:\Users\Admin\AppData\Local\Temp\WEUU.exe

MD5 9cec513cbd0470667352a3c8d741e08f
SHA1 7a01776944b5f7dddf2745ba7b7b9e258e891da8
SHA256 8be8a32ff1366eb8948852d21233fe00fd5435ce48fa8bb7b994c70c0c191a95
SHA512 b4dde7d883031c8c7ff8ae39bd1602771b258e592de80290f4229dbeee13c67ef9ef7a105867f19aca83970a4c75f36ecef2ab373a2ed6580e615a405622ff1b

C:\Users\Admin\AppData\Local\Temp\aIUu.exe

MD5 b52824026bf7c3140b6e8f941593234b
SHA1 b7d5aad329705a6aa9ceca54db73e2fb0b6ca50d
SHA256 00c1ae91e2921131673ae3b0512b1900182bb4afc285b5f58fedca098c29fbf7
SHA512 702c5ef670a381c25b6974046e365ccf740c3380b224ca48345c06df50ecdc80e1da42f6522a6f778c2493690b633af45488ad1b1ba4149bcea293198b9e2d76

C:\Users\Admin\AppData\Local\Temp\dUkkwIUU.bat

MD5 73536694c72d8320dee0056f6fc42eff
SHA1 21a50575a4d535cfb751cd0806a2dd96a5df10ed
SHA256 cbafea70c008ad378236845c6f18b2e682304940e7af3096e01376cf003e8285
SHA512 86668d64498527b8a554858e7a098bf979ba34244efc1661b8f81d74d7a6bfa71999636a75806cb9af7911adc80a30c559613baae485a11eabeca7d95f453a40

C:\Users\Admin\AppData\Local\Temp\kaEEYYcY.bat

MD5 987a9746130b7b00b094319a790a12e1
SHA1 93021b44da117e770a830f361c7711bd43979e19
SHA256 cffd9302a9208ca3b37a237b9f05656487c94c520e00cea7b1eae02c2d216b1e
SHA512 916aa5dce7659e4686c52333da819feebc3631979b467ee7cb404ca63721f2fcc345d2445efd67fbf48b94fe7a07300b1c98d5ac812754563950e0a85e0eb811

C:\Users\Admin\AppData\Local\Temp\Qkkm.exe

MD5 50fe6291ec5505f9cad28b3ba41e92da
SHA1 250cc26b3a352d654c4723700a8f7bfa82ef1065
SHA256 97732cc1e645d3ad25981d6ca3935665acb0bdf3ad6ff47d9fb4b90b690f82fd
SHA512 33d5ceb863c52520637a2701a41cf77aca7441b9dd359248415302c69d1cf1da41f8958edddccf3673fbda1c037029b6b345a80fcf9ead02c0b9b6510478da6c

C:\Users\Admin\AppData\Local\Temp\mwwY.exe

MD5 fb3c7a4f35cad0aced105971092633e6
SHA1 cf91ecf178b20843587bcbf3299a146597bec0e8
SHA256 369f674d14e9dbfcf57eed5c791d1eaadf22ca54f23e41e38c1fdc117b728d9a
SHA512 9d1d85c625d67c1c5f5b0e414f969a880a20a9c2af4e9f5bffb8642d62f56ebb219f0884c0f03560f2c7a52cbd581d2664922c08846fabc6e0ce2eae9026ae9e

C:\Users\Admin\AppData\Local\Temp\GEoM.exe

MD5 c8b2f12611c0954958022b95b8336721
SHA1 a7bfdb90fa392f87fd002be16caeccb3918bf31c
SHA256 8d42af5b88db821de3e72dc1e6c6e79dfedbec323564848c39aff59381354239
SHA512 bf8ee44a30cf1c63612f04362165b6d69d63fd815929ccb478be64caaff6bbff52203d462eb4b3c3204e273d6e8e8606a39668c1fc310d0ba5cf4c9e0a1ef8f9

C:\Users\Admin\AppData\Local\Temp\MwYy.exe

MD5 dd7ffe84b28e78acd40738480d70d38d
SHA1 18d7f7e51867699df43c844bed06792343b644d2
SHA256 e52dfda3331ba26b1e2e8145f136054cf9ca7f8c2bcfa8520a6f0366a3e44e4a
SHA512 6cc362950ec1289b7db6ac7490e89fc29d8f6e60925644daa188828a1366e45ea13b789145f04936f68ec202c7fe9c55f4901f4b0a49f839cf12c24fac8f5a85

C:\Users\Admin\AppData\Local\Temp\uEQC.exe

MD5 8df8a072b067a80a0836508555e41d24
SHA1 2a80cc4460fd4ca23d4044f1204b2f7535532391
SHA256 f4c4cdaaf7785048f77cc53989256fccc462043d580df26d048443aad883f28a
SHA512 aa8402ab5573cc82babf3f6f4ddb6427b21c8e6b35e1a902241ef11322157b3445c4c792a5feb3f0bad8bfc95010431d2f3364ff624f1934e690ef044967b295

C:\Users\Admin\AppData\Local\Temp\ukwM.exe

MD5 90144aa5869e355e7f64f5b18fd7fb0f
SHA1 7db8e0a2aba9fdb3ee8f8648fd8b1356d5967e32
SHA256 930f5760f39dd54f2269a5d149a5920e0cd2aea9de834d74f34d2b49d2e2c2e5
SHA512 020c77804c86841328c498544d966f15f299cc6676c6a448526be669b998ee4c3d5db4b8704c3779413e0960aab5c28a662e1d1fa48a8517ffb3bc2b28091822

C:\Users\Admin\AppData\Local\Temp\McogoUQo.bat

MD5 f3b4dc26db538df68e000e83694ade39
SHA1 8da62b69b74f4a3093851a9855c1f0f2f3c822f9
SHA256 aee4a00179fd4052f6c131aa00b25dd34072e29f733a6f63852ef889c6cadfe4
SHA512 77bb293944ef70dd33db191b6385776456a7b9cb758d1dbb0b040ab171ec60de27d40f906535cbee920591d4ceb5d7d4c0990ee9e7466481283c91097e8e3779

C:\Users\Admin\AppData\Local\Temp\IYMI.exe

MD5 1dfcdd0899b7947cfa8668ed5847f008
SHA1 0bb5adb431fee4b7eab12b1110c4b4ce4f7415ac
SHA256 07f9508814af3979200112226b07aedcc8f28ca874aa0b459966fc588381d858
SHA512 1a186b555efc990657edf9fdca196a5f12b350191d069273c9307d28b937ae2d86edb1ec88f372e23826c7fc4fc1329dff35b1fa484bfb5777f7ca93a7618337

C:\Users\Admin\AppData\Local\Temp\iAIO.exe

MD5 f711268cd79d81100074d7c9c6839de4
SHA1 80b9b3df456595cc07242b3ea2701db9188da4c6
SHA256 1a70e414df66a307976fad71ed1a4a022aab2fb70e0221b8afd3b0b5f3f10aac
SHA512 e9b3fc21151e5f336133cc519278b3f63a81b1fc383ff0d877dbc586519527bb7c18297d7887fb09bc249616c2dc1e564d65d2c201ae6358de0b9a63243005c2

C:\Users\Admin\AppData\Local\Temp\qAcY.exe

MD5 d1cea3099ddae1d292cb30602d5f83ec
SHA1 6c01c45cfa159cb0d8578fe6f10ea62e5a114135
SHA256 ece500051e7bd288128badb06c989e2f5f9fc175105314c5aab56b2033147524
SHA512 fc57663626599b4321d958f64d4220d641ff2e4428c16f7a80bc3ac7de47898caf05cc68df73930248fe5c656fd19218f336b97deb2fdeb140ec5df2cac749f7

C:\Users\Admin\AppData\Local\Temp\qEcI.exe

MD5 bde0307a98dd7be6106ebfd8f6e59bbf
SHA1 9622598cf2e523e597574807070ee07dd1cfc716
SHA256 3c2b7ba524809f1fddfd8749e0dec3209e31dc1e9f9e8829a7190fed3d2c5613
SHA512 23b38a6c8d93da545e99301c68b0f85e14bb3bcabc6b1e07c0150d1fff9eb3c70416a8cddffe51eabd9feee05d164765e3c06d0294ce72adead9b3d6c82d61a1

C:\Users\Admin\AppData\Local\Temp\cUsYIMUA.bat

MD5 f7ef35071038f3bac3d75660354f8ff0
SHA1 176407bc606d7199e5be916326421896f54eaa44
SHA256 ebc3987b4c41c01865eb2e6ba80d38fbb6f3011e1cc13dc5150f2d8d1daa5dbb
SHA512 bc959f3573e192834518d720860c9e65c0212c0f5e2dbf2d41f1a648e332dab78e55a46cb02b9a42711ab6a5c3bdd8edf5ef02d09cc1486807d873d20a96a80b

C:\Users\Admin\AppData\Local\Temp\SQYC.exe

MD5 4352b0617b756e90b88893cffef0e46d
SHA1 6691bb25e777bd3f85b8ed4fb312cf2ffa04a6b9
SHA256 bc7447fd7965b1a06f594bc718359d9f5f60d5ba26e96d1229b93b5837295df1
SHA512 f43ca0caf275728c94fa6890f56fc59bee54af4bf4c2418fa2ebd37e3272daf96a097557c37070b2f685a390a29dd6eb67123a2d33675feea9552911af51fbe1

C:\Users\Admin\AppData\Local\Temp\YooE.exe

MD5 66bfa97c27ea6d6096561aa9594e4564
SHA1 41db4335ccf47e8067cc3c3a3ba92fa2f8404e93
SHA256 98f041d441f5b08b3b660d2270757e44c0223496e61912e8cbd039a928818131
SHA512 d3701c2efa7120f4fa800211eb3bd3038df7e6fc90cea48ac080d0f19624e49debcd436ed1965aedaa4f9d66c62e2d7babed59675feb705dca305a8076d0d5d4

C:\Users\Admin\AppData\Local\Temp\IsIs.ico

MD5 9752cb43ff0b699ee9946f7ec38a39fb
SHA1 af48ac2f23f319d86ad391f991bd6936f344f14f
SHA256 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636
SHA512 dc5cef3ae375361842c402766aaa2580e178f3faec936469d9fbe67d3533fc7fc03f85ace80c1a90ba15fda2b1b790d61b8e7bbf1319e840594589bf2ed75d92

C:\Users\Admin\AppData\Local\Temp\AwUe.exe

MD5 fb7dffa251999818609e86382afc97cf
SHA1 b2eae196347ac75e6d621f833a7e0c572540ca09
SHA256 a76793f66bb8a7ce0784326b83c08265f71b8587a1d12a9b8b601b95cfe7fdcd
SHA512 b097629d5bdb3eb2a0860ae52848a8df019b5a54bd2a67c5223e17f15882268202498fc1721d8568b124eb481e938a458f2e36f3eadfe3ee2f5212fc9d0f45a7

C:\Users\Admin\AppData\Local\Temp\EUQU.exe

MD5 c87972423e7c8589757aecc4bc719ce0
SHA1 ad040c46c15295897a17dffdb2bcbd8f212eed25
SHA256 5e8bb23d9e107ec11f8a3a4f4a5132ee73eea57ea2504458b6e589227cd15a6a
SHA512 2aa429569cee13e15e0b2bece178c4533edb3b00b70bae9378ad41d5e50a1190f4ea6e0f112f3336932d244966a43aced5a36976d78f15ea3f953017106305fe

C:\Users\Admin\AppData\Local\Temp\mYEk.ico

MD5 0e6408f4ba9fb33f0506d55e083428c7
SHA1 48f17bb29dcd3b6855bf37e946ffad862ee39053
SHA256 fee2d2cfa0013626366a5377cb0741f28e6ec7ac15ef5d1fc7e286b755907a67
SHA512 e4da25f709807b037a8d5fb1ae7d1d57dfaf221379545b29d2074210052ef912733c6c3597a2843d47a6bf0b5c6eb5619d3b15bc221f04ec761a284cc2551914

C:\Users\Admin\AppData\Local\Temp\ksQC.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Admin\Downloads\SkipUnprotect.mpg.exe

MD5 024b9b6e451a82c70506fcdd21a893a5
SHA1 abf72bbfb28ddc629241ced4cb2184e512f2df2a
SHA256 5b954d2610c8e2e89403651057e27f6ea8a7c9161191b4cff86e586ec2e603c7
SHA512 3302189824d3c754ae566336820c267873658b124c34bc069b7b71d7a341b57d05a5611b7e8b0ce7d8a3c7cd9b3a3294980dca404f1dd7f69771631e98765708

C:\Users\Admin\AppData\Local\Temp\SeMMoEIg.bat

MD5 7ad62aa14c9044429b96b0607deff6c5
SHA1 5c2f975ee1a03ed17521850a905deb9a42e5a51b
SHA256 8c3dd4c790a83861188c7e78e43a3b4776891a8c3a42e9dcfd7498e337aa800c
SHA512 f9ce6374d8f8c76531fa019811b2d32f2af4506efeb1260836ee079a94dcc4b812872a95f9bfe39394f8eec8d84a155d56f46087085f0612cfa990a045950ede

C:\Users\Admin\AppData\Local\Temp\WUga.exe

MD5 8497fa1d5d287906a7061b95a3dbae46
SHA1 5ac8fc8d957ad951a089423d4f075826452af8a8
SHA256 b2e285c2cb1c547ed6470d449fa5f626abffe3827a88deda83717aa7eba4c17a
SHA512 0f5086f0bea0313d6ccbb46bd56d69be223804399fc0a16bc708b4d7ad79f99a0e32d74bf4b2005d3df4f3b0e4decc0dc130fa297687801db12a26238cd253d6

C:\Users\Admin\AppData\Local\Temp\mUoy.ico

MD5 5647ff3b5b2783a651f5b591c0405149
SHA1 4af7969d82a8e97cf4e358fa791730892efe952b
SHA256 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db
SHA512 cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

C:\Users\Admin\AppData\Local\Temp\CMIM.exe

MD5 429edfe09ea6915247c54f7bc3eada45
SHA1 7e0153df292c5f78ac5aca29e8d920cf220c934a
SHA256 2363e32ea2880862e8af92128c9d0341e0116d0312d1a29e6b6edc87088855ab
SHA512 0bf8a57c5e6d608b0ac63cd01f75ffd8e143ac9754653e82da0373de15cfaaec3fb7c9d625a37dd36164e47cf75feb0f17fb9a25e9e9810127a43ebb28543470

C:\Users\Admin\AppData\Local\Temp\ScMI.exe

MD5 73555cd458e3981bfedf3dc71117648f
SHA1 d3695d283b6dfe74aa5df141ed026af483328ba3
SHA256 d87e639d57db97a18d58314cbafb65f725437e58a2cf3f45e1f13f230403ef14
SHA512 66a5f28c94aa60fff5e747a51ff7394b2290ecba51d1a7cba516d47a573c2105d0a1c97125c773e8dea705fdf07cf1b65725c7448e7145b3616f17f6bb926220

C:\Users\Admin\AppData\Local\Temp\sEoC.exe

MD5 a78a6bff1d68ba0209e441a831144ead
SHA1 81e556d2ec08ac708103ed94826a4c6d3c629f91
SHA256 b89baf0ff52a3c7d8ce03b584b435c2ed5f5f77487af22c9192f9fdf934f4047
SHA512 4951f042645716a1766afe18828c9724e29a9d6f4eff1b9e16712aa4b796296e9e91c13c5da11703e0cb1bdc054f37c713e0047996d0df8d8a662f5bd6549b64

C:\Users\Admin\AppData\Local\Temp\zUcAgkYg.bat

MD5 ed820dc74fd5425f94c7391b1ac916cd
SHA1 1342626ba17a1a3e50362e920cbeda061c196c6c
SHA256 0dab21a13b21972c88d06fd740f8654754165a93cad915b72f845ea8e45b60bd
SHA512 65e8179a10d5d1e5dff2a4a907851bb7a67138a696594d141e8f03e6cd31fb3ce281695f44184b7c074fef174e4ef99e26555353d666effe5f31bbacc960f663

C:\Users\Admin\AppData\Local\Temp\WEMS.exe

MD5 02fb6a60c5519820d702dcdddcd45ad9
SHA1 9674eb253728bedfda39c124a4e877f140ace230
SHA256 5c933c0d25de514120df7aa032726fd095e5e80de8a4c119dc0ebab15431383f
SHA512 f2d4209de4fd0066dc11ff7c640b52a0dc4515d9da98e0df80a7abc7823abc8cd490a36bfda428909a2d3a3a7c4deaaa577bfe0e9ad6c53bd246de8a6a1e2614

C:\Users\Admin\AppData\Local\Temp\WAke.exe

MD5 693e0d4e1a263669089dcb41db0ec340
SHA1 9f3cdfc33fd5fada134c56032c3d40cd333a3c2f
SHA256 9ccb912ff7838a826b625cf68bcf058bdce98ad57449dd2b643b9fb3e3c761ed
SHA512 bbb80a34a9518d00380ea8afda7ba7b969c2d498f310d37dddb11b44c913c046e109aeb166589f3bfd4ac6df8809408b30119d931c6d96578d819f562911b52d

C:\Users\Admin\AppData\Local\Temp\qIIw.exe

MD5 cb22b00c8d137ac11b9d2aa9ec34e5c0
SHA1 ceb0647de480f617a521ae8977d6e482fdfad884
SHA256 d86ec837f554e27bce3417a3c20dc779c66d65c88ff2c0b2a29083144287ee3f
SHA512 c6522499630bb0b0a67e26cd9317f03ddb3f6ac3865694e7fb65259a627f05d12ca97c124d7f24f9232930fa2fcae77abf83153f50f3eaa026c63b4abb14c728

C:\Users\Admin\AppData\Local\Temp\rsAQMUUU.bat

MD5 b2a7d42025333440d0435a8d701a8074
SHA1 e4ff8d692706754e96cc6c1811de844bdb60fe23
SHA256 037231c8913b534575da94fd4ccaa26f5e2dba44c3d037c0ac1ed13552fd4384
SHA512 5f1696e894c12c0f219c008c40bce79a81029c6d5d4c0be1a4a5fad96b9ff7c021f9c8228daec80109d6af042026f81e2c6f848f3b6ecc89fa4905c0751c5f00

C:\Users\Admin\AppData\Local\Temp\IEIK.exe

MD5 c7e548f64791415a746318853af98928
SHA1 d541a6b22d6d32ed7d6ca44514a6a0fa6a007600
SHA256 8040b7b18d7757c6c68556480186bad8b4584427a22a33077f77cc7ce9bf39d4
SHA512 be00eb701ad5ff983671d72eee6a2d45fc6ccb307ee895a9131d3363ccaa58949102c19aaf8cee4b6033870f687accd436921e55bce24dc3ccb1ba145206167f

C:\Users\Admin\AppData\Local\Temp\eswy.exe

MD5 58a25ba7358f18c53035ba58f3b9d234
SHA1 342e608396612c6f7d80b7041c54474520181002
SHA256 30c2015f0189441bf692650b8153d1536ff0c3b31842c67ec19d59a4898b5e9e
SHA512 55bdb6d68bf5955ade68ca59761e10a3087ef6efbfaa79445190d21161bdcd5b02d3e7b5bb945647f48ac26519cc17f76feef9ecf16ad10606afd3ea73fb2b7a

C:\Users\Admin\AppData\Local\Temp\DqUgcsoI.bat

MD5 b273c9322181e56ecd73aa3c489a5980
SHA1 5ba63cd0e02370f6c57bef616885b84137bec079
SHA256 2ccbc9bc50d356f67a6cc89effe915399272022d02adc230945a3d855f7f7c42
SHA512 3e8eb6bf2cfe124158ba8b845e0deadcfa9408291a353e6f2d58b8ae3c780492acca13e44ceddd0cd99410cea82adb3035b3884b1b4453df5d73e5b6acf7b3ef

C:\Users\Admin\AppData\Local\Temp\osUg.exe

MD5 64afaee796550e7f4d17b6716f29ac42
SHA1 9971e0e7304c9406df98f2c6e78775a1e7345eae
SHA256 da6086c10e1f8aa2a390cf0b75294aa8538f19c6b955e03719240fffb4d0b5b3
SHA512 9f2a4303bbf60688bc798e3f791653d73a9fb259b3f3639cc73ebee7091e0b371ecdae04052e20a38cb97c1c798bdf0bf06272c9a05d4290954288c12bde4ff2

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe

MD5 022c118bd1921ef892e9663113e5cae7
SHA1 5de41aa5b006e7511fda833340f5dbc420610bc5
SHA256 de91fb4bcc189747267ac04d7f15f1dcf3b97dc9312a39ebe2246ce7336cbbca
SHA512 5509783829326c90f42ae8b28127814f29dc2c3b5b629fa3f4eea1531d124e713a33a17baf6ca71728dd5626b9fbb24b457fe06f78b3a58233dd145c7d452cd5

C:\Users\Admin\AppData\Local\Temp\Igsu.exe

MD5 5c9ac9ab135b3e83c7846ec789c46434
SHA1 75231f7f029bb81ace086f0c843932ab143240bb
SHA256 7d43795af512c9204eaab910c6b632507842b56212a35e2917dbd80cfeb954b7
SHA512 5a6649c1850b9cc38001dfe1022f3e1f04b63b61dc0c696bad18aa2844777ed4b78a40b6650c6d0590ff99d609f5d616526c507b0463ca29bf8581b540495975

C:\Users\Admin\AppData\Local\Temp\vakgwsco.bat

MD5 ebd4d38531ca3473d3715f8a0c660d07
SHA1 625b882ee2e38c8a6610bb887bbf80c7ac14fae4
SHA256 9b98fdaf643bc0028526abc9286760d21badf69487504665356bdc59b9a21782
SHA512 71545b7bb32d0031f87dd2629e3545789401aa55ca2f7f4e06a6ef9f4cbded54270a7a22f26dec132950af2b1112be2e33aeabb8f0ad28508cc2486c4b8cfc66

C:\Users\Admin\AppData\Local\Temp\oIYo.exe

MD5 dc531f1616c1520c442ab10568f75e33
SHA1 aefca409bb98f460f757353510f862b559c6ed29
SHA256 8b454fcdff2fa88f2b6cb05f08cbff471c049f98fb173c237dca853bf8166b2c
SHA512 dc07de1dc78ef9d39599bbef21cd3a19c24e759cef2634257ec29a3c9292a8f62587d626106a6bb7facf105b02dadc4da2d168f2b215aeadbaa1879e8a775813

C:\Users\Admin\AppData\Local\Temp\uoQA.exe

MD5 0efc549c2d907bf6ea9b203413e4f543
SHA1 25360ab199005c0f54b63458aa0a950d96e841e0
SHA256 63354f5099a95b154aa79f0d4d8e146bb42e377bde227bb1ad4e5ea6735b0108
SHA512 f47c594e96d9acc499b098d565780baf6573fb65488d31321dee9ec41294c4237d8f49d654ab2fdcc9c001d31a06e22cfedb3cf4ef12273471b017a3915f2bec

C:\Users\Admin\AppData\Local\Temp\Iggc.exe

MD5 18acf0440c9972b87eac7a0fb4ef8813
SHA1 138c40a8502352bb3a3458561fd76ebe0ceb9362
SHA256 7544ecd6f3c830f0a67a626217bf27e868fe45c44efcfd05e522db8367fd5cd7
SHA512 bcc764c804d5623be944b97b60a93ef90461087b2034e5e1ef65e4adb839f510a3e43e4e890b4a7400fcff31060b850be1c346b9f46cdab78842fb9fb6e07600

C:\Users\Admin\AppData\Local\Temp\mUYC.exe

MD5 d26b207ad363b9e370bd58810b8d4a99
SHA1 9f7d88552cc5ef2371a67c1f37bf8fd9576aa7f7
SHA256 ab5284f906b6dc261d0fd33669e5391b1e0c78f2f76415e253c3a00356eed8ee
SHA512 74be07c328ba8d8318f7e05fd03287fe55a56286d6252263086ebfa3bacad31773b048485c1ada7e274456298525b8e3deccc7caecbb1759e345de67a06e1afa

C:\Users\Admin\AppData\Local\Temp\gagEogcI.bat

MD5 cf3cf1aba5607d76e83566287f7a9eff
SHA1 ae74a0375fdcc88b6d46c852a45cbf24f50a9875
SHA256 a6ad92c01b6b04d3784fa1fc7342fdcaf7958a55c4bfa9677348191277a354ba
SHA512 b18de37e5aca648fed66b0360f7e6abc9a80e9afb770dcd77cb1a0db596415c222162b0c7f9a7687950efa901a27c2bf328149fd4d5703742d8ae89d449f87e0

C:\Users\Admin\AppData\Local\Temp\Sgcu.exe

MD5 a584f44ac47d2da53bd766b3c0775e2a
SHA1 1b78279d660b4f8b25273650563a35defde7830c
SHA256 1f1d05afa8efe72bcbaef894ab213691d4124d3ef387bd6580331c05a093ee7e
SHA512 186534533fe71ada5a3a89f14f8f0278895b27755c0aa233542c127b138bee3687b085b1e2a37a7a2e30b5f0e43f6bf1dbd8225e9e5a54c5c1ab876b0b9d7743

C:\Users\Admin\AppData\Local\Temp\EssE.exe

MD5 a3b5092b9431b92901e3fed343d9ce33
SHA1 82cb21b105964ab715d50552abb3c96a01524000
SHA256 23ab046a4782f38d1fe0723ac053807acb68aa78f175670996d629be83143ff4
SHA512 7bf84f46b89cea7029355073f29de9eaa68ea924c4b325ef98bdde4aab6136cac4bbda2391cdd498878d3d8cf5bf74a93139157903b1f018faf2a6c1a98d3b04

C:\Users\Admin\AppData\Local\Temp\UsgQAEQI.bat

MD5 a5dce3800e1701534a48320efabfe496
SHA1 e5fa10dc62dcd18229f079a702592f6d5a319416
SHA256 465c3a3b30d07d57a875f3fad88b4fd1965b0e5d50e8c571a3de668004260fec
SHA512 67abe5fba59e7c2a151a528cffb568e3727c13cce3f21b7c1444708ebeff31efd48a6433cbc2297404c160ef946548d03b29adc3ea511b51c44c9ab38611b16b

C:\Users\Admin\AppData\Local\Temp\esAi.exe

MD5 fb0b00d020e38ff9e59fad68ba60f436
SHA1 921fc7e9fdb32b03fad5fbf7a951a26e43fe0bea
SHA256 49f07bf17f3a0b9129bc2f2738cb98dbc1bdc2a2226f1e51d1bc40a906496412
SHA512 886d10acbabbc82bf0f0df7760873708980cc9cb8259ca01e5830e7ae407bbd4cc18a669dd5df8acac3e7bd64f784ea50531e496361f1f008e527df12cf62299

C:\Users\Admin\AppData\Local\Temp\kIQU.exe

MD5 9db008faab7dad985e6d152934859df0
SHA1 5ce1ad47eae89b00b1677d98ba31f7d0bc5b1091
SHA256 eae68229b00684426819dd707a761d17d552934b230d06df2e7d13a9eda5ab97
SHA512 f857b9f4d4e5589263419efe8b8060c900bbcf7f428c4cc2ef22636c996c0cb9cb8fbfd49646d118fa567d4739f47e630fc8b1ced7aa2ac288bdc80f57ca33fa

C:\Users\Admin\AppData\Local\Temp\SAUG.exe

MD5 3b7080b9a3e422167cb3f1a1f553c501
SHA1 bfbb0a7cb3c09f1ffcb715c8f8a5862e2f3a2ee1
SHA256 1f3f88641fb7bea4ea76bbd55d65227b9d8240a3b90723f14cfb425835ac59a2
SHA512 40457d9a3261cde560fff6a96d4d98215047308cb90ee38bf7e5dc49103aa8965b47fc07f4330c1b01ac28ba56dc47d6113777371052dde03b1aa0976351328b

C:\Users\Admin\AppData\Local\Temp\qwwm.exe

MD5 e45ac80638e4a940b82447321c4cd5b4
SHA1 db1f42308d2ac057acaa97af5038af95397e4132
SHA256 b30b1827cdaf870fe9bd55e4b5083695fbdfce7083c22cb69c12a38a2c9a5803
SHA512 4146d7fbf774daf4b553e6d4ade8f7da5164c1283067ceebc6950187668516150077ffa8c37c9ee2349bb011d0cee1e4aae5c772f695f119d56f1ebea68524f6

C:\Users\Admin\AppData\Local\Temp\qyEYkYcQ.bat

MD5 fc391874d2c3fa38f48f91004c614647
SHA1 a3c875a045793c820e7543a5e5e29407d97ab74e
SHA256 070468ca64eec06640e6030aa5649d7aaeb8a81916dbb424650bb294c685d99e
SHA512 88e9ca73a541cf321c5ebdcac6a5d426bcda335db6c210571db2a67fb4571f2b95b6a12bc40d37c0508a349f3eb8fab33b86f7c75c1f1ea95e9170c61c9a3e7e

C:\Users\Admin\AppData\Local\Temp\gsoU.exe

MD5 26f36bc02b18d7a6fbebcbe18e06ab0b
SHA1 1ddbc72860349f00b39b1eccd91e7dcb093a1b20
SHA256 fbe653acb39084cbd93f154516ce34ba04170791943dbb74349fec44708782fe
SHA512 bf0108c47b873d86a6b389ae2724b78d905eae7ebabfe589352b60de0daedfa4ae16659b79cd77429bc751940a5107b04de3213560ac25dc95cc87fc5a11763c

C:\Users\Admin\AppData\Local\Temp\mgQS.exe

MD5 5aa0879e5c3bf52166b87b89dec223ee
SHA1 8b8dfe09676ca71cef4651df22ed3d09394ad84d
SHA256 ec51e199cfc813ad2e97fafa89898803979f4518416258a44fff7fe773b6985f
SHA512 58c18079841f5158c870fd342cea9cef19cb4123ce3c4f966044652d688e8f045f2ef04126994f64e17ea6bd549a417c01a926c849033045c8a2d68c5dc15748

C:\Users\Admin\AppData\Local\Temp\wcgU.exe

MD5 9069b4b4c3ca156f9e02d58bb68da0c6
SHA1 b47a1394643e024176cc818c6751d97496d3719b
SHA256 ac1a65f1fa7186428f52cc2b05d67904957d293b549dafd9aba46d8af4b05494
SHA512 518cf4fa7f7d7680374f3c7f12fb3f4af8a8448148d1f3dfb3a955182c7d967896f4d6eb5e9815af8b7bef38ab710f1af74944dedd9abcd0532bea9de684eea9

C:\Users\Admin\AppData\Local\Temp\gMwc.exe

MD5 53aaba59b33a754814fde8508d2c1be3
SHA1 2cf00f58b5c3a31ee3391bf3141ba8eec867c63c
SHA256 05dfc92aa394e90d3a01826bb36610cea1c6c96f075468432cbfee259e93c527
SHA512 3d6efa6ceed6def2d047e497e561283dd9918f0e7cb4b052a0c3c451e9ccabfa48734309f82f05c6d1fd3576843182ae5c11495b25191e95de413efa895f616d

C:\Users\Admin\AppData\Local\Temp\SUsMEAYw.bat

MD5 e8765bcc2e983f33aff8df87ce10518b
SHA1 c099cec3c1451e3ff4bc5ae0cb0aa06a11ba85b0
SHA256 89c4193299fa0b03a36680bd4ca66df854526f0074bc2160f66d33e0d24e33b5
SHA512 dd82e2827c3661b89bc5b5bc603189e3a72db9b5f10fc3ed79c6c575b280f4fb8b085e9414d3281fc91bff5efb5e43d4142ffcd4c555ef80b89578be29258cd9

C:\Users\Admin\AppData\Local\Temp\ksEy.exe

MD5 efde5e5ba9d1692accd1c7b0499f97b4
SHA1 7970caae8defe29902f3dfd9108c0ff0b243751d
SHA256 47c176ecfbfbc9d6cc5f3c51af2dc2ff5bf08845220b1e74b2929f42d65836b4
SHA512 050f7551473384299da260fa69f7752fa8c6340ed0fbe5cd1143e708b8556b1cf5f91052f8dff01fb130288560f252cbd90e91c5b8324a57e0d371c29357f8c1

C:\Users\Admin\AppData\Local\Temp\OIES.exe

MD5 38e7003f37c2c0bd1356027d7d903eea
SHA1 a8e9368d2fa4d16b4bbbad2edf0b55f429c07913
SHA256 de3da16c2c413f10e61d467844c19be2d084e9e85a37130c96cca053dd6ec005
SHA512 0b5994d793bf500acac6f1379c6ea2c666485ddabf8251f8a870de9e94dc8ae8a565e67a98b35d5b4b5e4f3b151c53057f89e721565dd3a49dd21c47a422813e

C:\Users\Admin\AppData\Local\Temp\YMoa.exe

MD5 a4882b7d60594d23807760e776c7f72b
SHA1 1470e03054ba516a12efd471af528999c67fa050
SHA256 bb85b8b5d52d5349a7d3e903befff033f955da721faa883611562f3a16233a2c
SHA512 6988a3cc38b125eb45d0a911b5feb4095a4ad4ac0be7ce3a955299016fa496588fb605fb6dc679e12df54e07b096f8bfffcf8cacb397490efb0f3b5ccabcc768

C:\Users\Admin\AppData\Local\Temp\AEUu.exe

MD5 2d796280e9cf0c52da9b70a5373378e2
SHA1 39ba250c44a8ddcf671f3c4103815e4e44719a26
SHA256 00d0c016fb66f976bcbfd7b1dfb04034db507dc66234a5a526b44e1ca84db1fd
SHA512 c77d7ae44acb171804774d43209e10a4a41e285804030f5efb392a956fd8b0f465f17b70a57325ed0c7be6b3a091123930f7e85811b5a1e7eed61d61f1c45700

C:\Users\Admin\AppData\Local\Temp\fuQYUUUA.bat

MD5 9d032e28833d141ad84ecc94a608821d
SHA1 eafaa19d3e99a9c9ca1c30ae8fe76435afbad3be
SHA256 32218347ef72b63e61279a1e94bb2e9f3a4d5a6334c3444ef2cd49f1c9fe3df2
SHA512 890c3b61c012291ff00f273ee7460cb38f58d6c6179350ab90fd4475d4cf15c329af93bc1188a787c1d0ba7395c47fa12ce448794bf805e009d79ae4c2242cfe

C:\Users\Admin\AppData\Local\Temp\OwAU.exe

MD5 4e80a883aa42284fd4463693acf2aacd
SHA1 753fdb9411e71789aaf8ed6f29c8de20ac265b72
SHA256 f42c3b7ffa6cf8785567b337b0835af82a4202ec76113432f8e2b0fdd3aa46d4
SHA512 9366141e52114d1b7a697e8c9e1e215f792803b71229d92f91ad81f88ec2134b02a9b95fd665f12645e933bfeb38a4f390a0b7e6d11de90d972bf716a70668f6

C:\Users\Admin\AppData\Local\Temp\SooY.exe

MD5 19f4dfc9be2677ac30747da62d4eb2a4
SHA1 2c056e194606080e04c44336db02085da7d81de0
SHA256 e141d99afffe53b1dcc1d54aa17db543e32230179b2f98168ce52506ba9d2a87
SHA512 0e2653af24cd5839ff80e4754dcf9cdf964d70e0c723bc54312a871f65f14c088958fd6d929edfeb096d339af1042ceb55836e722658e62041f0117d1e7f4a21

C:\Users\Admin\AppData\Local\Temp\iIAo.exe

MD5 ced513e3126de9311af88d749dfcdfdf
SHA1 11bf9612d5e1919cac3ac35bbac257e8d59ee50d
SHA256 b0f4098fe651378ef395f3183f18a1c299e2d06dfcb016daa4d14c7287d5af50
SHA512 bb3946aefacf443a08699ccfce554744328f1aaf63c2643cfaa4dda6b25f8f3a7f6461c6826e99a12c64bca6ca27a9b8c8106a5d5bbc9c3f7f0f4981e6200ec7

C:\Users\Admin\AppData\Local\Temp\OssM.exe

MD5 d4ec670f593909287e404063f1258b39
SHA1 19eef73db3864c892206cc5dbfd852bd985553a1
SHA256 c30a428de259ab564ae24a679ef567ba2add616394c3f04e4d3e16693bef7f15
SHA512 98a43354f8644460a7227f206b9cea2fc3c38b9556b71fe60c6bd762c8001ea97ee1637b882e725cd9a61e792fc6b4beb4eca83a62caeec303a0e9cc9897cb35

C:\Users\Admin\AppData\Local\Temp\VucIUsQA.bat

MD5 d48de8ee351941bf7ceb5eac270681ba
SHA1 7e2152940b9908b380f8ca08451b307ce2fb19ba
SHA256 39da7b1b850daa32bc605f0b68b1cc46c248ae0f3bc92461ba618c541c375500
SHA512 381da0eb39da3cd0148b39cfaa18e0aba72893a9f46d6faa42210f646811fabd951ba2423595b14ea67e71978fcd351bf10890da3f8c28825e712cb88941ae7c

C:\Users\Admin\AppData\Local\Temp\YMcG.exe

MD5 ff9013dfb4540c266754f56760de0758
SHA1 942ab218ff2fc8476c121762d52a292bb29ab424
SHA256 e022c0aa1459bda8fdc9b62892242913f5835da8cf6adfd1fb63defbe703ffcf
SHA512 44f53c91fe8ca11096ccb608b105038c38e229a6920ce445918ad2ffbd79e74307931c0b8aa46978df2ebe8a7a72171f0c8643f2b78ed7dde3f22cad33d69a7c

C:\Users\Admin\AppData\Local\Temp\esES.exe

MD5 627dcfebaf2d91094a4c24d4c46bf57b
SHA1 6411d6791cd20c8eceba1b9f808ac213c8ef2653
SHA256 ef39a14afd7ae624d10b40b655c76b19a547cb52033dcc096fcb4f6bca354008
SHA512 29a37787a3078976da4df3e1cc8a1d73dde2a929a7cb5e919df735411cc3fac8ffacf4dd624352ff4b40fbd73d5bfc052da89a022955804c17e468da34b21a39

C:\Users\Admin\AppData\Local\Temp\AsIc.exe

MD5 59ea65fa9229ce37d2430955a0787f69
SHA1 26a104bf57f35599b50879041fed2b732ca9fd68
SHA256 5233893b3cec8eb08463eddc5a530046622ec656ddb6b861434b94d6887ada45
SHA512 109256c75d0f82095beaf2150468df67749b1d1ab7425ef681cdf1f7cff9682b5004d0f8329fb04176b270c58db4c648696a505139cb37e58d64b1b2091422c5

C:\Users\Admin\AppData\Local\Temp\ywIg.exe

MD5 5f655ee6581abc008f988ae606f4178f
SHA1 3d73194996a723fac57fe6f373ee713746211a20
SHA256 2c6a9fe0cec25371df26ea623d5e3948e266ebca12b4075f68ce2f00affeaa7c
SHA512 ba55cb47e6a92217be432a8fe944a0a2f8bfff579a7deb57c698600923f39f86038f2c0d52750d96c505519ddf3f08200a99954d437dda39b3b64a957078216a

C:\Users\Admin\AppData\Local\Temp\nWUocAss.bat

MD5 272e6fb0a4586bbf721faf0837bd7472
SHA1 8bb4e997493732d557da1546730b69d788dc7fda
SHA256 0d91b357c93240244369cd69026ecd9eb5fdf6b4d3e88eff80d3cb2fc28b24b6
SHA512 b55d30f320383dc246e5e50d9f402bff03dfb39eac6ae740d7107299dd14c25daef10f4ae3507e89f47068057fdc5de42518c9450f2b85ff75696cbc75be6bf1

C:\Users\Admin\AppData\Local\Temp\UwIS.exe

MD5 b7bb21784794f0cdc1f50efa99b27db2
SHA1 45a8b4f83669f64afbe662cdec40953c29ab301c
SHA256 57df8c2691ec85a3274cead48df2e268004497f1fbe301328c4182c245bade2d
SHA512 0e8afcfc6c1590f9172c118ac393455c6ea4556e4f5da0efa0362059ec647aa39c12552bad911768369189b3412d5ad47bc6401166869dc27ded58474c5b4e62

C:\Users\Admin\AppData\Local\Temp\CMge.exe

MD5 bf68ca0059566ebe6b41ac1f7647e24c
SHA1 f570207855edf0f6e9108a8c96f5daf90539b184
SHA256 d121ee243c639c3ef01a4f18c8396001efb940c57e6d69575d858cbba02e8b95
SHA512 4082972a1c17cf81176166bbf1a1ece4be19d23992f8f724d5f072444ba5b22772c0c9a34c496c40b4ca3c5c498af0bae862cf221d5cb18ca1209fcaca196918

C:\Users\Admin\AppData\Local\Temp\sYYi.exe

MD5 7b762d3edba0e6a541b0b075b2da15e1
SHA1 ac40cfc000a7fdc48a3704569f9db34d4ef8a05e
SHA256 76a0265e7fb7b948ec247a2c031238c1248119be26c0ca8620e5946618a1a4e2
SHA512 2c737438123624768abdf89f6a12afb2c3e205178e7652548b55d497e29615578a2d98805c98a3621afca75d1831b61769b691a578cf050a257438ebabfed40d

C:\Users\Admin\AppData\Local\Temp\NeYwUcEI.bat

MD5 4b34ce2413e524b28ab16574091ee442
SHA1 40c0bf52397e09ef4815dce1fd05196b103395d9
SHA256 493606c4f5b2f83b9cf7632b86c0745b4227efdf7d809a3fc15d93a5af0ab759
SHA512 bcd371733e9e5a6b0daf09cacd629b0927b324baa733eeb5b5429ce3faa0631ab6df8b9e5cd8d7a82b3896fd7397ca1aa58e4501b554bf35b0b82e370d2421bb

C:\Users\Admin\AppData\Local\Temp\WwQU.exe

MD5 86dfa6608510eb709e9fa6499f878b3b
SHA1 fc4da94f3187d58e7fdc6ab179c1d687ecefa3cf
SHA256 cf35086c25830331f7f920cd1f1b9b9bcf454a1a4ade2dcfae8f46eea86965be
SHA512 841ab0c1c4642f042b2b76870c64917c719cd30bffea692c8828ef2db09bac24c87e314af892ae7601c221059980552bf27b54d9daf831fae144ad7632c57cba

C:\Users\Admin\AppData\Local\Temp\GwoS.exe

MD5 992d300e2951fa2affc6e9053ccbe1c0
SHA1 43fe04f671bf627a9a3456264465a358c2115b44
SHA256 85fd9bffe4e36e69f4074ac9e7842ab351d918ffe3d86096c82f10ee0c888159
SHA512 47a1753d3df179f7a85eb6a0ff51ddda76f17b618f7e9b3c0e3762e4a66d0d093dda2818424d6fcf3cf52cd7768781e4845efee6cbacbef35aa5dbb2b65251d4

C:\Users\Admin\AppData\Local\Temp\AYUu.exe

MD5 edfe2800440b44b4a16df8f092e6d1b3
SHA1 a667ebee7f2f1484dd4750af70f9e7b8952d7c81
SHA256 958dd30c86f8aca11794867c627a2732f2b052d049bc195d1d03122871d61807
SHA512 6f182ec3ce0f9cc9184424524fcc96dc0562c582ca54be203aa0e9af5f466aaefecf30918febdc79a36795df3edc1da77a66eb2f0862b4cedc2ddc5c4c9efc91

C:\Users\Admin\AppData\Local\Temp\eUgAAQcM.bat

MD5 f41427a25de61d5a61f67ecf6e6f877c
SHA1 acef836c5439ad710daa5c0d67a0583f1b189163
SHA256 8a059a25d7b03e666bd6507ae2a8a2d3cfc634b0176b1259398f39ac0be28c96
SHA512 90315f1ce3bef8465b6d9e3168f18c3c8f95ed5bca9fc58d14ad5ff11884069752ee8355cf08661e77bc44e9181b0c2855b4b5a3fa4b3660e07ae249ecaa9b67

C:\Users\Admin\AppData\Local\Temp\AwAS.exe

MD5 2ddf3478b655b7ab9c3061859eb3da04
SHA1 f1af4318216983cdb98ae77b2319c8aa1cb74962
SHA256 e4332cc2d8e6310c7fd4431c2e1399e61fc7982834ca74ebf797e46ce4694e78
SHA512 510e0560422483a8f9842e273e56e2b966c683a9eea3771a8710572c3ce0b346666019d797bce85a92c84fb43bf4ee007547c4b193800ee66155a499a41e91e2

C:\Users\Admin\AppData\Local\Temp\cmcQMMgw.bat

MD5 26cc3a23dca19db141236407a3c6ceac
SHA1 4647fec3a96b5f00a09f160bb16cdbe0b4998cfb
SHA256 51582a6f01fe3c5240422681a264398ccd857b54cb99eebb2971cb07b96afbfd
SHA512 198a171cb46d5aca3c1a0a0706b3d157a05fc0bc092393d5c23aa794315e5f3785939f1b6fc85355d6c71af05c4a8bdbb6bb32abac659f58e1fc705390b25892

C:\Users\Admin\AppData\Local\Temp\acosooUM.bat

MD5 cbdb2632628e9ed7d677a713d9817b0d
SHA1 328f0742cf74e8ffdb253376b1803615055e215b
SHA256 15e96cbef5080e0adb10436249d795178bc012f444ef39acf8866d33c82608d7
SHA512 69deeae0c536fcdd914ce82f7454de27ea07efd1cd3f15192694f92e18325f0953909110b8aa511d858a17c2e45e9300e869e4f4f3f3febe6bc0676600be7606

C:\Users\Admin\AppData\Local\Temp\cwoc.exe

MD5 442a262ad2affae2009250dcf3dbf63a
SHA1 b78005ae23e51262616ad3bca0b6a0f289fa5599
SHA256 f538b27fc7a9b9bdf33f635a4ab9995ac15bbc256e80741ae90ddedf84869682
SHA512 1f202498ccba262c660d899d955915eb5284af558b13c5463da4c78410badeee9973a8e238fcfe716d3c45f1405afa87a8cffcdf5f158ee371fac0cf4c1395ce

C:\Users\Admin\AppData\Local\Temp\YMIo.exe

MD5 7ab913bbf5cbdd81dc885edc6f099cfb
SHA1 f935b747eef16c14dc2c01a962058e1fd9f3c4c3
SHA256 ba3740d0f6d51d171480c6c2bc0295c7556ce4a55bab731d3e318bae430520b6
SHA512 1dc86728ed44a2e3925dc16fcd490b55edba733e06ab19ae583f50c5a7738ad826ae70d2e0f968dc23bb64dbb62fd6970a708da54e29d885d98149d82dc113db

C:\Users\Admin\AppData\Local\Temp\Eskk.exe

MD5 6f0f343fdcfa6002f14734022a1b7d6b
SHA1 8418804dc6101c4345e05348cd442483a97eb42d
SHA256 addba0b56b3dc4820eb53dcdab15d80acc5a18b95a597792a0df2f858a1865ff
SHA512 a4def6976c6e34b012a98be030de53d61c9dc31d28922dc6eaf01b03528e572096de0b6528aceaff767a86c33d67a6f01802e52eefbecc63dea010152e368632

C:\Users\Admin\AppData\Local\Temp\ocoq.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\CwwK.exe

MD5 3b77e445448a947c2d0f0c1826d6941e
SHA1 ebc9a0826324d9e1d497506d37579c3b89865a8c
SHA256 a11ece9c5ab53934dcf60613b2b00902ca8d68ca39031320bc93a2f74dbfd553
SHA512 f3e275de351b7300d09f2e598078080c2a980fa69c5ff53627328604e34a19f7588200ae185a9e85c3c352a1103f40cf23a2f53b60eb2d556c878558209fd8ac

C:\Users\Admin\AppData\Local\Temp\IIEA.exe

MD5 acaff308d306f7896e1a4d307312489a
SHA1 874616d80acd1c4c6395c1d34d2e4ed0be4e6b45
SHA256 1a108cbc5dffb91eb28ccfeb22271c9f4576998fbccd243ccf50a4a999959aa3
SHA512 6378bbeeeea85b9b0acac690a4008507a0fd0a1a2bc8cc1c870cac5666ebaf285781906aa6a82a605740134b661f18644a28d3c3503544718a36998e7b3b663b

C:\Users\Admin\AppData\Local\Temp\agggUwsk.bat

MD5 db63be45433b6a9e931565099f554e4e
SHA1 d9ef627ac1974d587ef8a2cbbe010d9e30a47ba7
SHA256 71adb24a41d58bffe033b281f957f2de9e8d2bdbd24306b08a27a8c6d9ecad45
SHA512 ba151d6d7b6aacb6dac1fb013a659ad52eda265ea8851c7a15eb8aed92934c9bb1a8dee485f4b7c9b8f08800e73980d0eaa0adf727a3d419887a20455234c4e0

C:\Users\Admin\AppData\Local\Temp\IocM.exe

MD5 9c5faae2446daf1e36d1195abc9322b3
SHA1 ea7c64cdab64d6674e19542eb20f21d002475036
SHA256 64a82b6b74f659af65bbdfad701536fbe676dc64a3d33c6e5d0c2c3781912f3c
SHA512 724a7a466bae09cb4706d0d4845f2d3fef0d6e706575d55bf494a418b390e8b9600939c8d1155fb9dbd6a41194774d195ae88c8028ec09355a43601cd1a85a37

C:\Users\Admin\AppData\Local\Temp\mQki.exe

MD5 ccba96a9cf23e5b399b3a9cfecbd59d4
SHA1 04bb3bebd398db1cb0c3c4b6ba77940d6c8a40d3
SHA256 935e267fbc7238364fc140a138aa419e9ed5b3a8a0ea622d6facd1641c219753
SHA512 dd67890aff1ea0a9100b4f36648ebba1371ebfb9a23990fd6a1d82d69fabc9677548ba986853482c56d737b61f4322ae11f697b533a434f70720e52af3a9ba35

C:\Users\Admin\AppData\Local\Temp\xQQQwIkA.bat

MD5 4a41966d69ebf0f307ebb485bc67e761
SHA1 9c60c6cf7dcbed289e992607c793882c062137b5
SHA256 eaaea8779cf58f45c2b14262ce878f2c097a81128c0b3ad88d7087daeb951171
SHA512 bb0e04258b68f4d8c594e7d185245a09246f4ae524d022139c19fcba9b2d9f4dca501b3edc2a64d3f3b4cfad2e62b7290c7ea1c5a8d433e27fc1953bbb927fc2

C:\Users\Admin\AppData\Local\Temp\tCggYMAU.bat

MD5 517bad96668b3755e5d147189a44427b
SHA1 c02737ea3660a3a86c0b87ee6ef44c6491e51ba7
SHA256 a5de642b8a6fe7e9d1dfa5119739b613dc2394f4a04a962e4f02293f5295a9d1
SHA512 fc17d2083d48e8ea82459c19037ea365b04b2b3b82bd8a6de5f63d8823714ac895d984b6d2fd4dbf9d06f3a16b296fe051d492b52f35e48d3b8dc8a4cba50d6d

C:\Users\Admin\AppData\Local\Temp\OAES.exe

MD5 1c6cd3cf0fb9ace319b6ecd4260b6dab
SHA1 eb40f7645b0affa81afde69d148d017d78129d33
SHA256 fedbd830d815d48a182bbf7850a30347f4ea93f06fbb5b4127a505ef354a6862
SHA512 ab192e32b318b0cebc4037f9cfb2b8a3267ae351721d7a46e10ed37bddfa0fa09c69a867ec83eaf9a043b006b013f86bb096a6c43587669f2a3e904030546c9c

C:\Users\Admin\AppData\Local\Temp\jkMQwIMs.bat

MD5 5ecb208a15ff4decbf418d4b217c3fee
SHA1 086c59f41a2ad67a8ea1f8d98a170568123d4e27
SHA256 227a2bf9b4f9061127a0de5799d73428d36ef461e24f4f5e369afe86ee3c6a25
SHA512 1bd5698419d8674711b27e0367eb828c4a6f2c263a9b068517f4e74e523ddb68b12e4b97ccdab9f5bfda96209700c23620129938479af62ff311f27a82c0069b

C:\Users\Admin\AppData\Local\Temp\oUIc.exe

MD5 19e0eaf223f11d43293b93c94c6da989
SHA1 3636eef5fdbea5c3ceb62884f41a051872fa6a7b
SHA256 10dcc7c1e3d752a449bc931e632c0972797448ce44900310847dc29accdd360b
SHA512 0684c372b14240f11766b1335c20a92a14950fad8016a97386b769268d098383308cdaba049db6ba95ce1d792964d3b77bd324918fd334db872d2a21a30bd32b

C:\Users\Admin\AppData\Local\Temp\WUEE.exe

MD5 e8179d4bbe9a217cbd075a91fa83799b
SHA1 ecaa6eb189511ddde4e5bfb159cdc4665f12c5a7
SHA256 508cbed7ab0f78387b99ba53e59dc83de150185f208fe7854f4d531e6814208b
SHA512 e1ce96f4a953b9d10b7341c580a45674869b8943b26a34006ed2f9e58fc60b5cbd46c4c7459aac83c5908b9875a11ecf3d1c1875056cfe853df3e92a845c2255

C:\Users\Admin\AppData\Local\Temp\RUcYEcUU.bat

MD5 1eac9f830d47cba63f6485e156188829
SHA1 684743650b685263f6922690b6e92d8d3ba18d06
SHA256 2079769fa9cfde8a3414341942aed488359efaf99d61f2c316925f04ba0fb07e
SHA512 f39343d38580120d253b0d13a9af800482701d388fd76c8fde2da1c6093451dbd90209b0399da8f1bb98c6b5087105c13eade09301e4d89536e7085ec4c1bd05

C:\Users\Admin\AppData\Local\Temp\cWocgEoQ.bat

MD5 0cea4c13f1886291e7699c7159ad1b29
SHA1 78871c775662d84ad3dbd46887f91062870a8f70
SHA256 4a4a8cfc7be922bfb433b8713f0231a3c0897fe2fbfd26716bfe135df9bb26c5
SHA512 c864b5655809673ca3460c07c2be7056c60504e608d18b1d4b4bd7cb4a1581f7578cc43399235548cf8377da99228e28d8b5fe56e37893a36d67c674ec2de51e

C:\Users\Admin\AppData\Local\Temp\aGYsEYIE.bat

MD5 a986020dad34efe809426c569ad35aa6
SHA1 4677fbec7a4e02fe38ba8d51175f4ac887195e67
SHA256 9cb35c929c76f8b3b03c0958da2b1360fcde5ebae564e8a93c6bebe526c58034
SHA512 21b7919af79311da93b6410b35b59c5521eff2f57df1630e2acf2d66739478fe8c62ba75a80463d7dd576d0174b47ff23f5c9107fab1b5754f1a29d68c55cb6c

C:\Users\Admin\AppData\Local\Temp\IYAAQscc.bat

MD5 3ccb4c8931b83a272b0c429033725099
SHA1 fbefa0042ced7663477c1bfb23ce0483151551c5
SHA256 778553e30ab07930babbc6f37cc48f58237ccc6fcafa36a9a03e81aa700928de
SHA512 53cbf36e8370cd01a61aa287642af389a4050d84c2f53de27f9fa6e0f4b6c2d1efc5b8715c2a5b36784afe2bc83d4f4471ce195afd1d9e78ecd1fe432bac4a6e

C:\Users\Admin\AppData\Local\Temp\gUMgYcMc.bat

MD5 56acc503997735f0f35390b872f324a7
SHA1 371efe0fd366744c133a269e648d8463fa1e5a46
SHA256 89391082e72ada6941d140a05ad8c2c575d3fb2305099497028e85f0e64bdbb8
SHA512 2a8b68ab8e0dace79b9a0e1992fbffdd3f296a01fd5879bdb5022f42d73f660647b0010eb58f156c54fc5d634b03f139e8ef26044ec02f733ddfd8ce96707125

C:\Users\Admin\AppData\Local\Temp\HIUEMskQ.bat

MD5 84125eb401bef3f2de8335c9a4b84397
SHA1 7541b8054819864d7f64e2adcc1b2763fb23c2cd
SHA256 165414e79844e6fc597f465432ebeb8f81d80a844daed99620971704f7b58416
SHA512 d65a1b33940cb8496235b93dc271650ba35be6490137b722fd2a47e25830cb07f980d5b90dbfafe97e7df0db49c846f41e7a5c292b5c387e0e0c01c724b5f820

C:\Users\Admin\AppData\Local\Temp\RocMYQss.bat

MD5 2167ee6f2983527180f50bb0aa746e80
SHA1 bb27e5e27b19b18503fb817c038413443d5c447a
SHA256 8f315c7f5c6782bc729c237c1ff04ae86b8284a9059178ab5a33f4604fd93199
SHA512 0f5c94f93d83e2626ffcbe5ef64695af199f145092715b72345a9decf2838f94a26149719782435951c7686b122918f434019f7246eef5b2e067d2918c9ec118

C:\Users\Admin\AppData\Local\Temp\naIMYgkE.bat

MD5 092b8d50d8ec3121f28734799848fde5
SHA1 57d44ea0395db40317f3368682285852c3817fa8
SHA256 0e2174e8e98156ba529b5148d4339e228f8477a22e1b8a75cc2a2c51b0fc33df
SHA512 b5df844f3ca37d87f843d54db56e722b1c567330b7761907c7333135f36c8ef3fa42c187f14ff8b213e5b8e7d3c1605803b62956282b9bb322ea4c74a9a89c8d

C:\Users\Admin\AppData\Local\Temp\lyQgIgQA.bat

MD5 89ec3513f109f158dafe500d1ac22305
SHA1 b74cf5a90b230ce4092fbe1eac8cb275cd296367
SHA256 0baaa42ebe0e9221a738f4e3454ed3468e6ec6f8c44d8dfb6cd28b4117b7e0a0
SHA512 834ea53ebfa4c9d28749dc3685b5570717081a62e0405810fde7d5a605308a75bcdea8ea0df3ef178c9aeb4ea1942fcf1432a572f567ee82e6bed7a8787a79a1

C:\Users\Admin\AppData\Local\Temp\oaYsUMcY.bat

MD5 89135b5c87d670c198b3c694f90b3a5d
SHA1 90b9d6d4f2fc58fe02c74564322b65c0afc6f74f
SHA256 dba34969af13fadc6547b74329a8529cdb3dc00de8a4bd6513119c7cc5eb12a3
SHA512 219b98c6b4cb9da31226632fe5c3563517543898a63bacd6af2c9c860c40d110921e20baa2a986d946b6ec7e57f3279b8d37a25034136227f1e620d3f43aec51

C:\Users\Admin\AppData\Local\Temp\qmMIUsss.bat

MD5 76b584ede0b1481ea67fc05e83172c9d
SHA1 6e2df112eb93a916ac8448dfd7d5238ebb0eb1f6
SHA256 5ba2a714f426ffbaf90a92261876ba3ce85c6614fc32c6bcb23359acf4827fba
SHA512 9c2968652f49a81bae03a9b5c34a1e136f10befe0ec2cbf4875f7ad3913d95101d68b8c64477cfee15011ea417b0dcb488f7a2cce705dde8e681ad05421dd4c1

C:\Users\Admin\AppData\Local\Temp\CwUMwAgw.bat

MD5 687f975e0598be0674da4e9508393c36
SHA1 ec35e26972a7fa2ecd09d38bb9a716a5b16ec499
SHA256 0ba829c5b9b2dcb93af2df51bd35106a4df49e021b5de18a120caad9f3502858
SHA512 3a40199fcfa0af47f7d06bda8aabcab6d216258a5957f6aa4a280a44e20e9ee4c40ca3529b305509937b0156ea97af7bd69d09ae5ef32a984f9d584b5ca04297

C:\Users\Admin\AppData\Local\Temp\acMgkYQA.bat

MD5 7ca2f51690d5321dab3b370465a6516c
SHA1 6de2b253da873c25f60a93f8a25943be0e17be79
SHA256 ef0276c951394a5f568510550e3c6a10cd330f8143042958f2b8c48baa858a28
SHA512 bc3762b3b16daab5941c34f156ab9d928392252795f6a2b856552c4e4299719b3e81ed97dd54be8543d25983482a51b3f5527e93bba9bebbce94e8871ea9b450

C:\Users\Admin\AppData\Local\Temp\bSQwkccM.bat

MD5 9d27edce7df6b4da3d354c6b0f855bc5
SHA1 15243fb1a395a05969ffc35b2a6135297b60c58b
SHA256 43b1a704b8f2644dd52421f368658a1b2e29d28d7421bd78af7b82e461eb8e0e
SHA512 7ba0abf781c7723f9550a392989968a5ee85d09b2018a474ceb18ab5c41c75e54f212e020872b276dc61ea06a0e1dd1aa90d7c31a8ec90494f104102fe58fbe1

C:\Users\Admin\AppData\Local\Temp\TQUQAAIA.bat

MD5 213aa3d79e5c28df65215eaea61a3d76
SHA1 0c0d6252f2e7c976ea28aed220f24ca2a3e80a90
SHA256 35bdd24fe04b6ae970f5dd8c0d17adb0e057509f8b5061834dd9c19718fa3a1d
SHA512 cf9bc68308e99805b8d483e189f0369636eb21810fdfb31d17440c84107f3b0c0d5af338192be1bb55205652fd7d0546eeb6e874e9fdc82a71d1f86f54866b02

C:\Users\Admin\AppData\Local\Temp\LkowQgYU.bat

MD5 25daf920eac1aefb9c3784a59bb4d85c
SHA1 efdea25af1dd8a46e3d6cf2e3083388244a2697c
SHA256 121094b7781907fd9b88ed07f44c0f27aebe95ebf63f00ffc48d5c0b17d8ef92
SHA512 6069cb23e315c1dcbfc3fa1a6c6ed026da44c6be1fb77b12f7babd5a777924c99b84cecb73221fc1e3187f568a9389e66ac67cc04abce35033ab8729bc9d3eaa

C:\Users\Admin\AppData\Local\Temp\bygwcAEY.bat

MD5 475db6763e102d8c0c0135781e30dcb1
SHA1 7a70bd2e1ede20fb7721a711817af6fd7c6b9e3c
SHA256 6122ea9f5d40ffec7ffda286fca2a10501ffb0b0618273348d732a8e103cd976
SHA512 ac7d692797eb5330efac7ad592b1ae3de965239e033040d80b41a12620e5ffdb483310e0966380eef6d40e76007b70bb66a82310dc6801e1f8a45c7ce100a103

C:\Users\Admin\AppData\Local\Temp\JMgYocgI.bat

MD5 da4deea7ec348ff051e06904fcc3d30d
SHA1 001003881d824495d4caa3581b626e552132d72b
SHA256 f2cf79b592610de323e7d5d7b98db2a28a6758502b7ca4abdc1296a92ac72186
SHA512 ac57d5253acc3eeb1918acfc2c77e6a935b4c63923110342fe9e5b96fd1be0421ff0cf65371e59624c0dab76057479e1777bad67a479e525d2c735826335b653

C:\Users\Admin\AppData\Local\Temp\UOgUokUA.bat

MD5 cb8475747e1068473908efea61e9171e
SHA1 a84d4e52ad217ed22075d4c42b38c460756447c2
SHA256 9d571f668917d01b3308c9729e61cc15addb1b70619c9811fd251f543f2d5ce2
SHA512 9dda17ec026ac8767e501988d007c7612491712a2e0bf0316eb56b52f446466a90f1718bf9f3056ef10253cf1201cf608b5fd3a4b5199d15ce93a21aab5aef3f

C:\Users\Admin\AppData\Local\Temp\aykMUwUE.bat

MD5 ce32a24fe655bfecdd938956c970e4bd
SHA1 081ebfc7701e979e88153700443528faea5d2264
SHA256 f902f48840ca1efbd55d6f293a964493cd60c029f67371c3e1dd1d95adeb1176
SHA512 e7e7de76313865ee9732c5430b7e0a85ffcd29c93cc230d566653daac941e86b4deb1aa838e417d9853858346b4280a6732ed096c76419d912c029ad7fe0474b

C:\Users\Admin\AppData\Local\Temp\gcgIUAwU.bat

MD5 a7bf2cad8a0917baf6a06f3ec5ad4335
SHA1 f7c15723c289217ea01eaa35a77816ebf3d4f987
SHA256 15d6ae38974b4e1d2041e3b2fc2ea4bd7928b3e1535d208b2ee06c64afd5af2a
SHA512 82ce10ebc3ddb066e4682b405bb32d8bfc913d24b141ee12a0f90a7ba091f70a33cccb6b0836ab4ff3f20a317a972e17805d4b657d060751d6d74c0d68426fce

C:\Users\Admin\AppData\Local\Temp\zQUUUUgM.bat

MD5 65d4bd3ba37b1da92850f0b2cf006d07
SHA1 ca62e03c3b46759a568b9498129de32ebe5fd12c
SHA256 55ba5b1eec1ab987fa5be66cd5fd84efb8155f4f21b5b605ca5b47b1afc0b346
SHA512 b23c4c541cbc2eafed9fed7c63655116103e646775a89c54a834c41a41609032f215fb9a16df8c6a9c78dc5da898ab6f0d64c2f9d31f9afd1bb09fc74292b520

C:\Users\Admin\AppData\Local\Temp\VYQgIEAk.bat

MD5 dc5b15cd55fd0031b09cbafead627d23
SHA1 5e066d9093364c25720cd6826e0951e289e0dada
SHA256 83b6060a51d8550f938731cfb92886a8a30e37037de4b214fcaf1d0b504cbd70
SHA512 3127876a6deb4d240420b54f099a287423ae1a7f7c0230a81e63910b9cc8a87a878a44120b752faf3dcd61b215a68526a4c1280e4687c72283a9848ba14af9dd

C:\Users\Admin\AppData\Local\Temp\XewQgwsI.bat

MD5 d686cd46718e51b6599b8af60fa5a9d9
SHA1 26ce40ad905858b56720df39084c657b4bd3ecda
SHA256 31196ae3ad974dc89256f69aed38d6969c289447fa935d306d2dd86d55e72c19
SHA512 eef7f8bd897d08befc029ea47e7130dbb86a6b384b9838ea25f3f2d7c2fac20053e3876880a7248289f59fdb976a23ea1fb0829863222041a91fc991d2995c6b

C:\Users\Admin\AppData\Local\Temp\hWowMYIk.bat

MD5 b795936ba30d63aed38522c54f036093
SHA1 c28c05d79e4901bfade242d0014712860eda0918
SHA256 1378aae9e59a016099d03af06b4e96d073af20f8e21be8855fb2cfab12afb5df
SHA512 725597c4bd363226bc2af3218ed10b0831b48b14511807ff897481b54a2f3f8626adaf692e9720edc195713699936490c72c6cc5ae5dbe887ee5fd7bb6666921

C:\Users\Admin\AppData\Local\Temp\KCwcEcEY.bat

MD5 cb9a6f53c5cc60adefd2b250f74afbba
SHA1 675b3e95aded53a071e486c4c406e1e826009941
SHA256 6fb55c090b21338a2c7b90fcea74db2aa99b99c4ef8ed2a2c901f337b700248e
SHA512 2e26c443b73b830a626feda75aed8221aae3883b2a21a329e63bd85c87342c03b33a7893d92112ff2572db78c516db4f766b9a24f8135062f68a0f94d1efde44

C:\Users\Admin\AppData\Local\Temp\OqQEgMcg.bat

MD5 1117761ae38e9fb7684a42d89360aba0
SHA1 76b6774264ceefd456e56f9bc6179c6d06f88222
SHA256 492f6865469b15756a8b177f1c26cb96ce93aa5f59fa9a4c4872fca303656a31
SHA512 b729fe3558791a845d5ccd817424fe82db772024f5a285955800c5204e69b7c5e46c210ee4ae2abaed4cae4652f36a3a8d3a997f2891394399f4cf6da81b615d