c35f718d6149a1388bdc2a6ed535f10afd5f8cf2ae88f9380dbd45d07116decf

Analysis

max time kernel
22s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
Size

234KB
MD5

d3ab46566b611cca7e28039d1cb82c4e
SHA1

1a9f7a791977122059bf81f7eea79845380a4d1f
SHA256

c35f718d6149a1388bdc2a6ed535f10afd5f8cf2ae88f9380dbd45d07116decf
SHA512

41856cd28703eb8e05ce2b1b7d5da876016504fb27e5151229c682e2b9e5a89ee18855a0289c5b22b4c187c47a7e24cc3e9579bdb812c69cb3b917384eb443f8
SSDEEP

3072:/1OGpA0lyfj10YoA7DEvfvNlq1fK3F9/PIzIEJY2j76KE8Bf47qW:/4Gna10YD7DFKV93KXjWAWqW

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Executes dropped EXE 2 IoCs

pid	Process
2440	rmoAYAUo.exe
2208	xmMAQokI.exe

Loads dropped DLL 20 IoCs

pid	Process
2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe
2440	rmoAYAUo.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\xmMAQokI.exe = "C:\\Users\\Admin\\vmEUwooM\\xmMAQokI.exe"	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rmoAYAUo.exe = "C:\\ProgramData\\HssAcswc\\rmoAYAUo.exe"	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rmoAYAUo.exe = "C:\\ProgramData\\HssAcswc\\rmoAYAUo.exe"	rmoAYAUo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\xmMAQokI.exe = "C:\\Users\\Admin\\vmEUwooM\\xmMAQokI.exe"	xmMAQokI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
2848	reg.exe
2500	reg.exe
1612	reg.exe
3044	reg.exe
2484	reg.exe
3036	reg.exe
2944	reg.exe
1424	reg.exe
1540	reg.exe
1800	reg.exe
2476	reg.exe
1104	reg.exe
2648	reg.exe
2728	reg.exe
2424	reg.exe
2376	reg.exe
2168	reg.exe
2524	reg.exe
2908	reg.exe
1780	reg.exe
1632	reg.exe
2756	reg.exe
2788	reg.exe
2272	reg.exe
2060	reg.exe
780	reg.exe
2688	reg.exe
2844	reg.exe
1292	reg.exe
924	reg.exe
2988	reg.exe
1040	reg.exe
1664	reg.exe
844	reg.exe
2376	reg.exe
2972	reg.exe
2720	reg.exe
2340	reg.exe
2112	reg.exe
2808	reg.exe
2220	reg.exe
2988	reg.exe
2556	reg.exe
1904	reg.exe
644	reg.exe
1896	reg.exe
2636	reg.exe
2524	reg.exe
2200	reg.exe
2004	reg.exe
1896	reg.exe
1456	reg.exe
2904	reg.exe
1316	reg.exe
3032	reg.exe
2040	reg.exe
872	reg.exe
1424	reg.exe
1772	reg.exe
1192	reg.exe
780	reg.exe
1556	reg.exe
1756	reg.exe
2752	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2052	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2052	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2256	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2256	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
604	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
604	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2304	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2304	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1004	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1004	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2728	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2728	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2988	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2988	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2768	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2768	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2308	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2308	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1540	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1540	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2212	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2212	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2704	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2704	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2132	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2132	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2020	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2020	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
712	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
712	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
576	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
576	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2108	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2108	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2896	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2896	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2560	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2560	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1980	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1980	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1700	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1700	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
760	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
760	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
544	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
544	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2680	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2680	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2456	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2456	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2800	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2800	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2000	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2000	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
844	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
844	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1720	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
1720	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2684	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
2684	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2208	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	28
PID 2220 wrote to memory of 2208	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	28
PID 2220 wrote to memory of 2208	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	28
PID 2220 wrote to memory of 2208	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	28
PID 2220 wrote to memory of 2440	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	29
PID 2220 wrote to memory of 2440	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	29
PID 2220 wrote to memory of 2440	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	29
PID 2220 wrote to memory of 2440	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	29
PID 2220 wrote to memory of 2624	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	30
PID 2220 wrote to memory of 2624	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	30
PID 2220 wrote to memory of 2624	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	30
PID 2220 wrote to memory of 2624	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	30
PID 2624 wrote to memory of 2632	2624	cmd.exe	33
PID 2624 wrote to memory of 2632	2624	cmd.exe	33
PID 2624 wrote to memory of 2632	2624	cmd.exe	33
PID 2624 wrote to memory of 2632	2624	cmd.exe	33
PID 2220 wrote to memory of 2880	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	32
PID 2220 wrote to memory of 2880	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	32
PID 2220 wrote to memory of 2880	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	32
PID 2220 wrote to memory of 2880	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	32
PID 2220 wrote to memory of 2720	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	34
PID 2220 wrote to memory of 2720	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	34
PID 2220 wrote to memory of 2720	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	34
PID 2220 wrote to memory of 2720	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	34
PID 2220 wrote to memory of 2688	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	36
PID 2220 wrote to memory of 2688	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	36
PID 2220 wrote to memory of 2688	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	36
PID 2220 wrote to memory of 2688	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	36
PID 2220 wrote to memory of 2644	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	39
PID 2220 wrote to memory of 2644	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	39
PID 2220 wrote to memory of 2644	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	39
PID 2220 wrote to memory of 2644	2220	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	39
PID 2644 wrote to memory of 2160	2644	cmd.exe	41
PID 2644 wrote to memory of 2160	2644	cmd.exe	41
PID 2644 wrote to memory of 2160	2644	cmd.exe	41
PID 2644 wrote to memory of 2160	2644	cmd.exe	41
PID 2632 wrote to memory of 2096	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	42
PID 2632 wrote to memory of 2096	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	42
PID 2632 wrote to memory of 2096	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	42
PID 2632 wrote to memory of 2096	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	42
PID 2096 wrote to memory of 2052	2096	cmd.exe	44
PID 2096 wrote to memory of 2052	2096	cmd.exe	44
PID 2096 wrote to memory of 2052	2096	cmd.exe	44
PID 2096 wrote to memory of 2052	2096	cmd.exe	44
PID 2632 wrote to memory of 1912	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	45
PID 2632 wrote to memory of 1912	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	45
PID 2632 wrote to memory of 1912	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	45
PID 2632 wrote to memory of 1912	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	45
PID 2632 wrote to memory of 780	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	46
PID 2632 wrote to memory of 780	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	46
PID 2632 wrote to memory of 780	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	46
PID 2632 wrote to memory of 780	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	46
PID 2632 wrote to memory of 1428	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	48
PID 2632 wrote to memory of 1428	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	48
PID 2632 wrote to memory of 1428	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	48
PID 2632 wrote to memory of 1428	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	48
PID 2632 wrote to memory of 1620	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	50
PID 2632 wrote to memory of 1620	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	50
PID 2632 wrote to memory of 1620	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	50
PID 2632 wrote to memory of 1620	2632	2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe	50
PID 1620 wrote to memory of 2364	1620	cmd.exe	53
PID 1620 wrote to memory of 2364	1620	cmd.exe	53
PID 1620 wrote to memory of 2364	1620	cmd.exe	53
PID 1620 wrote to memory of 2364	1620	cmd.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\vmEUwooM\xmMAQokI.exe
  "C:\Users\Admin\vmEUwooM\xmMAQokI.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2208
- C:\ProgramData\HssAcswc\rmoAYAUo.exe
  "C:\ProgramData\HssAcswc\rmoAYAUo.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  PID:2440
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
    C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        9⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        10⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        11⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        12⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        13⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        14⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        15⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        16⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        17⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        18⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        19⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2768
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        20⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        21⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        22⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        24⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        26⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        28⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        30⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        32⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        33⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        34⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        35⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        36⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        37⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        38⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        39⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        40⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        41⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        42⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        43⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        44⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        45⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        46⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        47⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        48⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        49⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        50⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        51⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        52⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        53⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        54⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        55⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        56⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        57⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        58⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        59⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        60⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        61⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        62⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        63⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        64⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        65⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        66⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        67⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        68⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        69⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        70⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        71⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        72⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        73⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        74⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        75⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        76⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        77⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        78⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        79⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        80⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        81⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        82⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        83⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        84⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        85⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        86⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        87⤵
        
        PID:624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        88⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        89⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        90⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        91⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        92⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        93⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        94⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        95⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        96⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        97⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        98⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        99⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        100⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        101⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        102⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        103⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        104⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        105⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        106⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        107⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        108⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        109⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        110⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        111⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        112⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        113⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        114⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        115⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        116⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        117⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        118⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        119⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        120⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        121⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        122⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        123⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        124⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        125⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        126⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        127⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        128⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        129⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        130⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        131⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        132⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        133⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        134⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        135⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        136⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        137⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        138⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        139⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        140⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        141⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        142⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        143⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        144⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        145⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        146⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        147⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        148⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        149⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        150⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        151⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        152⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        153⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        154⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        155⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        156⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        157⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        158⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        159⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        160⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        161⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        162⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        163⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        164⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        165⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        166⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        167⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        168⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        169⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        170⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        171⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        172⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        173⤵
        
        PID:312
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        174⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        175⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        176⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        177⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        178⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        179⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        180⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        181⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        182⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        183⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        184⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        185⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        186⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        187⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        188⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        189⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        190⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        191⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        192⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        193⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        194⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        195⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        196⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        197⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        198⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        199⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        200⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        201⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        202⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        203⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        204⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        205⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        206⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        207⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        208⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        209⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        210⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        211⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        212⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        213⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        214⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        215⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        216⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        217⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        218⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        219⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock"
        220⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock
        221⤵
        
        PID:960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        222⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        222⤵
        Modifies registry key
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        222⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        220⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        220⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        220⤵
        
        PID:916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\iEggUQwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        220⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        221⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        218⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        218⤵
        Modifies registry key
        
        PID:2168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        218⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hgwkQkYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        218⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        219⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        216⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        216⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        216⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MAkEQowc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        216⤵
        
        PID:836
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        217⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        214⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        214⤵
        
        PID:816
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        214⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xmEokwUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        214⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        215⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        212⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        212⤵
        Modifies registry key
        
        PID:2752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        212⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qOUggIMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        212⤵
        
        PID:500
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        213⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        210⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        210⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        210⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZKYMUkYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        210⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        211⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        208⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        208⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        208⤵
        Modifies registry key
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eAcIwkcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        208⤵
        
        PID:880
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        209⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        206⤵
        
        PID:860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        206⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        206⤵
        Modifies registry key
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hocYEcUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        206⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        207⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        204⤵
        Modifies registry key
        
        PID:924
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        204⤵
        Modifies registry key
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        204⤵
        
        PID:872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZoscwgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        204⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        205⤵
        
        PID:540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        202⤵
        Modifies registry key
        
        PID:1632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        202⤵
        Modifies registry key
        
        PID:2524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        202⤵
        
        PID:600
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lasAYYUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        202⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        203⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        200⤵
        Modifies registry key
        
        PID:1292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        200⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        200⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WqQAQMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        200⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        201⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        198⤵
        
        PID:924
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        198⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        198⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYkwEEsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        198⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        199⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        196⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        196⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        196⤵
        Modifies registry key
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VgkMgock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        196⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        197⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        194⤵
        Modifies registry key
        
        PID:1664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        194⤵
        
        PID:556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        194⤵
        
        PID:688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eUMQQUcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        194⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        195⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        192⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        192⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        192⤵
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\BQsIIQMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        192⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        193⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        190⤵
        Modifies registry key
        
        PID:3036
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        190⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        190⤵
        
        PID:764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AikIEkYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        190⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        191⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        188⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        188⤵
        
        PID:900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        188⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gaQoIckg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        188⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        189⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        186⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        186⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        186⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hoYMcwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        186⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        187⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        184⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        184⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        184⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ToYIwUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        184⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        185⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        182⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        182⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        182⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWYQQkwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        182⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        183⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        180⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        180⤵
        Modifies registry key
        
        PID:2060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        180⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UccQsswY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        180⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        181⤵
        
        PID:308
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        178⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        178⤵
        
        PID:960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        178⤵
        
        PID:592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KiAskcoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        178⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        179⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        176⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        176⤵
        Modifies registry key
        
        PID:1192
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        176⤵
        
        PID:412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qCIYkQos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        176⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        177⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        174⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1508
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        174⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        174⤵
        UAC bypass
        
        PID:836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAkUIQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        174⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        175⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        172⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2508
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        172⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        172⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hgUsIgcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        172⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        173⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        170⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        170⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        170⤵
        UAC bypass
        
        PID:572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vcUIwooE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        170⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        171⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        168⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        168⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        168⤵
        UAC bypass
        
        PID:1684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\bmgsAgEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        168⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        169⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        166⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2424
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        166⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        166⤵
        UAC bypass
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IEMQMoYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        166⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        167⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        164⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2244
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        164⤵
        Modifies registry key
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        164⤵
        UAC bypass
        
        PID:912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uKUkwYMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        164⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        165⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        162⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        162⤵
        Modifies registry key
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        162⤵
        UAC bypass
        
        PID:488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\oiwQMYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        162⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        163⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        160⤵
        
        PID:788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        160⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        160⤵
        UAC bypass
        
        PID:2604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vsAMosUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        160⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        161⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        158⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2536
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        158⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        158⤵
        UAC bypass
        Modifies registry key
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hyAAIsgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        158⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        159⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        156⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        156⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        156⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\zOkAMsgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        156⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        157⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        154⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        154⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        154⤵
        UAC bypass
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\PoEAEMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        154⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        155⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        152⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2436
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        152⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        152⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GKgYwcgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        152⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        153⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        150⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        150⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        150⤵
        UAC bypass
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMwAMsUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        150⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        151⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        148⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        148⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        148⤵
        UAC bypass
        Modifies registry key
        
        PID:1424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\EwwQoAwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        148⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        149⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        146⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2728
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        146⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        146⤵
        UAC bypass
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAokoYQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        146⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        147⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        144⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        144⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        144⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vugQwoIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        144⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        145⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        142⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2312
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        142⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        142⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZMQYAEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        142⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        143⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        140⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        140⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        140⤵
        Modifies registry key
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ziMgYkgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        140⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        141⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        138⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        138⤵
        
        PID:540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        138⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FOkAAgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        138⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        139⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        136⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        136⤵
        Modifies registry key
        
        PID:872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        136⤵
        UAC bypass
        Modifies registry key
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcIAYQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        136⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        137⤵
        
        PID:600
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        134⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        134⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        134⤵
        UAC bypass
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQsEUsgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        134⤵
        
        PID:836
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        135⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        132⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        132⤵
        
        PID:292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        132⤵
        UAC bypass
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aAYoAYYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        132⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        133⤵
        
        PID:112
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        130⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        130⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        130⤵
        UAC bypass
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SgYwAQII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        130⤵
        
        PID:916
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        131⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        128⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        128⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        128⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RoEEsAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        128⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        129⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        126⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        126⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        126⤵
        UAC bypass
        
        PID:1340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGcAggMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        126⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        127⤵
        
        PID:628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        124⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        124⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        124⤵
        UAC bypass
        
        PID:1456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VWAUAgok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        124⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        125⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        122⤵
        
        PID:556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        122⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        122⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NAAwAggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        122⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        123⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        120⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        120⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        120⤵
        Modifies registry key
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eKwgwcUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        120⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        121⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        118⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2800
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        118⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        118⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WGAUkwEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        118⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        119⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        116⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2820
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        116⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        116⤵
        UAC bypass
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WiIoEIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        116⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        117⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        114⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        114⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        114⤵
        Modifies registry key
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\saQgYggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        114⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        115⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        112⤵
        
        PID:576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        112⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        112⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\mwYEgckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        112⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        113⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        110⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        110⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        110⤵
        UAC bypass
        
        PID:1080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xUwkkAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        110⤵
        
        PID:380
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        111⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        108⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2988
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        108⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        108⤵
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ruIEoMgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        108⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        109⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        106⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        106⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        106⤵
        UAC bypass
        
        PID:2908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nEUAwcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        106⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        107⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        104⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        104⤵
        Modifies registry key
        
        PID:2272
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        104⤵
        UAC bypass
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NeIkIMoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        104⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        105⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        102⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        102⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        102⤵
        UAC bypass
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VkMIcQUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        102⤵
        
        PID:308
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        103⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        100⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        100⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        100⤵
        UAC bypass
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YSggEgwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        100⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        101⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        98⤵
        Modifies registry key
        
        PID:1540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        98⤵
        
        PID:500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        98⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ewMQIUgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        98⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        99⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        96⤵
        Modifies visibility of file extensions in Explorer
        
        PID:448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        96⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        96⤵
        UAC bypass
        Modifies registry key
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kEsYgQIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        96⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        97⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        94⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        94⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        94⤵
        UAC bypass
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yYwQkIIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        94⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        95⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        92⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2456
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        92⤵
        Modifies registry key
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        92⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcYUsYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        92⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        93⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        90⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        90⤵
        Modifies registry key
        
        PID:2220
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        90⤵
        UAC bypass
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\pIEMAgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        90⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        91⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        88⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        88⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        88⤵
        
        PID:916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xCccMkko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        88⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        89⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        86⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2036
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        86⤵
        
        PID:576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        86⤵
        UAC bypass
        
        PID:1348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DSAcwYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        86⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        87⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        84⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1456
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        84⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        84⤵
        UAC bypass
        
        PID:2268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\bCMsEQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        84⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        85⤵
        
        PID:324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        82⤵
        
        PID:540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        82⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        82⤵
        UAC bypass
        
        PID:2800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\oiMwswkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        82⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        83⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        80⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2844
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        80⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        80⤵
        UAC bypass
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AqwUscMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        80⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        81⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        78⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        78⤵
        Modifies registry key
        
        PID:2808
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        78⤵
        UAC bypass
        
        PID:2728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IqEEAcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        78⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        79⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        76⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        76⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        76⤵
        UAC bypass
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qEccksos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        76⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        77⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        74⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        74⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        74⤵
        UAC bypass
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vyMUoQwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        74⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        75⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        72⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        72⤵
        Modifies registry key
        
        PID:2484
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        72⤵
        UAC bypass
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWsEQYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        72⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        73⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        70⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2128
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        70⤵
        
        PID:384
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        70⤵
        UAC bypass
        
        PID:412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\LEcwokAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        70⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        71⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        68⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        68⤵
        Modifies registry key
        
        PID:1104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        68⤵
        UAC bypass
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tUQYUsEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        68⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        69⤵
        
        PID:592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        66⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1804
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        66⤵
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        66⤵
        UAC bypass
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lwwkEcwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        66⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        67⤵
        
        PID:872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        64⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        64⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        64⤵
        UAC bypass
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIoYkUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        64⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        65⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        62⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        62⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        62⤵
        UAC bypass
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\seocsgYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        62⤵
        
        PID:880
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        63⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        60⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        60⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        60⤵
        UAC bypass
        
        PID:1400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ESwAkUAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        60⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        61⤵
        
        PID:760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        58⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        58⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        58⤵
        Modifies registry key
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GKQcckwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        58⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        59⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        56⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:3044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        56⤵
        
        PID:540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        56⤵
        UAC bypass
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\bmgIIEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        56⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        57⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        54⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        54⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        54⤵
        UAC bypass
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DYYQAQAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        54⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        55⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        52⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        52⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        52⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWQkAogw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        52⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        53⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        50⤵
        Modifies visibility of file extensions in Explorer
        
        PID:3036
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        50⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        50⤵
        UAC bypass
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VcscgIQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        50⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        51⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        48⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        48⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        48⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TeQgocsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        48⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        49⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        46⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        46⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        46⤵
        UAC bypass
        
        PID:380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoYAIUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        46⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        47⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        44⤵
        Modifies registry key
        
        PID:844
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        44⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        44⤵
        UAC bypass
        Modifies registry key
        
        PID:1556
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\sigsYgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        44⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        45⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        42⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        42⤵
        Modifies registry key
        
        PID:2908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        42⤵
        UAC bypass
        Modifies registry key
        
        PID:1800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IEgMYQYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        42⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        43⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        40⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        40⤵
        Modifies registry key
        
        PID:1424
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        40⤵
        UAC bypass
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\USkAIEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        40⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        41⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        38⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        38⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        38⤵
        UAC bypass
        Modifies registry key
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AkQowAUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        38⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        39⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        36⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        36⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        36⤵
        UAC bypass
        Modifies registry key
        
        PID:2340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fkkcAgEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        36⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        37⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        34⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        34⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        34⤵
        UAC bypass
        
        PID:1412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\BksYkEQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        34⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        35⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        32⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        32⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        32⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGwAEAIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        32⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        33⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        30⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        30⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        30⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vOEQUMIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        30⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        31⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        28⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        28⤵
        Modifies registry key
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        28⤵
        UAC bypass
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lCIcwIcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        28⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        29⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        26⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:3032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        26⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        26⤵
        UAC bypass
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qAogkUUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        26⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        27⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        24⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        24⤵
        
        PID:296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        24⤵
        UAC bypass
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AkkwAcsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        24⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        25⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        22⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        22⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        22⤵
        UAC bypass
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIsoswcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        22⤵
        
        PID:544
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        23⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        20⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1140
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        20⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        20⤵
        UAC bypass
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uikskcsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        20⤵
        
        PID:108
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        21⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        18⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        18⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        18⤵
        UAC bypass
        Modifies registry key
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DusYQYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        18⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        19⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        16⤵
        Modifies visibility of file extensions in Explorer
        
        PID:292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        16⤵
        Modifies registry key
        
        PID:1612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        16⤵
        UAC bypass
        
        PID:1176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\becQokMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        16⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        17⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        14⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        14⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        14⤵
        UAC bypass
        Modifies registry key
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DsUsUwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        14⤵
        
        PID:552
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        15⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        12⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2936
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        12⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        12⤵
        UAC bypass
        
        PID:896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RIYoQYYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        12⤵
        
        PID:308
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        13⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        10⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        10⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        10⤵
        UAC bypass
        
        PID:1360
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\XGcYsgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        10⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        11⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        8⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        8⤵
        
        PID:556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        8⤵
        UAC bypass
        
        PID:1520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\QkMgwEMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        9⤵
        
        PID:448
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        6⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1556
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        6⤵
        
        PID:2252
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        6⤵
        
        PID:872
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MooEkUMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
        6⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        7⤵
        
        PID:3052
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
      4⤵
      Modifies visibility of file extensions in Explorer
      PID:1912
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
      4⤵
      UAC bypass
      PID:1428
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\AqoMUIQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        5⤵
        
        PID:2364
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
  2⤵
  - Modifies visibility of file extensions in Explorer
  PID:2880
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
  2⤵
  - Modifies registry key
  PID:2720
- C:\Windows\SysWOW64\reg.exe
  reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
  2⤵
  - UAC bypass
  - Modifies registry key
  PID:2688
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\cMoEEQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Windows\SysWOW64\cscript.exe
    cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
    3⤵
    PID:2160

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "142618800919227233911833134689-849347432-86131356-67495072818873403681445627867"
1⤵
PID:2368

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-86819218-416072095-370002437-2140657926-1347376900-1882531196978078497453501191"
1⤵
PID:2000

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2409322631068750652-735670042-468411812-979937764815395459-1361655911-1190462825"
1⤵
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\HssAcswc\rmoAYAUo.exe

Filesize
185KB

MD5
9443f44c4c265adc1f48222f85862c66

SHA1
915fca12d66bad09c89b5f65b108359b7ee0d311

SHA256
7f0333a1dfcdf1b52c9a8d0963b0a2eb62e029e7f7a2f24d1d757d109ba1dc5e

SHA512
16163f951a6839222c283746f56092cbdfd3ec6328134869c4c249846121379b94ba082f2c0e44fa694c26fad9e98891b97e523fe6023eb226524dd2a3480efc

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe

Filesize
233KB

MD5
e021081a5a7ec76491c6ce8af3cec337

SHA1
eb3ac55aa4078865b301218ded8441049ae02b0b

SHA256
3b3d6ae61ae8a9dba2261d7bb890ac5ccd82bad5a2f1d4d956b6874510f50576

SHA512
38dad854aae44cbe29bc1cf305b5763438496f9174f7f4ac0a552204ab2a5164a196f22646e72c160a945851e07933891ed9ba5c8a2e972e80a0b009d87aa9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-04-11_d3ab46566b611cca7e28039d1cb82c4e_virlock

Filesize
48KB

MD5
1ef0b094eb051cfc99e3dfa991c669c5

SHA1
2534e234cbed0ccd69f53208069686ec5c617ccb

SHA256
2e6c724b2aae160291a7df88d394514535171833eba1dd20204f9d5788f0f878

SHA512
13d11abccfef086046efa0957156189235bb2df8186ea143278ba557039b285beb55d990096456ad9d67ba700fe8644dd1ffa75d2c64b2a36ee2a9a8d6978342

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAEswMUk.bat

Filesize
4B

MD5
8d89447edcce7e36336bf6b124dfa51b

SHA1
ccd5758467dfc4b2b0134e62d6d130a0e85b4d21

SHA256
5ebc02a912d285db5554cd7d54a99fb686b49ada1813e3c98fcfeeb96f66be06

SHA512
e378353183257f6c2224d0f5f747267a2fb8f42175f7adfadd03a61ddc85911ca4193a8e2b87d9b5cfad31df03e1a35c586f1eefb204636772ea5518d7d50927

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEks.exe

Filesize
982KB

MD5
c95a586e93c20057d30a9e2c85715b6c

SHA1
43ba1e31576a04b1212ca936ce0ffce5be16cf99

SHA256
86f86627920b6df76aa25c6e62df2db47560daa4949ed47db374557b8105d187

SHA512
22c632779f17de71ceea36e39ff0e32f0cd8b25a3f333bf858c9694bfdbbf216875ce41ef9a0a45543606c7102a0443f941fd3e324e2443d9c0774527596f95e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AIwO.exe

Filesize
250KB

MD5
9a8fe6b5dfdc830dc03b6922aaeb3f6f

SHA1
2924868dabb490b99d4e6b7c52e05c4044796977

SHA256
20854791e4dc041a95ed5bba9e2fc68d8b9763abaeb74405025b1d2a3e3a6ca1

SHA512
1a494a55f55582ba33293d938b2f500e573fdd17829ad35b96efa832d964c73ee2f3870e83e896aed0e3191690e4afc99c52a5ada457d4d6a44a665604b5a05a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AMoW.exe

Filesize
231KB

MD5
61e06bc8a33caba532c2cac121fc0dac

SHA1
c196ef59bd02c4d3da00923eb8d5e6f649cf8ad9

SHA256
3df3ef4738c69c542e99f4b97f2df2a83412c7b5d3f54e728173ae343e7ed6b1

SHA512
1941ab640f5f298b35e44a1755282f55617049a2e7bcc15e2db7ed190522f80922d4df19918788d3bc73ccb21d8baa6d10dd59bb3b57d7f53c78dae23b694005

Download Submit
C:\Users\Admin\AppData\Local\Temp\AQkW.exe

Filesize
235KB

MD5
d2dabcf99892ed692959810b2e123cb5

SHA1
d768c467ceb39e95c741d5db09e80652fd6857cc

SHA256
39706ba79908313798b01367808a6b146d43a042f87fc314220ec5b16c2c738f

SHA512
6595125bef10f41c94cdd05e69d152b0df8710970f7899c630986820b97c1ccad7c7ffa637421cb74cd65168da49aa5db728f45630eb02853da6bd5bc2394b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AcUu.exe

Filesize
959KB

MD5
96273fce543118da051cf130476fccc6

SHA1
719900305caacd8c72d221b68d12fdf99c20b6c6

SHA256
e450518af9947ca5a15703ad87c85dcfb32d500f26218048cc59ccad194a410b

SHA512
aa312e141cbdcd250eaa7923eb5868d7b11b6737f9880bddcf922925e73d8edaba92b49af164d13543d6bfd6906c6b53a490f1f554b6153cc1eca2c398d01f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Accq.exe

Filesize
636KB

MD5
3981ad02dab48aa4c1ec00bd6f727520

SHA1
9a2698fac742ac86d6448486a3916ecf49fc67c6

SHA256
c3cc17b832ec32a005119125bb6c47cd508ac29c94fbe7f89249eda257da6f09

SHA512
eb985cdcfa90858a1010a02fb35d0e421c020dc9f08747f446acc7345aa99000a3157209b7aa58abdae07dbff8847ae3ff0033d7f1c4a6582dd18a9299286a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\AoMW.exe

Filesize
644KB

MD5
4ac584e7a330f7ebc06cff85dab51f8a

SHA1
499a548f120ecdf12641eb6b4e5abc4d943b57c5

SHA256
23390dde939ce600030d1a11b750662be4446532b3f06561f56cc7769ee4d046

SHA512
21e4acf8109a77d730390653f35f4bdd21ac237d066e2daa49e6151f36a23227eb63bcad709fc7cfa360cf8d0aea1647330071f11cf97ec808d5a62ab1abb11b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AyQAYMgk.bat

Filesize
4B

MD5
edcc0e7bf1c3e76ff917f938e3f21cef

SHA1
35a9c8b26711962e36859ac3881aafb1d58afd88

SHA256
cdaae4672708dd64fb07017061728fcc1f02d095a64330f6d491df3b94197a5d

SHA512
287d092d67859490d25192aea777e06768775664122a33b334d603518a274a41c26bf553954e4757dd12d883cf2715724d87f8abd0372ef1f6ae401b89cb8796

Download Submit
C:\Users\Admin\AppData\Local\Temp\BgQckkQo.bat

Filesize
4B

MD5
3954032b525d94c244f9d8ab524a72df

SHA1
403abb646364ab1835f8ecf55dbf51cee4686cee

SHA256
e9cb864cc7ad038606f10472e84107b9130fc6aad77f0a87000bee27e7cb77a2

SHA512
73940bd7d39c2093d5c430df1e2d1c3ffffda69059177b871b309f1dc381c3397db003911bc6eaf48129679b2c2c086356f07df7faf2613d6d8d2f4a1d350e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\BoUgQQQE.bat

Filesize
4B

MD5
a257104160f0759d7083f9c55f876044

SHA1
ecc4aa68f04669295bb52da758828042fd5f7946

SHA256
3f44cd294f825b4ab89c63df9240d68639832c6abb94d70759773bd230fa404a

SHA512
7794250c8cd4050b98b85653bd5514dea685561fb604837c9221fd8b28337e020f56fa017bcc4039e4bc255d8e31ca234b3d8f8c3023e370a4b2b598eebe6245

Download Submit
C:\Users\Admin\AppData\Local\Temp\CMUO.exe

Filesize
198KB

MD5
8cc0cd8e56cbd58ed8a2fcb87eb7b28d

SHA1
b05cb65e83c72d8947203d07fda581124f5cf4d7

SHA256
1dee4c6f2c79da62f623a3a1527adb8334ff0460964a9649f6d0b8fef8a7b144

SHA512
3660c62d58827e50c5239dc30a371963a62f4e71fed76c18319bf68abb00de8ea69429ba3d67e36ba62a405e1a2bd1c3ab9035550e26c03c4e5f3aa8eaafc211

Download Submit
C:\Users\Admin\AppData\Local\Temp\CeQQEAEg.bat

Filesize
4B

MD5
5cc334e132971aebb83e89d7feb9c09c

SHA1
0cc7928023fddd99fbf772492eccc60223651cc9

SHA256
04a4d96dc9927c44bc02cd8ca39ce9d0edfd95e6300a3b8af52f30a9a11ec009

SHA512
5cc0761ee223cf79bdce1065090b55873d6cff2d43418b03036af51279508b71addc1232f2d38f40d182b9988e9a13718e48284b50bb42ae1cbdbc923267cf11

Download Submit
C:\Users\Admin\AppData\Local\Temp\CwQe.exe

Filesize
195KB

MD5
54d5d4e8bae0352997a1e18e8f0cb23b

SHA1
2c4ee2f126b65f33d2fcbf4ff0fb6669ca01fd9e

SHA256
cca630659a251e545eacadbb47da42e3fc84ba4247ea6edc62eb89c924eb74d0

SHA512
8259a069ccbf153c514633e01722660f35bd6e65d4e1ea71302dba6fbbf00a237ee61be404109cbaa9cd1458fb985f4d425ddd7bb03196df283c10065d2f574c

Download Submit
C:\Users\Admin\AppData\Local\Temp\EIQo.exe

Filesize
227KB

MD5
6f9bebb5c77df7d21c159b0933c07f42

SHA1
274d5166f87324399d1c9ae8d5dd35943fdf9176

SHA256
7dba9b997a728c18f529c1049664b2d6ec88d382fc2dddb275114c90f3513075

SHA512
6cac2a390a4415209f76b92596f8803b8f6b1abe55aa828d0f9cbf7b79769f48b203f7873545c7e6ea03684262a935a360ab0f7a1305c4ba116120413e3ea5c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMIC.exe

Filesize
197KB

MD5
9bb76324a7dbea057ce842be7c60857a

SHA1
f17e60294fc29fc766ac6b687cc02c10e8edf4ad

SHA256
df6d7bb3cbc380ec4ecdf08a39d6df1fdf89aa62556c0cbb52728d212d867de3

SHA512
9ca806003c8ed09407b0d6a60712e0c2be50e36c5ecc0a34d52ea6d4f2858f161bb5b32a0b85894acb942f2a52f09d6186bc7e52931e6e28f0b6125e5e10dd7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\EaEUUwoI.bat

Filesize
4B

MD5
3644e2b3dd3b6e930dcf283bd5f1b457

SHA1
b6fcc177a51e695961076a996326a41011fa60cc

SHA256
a5377f6a7d842075ffc31d004ebd1e9493a0edabf3632dc7978850114fe6d072

SHA512
65a12fd1d68f4a1525a59be5f047aa9a0e0a4d0dd8718bc8f2a58746a827e3fd0cfde394351a0c6baf6a820a4be89454d3fe312125f85d71bfcda2d6acb92074

Download Submit
C:\Users\Admin\AppData\Local\Temp\EcMG.exe

Filesize
182KB

MD5
b170a13dd05078044e1cbdadd33eb8d1

SHA1
f2dea8b4f8fbd1316beb0de0f98f01563172f058

SHA256
b9fb86516587cebcecf8ac912aa1ddf96759a1a3721ff2b9efdaf53926b6693d

SHA512
d4021e0f10b58ccf9874a33d10e85742de47bb1faf3d6c881f528a80af0a2107c85ff62f49006f3402ea3d1f26ded36760edf7deedca5baafcf85288e79d9e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\EkcW.exe

Filesize
189KB

MD5
bd543a490643b200dbb2e769e879562e

SHA1
d4bfd8eb04123ee9bf50eea84318639d2276f3d6

SHA256
5fc4c561c1e8140b4795ed17968faf29fffb36112544c65b1b86f8598f5fd38b

SHA512
97d601a4f17b1aa4b1b7c2a8892757af1e9ee941e8087b3d48cddca04a166b2f62098e8841eb21e0d4a921c3e0326d86328c55bfd8ade71112c041efc418ac00

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAMgQcIg.bat

Filesize
4B

MD5
44208feaa89a7f90294585c0b0e756f8

SHA1
f449f32b0ee63256f872ad53592f204938f5fdcb

SHA256
793be013fa3ad4762c7c7575d6fcc7b60a524c771a1c45b4e668967bca8688b3

SHA512
d408c27ce9827b2a84db5e8b57ff8ac9c96f4eab691dfddf256c3c6b0090d7eb8db2a067147dcf7a76ce469e134e6cbb8fb0e0ed3a5a7d4d5a666add633a738e

Download Submit
C:\Users\Admin\AppData\Local\Temp\FOEIkUUA.bat

Filesize
4B

MD5
3bb4208e2a09e3462e90da756310a621

SHA1
f64534421cebc650921627e7c7f8fc2050df4471

SHA256
f6af526c9da6cbb2846e89959eef86985c1d19b181680d048462e9cb60c8e19b

SHA512
802621ac593650c7a600a91b0aec1f347aaa24496ad41a09b8a2b05f6805d87f5380351474aef7ed4c18592278edc6f6880cc6fcf5520e0bef8211ab73123727

Download Submit
C:\Users\Admin\AppData\Local\Temp\GAMm.ico

Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIkG.exe

Filesize
198KB

MD5
e2a5df7efc0c7364d94f5af4bf93c100

SHA1
37a8823fe45fadb741afac2a1f1d6fc18e237530

SHA256
f2c7805fbb14d5cfb95e68cfe75e721ba61b65c81b71c1095ee6cb4c7d11346f

SHA512
36ca9884ae5a71821d781be3ce5415a3638b576e987e0a972d90ea91e4e4b40ee8b016a52bb45f5fd3bc82dad950a2c4dcd11474660cbc810f4e16524308e873

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUEe.exe

Filesize
773KB

MD5
c6dd6107b8d130770ad2089d31fcc73d

SHA1
ec7cf4dc8c069b1108a1d8e41c086c519756646c

SHA256
c428d30d0706e31066af4681ad65c726ec4608cc5688b8ee6e4a17d6ff211cb8

SHA512
d178fb90dd1f4cf7eaee80874501ad19793eeefe2c81339d1d706b6c52787cc32da5699c56237cfe639aa3012360257ae3db362e5117ec38115c861caa650aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\GYYwoEUA.bat

Filesize
4B

MD5
4826e42a66500fd33e314923df859960

SHA1
9e8ae71aaf218adeadf87817211c6911672e973c

SHA256
08c7f2c2d5828219da9fce53a3d40d40272513ebeb3b307789d26aaf338a1f2c

SHA512
8a254110e0bb396d0c430a1fb116619ec38dfa648f87437b7f2883b9dd9fe3c6eb0c2559928fdb11484645d5c3c27e70828ed468b305e6e744c1fc0e924c4b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GcwC.exe

Filesize
1.5MB

MD5
1aa0570fe809fce9bb2a0dbad0d8b04c

SHA1
b1f4d5ef6d84044e54730f0ce38130df4894a937

SHA256
07c2887315313941b9cdf4744c8485e3c3ad0baae3f90a24373e79c490dc0cb3

SHA512
732e328e797b2e9e17d089a885fddae1d0c8bbd25f58a76901038886b2ad98934b8afdf3acc5f07635cbf0e1ff0694c2bc6c6ad6e36b1fdc1c83e208b836e1fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ggoe.exe

Filesize
225KB

MD5
74e0bbfbd82803aa3634baff76c7ed45

SHA1
b579c92a3fa54c2675573431e165f88dc8cf06a3

SHA256
a2176ee2781c4b5d920087cb0ae15e47b94394fc3c86431d4988c8b59a1c1a8e

SHA512
901e1af8e9680945bc3c04f16def8ec5edbe37e60c0c394bc5e81777c7dffa389a99265c99e7be7816ccae1e3b9e0cc690abebbdcb88aae6f3a33978a203f670

Download Submit
C:\Users\Admin\AppData\Local\Temp\GsQa.exe

Filesize
238KB

MD5
e31197a351c5f7d41f86a84c70478d7e

SHA1
7260fd15b705310e05138af6df9b90acf2c557e9

SHA256
6b2399066749ccaccbcb5a89fdb2d51428c22b166457c5cbb7322849c29d2983

SHA512
3cf1a5c44070106373d9348ad6d2702ffbf2a1eb94cf1c693d61b76d56b01cde458ce9c4a5a252fa16084283e1a17ed6383d82759b87f0419a9d4e05ead7f4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\HWIcoMkg.bat

Filesize
4B

MD5
05261b860e6c0648d6ccaea5c352a757

SHA1
536f3df4aced6b85400b40fdece4a5682b08c620

SHA256
29e1cff47bfe2f785f0e138377163453b602d50b26a135dc5c12135c094d5b07

SHA512
ec320add6bac14745ecc9589b1cbde934df1ac1e603e1a2c8abe58662aa6075ec740ca0f76681a0c0c183a1059b0451f440f69af3464fcd9bc158a9d31e91715

Download Submit
C:\Users\Admin\AppData\Local\Temp\HkAUQwUg.bat

Filesize
4B

MD5
6546c2a517030919ff992de43a156b4e

SHA1
b4772226a3c92714fabdf48797440e64a3788804

SHA256
590194fee0045273ca88ab5d240d17498f65ec7f579601a2777dcd51c0a00a07

SHA512
189272e06caa2e923a5999543ff0f8ad7bd40b43a6071853c35bce456bbfb8aed529e1676fa92e4d9345db120889c18e92073e634dab4afd6ec41e4f953640d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\HmkgUgYI.bat

Filesize
4B

MD5
7aef7c263dd007c7b5fe7f178df65aea

SHA1
28d4740d9e75a1a34ef1dddcab6133afc6e6d115

SHA256
536e0bd021124e379e5488d33a68ef5b6738cca0e5ad44ae96848fa71458e180

SHA512
114a52400f3bcbab285f7e0ae04ad6c919971f196d7e648cbe686c5eedd5a88a3b6d346f2416c1d88639df0cb7160c13ca6eb3169af7468ba6c7f9e364621a61

Download Submit
C:\Users\Admin\AppData\Local\Temp\ICEckksk.bat

Filesize
4B

MD5
15e7d2f5e1cbfeb4f5ca66888cb070d7

SHA1
8704dfbcb5adc9bbf15dba7cfc9fa5ed2dab017b

SHA256
b89751753f607c3374e4bd834a3c5a8b7b4cb80b71af98add46c00dedb9a15ae

SHA512
e2916b7c7741dadd0959f71f37aebe804f7f4a5cd856c685676fb2a3d0b41f9616a1b028f0ff798af199294cf4b2bbb50c57ebad8419aaaa52ac5b043dddfbc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ICYAQccw.bat

Filesize
4B

MD5
d184f06d1b25012abfa8668e1175466e

SHA1
568e67506cbcd78be4708eacb9e567b792d24bb2

SHA256
418914f93f84edd8030ec18d9b212dc465b0fee0b185a0e270794b3a3d7b4276

SHA512
242dd2c7514dfd0f5602eb416c50034c2751ddf23e4c1fe8798cc25b3646d33fd8d7ffe86d375aad4d63507e4adff89de5ed632190bf345111de77ef7b9d3e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\IEws.exe

Filesize
205KB

MD5
349df7a18665152a9facf7cfdfcd658c

SHA1
d09a1bb841e67e0e33f417626e0278e387f9c537

SHA256
2a7fdf49e05c941dfd5bf42d154fac02a591b9fdf0cb048a21dcbc7bf5220b9b

SHA512
3e171bee9ac15eebd271f05e2cedebfaee5ba8cb017fcd236e5a8f57cc30b4a90982eb0b3340acb28c0b9a1b7c818bd6428a1d1608fc19d14154d77be99f5a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIcG.exe

Filesize
1.0MB

MD5
2772f39ca2eb6b09448b26fc18430ec9

SHA1
b3f56630be0baebac7ea6344ce6fc2e606be4589

SHA256
bdfd6b18bfaa650e7a9b2b2c0b1f6baa11ed9d02a6e7700ffd7d36b10eb49001

SHA512
2bea7e14747251959cf47c3bfc53973a5b595a35ab8ac90877a9c1b2350b4ad5fae3644c3cf458783ca558ec481f2795ba3833d0d8ae8435242bf4bdc36f2fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIky.exe

Filesize
243KB

MD5
9ade1995599c9ca6a723b47c8341dc52

SHA1
b453603f35636d1961c952c79b4de88931686151

SHA256
f9868ea35433166629e06626a53e7c1062b0c986520f5ac7d407739b81c35d83

SHA512
2ec64c7618f44c5ddecdfecdc0cb1403036d462300e34b6151a0eaa746089ef28c131f770ccf782516514389f9690c71f77536c7e8738705df4a847d1f3092d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IMUS.exe

Filesize
230KB

MD5
2668ae21f12a1788c1d5adc5fa6d23bf

SHA1
2181fbb07d5292fe3a8c0bfeb54914827850e584

SHA256
91ef43f01b92c91058342317dec748889f2613502ddfd4dced90f39e48980d61

SHA512
5bfafd440aba0483b52814b043c268ff18c2af6a151947e772fa3876d68302cbfb132a407cc95bbc15d0b72d3e58e97ff11ffed0a11f2a6b049387be334f7136

Download Submit
C:\Users\Admin\AppData\Local\Temp\IMoi.exe

Filesize
234KB

MD5
cdad8d1a055999884be99af9cbfe01bc

SHA1
c58ada5b7186fe6b024ceebb7cbcbd51b9ff3247

SHA256
1dea83d1404ff86e9964a0d56da3fca681ce10f821e79ff72cbd58ca85917601

SHA512
8d546e9709d8c8116988b69dc1ef01a625aadb631c2e06b1b8615e6b3bcb52a051ec7217e5328d8ca232bd0fe6e89955dc02adaa3af61c7b1a5b01f6d7291ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IQUW.exe

Filesize
317KB

MD5
75d213ef4ac3250004b141b547095951

SHA1
7e34a85bf0331209e8a81b9ce7e6f3c32a156b99

SHA256
f923166869bfed4772b3ee00e108d77e817fc4c542d7d272de531e2e641cb595

SHA512
71129d801bb9023436d64a948980595c9ed92e5ceba6a0baeaf77235ee68e2759611ab10a1e72cb132d1225fcd7e502b42ab9ffdd4f821595b4d3a745380a13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IWIAQMoA.bat

Filesize
4B

MD5
ea68ec95a5f6c65792cc90171d1630fc

SHA1
16e807bea0f63979362b47c7e141d73f7503d7bb

SHA256
175bf00e865e17dad8dd1d40d736c1b9389cc475c10042e074ffb67bfc99552b

SHA512
83b84354437b8495ee77ee634cd6f641adbdf1fa04cbe29456026c3f882d2beddac897cef5f2eb7c4ca312618b6cadad933000c4cfe65169c885c6bb7cc5a279

Download Submit
C:\Users\Admin\AppData\Local\Temp\JEksMMIg.bat

Filesize
4B

MD5
eea8db49fda9465450197cc6bd023ba9

SHA1
dfa8a54c2b22036d575a8eb42e5cd9a68033043b

SHA256
7452f39f74418f933221ee3c989e3c03854f9f84e7510cb378602b3a2fc934eb

SHA512
90c1175363e6c407cead6aff9b142d34f756234b97409e2e655b58a7364bf8c244da69034efcbaaaad41eeba4849a091391602c49ab2bd54cd9d7a0aa4f25c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\JKoMgUoQ.bat

Filesize
4B

MD5
3d312a73d8717631185a2348978c193e

SHA1
a82b3e360c973cc0c372afdb5185739728a0bac0

SHA256
a5b820caff4a60e7c3dd82335e0af4ca727447ee29897f4e8e9eedddf8f7c724

SHA512
44cd94cb24a1a6d300cea5fb6eff27c4ce3be9417e17d827c50bfade7e7980d2376374406d363bba21be2fec9a990ed615c61b423b776c6d74f62eda8dec6175

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEAkcgMI.bat

Filesize
4B

MD5
b753c537642d46a5a1cbbb4a7eb1710a

SHA1
5021d2bcda1b50ab40a2671cf8826d0cf60b9dc2

SHA256
1f5884754214218241360bc4fb5e4e02d0f199f3bc7f9264197dbb2af0e4f263

SHA512
28752214e381384f6e9d0bb94026a4a29735a8b14dc80394d2ce667a0c486b6e7b8bfd557822d00727dd406b0ba8fde19704253d375f9079182586077e6f1437

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEoYIwgM.bat

Filesize
4B

MD5
eaeeb943ce808f1a396fd9873b9d68df

SHA1
c92d75c8654632d69344813fbf2f856ebb51d45c

SHA256
1c935e531c424fd571476a0d7127e0aed20b269061e5ea632aff12fbd24dc854

SHA512
22e5ca75d127d82e9a3cc2473c617c4e43f28950ca1a6c63dccead9b111ab9419be2a27bb27caabc917708ac3e6ae4d21a11a3572725d2ad2aff162ba94ccec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\KIco.exe

Filesize
196KB

MD5
1b99ddde36b9247b4636e7cfea7e9050

SHA1
9c35b7136373174df5f2c20acde3f001bdb22b5d

SHA256
458c573505bcce11db9ec61901ce734b0b9613162f71e1e4c29cb9724bd0b10b

SHA512
1ce1a30da88d90fe2f473012744b67f1737795a91dd7a06fddc1c95bed0afca5136b67340bf04356d4cccc98bdd15407f8c1a5d5f4618f224fd2bde7eaee8bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\KUYS.exe

Filesize
249KB

MD5
7c501ba2822adedf6c6042b24db2638d

SHA1
a02273dcd05e5d50bdca586eeeb4fe3f8693f0a7

SHA256
beb92d817e93fda4de6c7017a3aef0ef0624137d10fa47fe5a103fc5d2a2f5f3

SHA512
0dc697d60d63afa9db652c3764727cdd63cd103a64103d367543d5a33eb0aab358abe80400a819fc33e2272fe75acd9726f9913d38077392817fbf422a99742c

Download Submit
C:\Users\Admin\AppData\Local\Temp\KWYoEQwY.bat

Filesize
4B

MD5
abdaa1fd8feed3df236c6948af64f9ee

SHA1
7322ad6c0e992a2f524c468ff0fd875c8b730706

SHA256
1d8f657c325fdab8d96658f1606137bf16bb6d732d9b9011bbea34b30fe083d4

SHA512
db277c20d4f1dcbec88bc9e17898cc10c60606302a5f6aaeaa62ea4867f51a2969d56e590053792512cbde323c4334f214e29a065640e2d6b7e440aafc0a7c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\KWoAQcwg.bat

Filesize
4B

MD5
5ac278b045c383fcb4a2788f0114b24d

SHA1
baac34ece78e8c44d5e8bbb7612d7c1105b39897

SHA256
c8e56f07414c78e9e04affa9169f166db0b36831d09e3cbe68bca72d18ee71ea

SHA512
8cd7594e74ef630bc077e8dc6628c315a263e8519305870561a1d7698bead210f802fbc7962352b92163791774f27c6edc0369eb0f44b0378a53c637d6004cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\KcUg.exe

Filesize
250KB

MD5
9f4e1cfe6b2b8cd7bdfe67373a7b1b1d

SHA1
481cd1246fd53d8a7ee6b90c266f9b9289a31140

SHA256
23ae52e155783a992d16ce6b9eaec9df532d526f25c2fff0dbe4a3b963c57221

SHA512
518c8fcecdb4acb00df9c6110e4091e934b2700f01887885a4122afe875d91c0c0dcb0b0b3214107b7682be73aed1918fa77abf5eaae5a3404ef49df3b955dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\KkIQQIwY.bat

Filesize
4B

MD5
97d9f46f9b83bb50b847a0f7c8f0ca2a

SHA1
6ef641b193c38914c4cae9f3fa691b5e56b096c4

SHA256
9d712b33aa89c4a5837b83642cfb3569cb1a42b5e6d79e25dcc5841241c83a15

SHA512
505d5a3717515f2c8486c409b1bc4549050a3ece748f30c49b1976dc2735dbfff0385f29173f9990f305803a448714041c3fed72dba2ef0bcb307a35e5539c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kkgo.exe

Filesize
243KB

MD5
0549eaec4203a834bfc9228ca11906c3

SHA1
802c569ba79f59f22c56c9c98c56306111094366

SHA256
43aa93d08a0bac2a9b3258c6de38097b7f60e28f299bbe79d21040d157d2416b

SHA512
5e71286536c7722b2abd3c561c3dd77874ec138f0cffacbf35f191ee183d6aeb9f75159d0b886928c8267cc457a9587d09c4d5facc070160dbaea27230903369

Download Submit
C:\Users\Admin\AppData\Local\Temp\KygQokkY.bat

Filesize
4B

MD5
c0aa141b95e9819aebfc7d01ed8fcc57

SHA1
fa14f73a9f98a833a878cd83248f74b518df6695

SHA256
659a391ac02d1f5d6e4d29b294ad556fb133e24276daf467a878079426e69817

SHA512
8759eae66b4cfeb91e24bc3a682e566b28675a9307fb36d4e2d6cfe6728fa3bc6eb8bb553d945dfd22dcb107ba5d2f40935eebd7ab3b8ce8bb0ccb460e1ff785

Download Submit
C:\Users\Admin\AppData\Local\Temp\LKIQUEoM.bat

Filesize
4B

MD5
7e21c12da84a4e11784254279dac17ea

SHA1
d554ed5a970e27a20797c45d494c63ebd602ff34

SHA256
e43483a0d902533abe99647bb7e23efd9dea0aed6fbb1a99ef6e44c74a74fe4b

SHA512
c50550ed391cfe2ba7e189e40d370606e72622cbe0ba07dc8a525a9b9ed509e2dea212fbfe6990d3e0223f27fbef01262a215ad84c0c14e2a434994d43a4ea30

Download Submit
C:\Users\Admin\AppData\Local\Temp\LKccgEEc.bat

Filesize
4B

MD5
5db82ae819e36cecaebb4c226f263655

SHA1
dbb46be5bc32aef54da03402852237db8b4358f9

SHA256
93343e4e288d872005ff83120194d4099495118d50e796b50291116ba9a089cc

SHA512
a400b539101b3edfbf5ce100903a5d6e02e638744e046a0cd8f833f10948dfab1ebe780a7e9f3977e4ebf244ead7450d0fdd983c1341346262e2e99401fc9ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\LQEUssQg.bat

Filesize
4B

MD5
5481c80a578a4cd47cb62d972148bf29

SHA1
2177394bff67c66e17e3c7e5c2c31be482d0dc55

SHA256
b15c19a431357dd94545894c4b61c6b8a6ac8cba6b0ab84dae4ed69fb6e4a312

SHA512
f26fd804559858406dcaa6210341e5e48f134fc31970a1fa97d5fc09f26db9e22cc3fe02287629cf8a749135d391a7a97e3dc93c2140275143d1734101e22038

Download Submit
C:\Users\Admin\AppData\Local\Temp\LkQwUAgA.bat

Filesize
4B

MD5
9db71333e3d7eaeff8204671912e2315

SHA1
d6cc82aa110e9b354afcf06c2e4c7fc1f7bf36a6

SHA256
59bcee8fb628cfbb47e3aeb5c0b344e0f511f399a43f4c25d319fbf97574f3c9

SHA512
1a8feeca75f6488ee5faef0fd7b3179ab9d6c2844b31f748cc1816b6b8afcc250a24ceac0cccb26a2514916d7dea0c74d18462ad9a568f19bee7b89be3336dc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LqIIcAgw.bat

Filesize
4B

MD5
14f3773f4dda92452d3bb70f6a486f10

SHA1
085d80a30d57f3896ba099e12585a29acc3bd79f

SHA256
32589e38e2121982eeaac96dbf42c1a2f73de2bbd5723707ef997b3fdd453bef

SHA512
8c9059c6eabb7c2cfe8adc01c838a4a8b27a7891f6da8690c45a03c211a38adf1c9e953b1d37eebcfed1221ac1cd000141e0b0cc965012846a10bb18c46bda12

Download Submit
C:\Users\Admin\AppData\Local\Temp\LqUgkgEg.bat

Filesize
4B

MD5
353f992f203f79242ab4cd2a9c3a5884

SHA1
08d53d6d3d7da80e7b11e1fadfc75cb53df6e343

SHA256
fcb400c2d5554cd1466b53a8c208c7552613e36d9160ff12ea2ba1fef12e27d2

SHA512
ef76c4479eba4f75a6f991a1651dc48191d33b1037a9018b9abeb713c1d8410e2a4d1a00557d1ff4a57c6325caa5ef65e52caa7f90f67727c9a1657cac267502

Download Submit
C:\Users\Admin\AppData\Local\Temp\MIMA.exe

Filesize
233KB

MD5
ef2f290c3c7fb2b3bfd7997a087588c7

SHA1
eaa5429cb3c1514b81687a250eaedb5b0e1c1244

SHA256
3a254609d8221eab113146b1dcff6b796d75b39b43e52b034f150dfed68caa24

SHA512
7664de4965056b5041181d4f2f51c65ea4f14cb0a2987515e49ac6a40a3fa4783c6e7b1929bd75761593b4b145d8b18d354e9e265e2d3aaf502e5b3b7676ddb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\McoE.exe

Filesize
227KB

MD5
a70b8dfffbf1a814b8ae88da28d954b2

SHA1
70155d9cf571807e6becbdadddc6b0eebddfe28a

SHA256
ece06fe19074dd5cb63e2d359c729ab18ec267bd846708b88daca4da092dfaac

SHA512
476983e74ca2e7410e6a6ceacaca24b0936e049ba43b19ec01798122b549473b3d87ff93da63bdf00e6b3bca3f06c6c3f109843ff5b6a36529ff96c6f2813e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Msci.exe

Filesize
250KB

MD5
5506e1be0f521fdd94115ffee7a78eb0

SHA1
76619d7f82bc9a0b03e159cdcc59d13be817cd28

SHA256
f3fa39c214cac1ea23eeae77a636bfab2ede15b9046922e930fa75830a32cc80

SHA512
4eef40b622f462857675c9744d38b0217936a16b3550329f474fcd7d5782b874f32bca7e01045b331d27429b262a5696503f40d4e538424055bddacfb9e8cebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\NCAQoMsk.bat

Filesize
4B

MD5
23917ca141e440fdde56e4a13cda56f5

SHA1
da4ae9a8ee99c38f12e6def82f3d1e0b3cfa5269

SHA256
d448132c3104346272768094e9431209e1e7c26658b23a6ff948261243d31b14

SHA512
041338109fdfeb79a51928be09e19c1d745fb0e763831a22517753eeab19e1237a6c91453b25a8eead770a6954fe715bd52ecd86686e88d5017f439e3568cf38

Download Submit
C:\Users\Admin\AppData\Local\Temp\NcQgYUww.bat

Filesize
4B

MD5
f423cb5477f2941718f3a98fd7551450

SHA1
70e32e8d0274ff4246dc8b626eb333965275d0a5

SHA256
99207c470f4529d5a541e3be5f87dffe8266e978b48825fba49c0b64c3d9521b

SHA512
4aa2bb353305124a9a6aee840b694d07c97634712c31aa255e4bc7a3ecc9019f7c8ed19fc0fd4ccf25e3281e1549e5eca00a70c5de59447a797a7703f7c707c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\OQgM.exe

Filesize
195KB

MD5
b62f738a398d3d2304be71e2acdb7aed

SHA1
b9e0d1ab47759b89f9599735adc129dc0c965600

SHA256
8e84b4e38f21ba908a5e6f2151ab1490cde4481cf4cbddd85147961625171a90

SHA512
8bdec142014b26db4f6a475c2d522348098e0eab1d2eb2a5011903ef45f8c7ecba237e85c8ea917d80fd5db4ca222f596d8944e4145de216fd6a31afffa386b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\OUsi.ico

Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ogwy.exe

Filesize
4.1MB

MD5
0ffb33219d916b7a8e4d66db9aa0453a

SHA1
549edc37a8b015f86cf67fa4a1cecf337f8ebeb8

SHA256
f9a99b6e96a39780945558182dd1549aeae0b406ff1ca24f713b6f24df54403e

SHA512
2526ca86c1635e3bb0b97de4fa24fca18c6a19b5af7ee449a68b9622e3435a7ccf6a3c664bb51214e4e2888d4ab44fdb9aea2a4a1e4987a7769a37ffb336761a

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIIk.exe

Filesize
196KB

MD5
bf5d5977fdf4487ba34ddef61bcb49b8

SHA1
e2bf8dc25e82765b0b686f230e9ce9780cba32a3

SHA256
a6e495c77730f5b6b2cfc81fca9203c96166fbfc636ed58c9888a8141cd21dea

SHA512
13d4a94c2abcf2ad59d4d7376fe3be10500879e0dbd2495d8e5ce230d5823821b2eef46f835edddc4425ed5b82d2cc06f5366de101f553b1be62bc9112596c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIYk.exe

Filesize
4.8MB

MD5
436cdaad7157ba297d4358808e1f1a3d

SHA1
d5fe372ee1259941518142b37cb59caf7afddd3a

SHA256
d003c7cc7e34eb3608b9b1819a54dcd86cb441f6f02e778658ed7744ef7a95ea

SHA512
3bf37ea2f93929064b954f6d0ea7db598d90d6373701c1d86c566f8a3daf5da45071be2e9a4683be06bb9b9bcc49865ecb6cd1381c32147629285403ef86fef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\QQoW.exe

Filesize
246KB

MD5
4f1c908d04271fa45a652f0ce9a7eae1

SHA1
e0abe7ab375462e958c78ddce2407af7796f6c12

SHA256
6addd4c403e93522a632322f4d0e631e0ba8ca615ba9696f296c2d4bd57fa9e9

SHA512
58b6788ef4cb3905eecb94807d776e5f5304c3a1cb81bd1a790dc7fe27ca57caf7529f68d1ed84c411ccea3d5624e59b5ee298c3f7b8c9ed21c8d561d8f1e09d

Download Submit
C:\Users\Admin\AppData\Local\Temp\QUMs.exe

Filesize
240KB

MD5
40adecccd6be889ba8da2387c6819e38

SHA1
32e6b4cb2996811860bfb57145820e148c502e7f

SHA256
53363562e27d7f35293b995de3ed0fde59fdca3a0e9efb4522e780f49df97bfe

SHA512
0ed370688ecfb3cf429e927b2b730ca908edbc298cdccdd65cef488fcd2a81114859cf4f03f66aa49f32e711f9a5ccbcdf899d9d91003559667123dd34c51871

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qgkm.exe

Filesize
199KB

MD5
d6aec5a92fc235bead4c9687fd8b5bf2

SHA1
4236935aceb97a7b644d75017c2ccb8f8df22e9d

SHA256
e16dd3b6683d3face396619ddc8caa5849930a3f96eea6bde8e4a7db248dd63d

SHA512
7c6ca5e8b2790fcb2a8d4502b5e84362d21c47ea2819f0359e35fc0571db990de78e7b1deae4b70faa5eca0366030c4a829d16fde4d51d3faa8a540d255b7fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\QkkgQcIA.bat

Filesize
4B

MD5
75b0c989a1d4302d1bfe26478f4edc40

SHA1
dec336e1cdc5a357997a266a69e609803687b4f2

SHA256
ae49cfc6eb171b7b0ef26c01e0b6b3e80337095085b6abc675e455791cb05599

SHA512
7b4e7560228a45b77f2761c3ce003a82ba0f51bd1e0e6afa48ae4f57fabf965f31e4d38834684b367599a8e3254d47b52ac258fa64dea966066a9be42720b993

Download Submit
C:\Users\Admin\AppData\Local\Temp\QoMm.exe

Filesize
240KB

MD5
de5fa0c9ed8dc8d8614aac2d9d08d596

SHA1
edde7529a5be598a7dd8d310aa3098714be39770

SHA256
570487b7f110ad869caa2310286ac27a2c109168660cdea82493f754fbcb3164

SHA512
6529048d03a14fe0b87f97695c6bac89e26ab7ac76c727496513bd4c3f86c78368aa6ff82afd6a8402a628a27c1e4fe31321ae46176ffe8c86b402085470e800

Download Submit
C:\Users\Admin\AppData\Local\Temp\QsIk.exe

Filesize
247KB

MD5
af0ce61a4c308cf2ca97e1f94ab6137a

SHA1
933234734cb2873066c58afbd24b63c242495474

SHA256
18b33681572dddb06435d6c4b1d33738b05fbf64b5f39bc5da7ab4c32855d759

SHA512
cbdfd6c32360be965d203b365580d08b104d56af7a1b641e5ef32a058340101a4f8c2ef5e763d1833bca22281bc762fa6c2098a8abb8fb4f1afa47581c24863b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qsgu.exe

Filesize
8.2MB

MD5
32eefe5f66b86a01806f38a422761ac8

SHA1
04f4b10e0f0d0640ff149c0add058d0eff9e9e91

SHA256
bb4e9c2d3727659c94aa18e8e00499d2a8cf86dc462f2e2a2c02802d0c170b3a

SHA512
c9173fe51633f21fd043883b7e9eb289e079e8b3737c46fc8d26c87ef00d1b3c380b7e0cc168d25cd5b914025cc9a4ee76d141fdc4ddcd8a4d2128e53582a023

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qwws.exe

Filesize
1.2MB

MD5
369df43a0790e7b7d712edc4f53ca152

SHA1
a93261afe6a6a68d1fef8da6476215b05326c0fb

SHA256
3e2817cb7af1f3e426be677a500339f2782bb9bd62febe12b8db8e2d72aea6a1

SHA512
59123d7e7c7ec52f5fbab753a14fe329208c4f9ef182776cd2b3a11ef39ecaf3495637ab5e01ff4613273ecd0bc2b039aa98620de24837f93ce1f65a9679f5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCIYgoUw.bat

Filesize
4B

MD5
6a6754435f6526bd2ccce579365d135e

SHA1
3a35712d47f8732e9b5cbe731e6889dc39ae15c0

SHA256
297a2781fee467a59edc7ec18904c659df2037efd351e87577b41b8c0e712576

SHA512
1d031f9e6f778371bbc83a9242aa1c1d43c0db05a44718ad895612289e77b81cb6669b08fa86638bbb86e86a49b43d13d123dffc1498716826280541467432ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\SIMe.exe

Filesize
231KB

MD5
4853939fcc12d1cd4fe61a123e381b6a

SHA1
f85cb55956586a5d17a6888fa69d16d9111231ec

SHA256
6d9f383887d48fe212688ef6d87afe9c7170a49de79ca4195c6c7d24d7792c6a

SHA512
69af297e849a2ac4720196f0317929f2a416e3ad7bdb07580abd853cdc3295409563ddd338e74a41c6af21b538c9db3349198fa2b643df63f7b31b93cc77cc70

Download Submit
C:\Users\Admin\AppData\Local\Temp\SUIi.exe

Filesize
1015KB

MD5
f9629fc2b24f084c14176b185058d044

SHA1
fc315b67ffc72a5a4a3173b84518e309435d4428

SHA256
cf3f04cb77ebabcf3b3817d5f56f480ba05d3fd4a470d48d157f8ace6e7475db

SHA512
a4058e6ef145505140b431ffb769502ec7d89205141b62707abb56d4cef563a021c395130a2ba3c4a68e45d988bd523b6c7f16bb244f333ad2c6e676d72b03c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sccu.exe

Filesize
187KB

MD5
fc881ed18b31547e6a937539602d1967

SHA1
8751a83a8314f94d6ad18e0735b45e0f3f1486ec

SHA256
68717f89f0a99f42d65e36dad6cde843f496ec74c212e10a4f131ad58a6ff856

SHA512
9a4ab51a0e7279b295a497e545f580373d4ac132f2edde4b6a83fed161deb0b649f0959f651560b90d7d875a650e9652e8a17945eee83af27b70c677f1514c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SswckEUY.bat

Filesize
4B

MD5
bf24f5c357aa6a852f09c9c2798409a2

SHA1
79a2eaee75c04886cfea0a9c0a2de478163f25e2

SHA256
643022b4d0f53f7fdce4599bbd60250ca2d9a4d059f095650b543eeb286785ff

SHA512
2f5880d9f38d6e70bc90c33e3622fd8189490aa0f29cbe7b26d3a040f408cc8b6b1286752eba32a4d63510062fcf15d40bac736673ab2588dc8b67336ac301c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ssws.exe

Filesize
189KB

MD5
e83ec93eeb75813c152e80f3934663ed

SHA1
c0f1393f7b6c14bf510515474dda1db9cb3730ca

SHA256
44bb4ad939335aa3b13f7c33c9628544725a4a014890db0d82cff5602f9adb8d

SHA512
fe46ec478b08f670449d3dd817f3db3a1b9d94c460c0bb50ff04ad7a4b370e7b5dbb17f902764b30cfcd02c169cf5a5b9a177cb161a1587d5cbfff63c4f3fc21

Download Submit
C:\Users\Admin\AppData\Local\Temp\SwEa.exe

Filesize
244KB

MD5
40c988266fa9855be2b84ff6f5259416

SHA1
96cb805d098277fb1581debe81114b673e7eed89

SHA256
c76b567e6d15690506d7b005c039e9cf3f440e75cf97bf1b4d35673d34c552f7

SHA512
3fea12bd1e8c34df0b980cc093c6956af96ad73c55b83ace2cf43c9e43ed3cf5b0f5b201896b6ed6b53ae323c337e5dc43574672e61cf30ea60404a178cce588

Download Submit
C:\Users\Admin\AppData\Local\Temp\UAIU.exe

Filesize
205KB

MD5
f519c9ea9bb5d24ca37f49ebd358d6b7

SHA1
62f200a0dc50bccaa8840e84e5d055c57b865957

SHA256
645ccf3ee2bf2a24af9c61022ca8c3dd9c160cacfc51164014920d9ab1c1a401

SHA512
0e1ff4909b068002c335d0ea18e6f9d2fca5eb259b1e917c344267d93eb5c22f04477ff3f52deb59502779ff0b66f2aeceb27d3e8b75444195cc84a4ef77a5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\UAQG.exe

Filesize
237KB

MD5
098eb08b8b9159eb3b7b5b222707f135

SHA1
b94eb2621e7d5d3d8e5b97972a6beb50ad3e707c

SHA256
e6d9d89820a09d9d640d8fe89ce64c3320bf407c5a5730fb1975ac34d9b48ab5

SHA512
9041aabd0399ab491c54aa71cabb12c120ad630da8df0f16bba458c64e5c47d7b1a41b028d8d952df03a98bb2cb35c16187e33f1e012bf88305a6ac7eaef5f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\UEIY.exe

Filesize
181KB

MD5
1f43951b5caadaf28b445ed5a7573c5d

SHA1
8772470022689940301c9712a8c5ee2c3b1fb195

SHA256
ddbac579a13f25393cb85b5c35eee6282ca160c55b7871426bee934ca3227de4

SHA512
e961925b37bc5727dcbf8286211d75beed8e12c907653382efe0341b2ae9347f994033c05ab420f79bb650d8fd765c37401dfbb47e897b931b4553b867880009

Download Submit
C:\Users\Admin\AppData\Local\Temp\UIEu.exe

Filesize
180KB

MD5
cdedb3b1b9accf81bd32e9f9dd09ba30

SHA1
5d4cfa80073a1c823f63f22812e9376eabcf5598

SHA256
07d510d6a46a7ce7a848046856595191011a90d8ecf5d1dccb055d414b091771

SHA512
b5c76bca5ea1fc33eea7fcf9237e0bc2145f29edcaf7228be6a134fe42afdcaaf030338b4550845687b00fac2cbb01706f85a0ba9ba073a5e9ec62b622de7b29

Download Submit
C:\Users\Admin\AppData\Local\Temp\UIcY.exe

Filesize
828KB

MD5
ab3239c82783cbc2f027b40f9564c7a2

SHA1
0ad582189b7f91d51640ed1c95b74ccc36209229

SHA256
57a9240f67c87f7de74e5026ef066b294c10a401dccd66e6d09ce61626a0191b

SHA512
32193149c688edb45d6be6f728e7ba2056199c475a2649e67a86e17a1186411c3efc0f2ffc755baba17e33cc3337698a4bb99304f1cded357f6e754a9427bb6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UMEu.exe

Filesize
196KB

MD5
803a27bc9b8d388f667eb5a0fbae6738

SHA1
0ebc26408bf957c773ce2aa6fc4df952539c0a2d

SHA256
5739ce465ff472c9b45379acac0d314d3f43194b2a86b301aa8c280b7f75f55f

SHA512
decffbb57847ba61d4cd578281d2a3151797e3a1049c8bf237dd59196c8dcf8f1af730fedb8071af3b6b62bc3c3ac81b36575ccd503618f7d4387a2453c7bef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\UgEm.exe

Filesize
209KB

MD5
f7505130ffd4fe7e8620ae14a1044a7e

SHA1
e1b7519fbc90480836e0047e2417ae72c22256db

SHA256
278d84219a5779638b66debd669066fd64bb95bf6b5b6a85f641f0a10a927e16

SHA512
4e0ddd3dfd09710d48d47f253fbebf0a35cfe3e27cfb1ac1a2b1e98cc8ef059a0241b8bf87189d294cb145d30a43e95ddbdd9a83993537ae8a9270797c69d76f

Download Submit
C:\Users\Admin\AppData\Local\Temp\UoIMUAMY.bat

Filesize
4B

MD5
3efd1c225831268f2af45a8187ed0a56

SHA1
def13deb043ede73349d987d164eb6ad78be0501

SHA256
ca69f5e7058acc1d039dcdd87943168b27171f70b847edc0323dfa6be36b5f27

SHA512
d2a8a58f333a1c6edca2443d0e64ee50ac8f12a583ec3f7b069daa4d0dcd368a01ea3d611f27a94191ac384f795d580969057c2dad4a08ca333eadd1e7b1dcd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\UwoM.exe

Filesize
204KB

MD5
782e1b1c40cfec99903a9a44841f6317

SHA1
7ea7b0b113f26991c6f72306af5c3881b38f4cdd

SHA256
d8c0bfbcc713aaf67df26fa0aa9d6b9c075df5dddad150cc71f8b20b0b834901

SHA512
682dc5cfdaeaf6f90f33950dc6d68e3773cd4271ddb1d501d642800afe6f4d6cf84b302db6d46d45d802602554fd32b04c63f79bf19b4147baf0c14f4c230cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\VEgYoogE.bat

Filesize
4B

MD5
72f435ac91b1a9be1a79316c90e65f86

SHA1
03a8696b29535447f8b81567c3b07d05bf1c18ad

SHA256
3010dd06a2f85def5a40b463cb16a6b8aef4f4018a89bf014b9c36377b5c7657

SHA512
609c006dbc3bc8b445eee2ba765981dbb006d3bddbe32e8992e73a6e7db74bddcd1dcaad1cc31fa257cca99801092e4fb1e8d388c4a832758323998008564379

Download Submit
C:\Users\Admin\AppData\Local\Temp\VQUAksgg.bat

Filesize
4B

MD5
f8bfc93dd3122df781df50d06a62f172

SHA1
c2e3a800d69e196d9bda58599cd7ade01476a858

SHA256
f80c50da70b5564d8b5b4d13bdb13152e16112061c7b4d4b1d87437037005065

SHA512
7e9ba4c175e425d5a689b419c5a51215046c3a2e1b2eb06f1a91dd75ed6c298563d36b56ca55768ea2e2efdc3e20d47da4cb56733b7ab1dd3b005425fe2f30bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\VUEgEUIc.bat

Filesize
4B

MD5
485649f29452466b1173cd25f52599ce

SHA1
c8ac1b349ed1ddfd19bfd462abd6e5bc9fd2e72d

SHA256
012296acf7f85e5c71b44ee7f608cbf241ca92983dbd14134ab63e7bda66e75c

SHA512
c557abaeb5d1171dcf56a7cc9c7446dea68ab8603ada8fcac743ce234e8675337f2867a124b195e3b5c16f6f0414239e686d3c863f42e57e30f2e91ae30c4cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\VikgAccs.bat

Filesize
4B

MD5
f2579c72c43d7cf6b4e4b76404170005

SHA1
5528bb2d21c502dfdb8fe955268fd5a5f0d9df09

SHA256
c0c7fde6841040d02731979429f0dcc06cfd577c60ba5920d87aa03657ecaa40

SHA512
4a3f025a6f0b16c0abda914b3ebf622483a0fc10de48ddb394da6476bd3c8d59a556c5ebb7695aea010ae95cc3fcb78ed52d617df989b826f8bb4390ddfef563

Download Submit
C:\Users\Admin\AppData\Local\Temp\VuogccQE.bat

Filesize
4B

MD5
79a4b6ecebfef374f4e1101db72d3922

SHA1
56763d5ad6fdfd9b0dba18b8fda7aa263d2d4c12

SHA256
11d2976768e729d4d85ebd1fb629c50335a248b93d9e759c46ba8ba307b03664

SHA512
8ce7bbcfa0b3da80127059628bdcfc6c270b539c96cc7433f429760ab8817aa1d8f6bdf8c4162f443d38e09a8da023f7a280a228817874e710089e5eb2ac3983

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAsO.exe

Filesize
249KB

MD5
2d6262187fed2281b1d55ad66acc9b49

SHA1
0824dbcb32856c346c371306c59a6bcdc5e243d0

SHA256
b6b42b1464563fbbef5d46c9ccced12b1954a42aa1d6fbf5239fa7d4e313d2fa

SHA512
ef388bfce798b6faf0cbc9300e0011483474356f63fd0b7f72a78f8c55a0b6f8505911f1a115d2d8ce9e7272d3881ebc037321ca351df5b4c65283c36513d137

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEMAMkgQ.bat

Filesize
4B

MD5
179553d8a8c8e73796e1817f4d259f31

SHA1
d7e5c78acf1fd3d2ea0ccae5ff6d496b4ff1cada

SHA256
ddb5fb168152ce7775e2234f1c80755b6a56214cb9d86f0b0ac863f5a3d0defb

SHA512
689431c6a499b1b77013338a415d34309c1d605067b2644832acca49ba9b3843e72d510c25d5d59b7177f608c7a0f19881d0fcd8e43cb2cbee2ebd3235a09990

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEMw.exe

Filesize
1.2MB

MD5
a9549ceda982b046c8f0368650863ab4

SHA1
e8099253c01f46792c93e4e0e71a599e3b709bd8

SHA256
c8b480fc69b3018ae85ea4482af4ac9f8df2f3662a8282037e4d45c0bc9d9507

SHA512
ceff4fee2af6f38c9bee7e25fe2c452f807829ecabafed85ff339825bc63f827620513091193bfa190e03792b76b40be83872d257a62ff5568ba04fefa74d954

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIMUsQYc.bat

Filesize
4B

MD5
fa398cdcc85156e0d80e54b66965764e

SHA1
660d2c77b76023992a1fbf35e8e3cba96d7214d7

SHA256
95fc0614191e8269690e5e3db65670540a9beb67ca43cd32ff3c0944468dc535

SHA512
ca0543a628ef87185eac8a27aa1dfb0eec755ae8a024cffb97e4db982f50139b7b6d3aa3fa6a3804cfb08abd8b5744360064802cbf099ae759575750c1070e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIYw.exe

Filesize
305KB

MD5
08fb826ad1170a87a630e02e882edbf8

SHA1
3319df5e3a8431f5678e35b138ca006ea5584885

SHA256
3e548a673e9623709628ef8c30ec5261f8ae23c801877f42ec4036f73c8422a7

SHA512
d17f95e546e30aec5a8114ca245a6f8c0d09fb383d49f1cc439655402898d87a5012d6c61e4413b610cf230603da81bcf678dab505eb453e526af64dd2f3b306

Download Submit
C:\Users\Admin\AppData\Local\Temp\WKQMkEgs.bat

Filesize
4B

MD5
4977f7f69a644508b20bb8fc0f8d1e4a

SHA1
266dcb572271325029b92acb486bdc5fa81ed1eb

SHA256
a2e061d87ef0be8303b087d4c2f9f4aa9995b3c475961a0828946394d366a24b

SHA512
a8aecaa415208936696fcacd677d10ebf73a42a0286571b046648d03972392c8e7fcd66baddd09aeccfa8e850657e8b206ba966773460a1bfbb350bf574ae079

Download Submit
C:\Users\Admin\AppData\Local\Temp\WOYMEoMA.bat

Filesize
4B

MD5
abf480f699c52b34be69489be678a43f

SHA1
dc30bfe3b1d059730e8302ae371f4dd83b6b88ea

SHA256
770a36a8ac4c40b7d09682e4a3bd12117b16e22ebc205ca943cca89cf327e4dc

SHA512
a0a8dfe0ba17a2ab796fa5abfdff753d265db64807d8cb3112ac6430540a90823a81409e20b08b8f01fd80298eb2117c5374e37ac20aa9c1c36b429cba4484c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WQky.exe

Filesize
200KB

MD5
4027a933709eb5f5d1c9f306f33b1561

SHA1
ab02a77d496252ce011945d746293e7e4a1dc677

SHA256
5b166edefbfcf869e2e0ea663dd5f489c4d0d58e8f3851c0b5ceed6938a53e89

SHA512
ccaf0ed43477b7ca25e9631e43fb96e8102cb11c4a0695785f56d55b42239bfff4ccd6f711556227d10f58bff28c2c227602a2036884aeb3901ce29b68c5956d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYkI.exe

Filesize
250KB

MD5
842e4a52c931cb0a80ca3712a393764e

SHA1
7ef257c18daf0937a17592004e324a7638641533

SHA256
776c8229131d96127328635b00b9f083df55d8a50f4ef1e35c71d44033e4677f

SHA512
4a2320b843b859b18b1a824340a98f5e4e80ac698ea22723114702fbfa8387925ccd1ade9348fe1d50431e7afe188afd876534beaf4c890300000756eab25130

Download Submit
C:\Users\Admin\AppData\Local\Temp\WaYsQgMI.bat

Filesize
4B

MD5
5401a01ecbae8cabfeb48bdfbcebc7af

SHA1
c3429ee32d719b509f879ed601771ed90bc449e5

SHA256
6ad8be45ff4b0c513bb613eb4ead00f79484e0f88af03183ccaeaa1edf889acd

SHA512
55fc2df8d6b61789c50dd7a0194458e33df982ebfb8b065fd5883486ccc6166481a93ab3d1c4ad55928e4f1bfca3e4b0f512353adf436de6c78ca62ec6e1f747

Download Submit
C:\Users\Admin\AppData\Local\Temp\WcII.exe

Filesize
199KB

MD5
e0360cf9a7d00b22fd2d2080df71c3a3

SHA1
88d91142f7ba2479336402b69ec1cf47d416af1b

SHA256
98bbff62cbc3fa46a3ad19099b80db324add07c2cbd6582aed08c874bfb2edfd

SHA512
97e4bb51d9992644051e962842e56ffefc0ac74a54c3ffd871801bd45df86e89eb46afb0c6af94184cf659067b6f6564e7a87f34e7581d3614206f42fd48e626

Download Submit
C:\Users\Admin\AppData\Local\Temp\WgYEogYs.bat

Filesize
4B

MD5
7cce7d8784caba5b054081fd9711e0da

SHA1
980384a61a2f12d86e8eb1a4405e7665616caf4d

SHA256
03cdbc96a60208dfdde1ef4e9bd5ecd7917266bad3f66680aeb8b72817960cc8

SHA512
ee88b529b87479bf06731077065078d2a4de5d5cc23062b63f79434d63df8d84923f5f7b38957dff5522001fea889131d917af7986065960a23992cd598505d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wggu.exe

Filesize
243KB

MD5
b23ed5d20fd3817da8d49d0b5f90e102

SHA1
b2928f413e0cbd4b1e1ec81db8593282e7d7bdc0

SHA256
1f14bf51b4bb583ac98b8abe1946c5ed4e509980b3df64145d29230c8893ffac

SHA512
24aa2b46d6d214d653a81a101261914cf6cc1367b339f32db3f236adcf04eb8c622201ef84791cb1aa78862d67331fcd5f32ed073c3adbd4dd3172a78d6e195c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wgww.exe

Filesize
230KB

MD5
b5e5f684a409d7284bdbd13f33c5b2ed

SHA1
7dab4e364a424488438f469fca24042102917a58

SHA256
2e6c0b6de5ff363c7ff88324a020f1795ea3eeb2f0c7b0ba822ce11d0d7c59df

SHA512
e72f0d0f59d7edb3bc5e9b7a0292731cdd08c96e9b43d611a181af098130dc0c3ae9af6c31c922391d364e1918ca06a2e921f8b5fb4137a37c1cdb41d8ebf16d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WikYsMUA.bat

Filesize
4B

MD5
0595720cab691a4e54be726b44041186

SHA1
179892330e3401db8a79aa2bdd3c498fea72f442

SHA256
d3ace7c40c2b59d7760181cc097818e3e75272631aa3ccf828d3719ff2183aae

SHA512
deefa6227f59c26adb08b19b445e22b42751db357510c4e9020a3fea501693eaad6ca2e725ffef6f70eb1f7815356adda76c487fbc8511e62ce0c6b1eb1c7bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\WoAc.exe

Filesize
222KB

MD5
71783cdc13d1f02a9e0dca6b0719ea75

SHA1
e2792dbf3473b211de69ea73f93ae44ff4a6f119

SHA256
1e8ab550b79f642e5b4aa51ebb8e9e27f3c12633f8bcdab5487a799c431d5513

SHA512
7d9100a169ca4e2edb47547944c31b1e67e75ff4a99d0d6bd595276b0660980510c90ea9ac6cbc27786fb8556272d3446ff450b1cc2e5ea4447b31bc58b38630

Download Submit
C:\Users\Admin\AppData\Local\Temp\WuwQgYwc.bat

Filesize
4B

MD5
38345df4811d762987bf3f909e39256b

SHA1
279ad2344a9a4a81c2e68447c7cc10e57d7a5ee5

SHA256
831eceb2742e027c99000babb07c95c3c959b776ccbb607a7bb6e6d5a6e6777e

SHA512
e1d05d76bc73b23d5d28718324bcc8a983e9c0008a1e8832f900d51e9b4dd9550653db9daf5f536ce8d3724230326ff4d70b210621e36ad1d9beab0e379003d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XMkAUIgI.bat

Filesize
4B

MD5
0b3bf52c63e53da125e3998c559a605c

SHA1
3547e25af01d56eb51ae3509435b8e22fef34243

SHA256
244a32f376ee90853670196876683e21165f37b4f1a52257055297b9a60eb153

SHA512
1f09c53f20447da5a7e899f174257d77226ad24ba2db0b081c7b5fcb66d022e5b14484dc741a7c9a7889e1bd11a9311373878043599710e2e67dd0f44f518452

Download Submit
C:\Users\Admin\AppData\Local\Temp\XOEgwkkI.bat

Filesize
4B

MD5
39afee735277d647908b9bedab515517

SHA1
a9afcdfc41e7596b1eb870447fdc9ea63ebadd5f

SHA256
1997ca2e9410c2a567ce8d71b6c38c4f917067cb5e6ff7c2ec6ea3c9787709a5

SHA512
e6d89adab8075619991577bc5b4534964993c87f8e7693d9699f37bd2e2bceca55e6983700a7b322d73c0420823bd36f42c796f4c1af21ddb6750f5a20fd7e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\XSoMcoUU.bat

Filesize
4B

MD5
ee48115e6bd199b33681f8a69e828c7c

SHA1
708fbe6b8e412566293dde68e09663eb4137de0c

SHA256
89e9b155a1051624d332252171843faccb8e52b0e895f1bf31c79c8fbd346fa1

SHA512
01995aecccbc2348f6f6e892c729273147e57b5a52b790d7aa21c1709b6a67cd4450933fa2a672ed0b56f6a54d04556b9260cbfff7fe5f72737f3c9df806d026

Download Submit
C:\Users\Admin\AppData\Local\Temp\XmcggEgw.bat

Filesize
4B

MD5
b79bd55754bed7bb56c283830c3c14ee

SHA1
ee40a1226a28895cba9f94bfe4638b71fb0209ff

SHA256
d3d21202b4012f1e3261e0b71580d558b1e819a47b3780cc9496ca0f399e246a

SHA512
4c459d346d93297ccb4c2f1030397aadb79e56af16f96b5203365e273d20bf54130b63d719f297e532960f6ba88f016abcbf0907399ffcb88c55a80574d3902f

Download Submit
C:\Users\Admin\AppData\Local\Temp\XwQAYoco.bat

Filesize
4B

MD5
fb77fcdc42fe173c8eb7d0c128677034

SHA1
53c8122eb069a174485304caffd8dfcd08cd402f

SHA256
fd6e63694a0c5a88d4ab2889fffa2a577d457a3616da441f52d5bb8c5c84e83c

SHA512
fe19ca3a2bc646429445cf88f4f32998941e2f183459599cf0133e94ac258d7b90657f260e1b88ec53d5dafe3e890c982c6a15487a618c269c6d42292ea80111

Download Submit
C:\Users\Admin\AppData\Local\Temp\YAQA.exe

Filesize
226KB

MD5
e4ed6d7855e802584fec72bdfc61d60c

SHA1
e6d6c1dae9ecc5fb0fc449f3b832448e4a667fa4

SHA256
2e0d531a9de2ddf02115cac261df2ef7275448c57ebd8a1c8c33b08da4adbb2f

SHA512
b9f9b1c4267ae171c227bf802e991bd3fff1cd0e1d5c956e55ba88f7dc4682cfa84708b09c933a53f443a3d596abd0678d3ad8197eed05719be0526d5e750309

Download Submit
C:\Users\Admin\AppData\Local\Temp\YAYy.exe

Filesize
239KB

MD5
6d4702cd9981726dde01c9e1f9276a44

SHA1
714520b5e44ca3a6f989bae7571f5d2fff669b7a

SHA256
3b6da7ec3db86ac911ef3cc326ed2192158893e08cffa32ca1b079b835d7d6e0

SHA512
a870e396d6fab2a85ac7df4d459933ea95362942c3f0777257c23402a5d29cb8f24c929164ebe46ccd59b70c5230b3b8cb07c60ecbb4ab6bb3f021e73a99ad9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\YEkA.exe

Filesize
1.1MB

MD5
d60224f46c969a36c648ab2cb52015ab

SHA1
cc9bded5cb86605796fd33356723adc2f44aebd4

SHA256
9da71f26ff740ce16599a5b35d6e85d77dd541c974a217542dcbc4590d77ec13

SHA512
f56015fa9b016b7289a082faf36fb444ad77bebac59ff6e3314d00dab94dc7354f8e0440ddfe0e463f2c8bc96b18cd2d51b96a43919b7ed98b5da4f94f1ff0c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\YKAwoIIQ.bat

Filesize
4B

MD5
5d08babb97a535bc03aeb23c3b53b67a

SHA1
a163a5494a45fe768013463e40a3a466be25e383

SHA256
b5f4a291f4e42f851daf0d446bab4093a4e58da6f8a35cb72abae37b50b5ae4b

SHA512
ea5c9e4da75fdcc0fba991215ea72fa3f3434a639e1a0815037340f60ac7809aefd5078cc138985f05c97824b319dc410ae3ad0dba188b172991adbd9c12d64c

Download Submit
C:\Users\Admin\AppData\Local\Temp\YUIU.exe

Filesize
246KB

MD5
e0c47e4605b55c214122c05af02dc9ae

SHA1
d528a03662f92b43019a073e004fd26af18812e6

SHA256
b9562a005f83d0d42e0fc11bb0e0c98edc2e3916c60994f6e2b31a53d10c965c

SHA512
b82f49fdf204a89d8f307eb54377a55827b975a3c5aaaec54e421e8640cfe963d38409db220b24f7e3380265909fd9e557ca66f56637b2e54baebb31dace6bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYYoUMcg.bat

Filesize
4B

MD5
da9b2aa83f42c7f1df8cc18f3f809539

SHA1
05ea980636561e0c936f74e3f038ed1fd1136319

SHA256
ff9cbae1ac871318563d479621df2892a0e8fcdadca9c3a81a351d0e664eadb8

SHA512
b6b2f5f2466fcbec6b8edfe8fee49f0c2dcac2d300f1db55e2925854f16bd1a0200c217c313ac6293276bce7ede5c4261de52393886d40966a3ae6eee67de225

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYso.exe

Filesize
823KB

MD5
90759dd199d22f98593ead2712ed0d87

SHA1
65b2bad0375260b0be438d3f61ce4c6028838c4b

SHA256
d7585ec291b707ebd576f1ac78304f78da317488754d266f3b89017c59f5e084

SHA512
4f548e456b93be73d199f18920dbbaf7e2cde6b626a8a4211d1efeb6ac9dec3daf1ccb9df27eabacfc1cfdf57b07b46483de5034d46fe0e4ca2636f071cfcc2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgQE.exe

Filesize
248KB

MD5
495a80c20ba9d1c35019ba7d0cba903d

SHA1
b60203881847840bbed8354cae4872704d6243bd

SHA256
5fc2f0131781bc3f1d2c08ecb84d5b5227159147e19385350110a77da6cfa79a

SHA512
159bdb689a693f94e6f1dc1450fafc34f4bbf810dd0dcf61dd3a357e02259dcf4276c9234af2ef77850287dbdfd63fb50f12b0207bb1f62dec8071bada813482

Download Submit
C:\Users\Admin\AppData\Local\Temp\YoAS.exe

Filesize
233KB

MD5
a09c1a5429fbd9acf2f2c2a4a6a1308d

SHA1
fb50b2cce1a330b26a775db33830ab0adf24dabc

SHA256
cdd90ac1fe7bdafac61a6342e2e64b2a8ee3616018d19d6db4cff616d494206e

SHA512
8b9fbaeed7935680d0326adcb6b3e30dfc7667519d67fb11938a897012c77e929fadac71fa4e0f56ca3e6abdc9d85f4d9d16414ca3b130f0e3493801120e55fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ysgg.exe

Filesize
813KB

MD5
d08c994deda34bba50a2cf6632d90aeb

SHA1
29636d05c8c38f9810c2001f0c888aee1c5a1ffa

SHA256
620b3338ed79e10895d9b6124ccfaebb2066928fbfc74dfea0e29fb5befbd475

SHA512
8015ba60cbc7d51de54da7cabbf56ab713dca7f7ad9f8cc79d6369c4a33ad1e0ff39434ec26df6048f3c7af9831fc6e069395cfda7424d87b4bc3fbea9a531bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ywgg.exe

Filesize
955KB

MD5
8ef372e87191a60eef9aff7f4b533560

SHA1
8dca6e56e5e76eea1557ae5f306f67007fe0ff05

SHA256
4089b6304c19d6a1e18d5d551ae67937677d0bccad77e934ab06d38d6829adfe

SHA512
5ba6608defe47f2df6284a91db23cc927745b5c730b348b4d1f4dd8fd184a8a994fbcbf8a8708117fe36da90b1dc052d25b423434f299f5f1b1a940b2b9f9506

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ywgo.exe

Filesize
233KB

MD5
fe245ec23adee625c85d8abe2ab5141a

SHA1
fa5a6024721b2feb01670c4a2c8c22ceb217e02c

SHA256
186182d481d36e358f525dab1801c369dc31e97f15bc2384bb3f1d9c50759ff4

SHA512
eb2db53ac99fe2d0cc718c33db4913e1da87ecb33202034cab95dfad99f3a6906e3dad33116e443738230a973032d3e27659c9216e3a4b46124c8bd82f780f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZuIoAEAk.bat

Filesize
4B

MD5
61145b547ccd1adbb890c19bcd2c8526

SHA1
d1f2dced993bf57560b29c822e008c4d7c4bd5b0

SHA256
5e5a04703508c2f2e3009d68576aa6b01132ee7b0141b72c3c7429f57a27bdc9

SHA512
b7c004b05da9ae2064a1816e079b695ad9ab8cf1065d93bc9bae97aa44bde7213f76effff98176adc4b5d84c5928cfcd0166417379ba74203b9ddb4978e70ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\aAIe.exe

Filesize
251KB

MD5
31d2f6134e6be8c4595ed4bfb06c272e

SHA1
438edbe894cb7f199d716308adf6201dc1025114

SHA256
99b17aee4a5f7b4244594fc5d2aa92ffa757b5e9c11373f4e196d49902994bb2

SHA512
f305dbe07d2c3db63ea5cf3794b4a5b00b98c8889ab78f2f6a23214089a90e33ae5a9fc4d9911435430f9c523a9a04131e3b7f95729d089a5b2a3cf116929d8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aEMI.exe

Filesize
232KB

MD5
eb589221174c5dc523f759cc7d78f204

SHA1
8c3a92abd0caa4cb4f4640e9cf7a5bcc6cc88508

SHA256
637d644c7f70169f0480d1d07f14649ac1f89258c8da8b1ebfb1104b6d9d3197

SHA512
8730e0e4ef298bdd30bd4da65efecd06889109822ef129e94d1d3c883f4ff74fdffc38f2137d23ff001390c106824d5fc127ce7b0c8b312aed3dcc13ad2f71bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\aMMG.exe

Filesize
223KB

MD5
253238192241671ed06f564b378ed622

SHA1
a13beda97133f25097489c5278a65e2905d23490

SHA256
d0fd488a4e4c47b9daa9ee00e5afec2071bac4281b7c0fdfcf1b8249e3847d4e

SHA512
de6f4b267adcd5afbce357573f40d65110a12d05d3d64911dab64fdcdf7072915afa449d0dc8e120918257780065031434f7c2c658005f623c731d0fc03594c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\aUwS.exe

Filesize
237KB

MD5
3165b295218ba8a27670b47b2d880a9b

SHA1
24651cee4959287c79b66266578728eea616a123

SHA256
1f96aa7c4c2b67b9a89b951575ff8457e4508bf88b14394e56011f61c663035c

SHA512
ecdf552f26f37c39681487e8322caf9f1b85630bd2ed6341575726eb647ed8a32ae046f9238616107d2d49c7349fd8d5832759b43bb60e6d32d496ba6b075b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYUA.ico

Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYse.exe

Filesize
250KB

MD5
a99aaa6a0a61ec8c45e3cdd4af4c7367

SHA1
d6c57d6c64b050208ea4a916fcdc72e41061dd83

SHA256
7e12dc225af2007ff6f15f422a1987106a2afccec9d11e6e5029f66497b8e728

SHA512
961fe9f1e744a5d2fbc6df2f4c8636f9bc25cbe4021fdbe4a893634294f1d25083ca1750e8391dba44b5674becaba9732fbb77f1611372a0bba18db82aba1a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\acQU.exe

Filesize
245KB

MD5
b08e7db0e95ddf5a1c83be6ff7008310

SHA1
c7aa8622c594b6e1edc9084246589ea352d3bc54

SHA256
5f579d2951da00e7a9b5140f7397f25a75d7724df61a92e2c9d797a939fd3147

SHA512
3c694459bb3d2ea2748e5c2027dbdf77f704184f7a861494249e4a5bc2e3ee99006e65a4eaf3f5f0864c1d3c405ab46150101aca263dbbc2f46f587252823f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\agMI.exe

Filesize
229KB

MD5
ef0934e4e025396ab0049f056d5c16e9

SHA1
06b3781701d77d775ecc828aaf0d969a3e249128

SHA256
a565311928c0c6a69fd3f10c5e9ae6091634d5b84be4fcc87e1dca873a5e2e73

SHA512
29440a29708c9e4cd3a052fd69c2c17879c2ab57b264e42e51f743fd40940932ce8a34dcd00d13127a71ec00cc276687323a8e99a1d9b0ac79fed74d96079087

Download Submit
C:\Users\Admin\AppData\Local\Temp\awYAoQsQ.bat

Filesize
4B

MD5
b9738cc6aec0067b09fe2261554f2a7c

SHA1
969d4cc0784392dd271e9c7b6d1c3ba31d9ca6e9

SHA256
92cd2c9cf0bddc129e739e0977d66c93160c859a9774ea27064a72bec031b8b1

SHA512
da831470948eb0ec4005a8510f287910ed7594dd36944287a05ad49efca7f56d41a10d644d8061fa2b5e4708edc5075de960861c84a09681a04f19fcbe59878e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bUYcoEAA.bat

Filesize
4B

MD5
57f08065f9680132dcbd010e25672c03

SHA1
4ea262876e81349bcd429557d86971a8aecbfcd8

SHA256
4277b4b31acdd3d21d4e4b984165a4cc55c90cfbfceef624cd627cbe924acc86

SHA512
4a593183d5fa662db62e1e13f861f7250c4b76110e235ade3a9dd506f9e216d295d73ead2ceae5d41b124966efc6573be08e937a632c4020ab5a6456b59badf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cAAckAog.bat

Filesize
4B

MD5
1bce6724b6ca203bff6bba6305abe994

SHA1
b51edbe49b37ba1b085f02e57cb29c648dcc3d59

SHA256
0107f905207efdcee757443b6ef72a08763a6c51fae017032e821de38b7cadad

SHA512
8ee38f2b39041af610b40e65c601faa87ce11327241471821cc2a681a61f5e0d5e11f7db17a1638c465573a7dce4b3bb005192db5458889295a12de6204018c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cAcq.exe

Filesize
226KB

MD5
11c5c8739d3e8cc6ec56ca8c26e20ebd

SHA1
fd94da6b0d26a91681323cc766e0f386572543e9

SHA256
d5963069c0db11d48413582681acba452cb056f60a97c72ff3d0bb40ddeac5df

SHA512
6e45fe79cad46e1f38064691a08e9a542d86d75554ac44b6666d5384c502766eb94e941583d607f0411dde98cc39019d81faa2eb765b629512417facead5bd29

Download Submit
C:\Users\Admin\AppData\Local\Temp\cAcwMkkQ.bat

Filesize
4B

MD5
0475717a3b2c1dd03812e29443234a1e

SHA1
5ee7c021a99f52ae746f8857f68386320d176bb4

SHA256
f47299216a3900009e24eab7be5501bba33950441c3d32acdd056667cbf66020

SHA512
ed479b59751508168b28e35b1ea1d579b66ba3f9d3c30a189fd9d9c05490ba2a070dffffb0780221aac1d3ce17289953f89670b37793e62c95b36d80ba960450

Download Submit
C:\Users\Admin\AppData\Local\Temp\cAsEocww.bat

Filesize
4B

MD5
9b1fd7148791ae926d16b9ed282d72c9

SHA1
1d161c9d021d11266ee93f3f9c412a03cd9fa6f4

SHA256
a76f28ddd43ae493b50f4b651a7855eb3d4c0697855f4fe7f4cb796e25428566

SHA512
0739b5eec8f0008e5648e50c63c0e3d8079c975b99c8d661c586fe43c7cfb1ce964bad9cb32e679018e2f68e98a0a6953414b797516f8da6e75fdae3124cb3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cMoEEQAk.bat

Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckka.exe

Filesize
246KB

MD5
3dea95ef3f210920695f3e37c94f99d1

SHA1
ea32b5c19805ea048c3e397463ed4db8b895503f

SHA256
9368149189d1ffb1211ea2fde01f4aded292ec8ff3f7f5ef8d22da3f961ccb5a

SHA512
0c38239ccd4c4e062c9adfd3301628f2ef207494da12cb256f669cd999a1af42868794c307ab297fce8a1573d901b250dedf38b7aca2dc2efb3e6a8e52ab5804

Download Submit
C:\Users\Admin\AppData\Local\Temp\cksq.exe

Filesize
230KB

MD5
f9594cf7564f0d1f6ebd15f21baf8d2c

SHA1
15455880ccfac66ff748a93b6d3e6c2e8d20715a

SHA256
d9dc6d7116ed83723316ad1e5c34be58eb9669f5ac47cd657a14db8dbbd08586

SHA512
ebe09866bf543dc02d5fcd1ff88644085c6532105947013f38a91a2770ba1fa70d41de9e206869b1f275804e26f2f8991441c87423eb1d697d7afb83e6e5f9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cssk.exe

Filesize
242KB

MD5
c705212477f4f8f6d63a4fcc9e48072e

SHA1
d9a120e6119080b479c4e7eca0444f21d3614bea

SHA256
e063cb20a121069e269ec4ddbe70d349fc615548a14f21a62eb80152815084b8

SHA512
8e9daf6172467aeb388a7d53800d4ce9f5b1041740c2491dfe92865cbad062eaf4caf197ec17ac1e4ecc868b3ac77db84d5ba1d7075887f02c65b167f394bedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cucMgMEw.bat

Filesize
4B

MD5
3abd2bbf468c200af25cefbffac6ece4

SHA1
7bcd534e9f302758643da29d3b4959eabfdd0c2e

SHA256
37f4a70f55a5efcba4b93d176fc2ce787d96cbe940e6fbaaa947e4f913ffcb55

SHA512
03f788913b41960006ace3871755dda9d29feda06b6a8363662d5853c3801b53ca4c54fb492f77d55f56a67ca8e356b77e0c6f63d2d19371f32bba7c31951180

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwcy.ico

Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\dEUYwEcY.bat

Filesize
4B

MD5
282582cf5015fcaa343f46ba7511686c

SHA1
ac1d81f484248d2dee48a2ca6751ab7861db762a

SHA256
7942360a46b11462a605592f77744f17063bfc24f7840b750b2a0ea19ccac67a

SHA512
5520bcffb4c9c38aee96e177fa8c69eae51bfa95ccca8679c508de6438979fa1493411198d182410be45261a29860998e3e9548b7747c648b48a66a778d63b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\dMsswocY.bat

Filesize
4B

MD5
4ebe03e3dd0424a4704a84cbb0e31e50

SHA1
4716a01b868d505153e5824a63b0a12fcd2288cd

SHA256
5da7f2af7ffcccda68be44268b988673484aed34bf8611973c291e1dcc30593f

SHA512
75f185401a89f4d025f31f2bec89e9d3892a1841454d7c6449f9e475e6c38f913daaebcd4cd18fe398bb17040ace73288866c61b4d4c79467c823f185ce07f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\dusQEAwk.bat

Filesize
4B

MD5
cb2b1d79022236f9536507961bdff0f7

SHA1
b42aed89918287d661f83ef18fdb9eb29cea732b

SHA256
2fe02745cd73183770f9a07c5f4f95668affb4d11600b4d5d595c1ee78ac8400

SHA512
cc65ab1437a9f464cdf1c57c9245d3de16e92672eaa7de890eb489e52633a86825413ad7d2990ab8b849ed0b088995554633589bd7a3f7ae598be6dffcca9948

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAcK.exe

Filesize
250KB

MD5
da6dee70a78d2912b3629f090086a4e8

SHA1
bb22ef6069331afe91c1c396e3a99f37c6e06f92

SHA256
40a499929819803114e5f6ed2821cf2592f1c272f2c855a778c81f997db37ca0

SHA512
5bf8084a48b7c9cfb764e064ff32bd92ab9d0509345001cffd2279e88cb4a529ae04dfdb31f2262be07f1879d96eadc45d81cbe5c40e22158ce4c21934ed08ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAgo.exe

Filesize
242KB

MD5
eb2489e8b9a6223a6de4ae4da8ab9bd1

SHA1
c1532ad9b5ec09648a3f47338d234ee4370fca03

SHA256
3793b6ec7217a62428d1297455c30d3b0ef27f345f881b030f4132273ec2c05f

SHA512
457f04d67329b2a280a9b7f6d63a3734813339dc2d2722b2dbe7b92387726ee2effb85db53da1b1b39be9fe5431a0cfee00ae50ad6a510354b85c206ac668c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\eMEgcwUU.bat

Filesize
4B

MD5
613c4870f2de45777224dda3fa946496

SHA1
7070618f206dee970f5138df8993c63dfc8ad339

SHA256
28b40483d45265aa806210c323417e8d943ba5eb1d9bd450e821f3b6f87f15c5

SHA512
7a496a007796a0373905fcb1bf947734259df2178e6c44da82905b9ab860ef845c74f387d0ee64701eb68c4c466b44c3bc9d147eca29323520a244d8ad3956cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\eMgU.exe

Filesize
245KB

MD5
65253a4e2f76789be23efe4181cd23d1

SHA1
2bee5a111126fe4be76425e77a02fcfa927d4eaa

SHA256
dcf064e01e89fd38d761bcfd0b3582550d90d560330a03987c885d4266c9ea0e

SHA512
eaeb699310251115f138057f4966a6638197bc052c8b900fd722a81e4292db70a995da52fc1403a31baf20d6e78fc03fdb781b4c07900602461b867ebd978ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\eOEEkMsc.bat

Filesize
4B

MD5
41f6d418f609126e5b88286e5a9ae39d

SHA1
ecd45160a6902c1138cdb6387730f0eb2345b0c8

SHA256
e4f940b21064a4c2cfc2ad39b3b3da72aceb3035b5283908e99487753c34343b

SHA512
34acefebc77be2abcd1739d83e9384efd98513ef59c9cb9ff26f6a334e535cdcc40eb31ede867a3bad21b11b1c5139cbd5ac42539a17bc761be0e4d79f82de0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQcS.exe

Filesize
231KB

MD5
2458d0db03becc29f3507725d72ab7c4

SHA1
8ac8c49d89a241da0ca2e694a4b845e0ff0283e9

SHA256
36cd0d1f3bbf3c10b45980983b16da978112f93e2c923ba78698641d6e109811

SHA512
1f38b84808a34f2bd0619c2e80e9309a964c5516153bde49f3cde808501f194b1bd9c8176c36f91cc31ba469e6c8a73f133ab0fa4bfb5cb575f0a2f154d2a5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\eUsO.exe

Filesize
791KB

MD5
d4ffb9c1e595f8d31a167fe4d2153223

SHA1
4461aa7252dc4025ff669b691f0f8e1d3e69ae58

SHA256
f754db6ef879f82523e6b5740e3cafd39bd3846dc6564870600138f60a967289

SHA512
9bb773160deaaceb986fd677fad8e7835f0dee636757018bf0a829f5fa0690a3e6f2f309288469160b5baf185e559b467eac38b1a3e9d4808ede868fe6352f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\eWMEYUUA.bat

Filesize
4B

MD5
b0c9681e316af916f3be3df6b09452e7

SHA1
1185191495d9a4e79094249af2ffebbad11db7b3

SHA256
a70a5a4ac2e53b4e99193b436cbc6a555e7b34f360c3fc1246171bd6f98b6e09

SHA512
c1da10afc4c4d98bcac1215a9284866c20581c79ba23726e39744e9d506c3439b94a356ce1ecfbe64d336463dc72b3773e59a362f41cec2ba307ad641fc7f90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ecYIwIgs.bat

Filesize
4B

MD5
f08a8672eb94c696650118d6d950c2ab

SHA1
32d66f521773d960c8359d842b5af9956b5ddfe6

SHA256
b27f14fc91eb56e381ca4ba504d5926a46a46edf66c2d07e63149d67bb014886

SHA512
51325ca550be285119376b4c6b8d8144fac74aed275b1ea1d0bc5d00a6a64fa8193e1f6f82df47aea9b4c2767577cdaa546ec877fd7a15938fef5b8b9278b4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ecwMQIso.bat

Filesize
4B

MD5
f75c72c07ae3b8b39bcce44b0564fd83

SHA1
06017844abc28e31d49a5f39bcb6f022926e5bf3

SHA256
7bc8926a4b3abb912d0538bd2b58b9e04cf0f6989308e897a524c6d87d282a14

SHA512
f16f0910165c2bc5951066d4e29ca04f6a4c33e3fc4175c651458eda8461c7b190bf75e871f7cfa0f3285de68ec5ed33fd5dae435f77c930acb8d597633cc1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\eoIA.exe

Filesize
251KB

MD5
1413a727b10cf7eb779dca7f63a177b6

SHA1
e40f9bceaded4ed1d114a40268d7704cefc19b52

SHA256
36458eef513e67cf1034f424032159860fd75fcbeb371d0d93b212ab5074aea0

SHA512
0e8ccc6ff464147b7e6161864c00c4e87811fc04358138df3fec2ab5088513980bda8a41e0fd14c18e1cb967f5129201d932456618ac9f2fc00a4c54d39cb52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\fCwwIIkE.bat

Filesize
4B

MD5
d1c33fe44ee6cce2abbabb6069d9a261

SHA1
86927449325e9a9909896223e5bffaf0a009ca78

SHA256
c672590a10715bb0253ee9c35f5800fa9308a6509668d20f04b51593e6cf03ba

SHA512
14a39b1481c966d6951fd6a00c2878370dee23c47bc006374e69f78345679a51efefc4c4d1b98f20c66dd0f8b2ef4db3bd1f100cca58f01aafeb5311b3d112d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fIYgUQsQ.bat

Filesize
4B

MD5
fd53e3d24e7bc405dfb50944262fa24f

SHA1
4ff25271a5ce8b12472a2d7c9706586790c7d18f

SHA256
5f24865d1288166181b1cb404883b985b5202b68c5b2f3d137a7d48719f88deb

SHA512
670135e8de4d612e627e82171ec6164ec4532ebd123bba2aca9934a90b8303cd3c244e664fef2d1855293e7a9bbb6df9325cc2237284ea99c05d4f96e8382f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs

Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\gAsm.exe

Filesize
997KB

MD5
f8252a3f06d1c1022880a63c55733917

SHA1
e19acf7df427f4e2c2323f8c9500e54ef198f2bb

SHA256
68fa47a5f6416d5cb7998faefe86e7d386590386bd644f3ee5c1c21bf9241b59

SHA512
5d96b7d8ef924f993745e1e8c698140a71093e3f0392002cd640b0110035a64940edb9f9a2ffe8f048ae0ce15e67269fe7cf25fe667b5af4e27d7b2575b49772

Download Submit
C:\Users\Admin\AppData\Local\Temp\gCgQsYos.bat

Filesize
4B

MD5
a6dca7838a0a505d6d39d778f11c09ae

SHA1
37b16ce84c12812dda5ada02cc9c7ef4532a2879

SHA256
40b0839a30e62527ed44cb638a18be2ff0c02edd641d22084b887a825aa863fc

SHA512
019641cd34db168d8806a2623f545ed076b4ec0c02992e2a961956c8b636498ff5cab04fe4b1063b4c3061e51bed30c80fde65ea27c27111373bd008a6916e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gQEwEcMI.bat

Filesize
4B

MD5
e4f779ae5ab3715cb436685458fab1b1

SHA1
2c21c73869ff0a05595369dc9d1271b2226db168

SHA256
f3adf6a6c0002e95f93fdaf6ac63f65449df4177d11b69b4b9144f05ff2a0413

SHA512
1f088e82e29e7e59f00f79bd859c9a36eeb6d09b87e8c0820186050e0de53b5595960369fc624c4aeef23e35d902c4a1013cc834d255b6ce01809996b086c1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\gQMi.exe

Filesize
229KB

MD5
0806f69d23b8ef781e8a24cbff70044b

SHA1
b176342715dab659829c3e0c62993e5d52d88f01

SHA256
d43df5896eb5d7977544e6b1aa9dcf063782ed62239a27cf335c7bae051c904f

SHA512
70db1c0d39e706a8ca6ad05838eeec51b151a3e3730b15b04c9159c93765942f1cf8c877b88eb3bf1f2d014ea04d70683ffb7f87190bfeb8800e5fa2a4b26d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\gUoS.exe

Filesize
206KB

MD5
5eeff9c2e8305eb11de1b74e9805f4aa

SHA1
663f5ca2403012bdcfc3e58d16bbf298efd3b70c

SHA256
1395a893435b4aaa59ce2f198a294dc25a003bbd07db5c4d7361ae9442920db2

SHA512
d20168a271f634ab57ca72c5dc78ec5ef55589cc38f9e3fd9eb94b9f33f104dfa226c4c41c6db8490e39f889b3cb167c8d66e925ac3a3522df436d162714108b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcsY.exe

Filesize
225KB

MD5
ab63d77450a1339c83496c0fe00afc18

SHA1
f6e8f98045939287270d47f9b2e4793a8a314f73

SHA256
dbaabe8890c34eaea98d791783f87435f5f37d87054d7ab05148a4aaec450633

SHA512
4c478ea6b2fac956ee13db178a0d6128268de88b71c0a8f53a25bbebbf1e46aec6c3b5fdb74efe76d2ed45cd4ab4f2eaf716c20708ce3fad234d04724487edbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\gooQoMgE.bat

Filesize
4B

MD5
927a852bf4ef114bcda15694bcb9bba6

SHA1
34cc69a7a4ca301896c56e2408f4286d16d97df5

SHA256
13941d53e8547708f0bb72d7e9d3f37f835dc547b2d1a2f2a8bb2c939eb467ed

SHA512
e2963b3ddda3c7ded8b0d88f4c67bb00ef55eb73197110a50e219d78b2da250342c60beba42739b2adb1b4099e8b1160c53463b8b4657325262a66bd3c8280ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsEs.exe

Filesize
249KB

MD5
545860eed50d21d9c6bb35601f4be9a9

SHA1
9952da11411eff724d1ead890f66b33a9e58bb6e

SHA256
75eeaaf85b77d0f775785da95ffb523ff6b0d45b53d5edb6220f5322d475c6bd

SHA512
09e34d38abce2a59576ac33d3c3d4c2b6076798ba35779c82697f085b9195fb795147a31e85011bcf26162d55fe5ba781e1b838e267dd9e4d546efc17ebee977

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsQq.exe

Filesize
236KB

MD5
d96f851b361da1f7d770c04566461c5e

SHA1
783e823e1f9847f332b5a3f01473992c45352363

SHA256
f7b6fd9abadce21e6d5c566484607bc55ac5b7e9933537f210b1937192bb84ce

SHA512
93b2c56d81d17b713288a074ba88f88c29481deacc477601985d6c505ca47fe8f67bd64d2c5bae09db8ce24496e2bf6489bd8853037f77147948adda74ab635d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gwUw.exe

Filesize
245KB

MD5
0c5198b66892387d30f03863d7003ac1

SHA1
23201195a0990e65e080456a0cc2fd4612e9f849

SHA256
76ff4b39c5fede101d3d8ac1f7a2acc9eb0dc70d43a9a4d2a2b79b809f9f0750

SHA512
30baa882f2bc01c42d120eb417293c3d6754132d42917755b5d994752dce2990c770599caa78b3aa8e5ac2875edd1363581c8047b8d670488b06ec0505f22426

Download Submit
C:\Users\Admin\AppData\Local\Temp\hicssoMk.bat

Filesize
4B

MD5
90e3393e212fb0f02d298893dad164d8

SHA1
969e103032d1cbdfa5a671ac5171ec4b26c89fa4

SHA256
f2cbf8196cd55b81cf1e09ef114d6747ad4eb050f2277be594066e5f966a1ddc

SHA512
fd66da0715c86f4f27b944a3d9a4458164afbc2ddbfff931546aa11814969da9bbeb968ff5acabe75e0045108baaf8cc00bbdba044310ed5a56189275bd66ada

Download Submit
C:\Users\Admin\AppData\Local\Temp\iQYoAoko.bat

Filesize
4B

MD5
b291a1242ffcfae35d6a05854090d0c0

SHA1
b9702d5e5797d3c5e1c9c8b30b7266965af45e20

SHA256
6641e16479072cd10a59fc090c61a5c3a86941ac27493ba86e91438907cbe433

SHA512
82428870f3469858584b88f5a4afe2da9b13a12266bf4979e818f1645d269f17469414f63150dff6079a65f0696ba20ceb4404b4f51f26f3845306623aec8fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\iYci.exe

Filesize
189KB

MD5
ba5a123c9f855cb5f7b362dc57d01c9b

SHA1
183c3066fabe7b0a04dab125a2a5cc3356ea9a75

SHA256
d9fed3ad3f237ba1fa041f93821f83d55461ab9bc58e15de823379f7947b69d3

SHA512
9def2742560974b32000723960934cee986abae0818ccb46f1b8ee06e06a35af3898d3691f2b93167279c4588c4bac796d8ab6002e8f0f82082893f76f6fe709

Download Submit
C:\Users\Admin\AppData\Local\Temp\iooU.exe

Filesize
233KB

MD5
d761c770990e7ca43e95637b5ac9e596

SHA1
9a2dd62abefd299c66cc6ca2cf523ff732b8da77

SHA256
ecca3133e7f008db7e039d82da59c20683e82d7d7b2797f23816de5fc31f1472

SHA512
fa8b0d26e7fd2098adefcefa3607f597998721f2a8d66032d807bff0e5e478fa0f72ee07950c7f753d6100d1bbf3af3230e3926afff40c71e148f4d86d6ea8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\iugQEcAY.bat

Filesize
4B

MD5
1698488be07bdd7f4e5ca592be0746ae

SHA1
c73cd857a445163fc8fb159104453706e104fbc5

SHA256
90634189594cf83d20c5eed09c0c64551391d358226c66607b103529bb50898e

SHA512
7e41c9e1ac270be05888bbb117cb4f82342dbac31acbcc1aa0806d5a8254a7e714583a6dd9dbba4fd17b08f4b957ecc50d06e05b5b3baee849b03e94606c0fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwwoEQMI.bat

Filesize
4B

MD5
670b262410a6b31cf419a9da5138c916

SHA1
a0f29465ed2e3b760a285b1cada01563ce01e585

SHA256
8f428852ff0589ad53a82d85f9df52c19194bd9a58a28d47efb6872c558ce47f

SHA512
b654414c58c124b733c044c9c307eae2e9c73588f2e829aa8bd4cc7e1897b63c5c04cec3a492fad8e3f708c100965f23621f42901f3e8bdef3c6971df3faeb3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jIkIIogs.bat

Filesize
4B

MD5
5bc7dbf99ccee836658e042c531aedbe

SHA1
a05a55f96bf31f94153f9b4183150e22d2f8d24f

SHA256
509403d11b9cc1dcd23cb4ec3861eca45a8a1a0f4c2ded073395044004d68688

SHA512
cfd9ddb7c88f7dbcfbff1b9bd98b58757b815384469497c319178215af519a5f2a28b0f96db22bee78933e0b256d1509e4f72c24c5be08947ccddf247d9210e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\jOYAcAYU.bat

Filesize
4B

MD5
f1c72b869e23b5bda48199bc7ed38f03

SHA1
784997439a6cd754e7188f8c4e97d653c223d1ad

SHA256
bab68417b920ea51de3f2ce8b0cb9fcc97d5b41fe9528c71697741bf1f2fd172

SHA512
c1bbe2cafb7b51abbc30feeabf66b4f576a9313368a4d5ca323abebfc083a1bae817e475f20fb09d6820dffc4a32ba93d2daab0a064e8703c9c76deff6873d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\jgUgIIYU.bat

Filesize
4B

MD5
26298e0af88da270a449809365a496c2

SHA1
ec5c674f584867c26149a1dced32e22ab67545bb

SHA256
7d1ad8eeb1db9b30110cfc01504a828f26842fcde7a64a9f4d1a0d96b08c0575

SHA512
a404af98c877d22ea1ac707c5e1881fded63645fd9b063e06a5aeac059a50af34c0e8f19f75dcf0a85e1aea649643411e62c0ab4082c1c3944c52c8786018c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEQwYoQY.bat

Filesize
4B

MD5
02874521f5fe1c154caacd7f18debecb

SHA1
87a71fb9ffe0929a0e159b15e33a95e4563b0083

SHA256
431822fd96a7208bef5f77385817fb03d3e3d7e0939bde229e30b10f5960a3f4

SHA512
6751e09ea40769c1d779fac729db62fdee0d2d1a9e6316adf0d9cbe02a74ba676eafa21f2e91c832d1f6d3aa034e99679999cac3f27f1ccc6085f95f8c618824

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEok.exe

Filesize
226KB

MD5
28f7641eb365269981af4cffba00e41b

SHA1
de2dd7084ab51aff032de3be0247c4e3279b0221

SHA256
b0a0e0af9c0f3ab8e55934efdc23186ddf9fedf28d2679eb4887d5bdce9aadb2

SHA512
4cc39eddf0a7bc975e1a0aec36efecb4530a766896e9a0b335ffea9ae2ce2a8f32921284f1062ecf4bbffe5822001806018b1ff1165480c7d5f7aac1690ec587

Download Submit
C:\Users\Admin\AppData\Local\Temp\kIwy.exe

Filesize
231KB

MD5
d8678fc3af504c115f5628fc18eb267b

SHA1
cdfcf491438cf4629108613d8e60f2a75b7b40a9

SHA256
1827a1fdbd47890fe3abcb56154fcb1a8f5441281b7ea22958dff909c0817d73

SHA512
e84d3abda5cd3b4d8967e0d448ab8948c8250ee4eb80ed9337685ce4f017d0aa40896a6bd7cb47e17667357a91ded38b25156a155e0e82ca622c0c9df7a1e22e

Download Submit
C:\Users\Admin\AppData\Local\Temp\kUQa.exe

Filesize
241KB

MD5
77f2e610806585db96b86cb06dc10cbb

SHA1
8a649b84a8b8ef566f32f398f6b304e6e2b4303b

SHA256
13a7e95c5a4b7764ebaeb7d36e76720f1522376480fc449da7adae583a62a5ec

SHA512
b109602f8bbfee7ec5382fa3d04d1da108c32aee5725fff079a8113e9566191900aaf2f451d86fec3666d4aecd94afeb61a0b13b858f6801369643c599d2ad19

Download Submit
C:\Users\Admin\AppData\Local\Temp\kUws.exe

Filesize
251KB

MD5
8ca4f207a7169582463b565d985c2daa

SHA1
314c92c50d57d27383940d5196653b8c6c6df4e5

SHA256
708e75ca420cd85c865761a823f93e3d720c86ae1525aeb9f37e26b17f96441a

SHA512
80d643a0ef19d41b0489ca16132bc346127ac98b8fb1d6a466c12b59c7cc13b974e1c672e1ee4edbfad0debbc07d4e02ec1211498ebe0d0b4d0d3cd6d64bf53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\kYUo.exe

Filesize
231KB

MD5
a1e7937a44e6980582426864f0fa3363

SHA1
4692527923c75abf1f73937495d2b49ec07384ac

SHA256
2643436a61243232fdf193ebb8fb7677bb1ede9b67c471fc7c1941c2dd994f51

SHA512
659a5673f5240d8aa01f5cb9bd494786882dc67a3ec941125e1224740027e61dc845c43889a722937853452adfe30a78c16545b7b5099270853dc353ac193620

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgkC.exe

Filesize
195KB

MD5
8a42cfa5ab3b6bd1c7127994a9be6197

SHA1
30fc446e5cc48b150683d445aa83ed17fc69701b

SHA256
6a32ebc5792431cd931db9318f1c5405617e5819efc1f229546fce5fef0250f7

SHA512
309f792c7876aa55a8acae6000c0256d4b725f841f4e8f71377a9afc2f65adb4ee27be194474f468707960816ff6e04f49307db289ae007873007581b5edd7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgssQkkU.bat

Filesize
4B

MD5
46c70f79046adccacd8e140851be1b85

SHA1
74ddb5b840ff3b61cbfdb33fcbe29f646ee36df1

SHA256
4ed4d528364d07cabe449061efb988694cd899f557c9f10359157a12a17197f1

SHA512
372ceee62ecb6af0732284c392c4d340b1a53427a72f034d7487ca393035c463bbe7aa7404170990d479bb64dd8a8bff4c830cfe4e17efd03ec47300c9930e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkUIYMsg.bat

Filesize
4B

MD5
2e5399395d58b2d73a0ac5392ed2a1d1

SHA1
16fd39214af4aa3b219f00980ee141ed55e4a1ae

SHA256
e829865de99cf5522122f52766dee45734214457db5d60a5d1805a80fbe845e8

SHA512
65453d29fd649b13fffcd8485a9add037c600bb8da1373ef31fdbcb61deb84659f47e919056a3c78b3ab8d619037dbaecf60f9ae433c942471598d8f748cea31

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkgsAYMk.bat

Filesize
4B

MD5
0b7abe1d9adf2c51b1c3c6a6e379c581

SHA1
51e14b16440da0a034ed1ab98a5686b6dd6e0471

SHA256
e54cf9958029a26b9973fcdc5fc7dcf8c3fc0a55a43adee278a95002ed4d4ca9

SHA512
8b06ba02fb07c8438d982719eda04f0405b02276f59164f23088a6457c36098b2e5c8696beece6e959901c0ade23d19ace6bf668da2c593e1c90fdadda3b0447

Download Submit
C:\Users\Admin\AppData\Local\Temp\kosc.exe

Filesize
252KB

MD5
7965286e35fdd7bffa4bac2c9676b3f8

SHA1
371bf4c7322cca4d7fe698ff7c5c70ca9c0ae1fd

SHA256
5a797e4eb819752172785f0b3bad437d7c40edb81ea29db20a3e83ef4e9875f5

SHA512
a0b3d600d07a7c394cba5042e4de08c3d715bf39bf7e49aecb84b89335230c4670eb53526afd0903af3c0688a2a37d8dc4e766c28ce4d8de5267421535ec8ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ksIUcEIM.bat

Filesize
4B

MD5
78a6b4c0d0ff80dadab601c2983b5bd4

SHA1
458ecd3a86b5a84a67cc511ae9f65656afbebbca

SHA256
cad029faaafebea66296b10683e0aae7e5df9e611dc896a4d57b7c8692251bbb

SHA512
2975252d4d304f0984bd23046bdf5ab9d837f5ecde20efa32c796f41308b7e1aadeebc8b4025695ae1c9b248793e8ab5145eef6ef516c711ff3550ba8cf2d590

Download Submit
C:\Users\Admin\AppData\Local\Temp\lIcoscgc.bat

Filesize
4B

MD5
0a00d0ccd3ffc0b11814835c67d5780d

SHA1
1593cfc5540a3f0adafdee1fa3b0bff43f4221c4

SHA256
5de479318bea3fdebae9ccf8552eddd424199474af37d3c0d5ba47b942b462dc

SHA512
d13693ade8539138a9e4e40fdfbd374b3085dab5c122c66a84a081c01ce088dadfd7c0d085573735c034c7a5e27c280dba0d743eb8eb71db63187484fde8a0e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ligogQoE.bat

Filesize
4B

MD5
a3daf160ce0ba344c0a7f4dfbf7f7f18

SHA1
53611c3e2225f8a6c601c26a5653be918002fe3e

SHA256
785df1f739f93378575a237e005c22283f7d3ea58b84edd0e68213a7a92740c5

SHA512
bb3c04b5d16f45d9bee6346aa62c9d7db49bfefebdea6c8830c29da50e9d5658ddc8227807f2ddd172745e58ebe41d5b4dbaaf3713967fb84b2cf7b7fe9efd18

Download Submit
C:\Users\Admin\AppData\Local\Temp\lyAckwIU.bat

Filesize
4B

MD5
22d2f0ba8227d2d7e739aefbe1e5bfd4

SHA1
3c2eb960ac77d9561beabbe19668beca04da8893

SHA256
88f4bda04cc0f466742850dde1a53cf2a0f92d07c4b76ba73223f247ecf2d818

SHA512
1246ff179a38ebea1ddde225c51995cea946503ed9a835cea720d579b84f2d5706590d367666676683559026da6be809382e5e83fefc2012cb241916fa44d334

Download Submit
C:\Users\Admin\AppData\Local\Temp\mMwg.exe

Filesize
237KB

MD5
16fbb13f46af270be1731a2cc6eff508

SHA1
00c3546412d0143196d4950ed327da617963fa0e

SHA256
51758baadcc0808c37dc21507d714730dc4ac58ae6dfa89c7231675da9985a2a

SHA512
bf860362d05b36bd7af29a81ecbf3d60fab94c96d1198c9be181509a0bdbd5fd7d06dca31b699a5d6eedcebeb3330cd7b15396a062a927900f56c6f21b04e26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mcMA.exe

Filesize
1.1MB

MD5
fc8a7642acd42c83df9a511b0297e7c6

SHA1
c300307ae4450e2dc27749363ffa0d116b7872f9

SHA256
1abdcf92dbeec4a1ea86d591f177746b68902cb87c74a8a1867e1abd4c71e929

SHA512
593a0b17f9c22dbf94b8fafd9a4d194864692fa4d6329aef7e15f73fc77075af5a1898f8040f0bbb02632fa4d92b04ce8b6ba8c20b2d7531bf5c8ad4459fcbf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\msAK.exe

Filesize
314KB

MD5
f1a038704eafd9b83e7469b5728555a9

SHA1
c1763580cd969a569eaa3e12e2630c93ba5582ad

SHA256
7c67facebac5cc31a4b3b793f9187340fdea649871c0687b294c66734f488454

SHA512
eb6d1ddd7ef31f04b0e1e41b55e7bec628696be1d87186f0a24ec1b4b485442dde72f9811bbf05cbbd4aca1fb1aaf41a0de39af57bffd2a7ac58aa5f515c9896

Download Submit
C:\Users\Admin\AppData\Local\Temp\msMo.exe

Filesize
223KB

MD5
250da50428e5c2384ea02894dca0d57b

SHA1
6e8751df4a0702cf7f99e67c505a627f1ee3df17

SHA256
ad594827e44fb88cca9103f9abb6ad70663db238588ba61f0125039c88447f03

SHA512
97e1b3b5425b6d913f72ff29e3bd9a6d3a57b00c51ba7f3b19a1187cca371fafdb9a43a84bb7834573a4f76dc91277754d1e8f836b52c7b6c48c0db6ca513d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nKkIwYsI.bat

Filesize
4B

MD5
740fccb073343e18da126356547c1185

SHA1
8eb083b771a8e62a86f132c69c29f90e15e29023

SHA256
abcaff20e49d1db8dc08952a1d885f2ecf286b0ba3f396d06750adf1fb884ace

SHA512
ef60a2b0d953b7c21f500e9940ea624613806027d1888ff5e287f8695a3a08c178ee49346505f6904be88a745a27716f3bcb3921eb0b9774c2d3adaf7881779b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oMUG.exe

Filesize
247KB

MD5
2d1a74948110b30859f663a78c529b60

SHA1
1c963ca555577926d6f68f40291f605d404e55e8

SHA256
a02bf91bae0afe785ced3c26a89a9171b02b4240026a6ca2d7b776fa7d4a9101

SHA512
63a958c38d7fafe948bbe76af5170d224a85d9c2296da19eb2530d8fe4a7cac24f30a266e96b0d4f320fbaabfba99567acace359f67d4e77aaebebbf23e0c879

Download Submit
C:\Users\Admin\AppData\Local\Temp\owUA.ico

Filesize
4KB

MD5
964614b7c6bd8dec1ecb413acf6395f2

SHA1
0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f

SHA256
af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405

SHA512
b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\qAgC.exe

Filesize
231KB

MD5
6af54bd5d6ada46bc5bfd5c26fee253f

SHA1
cc8824b1a9e6e7576ae1222b83e390767ff0bca3

SHA256
3723ec1f944d7b8be30fc0c8519fa147bd655ac98d66fd5ab512ec208d093de2

SHA512
c2c0562dd26b8f1cd5415b9d58feaf4e312c074a645e1a76f5e41871834de2be5aa0bb45330b5ccf590e6ec8b9e789bb0b81d665b80e3e10802f9d4c809af4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\qOEsEEYw.bat

Filesize
4B

MD5
5f1b2ce163a3eb90d20a2ed47562862b

SHA1
45c3d875e3074480ca297715afe9e4ec27859ea9

SHA256
22e7fecfbe9de355620875a16b135a17f93fcdd03ff287d5a1bc79e672602086

SHA512
673351ed86bef302de21d027d2143a970bf09c840c27c26b03bd4aba7b5cfea7e2bd5f864498efeaa2051a88e90ce4e9149212c00210e0c5fe5c3763f1e68f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\qYEK.exe

Filesize
234KB

MD5
4807cda86fd1c1a0cc1c80bf9e4e87f3

SHA1
476b764a88b8902db1b4dfbb915ebc8f9048c883

SHA256
99c6ef573d81dce0ae11cd84ffa8b8f4aebe88cdf482720d28828c57ac12506f

SHA512
200ba1509ca762b7e4c99a509a1a75bbae9435a7696a4d7c9bb9d961387728c8c769a0dcd8246566fed955d53f3e688620e36377c66fec0e3d45d19e02171c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\qaUUkksk.bat

Filesize
4B

MD5
0c90b5dc78a2deeb972d2b71c52a5253

SHA1
f5fe80d38f57a4f0c6a56c51b24fb67da8b13759

SHA256
069baaa86bcadd2b45a954eaf8bd7c356c6b7c4f9e0cd3e8cd4dcbac2dadbd40

SHA512
50d37c9040834e06eaaddb7b11f15906d017d93165bb330983f0cf3eee79060af9a854e2b8f75597c47c4355cd91a7373c35ded6bdb007f2fa5ad3757e604b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qssM.exe

Filesize
237KB

MD5
761bff7f3e4d52f575c0eb40f4303793

SHA1
39d9ab6fd6743a71980f3deb0075a00f21ad4638

SHA256
045d5757cd036d2f8557c8baf7a24a5376b3d5d8934f992788bc85343702ed57

SHA512
9bcabaef9cb9cc3aea82a4443c742c06c14e87c4c5ee18fe917041d3f0f8def3f295c3eb3e640d71ebd1d6e5b0f5690ed2147978aeed26ce470412bc42bf7cdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\rGMYwQoI.bat

Filesize
4B

MD5
e72b639e217036201c807b7fd26f0400

SHA1
a634a7bba8a2ed278a04590bb41ddcaf36d13b26

SHA256
9f7fc1f0e6cf8677f3277da172a28fd46a95d16838a60c86869f5744599688d0

SHA512
4db7784632e8e6f7a6503d4da366b2f56ae7494ee05cd221a2a1c8d8b6a1c862bbabf31c8a87a0f42f79c0d0d2ddef293b4b382821ab7f2bded682d06d6b90cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\rScAcocA.bat

Filesize
4B

MD5
8301b604931a83c1a736c65d77471b98

SHA1
99125bc1faad72b0901726bc58b6f6fcdb8b1796

SHA256
0162f845dc536c8f4a0d8730cb5842b35093e2f4d10e6233040b3e153908d5d5

SHA512
c49239d710e779fc07dce7d5dfae10ada39a1dea8bdc862f39f7a614e8d2fb9e84364b9ae02ebfe704a63b6fa2d04dd58a639dd301180b51b00187b6c747a947

Download Submit
C:\Users\Admin\AppData\Local\Temp\rigcAIEE.bat

Filesize
4B

MD5
147f14a38ec84ba6acbc8f0304813b34

SHA1
a7e175bc4ac9c9a9aa4155bbd0a56386979241c8

SHA256
c3ec22982404da545a336abc1000aab53620649427450e01bb8d918bd8e1cd81

SHA512
b3ff98b3c2dacfa4cf634da28d38b8653c70da132834d02372fd5416ed11c2b1617e1cd33b3d09d9e5c9201e75461a4f3d80d729840c7204154e378f94e3a356

Download Submit
C:\Users\Admin\AppData\Local\Temp\rqoYIYQA.bat

Filesize
4B

MD5
32a974a0503e528ad1b71451f4ac30b9

SHA1
39b63657396dc5cd29b4e4ff580199a04191d361

SHA256
f5deb758846b3004320fa1bd77d1c0f3df498d93eaf7895873c1c84d3a983ffd

SHA512
10e62380be5fafad7eaa353db08fc79af0e9cd740f53149a1d2d76152c681eac725b2af88272fc53e85c9993086c86868906fccfafdd8281e0da96e310f7a2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\sAYY.exe

Filesize
243KB

MD5
89a8b7c91d7c9129f2e94950cb2e7f87

SHA1
afe09bf0a2543b07ec573b4241669ebfde036dac

SHA256
0e7433e8a0628bab98e98d14d98fcd5f5611a5eb4d613ba5dc71f58ce9f7f0f9

SHA512
861b80eb27b0cd76a745994bedd3f39d32bfb1a677861285432790297686b5af357427b731ed314f73d72af4ce8f3bcd0851efaa85ec28847cb8e022dd2d3d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\sEUw.exe

Filesize
645KB

MD5
bf8be4ca89cb3f015956a2c289307c72

SHA1
cd3ae8011bb38d3d7749851a0d68def20072433d

SHA256
b3cd16532161e747bda5afb50f9b1e9d1b5420383d02e9f8c56373ac45168091

SHA512
3fa082e28f17081a2b3ee5593c98cc504d3a75101295b0c934a367041efea4d56dd3351e48cc3aa3b973edfebaa34d84f5d44010bc26d2caa8f5177322a5679c

Download Submit
C:\Users\Admin\AppData\Local\Temp\sUki.exe

Filesize
952KB

MD5
332032762509ced38568ef5503ca5a83

SHA1
f94c869ce3705c56b526f42bb58ad7154237c550

SHA256
ea283da50982b3fae9c240fc61200e3059c88b6a7e332d9e478ba8f7121baa80

SHA512
a9961b364d5a4316f37ac084115de4485406705a8d41639afd7956451439ea87f2bb292e477a404c7998089c4d2e77fdd1994c95fe6f14beffa103250b22df3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\sWIYoYYQ.bat

Filesize
4B

MD5
4ddbf62d7f2c7100e27540f08a5a2a54

SHA1
8bb67ee097de3641fedc2540b9b8c40de9305754

SHA256
0b755602b5e043eb0af65c06b0c828da2a610bc17b7f2c5d87dceadcd87fcbd4

SHA512
ac7f2af3268578078725152190fa2c5f6660de9a52fa020968f33ffe7841a6addc00ce1e23ed754dd9f19347542b1feac421bf2d9b62ef18775bcf6392b2a70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\skoI.exe

Filesize
702KB

MD5
33eabc05501ecc507bdbdff2db25d9b9

SHA1
2a802a9da063f36fb55a4a0bccaf290fda56e2c1

SHA256
3dcdf027d55ce15fdc530b2bc9085acd5e57a4ebd84bc550c4fb4df2f63c462f

SHA512
da2debe737e77d064253101cddc978db79afc64dd689badd045e4aebbf9944bbe572cda08daa541ee94fa85879a3eba7508f5457a65d8e0865494a0ddfcbcd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ssUA.exe

Filesize
735KB

MD5
2ce39d29b85e30ac09faef855b6cd2a6

SHA1
6799a3a208434ca60971d7d278c67d69782371b0

SHA256
0cc5be784941a086408ff745414cd42c76693038f277a12e2eeaa4d08d9d7e12

SHA512
9eeb7de14b8cdf89f34734422292a86c71b8d8a5e3220c3e26afff34f1b842ba435f1d2745991511b12f6061eede282c959ffceb103f584baafbaf2a62cc00e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tOoIsAoE.bat

Filesize
4B

MD5
d06643fcbaf5d1fd25f455dabece59f1

SHA1
40318af7e4fea49b65facc48721482b474cee6bc

SHA256
a6e52878bb7ae8ea9ad2f0618c0f3734f2ee2eb7941098e479d97faa8daf6672

SHA512
494e0463f33b8291ff942cf51f48a3949e1190cdb4b9ad3b3e7e2f99d78d8198d6aedfa451deee58221a51f0b21acc5fe292407e2e1febab4e971a5729cab70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\uEks.exe

Filesize
239KB

MD5
3f77e593b4e5ca6578309eac77415156

SHA1
e79d830fd9c81e7f754a7da6b19f5475a31cfdd0

SHA256
e7af5be4828e8ef493e8d02eaffb06ed5a6e38306c8a5e96d7f850c5e8b3d1a3

SHA512
5f998a6e0378824a0dbcd6bb9f71908a2df83b40c06b7a1e0de5de218b94d76e02589ecac9e3b445964fdd2ee642e84101d844e4bf55549ba63c2060863de549

Download Submit
C:\Users\Admin\AppData\Local\Temp\uQYg.exe

Filesize
644KB

MD5
38cbd8ccc15d54b29d5e144efdbf3b29

SHA1
a4d780f671309ccbed655abbb6dd77df2685df27

SHA256
c22e4fd90d28bbd0545e3e802070c59494ea52f42603e7d7936a21227b7ae60a

SHA512
7b6f469a4a4f5b850792d4b9844965bf7157a3d90020db0f8ce67d6eb611ecfcf7d3162b73b778972d3e02887e51cb165e86ed55607d03d9e95e88a02f5f35c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\uUUa.exe

Filesize
548KB

MD5
42860973379c0e7cbf58168d8d4d1b16

SHA1
839407b62204889cf614411b46c7143b2fe21a1d

SHA256
5ecd8444a68be1b66952055989960198128b6e21a6d753769ff0c73a75fc7342

SHA512
29cf508f643eec42c3ce225e4593c016c9ac735bc0d4d829a3e2a043de91a2fc9c956793dd7bce506dc46011b503ec5e35f76ea076186bbdaffeac3e0e14c101

Download Submit
C:\Users\Admin\AppData\Local\Temp\uYsS.exe

Filesize
234KB

MD5
d2ae083130cd2eeba8c2a53374b08947

SHA1
5f6f2334cfeee969515c0203d1556bd0f2ef57c7

SHA256
62eca340290357ecd443e51466e0437ae9624f97ec3e9a3f58cc71ead6d2b972

SHA512
9b1319200aefdcba943edaad00ec0336e49cd67b63a2f701d3bf50d3ee854c77a0f7dec798741eb7e2a7a0b2d97936dd1726ae7376bb69d1d35d7901339767da

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugUM.exe

Filesize
242KB

MD5
af1226ddcab2bf1fd5667873d7a3fbb7

SHA1
2290ce0ff2c240c62f67b21a972c8c32c3849035

SHA256
e3da1ce0530ca44bbcebf68bd8022e6865c9c1b8d9cae89832ad91ad5005dc2a

SHA512
adadcb4fa40a864a529f94e596823cd5823a8d54948be2f99bf133833d1ed053d78ebd3a07e3a15695933950e6feda0b41fcf7d93f3a1a53fde32a4ee4b466bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugog.exe

Filesize
316KB

MD5
153a4c056bf97ccca3fc545c938294a5

SHA1
2eb678acae741374ef2f2dc06b703a15a6139c44

SHA256
f26e2e4e01674cf657efc1a8ab33eb15f83d079add6469b919569a66d2303634

SHA512
35b78be83a8e082af2c123378ef5bb033d92ce39703d2e9d5c206bccbdf66086ebd4021954742944a1cce95f0d651f4f06ef2a8195cddfb8a8e6fedb19f19f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\ukQi.exe

Filesize
1.3MB

MD5
67abcdc3b1e4c0e257ef2bc60d42938a

SHA1
ef62351730ab0ea50d41d9abad09337e654bfa29

SHA256
89d6aeacdae39c132b5aa404bbc6c7161fa29948278c63900a2bfca9923f4e60

SHA512
3662ad905b280b82a8383724f1e8dc172145f05a85ef4a19ac22c548e31d1b7e55f818e4e8253118b1b6929d82033e4dc151b34ab87b5da8da92939cd6cd86bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\uoAO.exe

Filesize
242KB

MD5
e3f509ebc2a7cfd4d9adea58926074f4

SHA1
ec4f891d50e82cbabbb14d2d9d985736304fc00e

SHA256
381382cf0e09c613de5a804cacaaf2b2bc5ab8f3f1e462bda509d48f85c1b74d

SHA512
cdb665dbe90e55eb54e38e2e01ebb1a149110f5d2b51133da2d718771c9372a529fd0d3b441493fb16a369a7149a522d33afd295e8b54537c87cd377293ce033

Download Submit
C:\Users\Admin\AppData\Local\Temp\uosIUMUw.bat

Filesize
4B

MD5
9e774b3505976c8ae1460a993ec6c685

SHA1
3a9392b8a2daa2d26c6a9c24e4928602e0b0aa54

SHA256
ad5089e50e1e068fde6401757484be82e260a901ccaef599f5a31bd88292bca6

SHA512
30adcd86cf17a3a2faf8618d2ee380e1eb0f04c81836584698cbf7af977cac2b9118dc12347b678ad1481f36a6a844cc0832119113aedc295e434abdf60afa6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\uswy.exe

Filesize
231KB

MD5
fe038ddef735d9dc98806d0b3942eef8

SHA1
5e333bd56c88eb66ee19f8c1a575a1afc92f02bf

SHA256
b20afdde7e67df49bb56b6a4bdfdc57a7670e572be827b44bb3aa1dbde10fa33

SHA512
bdbc7741710e5a62ed2d62a0cd99fe88960153a0594bc1021aee6ec9941d480800dcde74cf5db996494a51a99b54d6ec33fd1a95394667d056c6365684d3260b

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwoI.exe

Filesize
204KB

MD5
54c01ba24f8e3bc8a3fe4cc1ff065f3e

SHA1
7745ad8f86c5dd0f46068095cbaa2da035561a33

SHA256
d0fad1fb6e754143f1b0cd7bf36db700802e9ac6f430a54a32783e618833e410

SHA512
23776c54e61fb0f8b1fa86923f904bb1c20d72132de251cfcbb47e89ed3b85912f4a4e7bb6806a40faf1c061cbd4ca96c661aedd898c95fd182237cd51959732

Download Submit
C:\Users\Admin\AppData\Local\Temp\vAkAQgMA.bat

Filesize
4B

MD5
5e81b081667a6235d6f5b5476df2dcc4

SHA1
dc171131bd1b0a2f0e165ee9aa15393021146214

SHA256
e83d1363c6423981e9f80f345f8d5b011d8d7a40644a02f67ae98756cdcac6f6

SHA512
db5c176b8ca465faae025a2f153e20547cda7dee9aaa284cdcc7c30189d59c83ccacdbd124cc97a34d92d930c98192d929ba9146dc4ba5d1e0b41d21a2f68659

Download Submit
C:\Users\Admin\AppData\Local\Temp\vcEoogAk.bat

Filesize
4B

MD5
7428268de3df6f8186f7cadb675daddd

SHA1
930e2ef36f148c0dc433cfa0061beaf64e48e812

SHA256
cc4dee2f02864785b7b13e3c326c51c79e3f67212670957bf30c999edee69ab4

SHA512
24220bc3c149a29ae021e357ebc04a03a35dccca47be004c0ac367592475adede3ec7ba0c7700aed1ca68b6e041db2917011396cc195ee8f9979b28b5958ab00

Download Submit
C:\Users\Admin\AppData\Local\Temp\veIYosAo.bat

Filesize
4B

MD5
3719d1ffa1ef3c3d3c266e31c2020261

SHA1
b308b72244c37405441d3995bee87a64af0794c2

SHA256
166f4e94a6ac15ac5083e3ab2b78f8d0489e8c8e1ec16a3bba9090a0293650c6

SHA512
12f0a58c27982430c43af61d6038b088f371585aafcd73dee160babb8be746fa490070d1006ebea4f989dc2d7c67c072abfbb0128926f8517530f4ae4e11c8d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\wIEg.exe

Filesize
231KB

MD5
be996c6427c351d2ed94a349e59415dd

SHA1
4be921c73874807bb2b161128001efda583a8c9e

SHA256
8678851b7b343daf333734e83b971ad9ab32ca8ad98cdaececb9c11ff5e70ccf

SHA512
51c571bbcac920c6e3caccd52de50fc4aa813463f4229707cf4f734055ecd482c3a3a26f3f734c31cef85a8a6a62ee110c2c1628aac34a5e3cf386fa9b33cfa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\wMUy.exe

Filesize
231KB

MD5
5a255cd0aea282cc2fc0bf3cd356016a

SHA1
5ddcacacfa2f5f144bf10502ecc197e18407e310

SHA256
9c45b43f095d174f07e015def89c3df480a20254cc42936e01af7c95e58498b3

SHA512
4fe706e398d71f5ee64f9435915589947d014ebb7453e74d16e4eeb79f52a6045c043646ae15d96336d87af83fb8b326692c603c2c0cd1a90a24d22a49696fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgMu.exe

Filesize
251KB

MD5
5e3e3d689d7a4f5bc3702018404e3f17

SHA1
6e90c12863d4fbb21c042c84be38c4a133158938

SHA256
1ee8367647ccbabb545df4a0f56dc873b24aa0e7377d276686c2d3d0b3f09055

SHA512
50f1df287f513b704876b6ea22fad278a2de4076b874263ba4da15721cc1b7581682bc7c710ef7956df3c3b5d017da285b46b1200316c119182b090cd9da09f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgkgkssI.bat

Filesize
4B

MD5
037b7e1767c77e7e8c4c6454fd982af7

SHA1
97d681a228f7330b0de83d8d4980e7713d0855c4

SHA256
9335d825dcf9270dc167adea7ad33eed326850d801394e9772756892de203d71

SHA512
de10339a054965f0f1ebbc54c498322f6794ff0fe68f8f0bd1fd22efb1571b08e31d1bcc7429ba55909d28fe6be1cbf7a4c4bd976171e2297662914ed595c57b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsAU.exe

Filesize
252KB

MD5
88bf234080f794d6bcfb649edc53a697

SHA1
dca1cc2d40d6ef384c1b269289469d206fd34c6a

SHA256
e4345cb83aa757e05b1ad12b302e3e509ca9fb4a7dbb5ca53d2615f137849086

SHA512
0d2257b72be1deb960ab9c3f0e9a643d057007e8cdab249129e1f11604ad8dc8f0437cc874568ce7a5c44acfcb52e9354097f889f986a87a09e36a48ecc2f387

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsAw.exe

Filesize
225KB

MD5
cda4ebb1e35c9619c0d0c0524cb9d428

SHA1
120bf487c5e8bcc4e62d651b353347b907156d75

SHA256
2125afb885bac7abf8ebcf62e42aba4517fa052d78f28638d061a544c15e0bf7

SHA512
2b08489a3a90ca93185cec3614a5cc21dee13b1bd50605e12d9df7d8706e47f5f4e6e6d6dff6b84911cf1e9850f912b482f4765d690eecbb338971e84e13e5e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wscwkAMA.bat

Filesize
4B

MD5
84385336673217fcf81406d12c4e3b18

SHA1
09a3690b8f3a7572b7c46c0aa927ab3c48d47661

SHA256
2ad1024f7bdd504c5c86e3cee78a99e391c2eecd974fee54e094e3d532ada4e6

SHA512
7be2098013523c6a2ef9a4cbfe40df22957f02e18f0e6543d1a3461d0c69fe157ec87fd384f330881fe36b5c9b3f8beea4b2d1f4f096d59bf9908810708c1ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwYu.exe

Filesize
248KB

MD5
d5286aa1e8d8a8223384febfe6e3c5ea

SHA1
28843ece68ef1ce970399fa6aa344b4527ccd295

SHA256
41c703d6746692b9cd3d9643931bc59babd6f47d24b12fac5570e5747d895c06

SHA512
5c9c9410caee1bb4ca6a1697c54e2505df52c0f52967fc8cc4b354889d851028bb95dfbcbb1987dfd3eb12e585c717612b8bf0137c857ead9243c66bc1d8cd18

Download Submit
C:\Users\Admin\AppData\Local\Temp\xSwggUUE.bat

Filesize
4B

MD5
163bbe26534a44be657a9296b131e316

SHA1
84c3f2efe26ff746b3cfae7bdaf84a9d381b3d24

SHA256
31522f822eb50aeed3317e46d9264bbf93c4999c1cfac60b418568bb489ab718

SHA512
33103f6134aa84e971df239100351be6543fcc3e0ced494cb9f9d3beabe787a279185b8e06ddf28ff71e5b0c50328190b0ee6484f2020bc63c8840399f0238be

Download Submit
C:\Users\Admin\AppData\Local\Temp\xgIIQgsw.bat

Filesize
4B

MD5
083f103a4133f0b297fd47e47dc1f559

SHA1
04ac8d5833db0861066a8a662d3250b5868fcde2

SHA256
5f6f96c01e81145b9116f42133044474180bc949483ca674a923e0639b9a9572

SHA512
10dacbad68fe4704ec15522ec103996a2b90a95bb9155a7c57cb11a2c4e70a71a7c9dc0539cbca1f4a4032e9e060d951815edcde0d2cdb6a5cb47edbae726e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYIU.exe

Filesize
1.6MB

MD5
6d7105e74d542183ba788a67ca2c71e0

SHA1
27f849a724204c3c10f0700a9c2f7510a5a9348d

SHA256
de32b724650cc2fd8417306d3f8e3d966c53e985cb5f7e35a63e1d5e20eb5855

SHA512
6af6f2fbcfa68cc49543a821f0352687c5d8cb5343130541891f86a519b1de3e8b84bd04fe8ea1f83e9745facdb55843e9bc6cf3a9474d5ea7d93649606e25fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ycUS.exe

Filesize
241KB

MD5
a52276c426f6594f2f4207118f9df2d6

SHA1
2680fb8030280c7932dab005b7b0a2236d886e22

SHA256
580afb391d4662fee0a8096712aa87ec1119f92f730be1c8377402c40b9fe031

SHA512
7b0123035fdc065a3c3f9a15960884f87093ce574d76a2186ed995965d1a4bb4344effd3a95c06bf61e2876ea26ad17e945c17491666921a76a9521afb0b0084

Download Submit
C:\Users\Admin\AppData\Local\Temp\ycYA.exe

Filesize
250KB

MD5
111124428c792a1a617ad30d864faa46

SHA1
3b200308c0fb65a026e5eb4449836506a14de586

SHA256
ff3e7c8565d342085baa8043ca6d4beb904eb9d0e8a8e531faf642cd6ee3e375

SHA512
93bc54609fb3f7042fe4164bef124ef16486ef6311acb6c7b16a83f2419a59dfeda8dd30c841c6e46836564a20d3fcf29b7dc5b2a11b14ebad6b49180d126203

Download Submit
C:\Users\Admin\AppData\Local\Temp\yskE.exe

Filesize
245KB

MD5
3ebd5314027c21bf669955932de4d231

SHA1
6f6d3dba827dfccb35e6155e56a278cdccebfdbc

SHA256
9b5b93480591e92e0c56348b3336129497e3332ada07557d1506db52243b01ea

SHA512
92ef1241926c186c0de3b5923cd89b7c3b014cba03f799c767c38963dd548df3d002e7f320d3d1783a8abec4c28ba93477dd8a717660169abe6a120636476b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\zAkMQUQw.bat

Filesize
4B

MD5
060965810de53d5d6131414657ad7bfc

SHA1
53cf232c13d4f49ca1eb54f1b9df477900ed9720

SHA256
6e4b16620a23be6731a85c269651a9f0a695ecd9c6a41074abf0e84c1746b1d1

SHA512
598b08d40b23c858ba0b68e9fec6aaf76453f281b80487cb1d7167f1c0bc6ddf516b55c71a6c1f16813e610f95395f49ccb294a1585ea6e694cfb7038cf9db46

Download Submit
C:\Users\Admin\AppData\Local\Temp\zSgcMIMg.bat

Filesize
4B

MD5
f98f09d94c95a4022af13afe84071ae0

SHA1
c352bee2ce3dd8d709d114565aaf950c02a5dc97

SHA256
8f11c1e6e45c071ed3cdff8a4241d40531131b7cc7853c3c75ce515d9f1401c4

SHA512
5068c1498f84ff4e5cfa45f041d7434a2661ac60b4d171d2399a25689b71245c74ff44d030218177f620a61841c7c64252ce90538394f388017b1fee6ea53fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\zygggEQo.bat

Filesize
4B

MD5
76b7bd348d044e1a41427f6bf3f136c2

SHA1
b8c1aabd78c3cf953452c9e1ec1bf032e63440a0

SHA256
d40fe3a492aeb9f45fe86c74c4632946b1cbe351907680c70ccf5bee33b5c61e

SHA512
0b4fd589f229455b7149ac545906f0717ca12dcc4e6dd51d1d30ccc381d534558db0d71b1a88869d522b63140401f3113d242f4bfd70eea531cd3f7588e14b0f

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.exe

Filesize
1.0MB

MD5
dcef64fa148c8bbcc2379c70a2888b85

SHA1
80fc39646e713a059bc2f20911727781f72e3775

SHA256
357d189527292699f85f188f033e5ec1868bfb96f246a4040bf18feaf44e5058

SHA512
c09699e7d24d19ee0bf15ec3c5d52679188c73bbf211051d54b99c72cd2c30d69aec88ed8bc6380f8366c98b6462a2f06705be2706914f558b8a320967a26ced

Download Submit
\Users\Admin\vmEUwooM\xmMAQokI.exe

Filesize
199KB

MD5
325a6546430ad0fdc0f615df95884024

SHA1
ae82f85d5b0f95acab30fc61073eb0a9a8ab92c4

SHA256
1b50150cf6712748dc3de570c9534ea607c66e9bee3fa8f44ae76019bbc3baa4

SHA512
f622108c5ec4bfb31de5f0431fbd0b645bc1b25c1067c80b667f59b14da24adf8b00ae5e9e4fc2bc6b6b81209eb2a4be075f56727c8b9dca01ba72aebcbca57e

Download Submit
memory/324-242-0x0000000000160000-0x000000000019D000-memory.dmp

Filesize
244KB

Download
memory/576-445-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/576-412-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/604-103-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/604-136-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/608-386-0x0000000000160000-0x000000000019D000-memory.dmp

Filesize
244KB

Download
memory/608-387-0x0000000000160000-0x000000000019D000-memory.dmp

Filesize
244KB

Download
memory/712-388-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/712-421-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/788-102-0x0000000000310000-0x000000000034D000-memory.dmp

Filesize
244KB

Download
memory/960-461-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/960-460-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1004-151-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1004-182-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1540-298-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1540-265-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2020-364-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2020-397-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2052-89-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2052-58-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2108-436-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2132-373-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2132-347-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2164-410-0x0000000002270000-0x00000000022AD000-memory.dmp

Filesize
244KB

Download
memory/2164-411-0x0000000002270000-0x00000000022AD000-memory.dmp

Filesize
244KB

Download
memory/2208-31-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2212-321-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2212-289-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2220-29-0x0000000001CA0000-0x0000000001CD0000-memory.dmp

Filesize
192KB

Download
memory/2220-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2220-5-0x0000000001CA0000-0x0000000001CD3000-memory.dmp

Filesize
204KB

Download
memory/2220-12-0x0000000001CA0000-0x0000000001CD3000-memory.dmp

Filesize
204KB

Download
memory/2220-43-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2244-311-0x0000000000160000-0x000000000019D000-memory.dmp

Filesize
244KB

Download
memory/2256-112-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2256-80-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2304-126-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2304-160-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2308-244-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2308-274-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2316-125-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2376-287-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2376-288-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2408-150-0x0000000002250000-0x000000000228D000-memory.dmp

Filesize
244KB

Download
memory/2440-30-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2468-195-0x00000000001F0000-0x000000000022D000-memory.dmp

Filesize
244KB

Download
memory/2624-34-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2624-33-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2632-35-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2632-67-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2704-344-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2704-312-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2728-173-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2728-205-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2736-435-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2736-434-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2768-218-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2768-252-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2824-335-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2824-334-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2884-363-0x0000000000120000-0x000000000015D000-memory.dmp

Filesize
244KB

Download
memory/2896-470-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2988-227-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2988-196-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download